jacob1123/budgeteer
1
1
Fork 0
Code Issues 12 Pull Requests 1 Packages Releases 1 Wiki Activity
budgeteer/server/session.go

158 lines
3.6 KiB
Go
Raw Blame History

package server
import (
"context"
"fmt"
"net/http"
"git.javil.eu/jacob1123/budgeteer"
"git.javil.eu/jacob1123/budgeteer/postgres"
"github.com/gin-gonic/gin"
"github.com/google/uuid"
"github.com/labstack/echo/v4"
)
const (
HeaderName = "Authorization"
Bearer = "Bearer "
ParamName = "token"
)
func MustGetToken(c *gin.Context) budgeteer.Token { //nolint:ireturn
token := c.MustGet(ParamName)
if token, ok := token.(budgeteer.Token); ok {
return token
}
panic("Token is not a valid Token")
}
func (h *Handler) verifyLogin(c echo.Context) (budgeteer.Token, *ErrorResponse) { //nolint:ireturn
tokenString := c.Request().Header.Get(HeaderName)
if len(tokenString) <= len(Bearer) {
return nil, &ErrorResponse{"no authorization header supplied"}
}
tokenString = tokenString[7:]
token, err := h.TokenVerifier.VerifyToken(tokenString)
if err != nil {
return nil, &ErrorResponse{fmt.Sprintf("verify token '%s': %s", tokenString, err)}
}
return token, nil
}
func (h *Handler) verifyLoginWithForbidden(next echo.HandlerFunc) echo.HandlerFunc {
return func(c echo.Context) error {
token, err := h.verifyLogin(c)
if err != nil {
// c.Header("WWW-Authenticate", "Bearer")
return echo.NewHTTPError(http.StatusForbidden, err)
}
c.Set(ParamName, token)
return next(c)
}
}
type loginInformation struct {
Password string `json:"password"`
User string `json:"user"`
}
func (h *Handler) loginPost(c echo.Context) error {
var login loginInformation
err := c.Bind(&login)
if err != nil {
return err
}
user, err := h.Service.GetUserByUsername(c.Request().Context(), login.User)
if err != nil {
return err
}
if err = h.CredentialsVerifier.Verify(login.Password, user.Password); err != nil {
return err
}
token, err := h.TokenVerifier.CreateToken(&user)
if err != nil {
return err
}
go h.UpdateLastLogin(user.ID)
budgets, err := h.Service.GetBudgetsForUser(c.Request().Context(), user.ID)
if err != nil {
return err
}
return c.JSON(http.StatusOK, LoginResponse{token, user, budgets})
}
type LoginResponse struct {
Token string
User postgres.User
Budgets []postgres.Budget
}
type registerInformation struct {
Password string `json:"password"`
Email string `json:"email"`
Name string `json:"name"`
}
func (h *Handler) registerPost(c echo.Context) error {
var register registerInformation
err := c.Bind(&register)
if err != nil {
return echo.NewHTTPError(http.StatusBadRequest, ErrorResponse{"error parsing body"})
}
if register.Email == "" || register.Password == "" || register.Name == "" {
return echo.NewHTTPError(http.StatusBadRequest, ErrorResponse{"e-mail, password and name are required"})
}
_, err = h.Service.GetUserByUsername(c.Request().Context(), register.Email)
if err == nil {
return echo.NewHTTPError(http.StatusBadRequest, ErrorResponse{"email is already taken"})
}
hash, err := h.CredentialsVerifier.Hash(register.Password)
if err != nil {
return err
}
createUser := postgres.CreateUserParams{
Name: register.Name,
Password: hash,
Email: register.Email,
}
user, err := h.Service.CreateUser(c.Request().Context(), createUser)
if err != nil {
return err
}
token, err := h.TokenVerifier.CreateToken(&user)
if err != nil {
return err
}
go h.UpdateLastLogin(user.ID)
budgets, err := h.Service.GetBudgetsForUser(c.Request().Context(), user.ID)
if err != nil {
return err
}
return c.JSON(http.StatusOK, LoginResponse{token, user, budgets})
}
func (h *Handler) UpdateLastLogin(userID uuid.UUID) {
_, err := h.Service.UpdateLastLogin(context.Background(), userID)
if err != nil {
fmt.Printf("Error updating last login: %s", err)
}
}
Reference in New Issue View Git Blame Copy Permalink