login 时,用户不存在的逻辑在哪里
使用 admin/teamsacs 登录时,发现无法登录,提示用户不存在。
于是查看了一下登录的处理逻辑:
// 登录提交
webserver.POST("/login", func(c echo.Context) error {
username := c.FormValue("username")
password := c.FormValue("password")
if username == "" || password == "" {
return c.Redirect(http.StatusMovedPermanently, "/login?errmsg=Username and password cannot be empty")
}
var user models.SysOpr
err := app.GDB().Where("username=?", username).First(&user).Error
if err != nil {
return c.Redirect(http.StatusMovedPermanently, "/login?errmsg=User does not exist")
}
if common.Sha256HashWithSalt(password, common.SecretSalt) != user.Password {
return c.Redirect(http.StatusMovedPermanently, "/login?errmsg=wrong password")
}
猜测原因大概率是没有创建默认用户导致的。从 postgres 数据库中看了一下,确实没有 admin 这个用户。
同时可以看到倒数第三行是一个对密码加密的操作,可以借此推测创建默认账号时也需要用到。
goacs $ grep Sha256HashWithSalt -r .
./app/initdb.go: Password: common.Sha256HashWithSalt("teamsacs", common.SecretSalt),
./common/common.go:func Sha256HashWithSalt(src string, salt string) string {
./controllers/index/index.go: if common.Sha256HashWithSalt(password, common.SecretSalt) != user.Password {
./controllers/index/index.go: if common.Sha256HashWithSalt(form.Password, common.SecretSalt) != user.Password {
./controllers/opr/opr.go: form.Password = common.Sha256HashWithSalt(form.Password, common.SecretSalt)
./controllers/opr/opr.go: form.Password = common.Sha256HashWithSalt(form.Password, common.SecretSalt)
./controllers/opr/opr.go: if common.Sha256HashWithSalt(oldpassword, common.SecretSalt) != cuser.Password {
./controllers/opr/opr.go: newPasswdEnc := common.Sha256HashWithSalt(password, common.SecretSalt)
Binary file ./teamsacs matches
goacs $
终于定位到问题了。
app.InitGlobalApplication(_config)
//app.GApp().MigrateDB(false)
app.GApp().MigrateDB(true)
原来是执行顺序有问题,应该是先 migrage 再创建默认 admin。
其他问题:
Error starting TLS management port
[2023-04-17T19:57:27+08:00] ERROR webserver/server.go:154 Error starting TLS management port open /var/teamsacs/private/teamsacs.tls.crt: no such file or directory
teamsacs.tls.crt
tls.key tls.crt generate
https://www.linode.com/docs/guides/create-a-self-signed-tls-certificate
生成 Key
sudo openssl req -new -newkey rsa:4096 -x509 -sha256 -days 365 -nodes -out /var/teamsacs/private/teamsacs.tls.crt -keyout /var/teamsacs/private/teamsacs.tls.key
没有配置文件时,设置登录账号和密码
alter user teamsacs with encrypted password 'teamsacs';
[2023-04-17T20:19:38+08:00] INFO gorm@v1.24.3/finisher_api.go:538 /mnt/d/work/goacs/app/app.go:124 failed to connect to `host=127.0.0.1 user=postgres database=teamsacs_v1`: server error (FATAL: password authentication failed for user "postgres" (SQLSTATE 28P01))
[37.577ms] [rows:-] SELECT count(*) FROM information_schema.tables WHERE table_schema = CURRENT_SCHEMA() AND table_name = 'sys_config' AND table_type = 'BASE TABLE'
[2023-04-17T20:19:38+08:00] INFO gorm@v1.24.3/callbacks.go:134 /mnt/d/work/goacs/app/app.go:124 failed to connect to `host=127.0.0.1 user=postgres database=teamsacs_v1`: server error (FATAL: password authentication failed for user "postgres" (SQLSTATE 28P01))
[36.100ms] [rows:0] CREATE TABLE "sys_config" ("id" bigserial,"sort" bigint,"type" text,"name" text,"value" text,"remark" text,"created_at" timestamptz,"updated_at" timestamptz,PRIMARY KEY ("id"))