GoWeb/models/user.go

package models

import (
	"GoWeb/app"
	"log"
	"net/http"
	"strconv"
	"time"

	"golang.org/x/crypto/bcrypt"
)

type User struct {
	Id        int64
	Username  string
	Password  string
	CreatedAt time.Time
	UpdatedAt time.Time
}

// GetCurrentUser finds the currently logged-in user by session cookie
func GetCurrentUser(app *app.App, r *http.Request) (User, error) {
	cookie, err := r.Cookie("session")
	if err != nil {
		log.Println("Error getting session cookie")
		return User{}, err
	}

	var userId int64

	// Query row by AuthToken
	err = app.Db.QueryRow("SELECT \"Id\" FROM public.\"Session\" WHERE \"AuthToken\" = $1", cookie.Value).Scan(&userId)
	if err != nil {
		log.Println("Error querying session row with session: " + cookie.Value)
		return User{}, err
	}

	return GetUserById(app, userId)
}

// GetUserById finds a users table row in the database by id and returns a struct representing this row
func GetUserById(app *app.App, id int64) (User, error) {
	user := User{}

	// Query row by id
	err := app.Db.QueryRow("SELECT \"Id\", \"Username\", \"Password\", \"CreatedAt\", \"UpdatedAt\" FROM public.\"User\" WHERE \"Id\" = $1", id).Scan(&user.Id, &user.Username, &user.Password, &user.CreatedAt, &user.UpdatedAt)
	if err != nil {
		log.Println("Get user error (user not found) for user id:" + strconv.FormatInt(id, 10))
		return User{}, err
	}

	return user, nil
}

// GetUserByUsername finds a users table row in the database by username and returns a struct representing this row
func GetUserByUsername(app *app.App, username string) (User, error) {
	user := User{}

	// Query row by username
	err := app.Db.QueryRow("SELECT \"Id\", \"Username\", \"Password\", \"CreatedAt\", \"UpdatedAt\" FROM public.\"User\" WHERE \"Username\" = $1", username).Scan(&user.Id, &user.Username, &user.Password, &user.CreatedAt, &user.UpdatedAt)
	if err != nil {
		log.Println("Get user error (user not found) for user:" + username)
		return User{}, err
	}

	return user, nil
}

// CreateUser creates a users table row in the database
func CreateUser(app *app.App, username string, password string, createdAt time.Time, updatedAt time.Time) (User, error) {
	// Hash password
	hash, err := bcrypt.GenerateFromPassword([]byte(password), bcrypt.DefaultCost)
	if err != nil {
		log.Println("Error hashing password when creating user")
		return User{}, err
	}

	var lastInsertId int64

	sqlStatement := "INSERT INTO public.\"User\" (\"Username\", \"Password\", \"CreatedAt\", \"UpdatedAt\") VALUES ($1, $2, $3, $4) RETURNING \"Id\""
	err = app.Db.QueryRow(sqlStatement, username, string(hash), createdAt, updatedAt).Scan(&lastInsertId)
	if err != nil {
		log.Println("Error creating user row")
		return User{}, err
	}

	return GetUserById(app, lastInsertId)
}

// AuthenticateUser validates the password for the specified user
func AuthenticateUser(app *app.App, w http.ResponseWriter, username string, password string) (Session, error) {
	var user User

	// Query row by username
	err := app.Db.QueryRow("SELECT \"Id\", \"Username\", \"Password\", \"CreatedAt\", \"UpdatedAt\" FROM public.\"User\" WHERE \"Username\" = $1", username).Scan(&user.Id, &user.Username, &user.Password, &user.CreatedAt, &user.UpdatedAt)
	if err != nil {
		log.Println("Authentication error (user not found) for user:" + username)
		return Session{}, err
	}

	// Validate password
	err = bcrypt.CompareHashAndPassword([]byte(user.Password), []byte(password))
	if err != nil { // Failed to validate password, doesn't match
		log.Println("Authentication error (incorrect password) for user:" + username)
		return Session{}, err
	} else {
		return CreateSession(app, w, user.Id)
	}
}

// LogoutUser deletes the session cookie and token from the database
func LogoutUser(app *app.App, w http.ResponseWriter, r *http.Request) {
	// Get cookie from request
	cookie, err := r.Cookie("session")
	if err != nil {
		log.Println("Error getting cookie from request")
		return
	}

	// Set token to empty string
	err = DeleteSessionByAuthToken(app, w, cookie.Value)
	if err != nil {
		log.Println("Error deleting session by auth token")
		return
	}

