added login with id

author: Vidhu Kant Sharma <vidhukant@vidhukant.com> 2023-09-03 00:19:03 +0530
committer: Vidhu Kant Sharma <vidhukant@vidhukant.com> 2023-09-03 00:19:03 +0530
commit: 616a151764fd1780eb0b6dc039d5a21539a8a01a (patch)
tree: 454f73e06880c3635c3f88a5787fd8fbc1c2b363
parent: 65cb3603ad2682deacff47a72d9050e584a00488 (diff)
9 files changed, 116 insertions, 47 deletions
diff --git a/auth/auth.go b/auth/auth.go
deleted file mode 100644
index d221224..0000000
--- a/auth/auth.go
+++ /dev/null
@@ -1,28 +0,0 @@
-/* openbills - Server for web based Libre Billing Software
- * Copyright (C) 2023  Vidhu Kant Sharma <vidhukant@vidhukant.com>
- *
- * This program is free software: you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation, either version 3 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program.  If not, see <https://www.gnu.org/licenses/>.
- */
-
-package auth
-
-import (
-	"gorm.io/gorm"
-	d "vidhukant.com/openbills/db"
-)
-
-var db *gorm.DB
-func init() {
-	db = d.DB
-}
diff --git a/auth/controller.go b/auth/controller.go
index bc9f15a..901d204 100644
--- a/auth/controller.go
+++ b/auth/controller.go
@@ -20,11 +20,17 @@ package auth
 import (
 	"vidhukant.com/openbills/user"
 	"golang.org/x/crypto/bcrypt"
+	"github.com/spf13/viper"
 	"github.com/gin-gonic/gin"
 	"net/http"
 )
 
-func handleSignIn (ctx *gin.Context) {
+var COST int
+func init() {
+	COST = viper.GetInt("cryptography.password_hashing_cost")
+}
+
+func handleSignUp (ctx *gin.Context) {
 	var user user.User
 	ctx.Bind(&user)
 
@@ -53,3 +59,23 @@ func handleSignIn (ctx *gin.Context) {
 		"data": user,
 	})
 }
+
+func handleSignIn (ctx *gin.Context) {
+	var u user.User
+	ctx.Bind(&u)
+
+	var err error
+
+	err = user.CheckPassword(u.ID, u.Password)
+	if err != nil {
+		// TODO: handle potential errors
+		ctx.Error(err)
+		ctx.Abort()
+		return
+	}
+
+	ctx.JSON(http.StatusOK, gin.H{
+		"message": "success",
+		"data": u,
+	})
+}
diff --git a/auth/router.go b/auth/router.go
index 4a0bb94..b8d5b0d 100644
--- a/auth/router.go
+++ b/auth/router.go
@@ -24,6 +24,7 @@ import (
 func Routes(route *gin.RouterGroup) {
 	g := route.Group("/auth")
 	{
-		g.POST("/sign-in", handleSignIn)
+		g.POST("/signup", handleSignUp)
+		g.POST("/signin", handleSignIn)
 	}
 }
diff --git a/conf/conf.go b/conf/conf.go
index 6f9288e..9c3d328 100644
--- a/conf/conf.go
+++ b/conf/conf.go
@@ -40,7 +40,7 @@ func init() {
 	viper.SetDefault("port", "8765")
 
 	viper.SetDefault("security.min_password_length", 12)
-	viper.SetDefault("security.max_password_length", 128)
+	viper.SetDefault("security.max_password_length", 72)
 
 	viper.SetDefault("instance.title", "OpenBills")
 	viper.SetDefault("instance.description", "Libre Billing Software")
@@ -50,4 +50,6 @@ func init() {
 	viper.SetDefault("username.allowed_characters", "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789.-_")
 	viper.SetDefault("username.min_username_length", 2)
 	viper.SetDefault("username.max_username_length", 20)
+
+	viper.SetDefault("cryptography.password_hashing_cost", 14)
 }
diff --git a/errors/errors.go b/errors/errors.go
index d52004e..1cae027 100644
--- a/errors/errors.go
+++ b/errors/errors.go
@@ -36,6 +36,9 @@ var (
 	ErrPasswordTooShort     = errors.New("Password Is Too Short")
 	ErrPasswordTooLong      = errors.New("Password Is Too Long")
 
+	// 401
+	ErrWrongPassword        = errors.New("Wrong Password")
+
 	// 404
 	ErrNotFound             = errors.New("Not Found")
 	ErrBrandNotFound        = errors.New("This Brand Does Not Exist")
diff --git a/openbills.toml b/openbills.toml
index 43b1dc4..9a9bc70 100644
--- a/openbills.toml
+++ b/openbills.toml
@@ -14,7 +14,7 @@ url = "https://openbills.vidhukant.com/"
 
