diff options
| -rw-r--r-- | auth/auth.go | 28 | ||||
| -rw-r--r-- | auth/controller.go | 28 | ||||
| -rw-r--r-- | auth/router.go | 3 | ||||
| -rw-r--r-- | conf/conf.go | 4 | ||||
| -rw-r--r-- | errors/errors.go | 3 | ||||
| -rw-r--r-- | openbills.toml | 3 | ||||
| -rw-r--r-- | user/controller.go | 19 | ||||
| -rw-r--r-- | user/service.go | 47 | ||||
| -rw-r--r-- | user/user.go | 28 |
9 files changed, 116 insertions, 47 deletions
diff --git a/auth/auth.go b/auth/auth.go deleted file mode 100644 index d221224..0000000 --- a/auth/auth.go +++ /dev/null @@ -1,28 +0,0 @@ -/* openbills - Server for web based Libre Billing Software - * Copyright (C) 2023 Vidhu Kant Sharma <vidhukant@vidhukant.com> - * - * This program is free software: you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation, either version 3 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program. If not, see <https://www.gnu.org/licenses/>. - */ - -package auth - -import ( - "gorm.io/gorm" - d "vidhukant.com/openbills/db" -) - -var db *gorm.DB -func init() { - db = d.DB -} diff --git a/auth/controller.go b/auth/controller.go index bc9f15a..901d204 100644 --- a/auth/controller.go +++ b/auth/controller.go @@ -20,11 +20,17 @@ package auth import ( "vidhukant.com/openbills/user" "golang.org/x/crypto/bcrypt" + "github.com/spf13/viper" "github.com/gin-gonic/gin" "net/http" ) -func handleSignIn (ctx *gin.Context) { +var COST int +func init() { + COST = viper.GetInt("cryptography.password_hashing_cost") +} + +func handleSignUp (ctx *gin.Context) { var user user.User ctx.Bind(&user) @@ -53,3 +59,23 @@ func handleSignIn (ctx *gin.Context) { "data": user, }) } + +func handleSignIn (ctx *gin.Context) { + var u user.User + ctx.Bind(&u) + + var err error + + err = user.CheckPassword(u.ID, u.Password) + if err != nil { + // TODO: handle potential errors + ctx.Error(err) + ctx.Abort() + return + } + + ctx.JSON(http.StatusOK, gin.H{ + "message": "success", + "data": u, + }) +} diff --git a/auth/router.go b/auth/router.go index 4a0bb94..b8d5b0d 100644 --- a/auth/router.go +++ b/auth/router.go @@ -24,6 +24,7 @@ import ( func Routes(route *gin.RouterGroup) { g := route.Group("/auth") { - g.POST("/sign-in", handleSignIn) + g.POST("/signup", handleSignUp) + g.POST("/signin", handleSignIn) } } diff --git a/conf/conf.go b/conf/conf.go index 6f9288e..9c3d328 100644 --- a/conf/conf.go +++ b/conf/conf.go @@ -40,7 +40,7 @@ func init() { viper.SetDefault("port", "8765") viper.SetDefault("security.min_password_length", 12) - viper.SetDefault("security.max_password_length", 128) + viper.SetDefault("security.max_password_length", 72) viper.SetDefault("instance.title", "OpenBills") viper.SetDefault("instance.description", "Libre Billing Software") @@ -50,4 +50,6 @@ func init() { viper.SetDefault("username.allowed_characters", "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789.-_") viper.SetDefault("username.min_username_length", 2) viper.SetDefault("username.max_username_length", 20) + + viper.SetDefault("cryptography.password_hashing_cost", 14) } diff --git a/errors/errors.go b/errors/errors.go index d52004e..1cae027 100644 --- a/errors/errors.go +++ b/errors/errors.go @@ -36,6 +36,9 @@ var ( ErrPasswordTooShort = errors.New("Password Is Too Short") ErrPasswordTooLong = errors.New("Password Is Too Long") + // 401 + ErrWrongPassword = errors.New("Wrong Password") + // 404 ErrNotFound = errors.New("Not Found") ErrBrandNotFound = errors.New("This Brand Does Not Exist") diff --git a/openbills.toml b/openbills.toml index 43b1dc4..9a9bc70 100644 --- a/openbills.toml +++ b/openbills.toml @@ -14,7 +14,7 @@ url = "https://openbills.vidhukant.com/" [security] min_password_length = 12 -max_password_length = 128 +max_password_length = 72 [username] allowed_characters = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789.-_" @@ -22,5 +22,6 @@ min_username_length = 2 max_username_length = 32 [cryptography] +password_hashing_cost = 14 auth_secret = "22ELiOfHn19s0z1WWgsOT9RupghRYrXm" refresh_secret = "22ELiOfHn19s0z1WWgsOT9RupghRYrXm" diff --git a/user/controller.go b/user/controller.go index abdcc5b..4933ea3 100644 --- a/user/controller.go +++ b/user/controller.go @@ -37,3 +37,22 @@ func handleGetUser (ctx *gin.Context) { "data": user, }) } + +func handleDelUser (ctx *gin.Context) { + id := uint(1) // get from JWT + + var user User + user.ID = id + + // TODO: add a verification mechanism + err := user.del() + if err != nil { + ctx.Error(err) + ctx.Abort() + return + } + + ctx.JSON(http.StatusOK, gin.H{ + "message": "success", + }) +} diff --git a/user/service.go b/user/service.go index 8b3b712..5e0632b 100644 --- a/user/service.go +++ b/user/service.go @@ -17,23 +17,42 @@ package user +import ( + e "vidhukant.com/openbills/errors" +) + func (u *User) Create() error { res := db.Create(u) // TODO: handle potential errors return res.Error } -//func (c *Customer) del() error { -// res := db.Delete(c) -// -// // TODO: handle potential errors -// if res.Error != nil { -// return res.Error -// } -// -// if res.RowsAffected == 0 { -// return e.ErrNotFound -// } -// -// return nil -//} +func GetUser(user *User, id uint) error { + res := db.Find(&user, id) + + // TODO: handle potential errors + if res.Error != nil { + return res.Error + } + + if res.RowsAffected == 0 { + return e.ErrNotFound + } + + return nil +} + +func (u *User) del() error { + res := db.Delete(u) + + // TODO: handle potential errors + if res.Error != nil { + return res.Error + } + + if res.RowsAffected == 0 { + return e.ErrNotFound + } + + return nil +} diff --git a/user/user.go b/user/user.go index 1324c0e..68ceb47 100644 --- a/user/user.go +++ b/user/user.go @@ -18,15 +18,22 @@ package user import ( - "gorm.io/gorm" d "vidhukant.com/openbills/db" + e "vidhukant.com/openbills/errors" + "golang.org/x/crypto/bcrypt" + "gorm.io/gorm" + "github.com/spf13/viper" + "errors" ) +var COST int var db *gorm.DB func init() { db = d.DB db.AutoMigrate(&User{}) + + COST = viper.GetInt("cryptography.password_hashing_cost") } type User struct { @@ -36,3 +43,22 @@ type User struct { Password string IsVerified bool } + +func CheckPassword(id uint, pass string) error { + var user User + err := GetUser(&user, id) + if err != nil { + return err + } + + err = bcrypt.CompareHashAndPassword([]byte(user.Password), []byte(pass)) + if err != nil { + if errors.Is(err, bcrypt.ErrMismatchedHashAndPassword) { + return e.ErrWrongPassword + } + + return err + } + + return nil +} |