summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--auth/auth.go48
-rw-r--r--user/db_actions.go5
-rw-r--r--user/router.go50
3 files changed, 62 insertions, 41 deletions
diff --git a/auth/auth.go b/auth/auth.go
index ae20d23..7d88787 100644
--- a/auth/auth.go
+++ b/auth/auth.go
@@ -20,13 +20,13 @@ package auth
import (
"github.com/gin-gonic/gin"
"context"
- "fmt"
"go.mongodb.org/mongo-driver/bson"
"go.mongodb.org/mongo-driver/mongo"
"github.com/MikunoNaka/OpenBills-server/database"
"github.com/MikunoNaka/OpenBills-server/user"
"net/http"
- //"golang.org/x/crypto/bcrypt"
+ "log"
+ "golang.org/x/crypto/bcrypt"
)
var db *mongo.Collection = database.DB.Collection("Users")
@@ -37,24 +37,50 @@ func checkPassword() gin.HandlerFunc {
ctx.BindJSON(&u)
filter := bson.M{
- "UserName": u.UserName,
- "$or": bson.M{"Email": u.Email},
+ "$or": []bson.M{
+ // u.UserName in this case can be either username or email
+ {"Email": u.UserName},
+ {"UserName": u.UserName},
+ },
}
- err := db.FindOne(context.TODO(), filter).Decode(&u)
+ // check if the user exists in DB
+ var user user.User
+ err := db.FindOne(context.TODO(), filter).Decode(&user)
if err != nil {
- panic(err)
+ if err == mongo.ErrNoDocuments {
+ ctx.JSON(http.StatusNotFound, gin.H{"error": "user does not exist"})
+ } else {
+ log.Printf("Error while reading user from DB to check password: %v", err.Error())
+ ctx.JSON(http.StatusInternalServerError, gin.H{"error": "internal server error"})
+ }
+ ctx.Abort()
}
- fmt.Println(u)
+
+ // compare hash and password
+ err = bcrypt.CompareHashAndPassword([]byte(user.Password), []byte(u.Password))
+ if err != nil {
+ if err == bcrypt.ErrMismatchedHashAndPassword {
+ ctx.JSON(http.StatusUnauthorized, gin.H{"error": "incorrect password"})
+ } else {
+ log.Printf("Error while checking password: %v", err.Error())
+ ctx.JSON(http.StatusInternalServerError, gin.H{"error": "internal server error"})
+ }
+ ctx.Abort()
+ }
+
+ // everything's fine!
+ ctx.Set("user", user)
+ ctx.Next()
}
}
func Routes(route *gin.Engine) {
- u := route.Group("/auth")
+ r := route.Group("/auth")
{
- u.POST("/login", func(ctx *gin.Context) {
- checkPassword()(ctx)
- ctx.HTML(http.StatusOK, "<h1>Hello World</h1>", nil)
+ r.POST("/login", checkPassword(), func(ctx *gin.Context) {
+ user := ctx.MustGet("user").(user.User)
+ ctx.JSON(http.StatusOK, user)
})
}
}
diff --git a/user/db_actions.go b/user/db_actions.go
index 611507d..2d89b7e 100644
--- a/user/db_actions.go
+++ b/user/db_actions.go
@@ -26,7 +26,10 @@ import (
// Add user to db
func saveUser(u User) (primitive.ObjectID, error) {
- u.hashPassword()
+ err := u.hashPassword()
+ if err != nil {
+ return *new(primitive.ObjectID), err
+ }
res, err := db.InsertOne(context.TODO(), u)
return res.InsertedID.(primitive.ObjectID), err
}
diff --git a/user/router.go b/user/router.go
index ab1dff8..15d6efb 100644
--- a/user/router.go
+++ b/user/router.go
@@ -20,7 +20,6 @@ package user
import (
"github.com/gin-gonic/gin"
"go.mongodb.org/mongo-driver/bson/primitive"
- "golang.org/x/crypto/bcrypt"
"log"
"net/http"
)
@@ -31,16 +30,9 @@ func Routes(route *gin.Engine) {
{
u.POST("/new", validateMiddleware(), func(ctx *gin.Context) {
u := ctx.MustGet("user").(User)
- // hash password
- pass := []byte(u.Password)
- hash, err := bcrypt.GenerateFromPassword(pass, bcrypt.DefaultCost)
- if err != nil {
- ctx.JSON(http.StatusInternalServerError, gin.H{"error": "could not login"})
- log.Printf("ERROR: Failed to hash password: %v\n", err.Error())
- }
- u.Password = string(hash)
+ // TODO: maybe add an invite code for some instances
- _, err = saveUser(u)
+ _, err := saveUser(u)
if err != nil {
ctx.JSON(http.StatusInternalServerError, gin.H{"error": "could not login"})
log.Printf("ERROR: Failed to add new user %v to DB: %v\n", u, err.Error())
@@ -51,27 +43,27 @@ func Routes(route *gin.Engine) {
ctx.JSON(http.StatusOK, nil)
})
- u.PUT("/:userId", func(ctx *gin.Context) {
- id := ctx.Param("userId")
- objectId, err := primitive.ObjectIDFromHex(id)
- if err != nil {
- ctx.JSON(http.StatusBadRequest, gin.H{"error": err.Error()})
- log.Printf("ERROR: Failed to modify user, Error parsing ID: %v\n", err.Error())
- return
- }
+ u.PUT("/:userId", func(ctx *gin.Context) {
+ id := ctx.Param("userId")
+ objectId, err := primitive.ObjectIDFromHex(id)
+ if err != nil {
+ ctx.JSON(http.StatusBadRequest, gin.H{"error": err.Error()})
+ log.Printf("ERROR: Failed to modify user, Error parsing ID: %v\n", err.Error())
+ return
+ }
- var u User
- ctx.BindJSON(&u)
- err = modifyUser(objectId, u)
- if err != nil {
- ctx.JSON(http.StatusInternalServerError, gin.H{"error": err.Error()})
- log.Printf("ERROR: Failed to modify user %v: %v\n", objectId, err.Error())
- return
- }
+ var u User
+ ctx.BindJSON(&u)
+ err = modifyUser(objectId, u)
+ if err != nil {
+ ctx.JSON(http.StatusInternalServerError, gin.H{"error": err.Error()})
+ log.Printf("ERROR: Failed to modify user %v: %v\n", objectId, err.Error())
+ return
+ }
- log.Printf("Modified user %v to %v.\n", objectId, u)
- ctx.JSON(http.StatusOK, nil)
- })
+ log.Printf("Modified user %v to %v.\n", objectId, u)
+ ctx.JSON(http.StatusOK, nil)
+ })
u.DELETE("/:userId", func(ctx *gin.Context) {
id := ctx.Param("userId")