added (untested) auth mechanism

author: Vidhu Kant Sharma <vidhukant@vidhukant.xyz> 2022-12-04 18:04:57 +0530
committer: Vidhu Kant Sharma <vidhukant@vidhukant.xyz> 2022-12-04 18:04:57 +0530
commit: a6737e7f233c43c8222faabca991d8c666837c05 (patch)
tree: c00c46ab331f8963b78817776b0d135f513097ba /auth/password_middleware.go
parent: 11bc12b1f12ed794f0a53a3b0d539a16dc8bd04a (diff)
1 files changed, 73 insertions, 0 deletions
diff --git a/auth/password_middleware.go b/auth/password_middleware.go
new file mode 100644
index 0000000..3fda389
--- /dev/null
+++ b/auth/password_middleware.go
@@ -0,0 +1,73 @@
+/* OpenBills-server - Server for libre billing software OpenBills-web
+ * Copyright (C) 2022  Vidhu Kant Sharma <vidhukant@vidhukant.xyz>
+
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <https://www.gnu.org/licenses/>.
+ */
+
+package auth
+
+import (
+	"github.com/gin-gonic/gin"
+	"net/http"
+	"log"
+	"context"
+	"golang.org/x/crypto/bcrypt"
+	"github.com/MikunoNaka/OpenBills-server/user"
+	"go.mongodb.org/mongo-driver/bson"
+	"go.mongodb.org/mongo-driver/mongo"
+)
+
+func checkPassword() gin.HandlerFunc {
+	return func(ctx *gin.Context) {
+		var u user.User
+	    ctx.BindJSON(&u)
+
+		filter := bson.M{
+			"$or": []bson.M{
+			    // u.UserName in this case can be either username or email
+				{"Email": u.UserName},
+				{"UserName": u.UserName},
+			},
+		}
+
+		// check if the user exists in DB
+		var user user.User
+		err := db.FindOne(context.TODO(), filter).Decode(&user)
+		if err != nil {
+			if err == mongo.ErrNoDocuments {
+				ctx.JSON(http.StatusNotFound, gin.H{"error": "user does not exist"})
+			} else {
+				log.Printf("Error while reading user from DB to check password: %v", err.Error())
+				ctx.JSON(http.StatusInternalServerError, gin.H{"error": "internal server error"})
+			}
+			ctx.Abort()
+		} else {
+		  // compare hash and password
+		  err = bcrypt.CompareHashAndPassword([]byte(user.Password), []byte(u.Password))
+		  if err != nil {
+		  	if err == bcrypt.ErrMismatchedHashAndPassword {
+		  	    ctx.JSON(http.StatusUnauthorized, gin.H{"error": "incorrect password"})
+		  	} else {
+		  		log.Printf("Error while checking password: %v", err.Error())
+		  		ctx.JSON(http.StatusInternalServerError, gin.H{"error": "internal server error"})
+		  	}
+		  	ctx.Abort()
+		  }
+		}
+
+		// everything's fine!
+		ctx.Set("user", user)
+		ctx.Next()
+	}
+}
author	Vidhu Kant Sharma <vidhukant@vidhukant.xyz>	2022-12-04 18:04:57 +0530
committer	Vidhu Kant Sharma <vidhukant@vidhukant.xyz>	2022-12-04 18:04:57 +0530
commit	a6737e7f233c43c8222faabca991d8c666837c05 (patch)
tree	c00c46ab331f8963b78817776b0d135f513097ba /auth/password_middleware.go
parent	11bc12b1f12ed794f0a53a3b0d539a16dc8bd04a (diff)