add gorm chi middleware and fix up create and login functions

internal/api/api.go

@@ -1,6 +1,7 @@
 package api
 
 import (
+	"context"
 	"fmt"
 	"log"
 	"math/rand"
@@ -17,8 +18,18 @@ import (
 	"github.com/go-pkgz/auth/provider"
 	"github.com/go-pkgz/auth/token"
 	"golang.org/x/crypto/bcrypt"
+	"gorm.io/gorm"
 )
 
+func SetDBMiddleware(next http.Handler) http.Handler {
+	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		db := db.InitDb()
+		timeoutContext, _ := context.WithTimeout(context.Background(), time.Second)
+		ctx := context.WithValue(r.Context(), "DB", db.WithContext(timeoutContext))
+		next.ServeHTTP(w, r.WithContext(ctx))
+	})
+}
+
 // API handler
 func Api() (api *chi.Mux) {
 	options := auth.Opts{
@@ -37,15 +48,15 @@ func Api() (api *chi.Mux) {
 	}
 	service := auth.NewService(options)
 	service.AddDirectProvider("local", provider.CredCheckerFunc(func(user, password string) (ok bool, err error) {
-		ok, err = Login(user, password)
 		return ok, err
 	}))
 
 	m := service.Middleware()
 
 	api = chi.NewRouter()
-
-	api.Get("/create", NewUser)
+	api.Use(SetDBMiddleware)
+	api.With(SetDBMiddleware).Post("/create", NewUser)
+	api.With(SetDBMiddleware).Post("/login", Login)
 	api.Post("/check", Ingest)
 	api.With(m.Auth).Get("/private", AuthTest)
 	authRoutes, avaRoutes := service.Handlers()
@@ -72,6 +83,13 @@ func Ingest(w http.ResponseWriter, r *http.Request) {
 }
 
 func NewUser(w http.ResponseWriter, r *http.Request) {
+	db, ok := r.Context().Value("DB").(*gorm.DB)
+	if !ok {
+		http.Error(w, "internal server error", http.StatusInternalServerError)
+	}
+
+	var result internal.User
+
 	r.ParseForm()
 	username := r.Form.Get("username")
 	if username == "" {
@@ -79,31 +97,53 @@ func NewUser(w http.ResponseWriter, r *http.Request) {
 	}
 	password := r.Form.Get("password")
 	if password == "" {
-		password = "nigga" //testing purposes
+		http.Error(w, "No password entered", http.StatusInternalServerError)
 	}
+	db.Where("username = ?", username).First(&result)
+
+	if result.Username != "" {
+		http.Error(w, "User already exists", http.StatusInternalServerError)
+		return
+	}
+
 	hashedPassword, err := bcrypt.GenerateFromPassword([]byte(password), bcrypt.DefaultCost)
 	if err != nil {
-		panic(err)
+		http.Error(w, err.Error(), http.StatusInternalServerError)
 	}
-	db := db.InitDb()
+
 	db.Create(&internal.User{Username: username, HashedPassword: string(hashedPassword)})
 
 	w.Write([]byte(username))
-	w.Write([]byte("██████████"))
+	w.Write([]byte("\n"))
 	w.Write(hashedPassword)
+	w.WriteHeader(200)
 }
 
-func Login(username, password string) (bool, error) {
-	username = "user22457"
-	password = "nigga" //testing purposes
-
-	hashedpassword := "$2a$10$uISHvOh/1Thfri1sJQNVmeWHIbIo/V.OmcpQV7UyIoyOwKSnhODtC"
-
-	err := bcrypt.CompareHashAndPassword([]byte(hashedpassword), []byte(password))
-	if err != nil {
-		return false, err
+func Login(w http.ResponseWriter, r *http.Request) {
+	var result internal.User
+	r.ParseForm()
+	username := r.Form.Get("username")
+	if username == "" {
+		username = autoUname()
 	}
-	return true, err
+	password := r.Form.Get("password")
+	if password == "" {
+		http.Error(w, "No password provided", http.StatusInternalServerError) // this should prob be handled by the frontend
+	}
+
+	db, ok := r.Context().Value("DB").(*gorm.DB)
+	if !ok {
+		http.Error(w, "internal server error", http.StatusInternalServerError)
+		return
+	}
+
+	db.Model(internal.User{Username: username}).First(&result)
+	err := bcrypt.CompareHashAndPassword([]byte(result.HashedPassword), []byte(password))
+	if err != nil {
+		http.Error(w, err.Error(), http.StatusInternalServerError)
+		return
+	}
+	w.WriteHeader(208)
 }
 
 func autoUname() string {