package server import ( "context" "fmt" "net/http" "git.javil.eu/jacob1123/budgeteer" "git.javil.eu/jacob1123/budgeteer/postgres" "github.com/gin-gonic/gin" "github.com/google/uuid" ) func (h *Handler) verifyLogin(c *gin.Context) (budgeteer.Token, error) { tokenString := c.GetHeader("Authorization") if len(tokenString) < 8 { return nil, fmt.Errorf("no authorization header supplied") } tokenString = tokenString[7:] token, err := h.TokenVerifier.VerifyToken(tokenString) if err != nil { return nil, fmt.Errorf("verify token '%s': %w", tokenString, err) } return token, nil } func (h *Handler) verifyLoginWithForbidden(c *gin.Context) { token, err := h.verifyLogin(c) if err != nil { //c.Header("WWW-Authenticate", "Bearer") c.AbortWithError(http.StatusForbidden, err) return } c.Set("token", token) c.Next() } func (h *Handler) verifyLoginWithRedirect(c *gin.Context) { token, err := h.verifyLogin(c) if err != nil { c.Redirect(http.StatusTemporaryRedirect, "/login") c.Abort() return } c.Set("token", token) c.Next() } type loginInformation struct { Password string `json:"password"` User string `json:"user"` } func (h *Handler) loginPost(c *gin.Context) { var login loginInformation err := c.BindJSON(&login) if err != nil { return } user, err := h.Service.GetUserByUsername(c.Request.Context(), login.User) if err != nil { c.AbortWithError(http.StatusUnauthorized, err) return } if err = h.CredentialsVerifier.Verify(login.Password, user.Password); err != nil { c.AbortWithError(http.StatusUnauthorized, err) return } token, err := h.TokenVerifier.CreateToken(&user) if err != nil { c.AbortWithError(http.StatusUnauthorized, err) } go h.UpdateLastLogin(user.ID) budgets, err := h.Service.GetBudgetsForUser(c.Request.Context(), user.ID) if err != nil { return } c.JSON(http.StatusOK, LoginResponse{token, user, budgets}) } type LoginResponse struct { Token string User postgres.User Budgets []postgres.Budget } type registerInformation struct { Password string `json:"password"` Email string `json:"email"` Name string `json:"name"` } func (h *Handler) registerPost(c *gin.Context) { var register registerInformation err := c.BindJSON(®ister) if err != nil { c.AbortWithError(http.StatusBadRequest, fmt.Errorf("parse body: %w", err)) return } if register.Email == "" || register.Password == "" || register.Name == "" { c.AbortWithError(http.StatusBadRequest, fmt.Errorf("e-mail, password and name are required")) return } _, err = h.Service.GetUserByUsername(c.Request.Context(), register.Email) if err == nil { c.AbortWithError(http.StatusBadRequest, fmt.Errorf("email is already taken")) return } hash, err := h.CredentialsVerifier.Hash(register.Password) if err != nil { c.AbortWithError(http.StatusBadRequest, err) return } createUser := postgres.CreateUserParams{ Name: register.Name, Password: hash, Email: register.Email, } user, err := h.Service.CreateUser(c.Request.Context(), createUser) if err != nil { c.AbortWithError(http.StatusInternalServerError, err) } token, err := h.TokenVerifier.CreateToken(&user) if err != nil { c.AbortWithError(http.StatusUnauthorized, err) } go h.UpdateLastLogin(user.ID) budgets, err := h.Service.GetBudgetsForUser(c.Request.Context(), user.ID) if err != nil { return } c.JSON(http.StatusOK, LoginResponse{token, user, budgets}) } func (h *Handler) UpdateLastLogin(userID uuid.UUID) { _, err := h.Service.UpdateLastLogin(context.Background(), userID) if err != nil { fmt.Printf("Error updating last login: %s", err) } }