From e4236f235f8d0b6676d14fbb7183e3c0bda6ab1d Mon Sep 17 00:00:00 2001 From: grumbulon Date: Fri, 30 Dec 2022 19:47:47 -0500 Subject: [PATCH] add gorm chi middleware and fix up create and login functions --- internal/api/api.go | 74 ++++++++++++++++++++++++++++++++++----------- 1 file changed, 57 insertions(+), 17 deletions(-) diff --git a/internal/api/api.go b/internal/api/api.go index a25f5c5..3eb1fa3 100644 --- a/internal/api/api.go +++ b/internal/api/api.go @@ -1,6 +1,7 @@ package api import ( + "context" "fmt" "log" "math/rand" @@ -17,8 +18,18 @@ import ( "github.com/go-pkgz/auth/provider" "github.com/go-pkgz/auth/token" "golang.org/x/crypto/bcrypt" + "gorm.io/gorm" ) +func SetDBMiddleware(next http.Handler) http.Handler { + return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { + db := db.InitDb() + timeoutContext, _ := context.WithTimeout(context.Background(), time.Second) + ctx := context.WithValue(r.Context(), "DB", db.WithContext(timeoutContext)) + next.ServeHTTP(w, r.WithContext(ctx)) + }) +} + // API handler func Api() (api *chi.Mux) { options := auth.Opts{ @@ -37,15 +48,15 @@ func Api() (api *chi.Mux) { } service := auth.NewService(options) service.AddDirectProvider("local", provider.CredCheckerFunc(func(user, password string) (ok bool, err error) { - ok, err = Login(user, password) return ok, err })) m := service.Middleware() api = chi.NewRouter() - - api.Get("/create", NewUser) + api.Use(SetDBMiddleware) + api.With(SetDBMiddleware).Post("/create", NewUser) + api.With(SetDBMiddleware).Post("/login", Login) api.Post("/check", Ingest) api.With(m.Auth).Get("/private", AuthTest) authRoutes, avaRoutes := service.Handlers() @@ -72,6 +83,13 @@ func Ingest(w http.ResponseWriter, r *http.Request) { } func NewUser(w http.ResponseWriter, r *http.Request) { + db, ok := r.Context().Value("DB").(*gorm.DB) + if !ok { + http.Error(w, "internal server error", http.StatusInternalServerError) + } + + var result internal.User + r.ParseForm() username := r.Form.Get("username") if username == "" { @@ -79,31 +97,53 @@ func NewUser(w http.ResponseWriter, r *http.Request) { } password := r.Form.Get("password") if password == "" { - password = "nigga" //testing purposes + http.Error(w, "No password entered", http.StatusInternalServerError) } + db.Where("username = ?", username).First(&result) + + if result.Username != "" { + http.Error(w, "User already exists", http.StatusInternalServerError) + return + } + hashedPassword, err := bcrypt.GenerateFromPassword([]byte(password), bcrypt.DefaultCost) if err != nil { - panic(err) + http.Error(w, err.Error(), http.StatusInternalServerError) } - db := db.InitDb() + db.Create(&internal.User{Username: username, HashedPassword: string(hashedPassword)}) w.Write([]byte(username)) - w.Write([]byte("██████████")) + w.Write([]byte("\n")) w.Write(hashedPassword) + w.WriteHeader(200) } -func Login(username, password string) (bool, error) { - username = "user22457" - password = "nigga" //testing purposes - - hashedpassword := "$2a$10$uISHvOh/1Thfri1sJQNVmeWHIbIo/V.OmcpQV7UyIoyOwKSnhODtC" - - err := bcrypt.CompareHashAndPassword([]byte(hashedpassword), []byte(password)) - if err != nil { - return false, err +func Login(w http.ResponseWriter, r *http.Request) { + var result internal.User + r.ParseForm() + username := r.Form.Get("username") + if username == "" { + username = autoUname() } - return true, err + password := r.Form.Get("password") + if password == "" { + http.Error(w, "No password provided", http.StatusInternalServerError) // this should prob be handled by the frontend + } + + db, ok := r.Context().Value("DB").(*gorm.DB) + if !ok { + http.Error(w, "internal server error", http.StatusInternalServerError) + return + } + + db.Model(internal.User{Username: username}).First(&result) + err := bcrypt.CompareHashAndPassword([]byte(result.HashedPassword), []byte(password)) + if err != nil { + http.Error(w, err.Error(), http.StatusInternalServerError) + return + } + w.WriteHeader(208) } func autoUname() string {