Fix #189

2014-12-24 00:14:03 +08:00 · 2014-12-24 00:14:03 +08:00 · c0c6609e83
parent 1372fbd88c
commit c0c6609e83
5 changed files with 77 additions and 8 deletions
--- a/conf/user.go
+++ b/conf/user.go
@ -16,12 +16,16 @@ package conf

 import (
 	"crypto/md5"
+	"crypto/sha1"
 	"encoding/hex"
 	"encoding/json"
 	"io/ioutil"
 	"os"
 	"path/filepath"
 	"strings"
+	"time"
+
+	"github.com/b3log/wide/util"
 )

 // LatestSessionContent represents the latest session content.
@ -35,6 +39,7 @@ type LatestSessionContent struct {
 type User struct {
 	Name                 string
 	Password             string
+	Salt                 string
 	Email                string
 	Gravatar             string // see http://gravatar.com
 	Workspace            string // the GOPATH of this user
@ -43,6 +48,9 @@ type User struct {
 	FontFamily           string
 	FontSize             string
 	Theme                string
+	Created              int64 // user create time in unix nano
+	Updated              int64 // preference update time in unix nano
+	Lived                int64 // the latest session activity in unix nano
 	Editor               *editor
 	LatestSessionContent *LatestSessionContent
 }
@ -58,12 +66,18 @@ type editor struct {

 // NewUser creates a user with the specified username, password, email and workspace.
 func NewUser(username, password, email, workspace string) *User {
-	hash := md5.New()
-	hash.Write([]byte(email))
-	gravatar := hex.EncodeToString(hash.Sum(nil))
+	md5hash := md5.New()
+	md5hash.Write([]byte(email))
+	gravatar := hex.EncodeToString(md5hash.Sum(nil))

-	return &User{Name: username, Password: password, Email: email, Gravatar: gravatar, Workspace: workspace,
+	salt := util.Rand.String(16)
+	password = Salt(password, salt)
+
+	now := time.Now().UnixNano()
+
+	return &User{Name: username, Password: password, Salt: salt, Email: email, Gravatar: gravatar, Workspace: workspace,
 		Locale: Wide.Locale, GoFormat: "gofmt", FontFamily: "Helvetica", FontSize: "13px", Theme: "default",
+		Created: now, Updated: now, Lived: now,
 		Editor: &editor{FontFamily: "Consolas, 'Courier New', monospace", FontSize: "inherit", LineHeight: "17px",
 			Theme: "wide", TabSize: "4"}}
 }
@ -110,3 +124,11 @@ func GetOwner(path string) string {

 	return ""
 }
+
+// Salt salts the specified password with the specified salt.
+func Salt(password, salt string) string {
+	sha1hash := sha1.New()
+	sha1hash.Write([]byte(password + salt))
+
+	return hex.EncodeToString(sha1hash.Sum(nil))
+}
--- a/conf/users/admin.json
+++ b/conf/users/admin.json
@ -1,6 +1,7 @@
 {
    "Name": "admin",
-    "Password": "admin",
+    "Password": "d1bfca21893c908e64fabda01d71294b1ccdcaa7",
+    "Salt": "dnoyeb",
    "Email": "",
    "Gravatar": "d41d8cd98f00b204e9800998ecf8427e",
    "Workspace": "${GOPATH}",
@ -9,6 +10,9 @@
    "FontFamily": "Helvetica",
    "FontSize": "13px",
    "Theme": "default",
+    "Created": 1414080000000000000,
+    "Updated": 1414080000000000000,
+    "Lived": 1414080000000000000,
    "Editor": {
        "FontFamily": "Consolas, 'Courier New', monospace",
        "FontSize": "13px",
--- a/session/sessions.go
+++ b/session/sessions.go
@ -235,7 +235,7 @@ func WSHandler(w http.ResponseWriter, r *http.Request) {
 	}
 }

-// SaveContent handles request of session content storing.
+// SaveContent handles request of session content string.
 func SaveContent(w http.ResponseWriter, r *http.Request) {
 	data := map[string]interface{}{"succ": true}
 	defer util.RetJSON(w, r, data)
@ -263,9 +263,11 @@ func SaveContent(w http.ResponseWriter, r *http.Request) {

 	for _, user := range conf.Users {
 		if user.Name == wSession.Username {
-			// update the variable in-memory, conf.FixedTimeSave() function will persist it periodically
+			// update the variable in-memory, session.FixedTimeSave() function will persist it periodically
 			user.LatestSessionContent = wSession.Content

+			user.Lived = time.Now().UnixNano()
+
 			wSession.Refresh()

 			return
--- a/session/users.go
+++ b/session/users.go
@ -135,6 +135,10 @@ func PreferenceHandler(w http.ResponseWriter, r *http.Request) {

 	conf.UpdateCustomizedConf(username)

+	now := time.Now().UnixNano()
+	user.Lived = now
+	user.Updated = now
+
 	succ = user.Save()
 }

@ -180,7 +184,7 @@ func LoginHandler(w http.ResponseWriter, r *http.Request) {

 	succ = false
 	for _, user := range conf.Users {
-		if user.Name == args.Username && user.Password == args.Password {
+		if user.Name == args.Username && user.Password == conf.Salt(args.Password, user.Salt) {
 			succ = true

 			break
--- a/util/rand.go
+++ b/util/rand.go
@ -0,0 +1,37 @@
+// Copyright (c) 2014, B3log
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package util
+
+import "math/rand"
+
+type myrand struct{}
+
+// Random utilities.
+var Rand = myrand{}
+
+// String returns a random string ['a', 'z'] in the specified length
+func (*myrand) String(length int) string {
+	bytes := make([]byte, length)
+	for i := 0; i < length; i++ {
+		bytes[i] = byte(Rand.Int('a', 'z'))
+	}
+
+	return string(bytes)
+}
+
+// Int returns a random integer in range [min, max].
+func (*myrand) Int(min int, max int) int {
+	return min + rand.Intn(max-min)
+}