aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--auth/auth.go28
-rw-r--r--auth/controller.go28
-rw-r--r--auth/router.go3
-rw-r--r--conf/conf.go4
-rw-r--r--errors/errors.go3
-rw-r--r--openbills.toml3
-rw-r--r--user/controller.go19
-rw-r--r--user/service.go47
-rw-r--r--user/user.go28
9 files changed, 116 insertions, 47 deletions
diff --git a/auth/auth.go b/auth/auth.go
deleted file mode 100644
index d221224..0000000
--- a/auth/auth.go
+++ /dev/null
@@ -1,28 +0,0 @@
-/* openbills - Server for web based Libre Billing Software
- * Copyright (C) 2023 Vidhu Kant Sharma <vidhukant@vidhukant.com>
- *
- * This program is free software: you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation, either version 3 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program. If not, see <https://www.gnu.org/licenses/>.
- */
-
-package auth
-
-import (
- "gorm.io/gorm"
- d "vidhukant.com/openbills/db"
-)
-
-var db *gorm.DB
-func init() {
- db = d.DB
-}
diff --git a/auth/controller.go b/auth/controller.go
index bc9f15a..901d204 100644
--- a/auth/controller.go
+++ b/auth/controller.go
@@ -20,11 +20,17 @@ package auth
import (
"vidhukant.com/openbills/user"
"golang.org/x/crypto/bcrypt"
+ "github.com/spf13/viper"
"github.com/gin-gonic/gin"
"net/http"
)
-func handleSignIn (ctx *gin.Context) {
+var COST int
+func init() {
+ COST = viper.GetInt("cryptography.password_hashing_cost")
+}
+
+func handleSignUp (ctx *gin.Context) {
var user user.User
ctx.Bind(&user)
@@ -53,3 +59,23 @@ func handleSignIn (ctx *gin.Context) {
"data": user,
})
}
+
+func handleSignIn (ctx *gin.Context) {
+ var u user.User
+ ctx.Bind(&u)
+
+ var err error
+
+ err = user.CheckPassword(u.ID, u.Password)
+ if err != nil {
+ // TODO: handle potential errors
+ ctx.Error(err)
+ ctx.Abort()
+ return
+ }
+
+ ctx.JSON(http.StatusOK, gin.H{
+ "message": "success",
+ "data": u,
+ })
+}
diff --git a/auth/router.go b/auth/router.go
index 4a0bb94..b8d5b0d 100644
--- a/auth/router.go
+++ b/auth/router.go
@@ -24,6 +24,7 @@ import (
func Routes(route *gin.RouterGroup) {
g := route.Group("/auth")
{
- g.POST("/sign-in", handleSignIn)
+ g.POST("/signup", handleSignUp)
+ g.POST("/signin", handleSignIn)
}
}
diff --git a/conf/conf.go b/conf/conf.go
index 6f9288e..9c3d328 100644
--- a/conf/conf.go
+++ b/conf/conf.go
@@ -40,7 +40,7 @@ func init() {
viper.SetDefault("port", "8765")
viper.SetDefault("security.min_password_length", 12)
- viper.SetDefault("security.max_password_length", 128)
+ viper.SetDefault("security.max_password_length", 72)
viper.SetDefault("instance.title", "OpenBills")
viper.SetDefault("instance.description", "Libre Billing Software")
@@ -50,4 +50,6 @@ func init() {
viper.SetDefault("username.allowed_characters", "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789.-_")
viper.SetDefault("username.min_username_length", 2)
viper.SetDefault("username.max_username_length", 20)
+
+ viper.SetDefault("cryptography.password_hashing_cost", 14)
}
diff --git a/errors/errors.go b/errors/errors.go
index d52004e..1cae027 100644
--- a/errors/errors.go
+++ b/errors/errors.go
@@ -36,6 +36,9 @@ var (
ErrPasswordTooShort = errors.New("Password Is Too Short")
