fix: check input for user model

songquanpeng · Nov 25, 2022 · 289d154 · 289d154
1 parent fb85e75
commit 289d154
Show file tree

Hide file tree

Showing 4 changed files with 82 additions and 17 deletions.
diff --git a/controller/github.go b/controller/github.go
@@ -105,7 +105,14 @@ func GitHubOAuth(c *gin.Context) {
 		GitHubId: githubUser.Login,
 	}
 	if model.IsGitHubIdAlreadyTaken(user.GitHubId) {
-		user.FillUserByGitHubId()
+		err := user.FillUserByGitHubId()
+		if err != nil {
+			c.JSON(http.StatusOK, gin.H{
+				"success": false,
+				"message": err.Error(),
+			})
+			return
+		}
 	} else {
 		if common.RegisterEnabled {
 			user.Username = "github_" + strconv.Itoa(model.GetMaxUserId()+1)
@@ -171,7 +178,14 @@ func GitHubBind(c *gin.Context) {
 	id := session.Get("id")
 	// id := c.GetInt("id")  // critical bug!
 	user.Id = id.(int)
-	user.FillUserById()
+	err = user.FillUserById()
+	if err != nil {
+		c.JSON(http.StatusOK, gin.H{
+			"success": false,
+			"message": err.Error(),
+		})
+		return
+	}
 	user.GitHubId = githubUser.Login
 	err = user.Update(false)
 	if err != nil {

diff --git a/controller/user.go b/controller/user.go
@@ -593,10 +593,17 @@ func EmailBind(c *gin.Context) {
 	user := model.User{
 		Id: id,
 	}
-	user.FillUserById()
+	err := user.FillUserById()
+	if err != nil {
+		c.JSON(http.StatusOK, gin.H{
+			"success": false,
+			"message": err.Error(),
+		})
+		return
+	}
 	user.Email = email
 	// no need to check if this email already taken, because we have used verification code to check it
-	err := user.Update(false)
+	err = user.Update(false)
 	if err != nil {
 		c.JSON(http.StatusOK, gin.H{
 			"success": false,

diff --git a/controller/wechat.go b/controller/wechat.go
@@ -70,7 +70,14 @@ func WeChatAuth(c *gin.Context) {
 		WeChatId: wechatId,
 	}
 	if model.IsWeChatIdAlreadyTaken(wechatId) {
-		user.FillUserByWeChatId()
+		err := user.FillUserByWeChatId()
+		if err != nil {
+			c.JSON(http.StatusOK, gin.H{
+				"success": false,
+				"message": err.Error(),
+			})
+			return
+		}
 	} else {
 		if common.RegisterEnabled {
 			user.Username = "wechat_" + strconv.Itoa(model.GetMaxUserId()+1)
@@ -132,7 +139,14 @@ func WeChatBind(c *gin.Context) {
 	user := model.User{
 		Id: id,
 	}
-	user.FillUserById()
+	err = user.FillUserById()
+	if err != nil {
+		c.JSON(http.StatusOK, gin.H{
+			"success": false,
+			"message": err.Error(),
+		})
+		return
+	}
 	user.WeChatId = wechatId
 	err = user.Update(false)
 	if err != nil {

diff --git a/model/user.go b/model/user.go
@@ -39,6 +39,9 @@ func SearchUsers(keyword string) (users []*User, err error) {
 }
 
 func GetUserById(id int, selectAll bool) (*User, error) {
+	if id == 0 {
+		return nil, errors.New("id 为空！")
+	}
 	user := User{Id: id}
 	var err error = nil
 	if selectAll {
@@ -50,9 +53,11 @@ func GetUserById(id int, selectAll bool) (*User, error) {
 }
 
 func DeleteUserById(id int) (err error) {
+	if id == 0 {
+		return errors.New("id 为空！")
+	}
 	user := User{Id: id}
-	err = DB.Delete(&user).Error
-	return err
+	return user.Delete()
 }
 
 func (user *User) Insert() error {
@@ -80,8 +85,10 @@ func (user *User) Update(updatePassword bool) error {
 }
 
 func (user *User) Delete() error {
-	var err error
-	err = DB.Delete(user).Error
+	if user.Id == 0 {
+		return errors.New("id 为空！")
+	}
+	err := DB.Delete(user).Error
 	return err
 }
 
@@ -91,8 +98,8 @@ func (user *User) ValidateAndFill() (err error) {
 	// that means if your field’s value is 0, '', false or other zero values,
 	// it won’t be used to build query conditions
 	password := user.Password
-	if password == "" {
-		return errors.New("密码为空")
+	if user.Username == "" || password == "" {
+		return errors.New("用户名或密码为空")
 	}
 	DB.Where(User{Username: user.Username}).First(user)
 	okay := common.ValidatePasswordAndHash(password, user.Password)
@@ -102,24 +109,44 @@ func (user *User) ValidateAndFill() (err error) {
 	return nil
 }
 
-func (user *User) FillUserById() {
+func (user *User) FillUserById() error {
+	if user.Id == 0 {
+		return errors.New("id 为空！")
+	}
 	DB.Where(User{Id: user.Id}).First(user)
+	return nil
 }
 
-func (user *User) FillUserByEmail() {
+func (user *User) FillUserByEmail() error {
+	if user.Email == "" {
+		return errors.New("email 为空！")
+	}
 	DB.Where(User{Email: user.Email}).First(user)
+	return nil
 }
 
-func (user *User) FillUserByGitHubId() {
+func (user *User) FillUserByGitHubId() error {
+	if user.GitHubId == "" {
+		return errors.New("GitHub id 为空！")
+	}
 	DB.Where(User{GitHubId: user.GitHubId}).First(user)
+	return nil
 }
 
-func (user *User) FillUserByWeChatId() {
+func (user *User) FillUserByWeChatId() error {
+	if user.WeChatId == "" {
+		return errors.New("WeChat id 为空！")
+	}
 	DB.Where(User{WeChatId: user.WeChatId}).First(user)
+	return nil
 }
 
-func (user *User) FillUserByUsername() {
+func (user *User) FillUserByUsername() error {
+	if user.Username == "" {
+		return errors.New("username 为空！")
+	}
 	DB.Where(User{Username: user.Username}).First(user)
+	return nil
 }
 
 func ValidateUserToken(token string) (user *User) {
@@ -151,6 +178,9 @@ func IsUsernameAlreadyTaken(username string) bool {
 }
 
 func ResetUserPasswordByEmail(email string, password string) error {
+	if email == "" || password == "" {
+		return errors.New("邮箱地址或密码为空！")
+	}
 	hashedPassword, err := common.Password2Hash(password)
 	if err != nil {
 		return err