后端
2. 重置密码
转向下一个 api。
put 到 /api/reset-password, req -> otp, email, 新密码, res -> nocontent
// controllers/passwordreset.go
func resetpassword(c *fiber.ctx) error {
type input struct {
otp string `json:"otp"`
email string `json:"email"`
newpassword string `json:"new_password"`
}
var input input
err := c.bodyparser(&input)
if err != nil {
return c.status(fiber.statusbadrequest).json(fiber.map{
"error": "invalid data",
})
}
// no input field should be empty
if input.otp == "" || input.email == "" || input.newpassword == "" {
return c.status(fiber.statusbadrequest).json(fiber.map{
"error": "invalid data",
})
}
// todo: check redis for otp and update password
return c.sendstatus(fiber.statusnocontent)
}
为其添加路线
// routes/routes.go
api.put("/reset-password", controllers.resetpassword)
现在我需要两个函数:
- 验证otp -> 输入 = otp、电子邮件;输出 = 错误(如果有)
- updatepassword -> 输入 = 电子邮件、密码;输出 = 错误(如果有)
// utils/passwordreset.go
func verifyotp(otp string, email string, c context.context) (error, bool) {
key := otpkeyprefix + email
// get the value for the key
value, err := config.redisclient.get(c, key).result()
if err != nil {
// the following states that the key was not found
if err == redis.nil {
return errors.new("otp expired / incorrect email"), false
}
// for other errors
return err, true
}
// compare received otp's hash with value in redis
err = bcrypt.comparehashandpassword([]byte(value), []byte(otp))
if err != nil {
return errors.new("incorrect otp"), false
}
// delete redis key to prevent abuse of otp
err = config.redisclient.del(c, key).err()
if err != nil {
return err, true
}
return nil, false
}
func updatepassword(email string, password string, c context.context) error {
users := config.db.collection("users")
// hash the password
hashedpassword, _ := bcrypt.generatefrompassword([]byte(password), 10)
// update the password
update := bson.m{
"$set": bson.m{
"password": hashedpassword,
},
}
_, err := users.updatebyid(c, email, update)
if err != nil {
return err
}
return nil
}
现在我需要将它们放在控制器中。我使用verifyotp函数中的bool来表示错误是内部错误还是由于输入引起的。
// controllers/passwordreset.go
func resetpassword(c *fiber.ctx) error {
type input struct {
otp string `json:"otp"`
email string `json:"email"`
newpassword string `json:"new_password"`
}
var input input
err := c.bodyparser(&input)
if err != nil {
return c.status(fiber.statusbadrequest).json(fiber.map{
"error": "invalid data",
})
}
// no input field should be empty
if input.otp == "" || input.email == "" || input.newpassword == "" {
return c.status(fiber.statusbadrequest).json(fiber.map{
"error": "invalid data",
})
}
// check redis for otp
err, isinternalerr := utils.verifyotp(input.otp, input.email, c.context())
if err != nil {
var code int
if isinternalerr {
code = fiber.statusinternalservererror
} else {
code = fiber.statusunauthorized
}
return c.status(code).json(fiber.map{
"error": err.error(),
})
}
err = utils.updatepassword(input.email, input.newpassword, c.context())
if err != nil {
return c.status(fiber.statusinternalservererror).json(fiber.map{
"error": err.error(),
})
}
return c.sendstatus(fiber.statusnocontent)
}
api现已构建完成,可以使用以下curl命令进行测试
curl --location --request PUT 'localhost:3000/api/reset-password' \
--header 'Content-Type: application/json' \
--data-raw '{
"email": "yashjaiswal.cse@gmail.com",
"new_password": "tester123",
"otp": "DM4RDNF07B"
}'
下一部分,我将从前端开始