	// Delete cookie
	cookie = &http.Cookie{
		Name:   "session",
		Value:  "",
		Path:   "/",
		MaxAge: -1,
	}

	http.SetCookie(w, cookie)
}
Work in progress user model and functionality 2022-10-20 16:59:57 +00:00			`package models`

			`import (`
			`"GoWeb/app"`
			`"log"`
			`"net/http"`
			`"strconv"`
			`"time"`
Pass response writer to createSessionCookie() 2022-10-22 01:17:11 +00:00
			`"golang.org/x/crypto/bcrypt"`
Work in progress user model and functionality 2022-10-20 16:59:57 +00:00			`)`

			`type User struct {`
			`Id int64`
			`Username string`
			`Password string`
Change CreatedAt and UpdatedAt to type Time and update migrations.go accordingly 2023-02-18 00:55:27 +00:00			`CreatedAt time.Time`
			`UpdatedAt time.Time`
Work in progress user model and functionality 2022-10-20 16:59:57 +00:00			`}`

Fix existing auth_token check and comment fixes 2022-12-22 03:22:11 +00:00			`// GetCurrentUser finds the currently logged-in user by session cookie`
Add function to return the current user based off of the session cookie 2022-11-04 18:58:03 +00:00			`func GetCurrentUser(app app.App, r http.Request) (User, error) {`
			`cookie, err := r.Cookie("session")`
			`if err != nil {`
			`log.Println("Error getting session cookie")`
			`return User{}, err`
			`}`

			`var userId int64`

Fix some queries, comments, and error logging 2023-02-28 21:02:21 +00:00			`// Query row by AuthToken`
Move to a session based system for AuthTokens 2023-02-28 20:54:55 +00:00			`err = app.Db.QueryRow("SELECT \"Id\" FROM public.\"Session\" WHERE \"AuthToken\" = $1", cookie.Value).Scan(&userId)`
Add function to return the current user based off of the session cookie 2022-11-04 18:58:03 +00:00			`if err != nil {`
			`log.Println("Error querying session row with session: " + cookie.Value)`
			`return User{}, err`
			`}`

			`return GetUserById(app, userId)`
			`}`

Work in progress user model and functionality 2022-10-20 16:59:57 +00:00			`// GetUserById finds a users table row in the database by id and returns a struct representing this row`
			`func GetUserById(app *app.App, id int64) (User, error) {`
			`user := User{}`

			`// Query row by id`
Fix some queries, comments, and error logging 2023-02-28 21:02:21 +00:00			`err := app.Db.QueryRow("SELECT \"Id\", \"Username\", \"Password\", \"CreatedAt\", \"UpdatedAt\" FROM public.\"User\" WHERE \"Id\" = $1", id).Scan(&user.Id, &user.Username, &user.Password, &user.CreatedAt, &user.UpdatedAt)`
Work in progress user model and functionality 2022-10-20 16:59:57 +00:00			`if err != nil {`
Fix some queries, comments, and error logging 2023-02-28 21:02:21 +00:00			`log.Println("Get user error (user not found) for user id:" + strconv.FormatInt(id, 10))`
Work in progress user model and functionality 2022-10-20 16:59:57 +00:00			`return User{}, err`
			`}`

Move to a session based system for AuthTokens 2023-02-28 20:54:55 +00:00			`return user, nil`
			`}`

			`// GetUserByUsername finds a users table row in the database by username and returns a struct representing this row`
			`func GetUserByUsername(app *app.App, username string) (User, error) {`
			`user := User{}`

			`// Query row by username`
Fix some queries, comments, and error logging 2023-02-28 21:02:21 +00:00			`err := app.Db.QueryRow("SELECT \"Id\", \"Username\", \"Password\", \"CreatedAt\", \"UpdatedAt\" FROM public.\"User\" WHERE \"Username\" = $1", username).Scan(&user.Id, &user.Username, &user.Password, &user.CreatedAt, &user.UpdatedAt)`
Work in progress user model and functionality 2022-10-20 16:59:57 +00:00			`if err != nil {`
Fix some queries, comments, and error logging 2023-02-28 21:02:21 +00:00			`log.Println("Get user error (user not found) for user:" + username)`
Work in progress user model and functionality 2022-10-20 16:59:57 +00:00			`return User{}, err`
			`}`