 [security]
 min_password_length = 12
-max_password_length = 128
+max_password_length = 72
 
 [username]
 allowed_characters = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789.-_"
@@ -22,5 +22,6 @@ min_username_length = 2
 max_username_length = 32
 
 [cryptography]
+password_hashing_cost = 14
 auth_secret = "22ELiOfHn19s0z1WWgsOT9RupghRYrXm"
 refresh_secret = "22ELiOfHn19s0z1WWgsOT9RupghRYrXm"
diff --git a/user/controller.go b/user/controller.go
index abdcc5b..4933ea3 100644
--- a/user/controller.go
+++ b/user/controller.go
@@ -37,3 +37,22 @@ func handleGetUser (ctx *gin.Context) {
 		"data": user,
 	})
 }
+
+func handleDelUser (ctx *gin.Context) {
+	id := uint(1) // get from JWT
+
+	var user User
+	user.ID = id
+
+	// TODO: add a verification mechanism
+	err := user.del()
+	if err != nil {
+		ctx.Error(err)
+		ctx.Abort()
+		return
+	}
+
+	ctx.JSON(http.StatusOK, gin.H{
+		"message": "success",
+	})
+}
diff --git a/user/service.go b/user/service.go
index 8b3b712..5e0632b 100644
--- a/user/service.go
+++ b/user/service.go
@@ -17,23 +17,42 @@
 
 package user
 
+import (
+	e "vidhukant.com/openbills/errors"
+)
+
 func (u *User) Create() error {
 	res := db.Create(u)
 	// TODO: handle potential errors
 	return res.Error
 }
 
-//func (c *Customer) del() error {
-//	res := db.Delete(c)
-//
-//	// TODO: handle potential errors
-//	if res.Error != nil {
-//		return res.Error
-//	}
-//
-//	if res.RowsAffected == 0 {
-//		return e.ErrNotFound
-//	}
-//
-//	return nil
-//}
+func GetUser(user *User, id uint) error {
+	res := db.Find(&user, id)
+
+	// TODO: handle potential errors
+	if res.Error != nil {
+		return res.Error
+	}
+
+	if res.RowsAffected == 0 {
+		return e.ErrNotFound
+	}
+
+	return nil
+}
+
+func (u *User) del() error {
+	res := db.Delete(u)
+
+	// TODO: handle potential errors
+	if res.Error != nil {
+		return res.Error
+	}
+
+	if res.RowsAffected == 0 {
+		return e.ErrNotFound
+	}
+
+	return nil
+}
diff --git a/user/user.go b/user/user.go
index 1324c0e..68ceb47 100644
--- a/user/user.go
+++ b/user/user.go
@@ -18,15 +18,22 @@
 package user
 
 import (
-	"gorm.io/gorm"
 	d "vidhukant.com/openbills/db"
+	e "vidhukant.com/openbills/errors"
+	"golang.org/x/crypto/bcrypt"
+	"gorm.io/gorm"
+	"github.com/spf13/viper"
+	"errors"
 )
 
+var COST int
 var db *gorm.DB
 func init() {
 	db = d.DB
 
 	db.AutoMigrate(&User{})
+
+	COST = viper.GetInt("cryptography.password_hashing_cost")
 }
 
 type User struct {
@@ -36,3 +43,22 @@ type User struct {
 	Password   string
 	IsVerified bool
 }
+
+func CheckPassword(id uint, pass string) error {
+	var user User
+	err := GetUser(&user, id)
+	if err != nil {
+		return err
+	}
+
+	err = bcrypt.CompareHashAndPassword([]byte(user.Password), []byte(pass))
+	if err != nil {
+		if errors.Is(err, bcrypt.ErrMismatchedHashAndPassword) {
+			return e.ErrWrongPassword
+		}
+
+		return err
+	}
+
+	return nil
+}
author	Vidhu Kant Sharma <vidhukant@vidhukant.com>	2023-09-03 00:19:03 +0530
committer	Vidhu Kant Sharma <vidhukant@vidhukant.com>	2023-09-03 00:19:03 +0530
commit	616a151764fd1780eb0b6dc039d5a21539a8a01a (patch)
tree	454f73e06880c3635c3f88a5787fd8fbc1c2b363
parent	65cb3603ad2682deacff47a72d9050e584a00488 (diff)