package main import ( "golang.org/x/crypto/bcrypt" "net/http" "time" ) func commenterNew(email string, name string, link string, photo string, provider string, password string) (string, error) { if email == "" || name == "" || link == "" || photo == "" || provider == "" { return "", errorMissingField } if provider == "commento" && password == "" { return "", errorMissingField } if _, err := commenterGetByEmail(provider, email); err == nil { return "", errorEmailAlreadyExists } commenterHex, err := randomHex(32) if err != nil { return "", errorInternal } passwordHash := []byte{} if (password != "") { passwordHash, err = bcrypt.GenerateFromPassword([]byte(password), bcrypt.DefaultCost) if err != nil { logger.Errorf("cannot generate hash from password: %v\n", err) return "", errorInternal } } statement := ` INSERT INTO commenters (commenterHex, email, name, link, photo, provider, passwordHash, joinDate) VALUES ($1, $2, $3, $4, $5, $6, $7, $8 ); ` _, err = db.Exec(statement, commenterHex, email, name, link, photo, provider, string(passwordHash), time.Now().UTC()) if err != nil { logger.Errorf("cannot insert commenter: %v", err) return "", errorInternal } return commenterHex, nil } func commenterNewHandler(w http.ResponseWriter, r *http.Request) { type request struct { Email *string `json:"email"` Name *string `json:"name"` Website *string `json:"website"` Password *string `json:"password"` } var x request if err := unmarshalBody(r, &x); err != nil { writeBody(w, response{"success": false, "message": err.Error()}) return } // TODO: add gravatar? // TODO: email confirmation if provider = commento? // TODO: email confirmation if provider = commento? if _, err := commenterNew(*x.Email, *x.Name, *x.Website, "undefined", "commento", *x.Password); err != nil { writeBody(w, response{"success": false, "message": err.Error()}) return } writeBody(w, response{"success": true, "confirmEmail": smtpConfigured}) }