			`return user, nil`
			`}`

			`// CreateUser creates a users table row in the database`
			`func CreateUser(app *app.App, username string, password string, createdAt time.Time, updatedAt time.Time) (User, error) {`
			`// Hash password`
			`hash, err := bcrypt.GenerateFromPassword([]byte(password), bcrypt.DefaultCost)`
			`if err != nil {`
			`log.Println("Error hashing password when creating user")`
			`return User{}, err`
			`}`

			`var lastInsertId int64`

Fix user queries and a logical error in GetCurrentUser 2023-02-14 15:43:02 +00:00			`sqlStatement := "INSERT INTO public.\"User\" (\"Username\", \"Password\", \"CreatedAt\", \"UpdatedAt\") VALUES ($1, $2, $3, $4) RETURNING \"Id\""`
Work in progress user model and functionality 2022-10-20 16:59:57 +00:00			`err = app.Db.QueryRow(sqlStatement, username, string(hash), createdAt, updatedAt).Scan(&lastInsertId)`
			`if err != nil {`
			`log.Println("Error creating user row")`
			`return User{}, err`
			`}`

			`return GetUserById(app, lastInsertId)`
			`}`

Move to a session based system for AuthTokens 2023-02-28 20:54:55 +00:00			`// AuthenticateUser validates the password for the specified user`
			`func AuthenticateUser(app *app.App, w http.ResponseWriter, username string, password string) (Session, error) {`
			`var user User`
Work in progress user model and functionality 2022-10-20 16:59:57 +00:00
Move to a session based system for AuthTokens 2023-02-28 20:54:55 +00:00			`// Query row by username`
			`err := app.Db.QueryRow("SELECT \"Id\", \"Username\", \"Password\", \"CreatedAt\", \"UpdatedAt\" FROM public.\"User\" WHERE \"Username\" = $1", username).Scan(&user.Id, &user.Username, &user.Password, &user.CreatedAt, &user.UpdatedAt)`
Work in progress user model and functionality 2022-10-20 16:59:57 +00:00			`if err != nil {`
Move to a session based system for AuthTokens 2023-02-28 20:54:55 +00:00			`log.Println("Authentication error (user not found) for user:" + username)`
			`return Session{}, err`
Work in progress user model and functionality 2022-10-20 16:59:57 +00:00			`}`

			`// Validate password`
Move to a session based system for AuthTokens 2023-02-28 20:54:55 +00:00			`err = bcrypt.CompareHashAndPassword([]byte(user.Password), []byte(password))`
Work in progress user model and functionality 2022-10-20 16:59:57 +00:00			`if err != nil { // Failed to validate password, doesn't match`
			`log.Println("Authentication error (incorrect password) for user:" + username)`
Move to a session based system for AuthTokens 2023-02-28 20:54:55 +00:00			`return Session{}, err`
Work in progress user model and functionality 2022-10-20 16:59:57 +00:00			`} else {`
Move to a session based system for AuthTokens 2023-02-28 20:54:55 +00:00			`return CreateSession(app, w, user.Id)`
Make sure a duplicate session token is never stored 2022-11-06 16:50:54 +00:00			`}`
ValidateSessionCookie() and LogoutUser() 2022-10-22 02:04:46 +00:00			`}`

			`// LogoutUser deletes the session cookie and token from the database`
			`func LogoutUser(app app.App, w http.ResponseWriter, r http.Request) {`
			`// Get cookie from request`
			`cookie, err := r.Cookie("session")`
			`if err != nil {`
			`log.Println("Error getting cookie from request")`
			`return`
			`}`

			`// Set token to empty string`
Move to a session based system for AuthTokens 2023-02-28 20:54:55 +00:00			`err = DeleteSessionByAuthToken(app, w, cookie.Value)`
ValidateSessionCookie() and LogoutUser() 2022-10-22 02:04:46 +00:00			`if err != nil {`
Move to a session based system for AuthTokens 2023-02-28 20:54:55 +00:00			`log.Println("Error deleting session by auth token")`
ValidateSessionCookie() and LogoutUser() 2022-10-22 02:04:46 +00:00			`return`
			`}`

			`// Delete cookie`
			`cookie = &http.Cookie{`
Properly overwrite session cookie when logging out 2022-11-01 22:31:19 +00:00			`Name: "session",`
ValidateSessionCookie() and LogoutUser() 2022-10-22 02:04:46 +00:00			`Value: "",`
			`Path: "/",`
			`MaxAge: -1,`
			`}`

			`http.SetCookie(w, cookie)`
			`}`