6f507b319e
- Merge PVE (Proxmox VE) virtual machine management from remote - PVE host CRUD API - VM status query / start / stop operations - PVE database tables and models - Frontend VM status display and control buttons - SPA routing fix for nested asset paths - Keep local features: - Change password functionality - Log cleanup service - Docker containerization (Dockerfile + docker-compose) - Empty machine ping log spam fix - settings table for admin password storage - Update machines handlers to support PVE fields - Update frontend API client with PVE endpoints
100 lines
2.9 KiB
Go
100 lines
2.9 KiB
Go
package handlers
|
|
|
|
import (
|
|
"net/http"
|
|
|
|
"github.com/gin-contrib/sessions"
|
|
"github.com/gin-gonic/gin"
|
|
"golang.org/x/crypto/bcrypt"
|
|
"lan-manager/server/config"
|
|
"lan-manager/server/db"
|
|
"lan-manager/server/middleware"
|
|
"lan-manager/server/models"
|
|
)
|
|
|
|
type AuthHandler struct {
|
|
Cfg *config.Config
|
|
}
|
|
|
|
func NewAuthHandler(cfg *config.Config) *AuthHandler {
|
|
return &AuthHandler{Cfg: cfg}
|
|
}
|
|
|
|
func (h *AuthHandler) Login(c *gin.Context) {
|
|
var req models.LoginRequest
|
|
if err := c.ShouldBindJSON(&req); err != nil {
|
|
c.JSON(http.StatusBadRequest, gin.H{"error": err.Error()})
|
|
return
|
|
}
|
|
if req.Username != h.Cfg.AdminUser {
|
|
c.JSON(http.StatusUnauthorized, gin.H{"error": "invalid credentials"})
|
|
return
|
|
}
|
|
if !checkPassword(req.Password, h.Cfg.AdminPass) {
|
|
c.JSON(http.StatusUnauthorized, gin.H{"error": "invalid credentials"})
|
|
return
|
|
}
|
|
session := sessions.Default(c)
|
|
session.Set(middleware.AdminSessionKey, req.Username)
|
|
if err := session.Save(); err != nil {
|
|
c.JSON(http.StatusInternalServerError, gin.H{"error": err.Error()})
|
|
return
|
|
}
|
|
c.JSON(http.StatusOK, gin.H{"username": req.Username, "is_admin": true})
|
|
}
|
|
|
|
func (h *AuthHandler) Logout(c *gin.Context) {
|
|
session := sessions.Default(c)
|
|
session.Delete(middleware.AdminSessionKey)
|
|
_ = session.Save()
|
|
c.JSON(http.StatusOK, gin.H{"message": "logged out"})
|
|
}
|
|
|
|
func (h *AuthHandler) Me(c *gin.Context) {
|
|
session := sessions.Default(c)
|
|
user := session.Get(middleware.AdminSessionKey)
|
|
if user == nil {
|
|
c.JSON(http.StatusOK, gin.H{"is_admin": false, "ui_refresh_interval": h.Cfg.UIRefreshInterval})
|
|
return
|
|
}
|
|
c.JSON(http.StatusOK, gin.H{"is_admin": true, "username": user.(string), "ui_refresh_interval": h.Cfg.UIRefreshInterval})
|
|
}
|
|
|
|
func (h *AuthHandler) ChangePassword(c *gin.Context) {
|
|
var req models.ChangePasswordRequest
|
|
if err := c.ShouldBindJSON(&req); err != nil {
|
|
c.JSON(http.StatusBadRequest, gin.H{"error": err.Error()})
|
|
return
|
|
}
|
|
if !checkPassword(req.OldPassword, h.Cfg.AdminPass) {
|
|
c.JSON(http.StatusUnauthorized, gin.H{"error": "旧密码错误"})
|
|
return
|
|
}
|
|
|
|
hashed, err := bcrypt.GenerateFromPassword([]byte(req.NewPassword), bcrypt.DefaultCost)
|
|
if err != nil {
|
|
c.JSON(http.StatusInternalServerError, gin.H{"error": "密码加密失败"})
|
|
return
|
|
}
|
|
|
|
_, err = db.DB.Exec(`INSERT INTO settings (key, value) VALUES ('admin_password', ?) ON CONFLICT(key) DO UPDATE SET value = excluded.value`, string(hashed))
|
|
if err != nil {
|
|
c.JSON(http.StatusInternalServerError, gin.H{"error": "保存密码失败"})
|
|
return
|
|
}
|
|
|
|
h.Cfg.AdminPass = string(hashed)
|
|
c.JSON(http.StatusOK, gin.H{"message": "密码修改成功"})
|
|
}
|
|
|
|
func checkPassword(plain, stored string) bool {
|
|
if stored == "" {
|
|
return plain == ""
|
|
}
|
|
// bcrypt hashes start with "$2a$", "$2b$", or "$2x$" and have a fixed format
|
|
if len(stored) > 4 && (stored[:4] == "$2a$" || stored[:4] == "$2b$" || stored[:4] == "$2x$") {
|
|
return bcrypt.CompareHashAndPassword([]byte(stored), []byte(plain)) == nil
|
|
}
|
|
return plain == stored
|
|
}
|