Fix #189

conf/user.go

@@ -16,12 +16,16 @@ package conf
 
 import (
 	"crypto/md5"
+	"crypto/sha1"
 	"encoding/hex"
 	"encoding/json"
 	"io/ioutil"
 	"os"
 	"path/filepath"
 	"strings"
+	"time"
+
+	"github.com/b3log/wide/util"
 )
 
 // LatestSessionContent represents the latest session content.
@@ -35,6 +39,7 @@ type LatestSessionContent struct {
 type User struct {
 	Name                 string
 	Password             string
+	Salt                 string
 	Email                string
 	Gravatar             string // see http://gravatar.com
 	Workspace            string // the GOPATH of this user
@@ -43,6 +48,9 @@ type User struct {
 	FontFamily           string
 	FontSize             string
 	Theme                string
+	Created              int64 // user create time in unix nano
+	Updated              int64 // preference update time in unix nano
+	Lived                int64 // the latest session activity in unix nano
 	Editor               *editor
 	LatestSessionContent *LatestSessionContent
 }
@@ -58,12 +66,18 @@ type editor struct {
 
 // NewUser creates a user with the specified username, password, email and workspace.
 func NewUser(username, password, email, workspace string) *User {
-	hash := md5.New()
+	md5hash := md5.New()
-	hash.Write([]byte(email))
+	md5hash.Write([]byte(email))
-	gravatar := hex.EncodeToString(hash.Sum(nil))
+	gravatar := hex.EncodeToString(md5hash.Sum(nil))
 
-	return &User{Name: username, Password: password, Email: email, Gravatar: gravatar, Workspace: workspace,
+	salt := util.Rand.String(16)
+	password = Salt(password, salt)
+
+	now := time.Now().UnixNano()
+
+	return &User{Name: username, Password: password, Salt: salt, Email: email, Gravatar: gravatar, Workspace: workspace,
 		Locale: Wide.Locale, GoFormat: "gofmt", FontFamily: "Helvetica", FontSize: "13px", Theme: "default",
+		Created: now, Updated: now, Lived: now,
 		Editor: &editor{FontFamily: "Consolas, 'Courier New', monospace", FontSize: "inherit", LineHeight: "17px",
 			Theme: "wide", TabSize: "4"}}
 }
@@ -110,3 +124,11 @@ func GetOwner(path string) string {
 
 	return ""
 }
+
+// Salt salts the specified password with the specified salt.
+func Salt(password, salt string) string {
+	sha1hash := sha1.New()
+	sha1hash.Write([]byte(password + salt))
+
+	return hex.EncodeToString(sha1hash.Sum(nil))
+}

conf/users/admin.json

@@ -1,6 +1,7 @@
 {
     "Name": "admin",
-    "Password": "admin",
+    "Password": "d1bfca21893c908e64fabda01d71294b1ccdcaa7",
+    "Salt": "dnoyeb",
     "Email": "",
     "Gravatar": "d41d8cd98f00b204e9800998ecf8427e",
     "Workspace": "${GOPATH}",
@@ -9,6 +10,9 @@
     "FontFamily": "Helvetica",
     "FontSize": "13px",
     "Theme": "default",
+    "Created": 1414080000000000000,
+    "Updated": 1414080000000000000,
+    "Lived": 1414080000000000000,
     "Editor": {
         "FontFamily": "Consolas, 'Courier New', monospace",
         "FontSize": "13px",

session/sessions.go

@@ -235,7 +235,7 @@ func WSHandler(w http.ResponseWriter, r *http.Request) {
 	}
 }
 
-// SaveContent handles request of session content storing.
+// SaveContent handles request of session content string.
 func SaveContent(w http.ResponseWriter, r *http.Request) {
 	data := map[string]interface{}{"succ": true}
 	defer util.RetJSON(w, r, data)
@@ -263,9 +263,11 @@ func SaveContent(w http.ResponseWriter, r *http.Request) {
 
 	for _, user := range conf.Users {
 		if user.Name == wSession.Username {
-			// update the variable in-memory, conf.FixedTimeSave() function will persist it periodically
+			// update the variable in-memory, session.FixedTimeSave() function will persist it periodically
 			user.LatestSessionContent = wSession.Content
 
+			user.Lived = time.Now().UnixNano()
+
 			wSession.Refresh()
 
 			return

session/users.go

@@ -135,6 +135,10 @@ func PreferenceHandler(w http.ResponseWriter, r *http.Request) {
 
 	conf.UpdateCustomizedConf(username)
 
+	now := time.Now().UnixNano()
+	user.Lived = now
+	user.Updated = now
+
 	succ = user.Save()
 }
 
@@ -180,7 +184,7 @@ func LoginHandler(w http.ResponseWriter, r *http.Request) {
 
 	succ = false
 	for _, user := range conf.Users {
-		if user.Name == args.Username && user.Password == args.Password {
+		if user.Name == args.Username && user.Password == conf.Salt(args.Password, user.Salt) {
 			succ = true
 
 			break

util/rand.go

@@ -0,0 +1,37 @@
+// Copyright (c) 2014, B3log
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package util
+
+import "math/rand"
+
+type myrand struct{}
+
+// Random utilities.
+var Rand = myrand{}
+
+// String returns a random string ['a', 'z'] in the specified length
+func (*myrand) String(length int) string {
+	bytes := make([]byte, length)
+	for i := 0; i < length; i++ {
+		bytes[i] = byte(Rand.Int('a', 'z'))
+	}
+
+	return string(bytes)
+}
+
+// Int returns a random integer in range [min, max].
+func (*myrand) Int(min int, max int) int {
+	return min + rand.Intn(max-min)
+}