package handler import ( "encoding/json" "github.com/gorilla/csrf" "net/http" "picgo/configs" "picgo/corelib" "picgo/corelib/captcha" "picgo/data" "picgo/model" ) func LoginPageHandler(w http.ResponseWriter, r *http.Request) { switch r.Method { case http.MethodGet: tmpData := map[string]interface{}{ csrf.TemplateTag: csrf.TemplateField(r), } corelib.TemplateHandler(w, tmpData, "login.html", "view/login.html") default: http.Error(w, "Method Not Allowed", http.StatusMethodNotAllowed) } } func LoginApiHandler(w http.ResponseWriter, r *http.Request) { switch r.Method { case http.MethodPost: var ( err error res model.LoginRequest user model.SysUser ) if err = json.NewDecoder(r.Body).Decode(&res); err != nil { corelib.Logger.Error("LoginApiHandler, 参数获取失败") corelib.WriteJsonResponse(w, 400, "参数错误", nil) return } if (res.Username == "") || (res.Password == "") { corelib.Logger.Error("LoginApiHandler, 用户名或者密码为空") corelib.WriteJsonResponse(w, 400, "请输入用户名密码", nil) return } cid := getCaptchaId(r) if ok := captcha.Verify(cid, res.Captcha); !ok { corelib.Logger.Error("LoginApiHandler, 验证码错误") corelib.WriteJsonResponse(w, 400, "验证码错误", nil) return } if user, err = data.SysUserSelectByUsername(res.Username); err != nil { corelib.Logger.Error("LoginApiHandler, 用户不存在") corelib.WriteJsonResponse(w, 1040, "用户不存在", nil) return } // 验证用户名密码 if !corelib.ComparePasswords(user.Password, res.Password, user.Salt) { corelib.Logger.Error("LoginApiHandler, 用户名或密码错误") corelib.WriteJsonResponse(w, 1041, "用户名或密码错误", nil) return } session, _ := corelib.SessionStore.Get(r, configs.Settings.Server.SessionName) session.Values["username"] = user.Username session.Values["id"] = user.ID if err = session.Save(r, w); err != nil { corelib.Logger.Error("LoginApiHandler, 会话保存失败:", err) corelib.WriteJsonResponse(w, 1042, "会话保存失败", nil) return } w.Header().Set("Content-Type", "application/json") corelib.WriteJsonResponse(w, 200, "登录成功", nil) default: http.Error(w, "Method Not Allowed", http.StatusMethodNotAllowed) } }