ErrPasswordTooLong = errors.New("Password Is Too Long")
+ // 401
+ ErrWrongPassword = errors.New("Wrong Password")
+
// 404
ErrNotFound = errors.New("Not Found")
ErrBrandNotFound = errors.New("This Brand Does Not Exist")
diff --git a/openbills.toml b/openbills.toml
index 43b1dc4..9a9bc70 100644
--- a/openbills.toml
+++ b/openbills.toml
@@ -14,7 +14,7 @@ url = "https://openbills.vidhukant.com/"
[security]
min_password_length = 12
-max_password_length = 128
+max_password_length = 72
[username]
allowed_characters = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789.-_"
@@ -22,5 +22,6 @@ min_username_length = 2
max_username_length = 32
[cryptography]
+password_hashing_cost = 14
auth_secret = "22ELiOfHn19s0z1WWgsOT9RupghRYrXm"
refresh_secret = "22ELiOfHn19s0z1WWgsOT9RupghRYrXm"
diff --git a/user/controller.go b/user/controller.go
index abdcc5b..4933ea3 100644
--- a/user/controller.go
+++ b/user/controller.go
@@ -37,3 +37,22 @@ func handleGetUser (ctx *gin.Context) {
"data": user,
})
}
+
+func handleDelUser (ctx *gin.Context) {
+ id := uint(1) // get from JWT
+
+ var user User
+ user.ID = id
+
+ // TODO: add a verification mechanism
+ err := user.del()
+ if err != nil {
+ ctx.Error(err)
+ ctx.Abort()
+ return
+ }
+
+ ctx.JSON(http.StatusOK, gin.H{
+ "message": "success",
+ })
+}
diff --git a/user/service.go b/user/service.go
index 8b3b712..5e0632b 100644
--- a/user/service.go
+++ b/user/service.go
@@ -17,23 +17,42 @@
package user
+import (
+ e "vidhukant.com/openbills/errors"
+)
+
func (u *User) Create() error {
res := db.Create(u)
// TODO: handle potential errors
return res.Error
}
-//func (c *Customer) del() error {
-// res := db.Delete(c)
-//
-// // TODO: handle potential errors
-// if res.Error != nil {
-// return res.Error
-// }
-//
-// if res.RowsAffected == 0 {
-// return e.ErrNotFound
-// }
-//
-// return nil
-//}
+func GetUser(user *User, id uint) error {
+ res := db.Find(&user, id)
+
+ // TODO: handle potential errors
+ if res.Error != nil {
+ return res.Error
+ }
+
+ if res.RowsAffected == 0 {
+ return e.ErrNotFound
+ }
+
+ return nil
+}
+
+func (u *User) del() error {
+ res := db.Delete(u)
+
+ // TODO: handle potential errors
+ if res.Error != nil {
+ return res.Error
+ }
+
+ if res.RowsAffected == 0 {
+ return e.ErrNotFound
+ }
+
+ return nil
+}
diff --git a/user/user.go b/user/user.go
index 1324c0e..68ceb47 100644
--- a/user/user.go
+++ b/user/user.go
@@ -18,15 +18,22 @@
package user
import (
- "gorm.io/gorm"
d "vidhukant.com/openbills/db"
+ e "vidhukant.com/openbills/errors"
+ "golang.org/x/crypto/bcrypt"
+ "gorm.io/gorm"
+ "github.com/spf13/viper"
+ "errors"
)
+var COST int
var db *gorm.DB
func init() {
db = d.DB
db.AutoMigrate(&User{})
+
+ COST = viper.GetInt("cryptography.password_hashing_cost")
}
type User struct {
@@ -36,3 +43,22 @@ type User struct {
Password string
IsVerified bool
}
+
+func CheckPassword(id uint, pass string) error {
+ var user User
+ err := GetUser(&user, id)
+ if err != nil {
+ return err
+ }
+
+ err = bcrypt.CompareHashAndPassword([]byte(user.Password), []byte(pass))
+ if err != nil {
+ if errors.Is(err, bcrypt.ErrMismatchedHashAndPassword) {
+ return e.ErrWrongPassword
+ }
+
+ return err
+ }
+
+ return nil
+}