ssy/lan-manager
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
396783e8a066924a1ffc9acd62fc55fd2ac042a8
lan-manager/server/handlers/auth.go
shirainbown 396783e8a0 fix: add operation log for password change 
- ChangePassword handler now records 'change_password' action in operation_logs
- Logs include username, source IP, and timestamp for audit purposes
2026-06-19 18:52:41 +08:00

105 lines
3.1 KiB
Go
Raw Blame History

package handlers
import (
"net/http"
"github.com/gin-contrib/sessions"
"github.com/gin-gonic/gin"
"golang.org/x/crypto/bcrypt"
"lan-manager/server/config"
"lan-manager/server/db"
"lan-manager/server/middleware"
"lan-manager/server/models"
)
type AuthHandler struct {
Cfg *config.Config
}
func NewAuthHandler(cfg *config.Config) *AuthHandler {
return &AuthHandler{Cfg: cfg}
}
func (h *AuthHandler) Login(c *gin.Context) {
var req models.LoginRequest
if err := c.ShouldBindJSON(&req); err != nil {
c.JSON(http.StatusBadRequest, gin.H{"error": err.Error()})
return
}
if req.Username != h.Cfg.AdminUser {
c.JSON(http.StatusUnauthorized, gin.H{"error": "invalid credentials"})
return
}
if !checkPassword(req.Password, h.Cfg.AdminPass) {
c.JSON(http.StatusUnauthorized, gin.H{"error": "invalid credentials"})
return
}
session := sessions.Default(c)
session.Set(middleware.AdminSessionKey, req.Username)
if err := session.Save(); err != nil {
c.JSON(http.StatusInternalServerError, gin.H{"error": err.Error()})
return
}
c.JSON(http.StatusOK, gin.H{"username": req.Username, "is_admin": true})
}
func (h *AuthHandler) Logout(c *gin.Context) {
session := sessions.Default(c)
session.Delete(middleware.AdminSessionKey)
_ = session.Save()
c.JSON(http.StatusOK, gin.H{"message": "logged out"})
}
func (h *AuthHandler) Me(c *gin.Context) {
session := sessions.Default(c)
user := session.Get(middleware.AdminSessionKey)
if user == nil {
c.JSON(http.StatusUnauthorized, gin.H{"is_admin": false, "ui_refresh_interval": h.Cfg.UIRefreshInterval})
return
}
c.JSON(http.StatusOK, gin.H{"is_admin": true, "username": user.(string), "ui_refresh_interval": h.Cfg.UIRefreshInterval})
}
func (h *AuthHandler) ChangePassword(c *gin.Context) {
var req models.ChangePasswordRequest
if err := c.ShouldBindJSON(&req); err != nil {
c.JSON(http.StatusBadRequest, gin.H{"error": err.Error()})
return
}
if !checkPassword(req.OldPassword, h.Cfg.AdminPass) {
c.JSON(http.StatusUnauthorized, gin.H{"error": "旧密码错误"})
return
}
hashed, err := bcrypt.GenerateFromPassword([]byte(req.NewPassword), bcrypt.DefaultCost)
if err != nil {
c.JSON(http.StatusInternalServerError, gin.H{"error": "密码加密失败"})
return
}
_, err = db.DB.Exec(`INSERT INTO settings (key, value) VALUES ('admin_password', ?) ON CONFLICT(key) DO UPDATE SET value = excluded.value`, string(hashed))
if err != nil {
c.JSON(http.StatusInternalServerError, gin.H{"error": "保存密码失败"})
return
}
h.Cfg.AdminPass = string(hashed)
// 记录密码修改日志
var entityID int64 = 0
middleware.LogOperation("change_password", "user", &entityID, h.Cfg.AdminUser, "", "", c.ClientIP(), h.Cfg.AdminUser)
c.JSON(http.StatusOK, gin.H{"message": "密码修改成功"})
}
func checkPassword(plain, stored string) bool {
if stored == "" {
return plain == ""
}
// bcrypt hashes start with "$2a$", "$2b$", or "$2x$" and have a fixed format
if len(stored) > 4 && (stored[:4] == "$2a$" || stored[:4] == "$2b$" || stored[:4] == "$2x$") {
return bcrypt.CompareHashAndPassword([]byte(stored), []byte(plain)) == nil
}
return plain == stored
}
Reference in New Issue View Git Blame Copy Permalink