package server import ( "context" "fmt" "net/http" "git.javil.eu/jacob1123/budgeteer" "git.javil.eu/jacob1123/budgeteer/postgres" "github.com/gin-gonic/gin" "github.com/google/uuid" ) const ( HeaderName = "Authorization" Bearer = "Bearer " ParamName = "token" ) func MustGetToken(c *gin.Context) budgeteer.Token { //nolint:ireturn token := c.MustGet(ParamName) if token, ok := token.(budgeteer.Token); ok { return token } panic("Token is not a valid Token") } func (h *Handler) verifyLogin(c *gin.Context) (budgeteer.Token, *ErrorResponse) { //nolint:ireturn tokenString := c.GetHeader(HeaderName) if len(tokenString) <= len(Bearer) { return nil, &ErrorResponse{"no authorization header supplied"} } tokenString = tokenString[7:] token, err := h.TokenVerifier.VerifyToken(tokenString) if err != nil { return nil, &ErrorResponse{fmt.Sprintf("verify token '%s': %s", tokenString, err)} } return token, nil } func (h *Handler) verifyLoginWithForbidden(c *gin.Context) { token, err := h.verifyLogin(c) if err != nil { // c.Header("WWW-Authenticate", "Bearer") c.AbortWithStatusJSON(http.StatusForbidden, err) return } c.Set(ParamName, token) c.Next() } type loginInformation struct { Password string `json:"password"` User string `json:"user"` } func (h *Handler) loginPost(c *gin.Context) { var login loginInformation err := c.BindJSON(&login) if err != nil { return } user, err := h.Service.GetUserByUsername(c.Request.Context(), login.User) if err != nil { c.AbortWithError(http.StatusUnauthorized, err) return } if err = h.CredentialsVerifier.Verify(login.Password, user.Password); err != nil { c.AbortWithError(http.StatusUnauthorized, err) return } token, err := h.TokenVerifier.CreateToken(&user) if err != nil { c.AbortWithError(http.StatusUnauthorized, err) } go h.UpdateLastLogin(user.ID) budgets, err := h.Service.GetBudgetsForUser(c.Request.Context(), user.ID) if err != nil { return } c.JSON(http.StatusOK, LoginResponse{token, user, budgets}) } type LoginResponse struct { Token string User postgres.User Budgets []postgres.Budget } type registerInformation struct { Password string `json:"password"` Email string `json:"email"` Name string `json:"name"` } func (h *Handler) registerPost(c *gin.Context) { var register registerInformation err := c.BindJSON(®ister) if err != nil { c.AbortWithStatusJSON(http.StatusBadRequest, ErrorResponse{"error parsing body"}) return } if register.Email == "" || register.Password == "" || register.Name == "" { c.AbortWithStatusJSON(http.StatusBadRequest, ErrorResponse{"e-mail, password and name are required"}) return } _, err = h.Service.GetUserByUsername(c.Request.Context(), register.Email) if err == nil { c.AbortWithStatusJSON(http.StatusBadRequest, ErrorResponse{"email is already taken"}) return } hash, err := h.CredentialsVerifier.Hash(register.Password) if err != nil { c.AbortWithError(http.StatusBadRequest, err) return } createUser := postgres.CreateUserParams{ Name: register.Name, Password: hash, Email: register.Email, } user, err := h.Service.CreateUser(c.Request.Context(), createUser) if err != nil { c.AbortWithError(http.StatusInternalServerError, err) } token, err := h.TokenVerifier.CreateToken(&user) if err != nil { c.AbortWithError(http.StatusUnauthorized, err) } go h.UpdateLastLogin(user.ID) budgets, err := h.Service.GetBudgetsForUser(c.Request.Context(), user.ID) if err != nil { return } c.JSON(http.StatusOK, LoginResponse{token, user, budgets}) } func (h *Handler) UpdateLastLogin(userID uuid.UUID) { _, err := h.Service.UpdateLastLogin(context.Background(), userID) if err != nil { fmt.Printf("Error updating last login: %s", err) } }