2022-10-20 16:59:57 +00:00
|
|
|
package models
|
|
|
|
|
|
|
|
import (
|
|
|
|
"GoWeb/app"
|
|
|
|
"database/sql"
|
2023-02-28 20:54:55 +00:00
|
|
|
"fmt"
|
2022-10-20 16:59:57 +00:00
|
|
|
"log"
|
|
|
|
"net/http"
|
|
|
|
"strconv"
|
|
|
|
"time"
|
2022-10-22 01:17:11 +00:00
|
|
|
|
|
|
|
"golang.org/x/crypto/bcrypt"
|
2022-10-20 16:59:57 +00:00
|
|
|
)
|
|
|
|
|
|
|
|
type User struct {
|
|
|
|
Id int64
|
|
|
|
Username string
|
|
|
|
Password string
|
2023-02-18 00:55:27 +00:00
|
|
|
CreatedAt time.Time
|
|
|
|
UpdatedAt time.Time
|
2022-10-20 16:59:57 +00:00
|
|
|
}
|
|
|
|
|
2022-12-22 03:22:11 +00:00
|
|
|
// GetCurrentUser finds the currently logged-in user by session cookie
|
2022-11-04 18:58:03 +00:00
|
|
|
func GetCurrentUser(app *app.App, r *http.Request) (User, error) {
|
|
|
|
cookie, err := r.Cookie("session")
|
|
|
|
if err != nil {
|
|
|
|
log.Println("Error getting session cookie")
|
2022-11-04 18:59:24 +00:00
|
|
|
log.Println(err)
|
2022-11-04 18:58:03 +00:00
|
|
|
return User{}, err
|
|
|
|
}
|
|
|
|
|
|
|
|
var userId int64
|
|
|
|
|
|
|
|
// Query row by session cookie
|
2023-02-28 20:54:55 +00:00
|
|
|
err = app.Db.QueryRow("SELECT \"Id\" FROM public.\"Session\" WHERE \"AuthToken\" = $1", cookie.Value).Scan(&userId)
|
2022-11-04 18:58:03 +00:00
|
|
|
if err != nil {
|
|
|
|
log.Println("Error querying session row with session: " + cookie.Value)
|
|
|
|
return User{}, err
|
|
|
|
}
|
|
|
|
|
|
|
|
return GetUserById(app, userId)
|
|
|
|
}
|
|
|
|
|
2022-10-20 16:59:57 +00:00
|
|
|
// GetUserById finds a users table row in the database by id and returns a struct representing this row
|
|
|
|
func GetUserById(app *app.App, id int64) (User, error) {
|
|
|
|
user := User{}
|
|
|
|
|
|
|
|
// Query row by id
|
2023-02-28 20:54:55 +00:00
|
|
|
row, err := app.Db.Query("SELECT \"Id\", \"Username\", \"Password\", \"CreatedAt\", \"UpdatedAt\" FROM public.\"User\" WHERE \"Id\" = $1", id)
|
2022-10-20 16:59:57 +00:00
|
|
|
if err != nil {
|
|
|
|
log.Println("Error querying user row with id: " + strconv.FormatInt(id, 10))
|
|
|
|
return User{}, err
|
|
|
|
}
|
|
|
|
|
|
|
|
defer func(row *sql.Rows) {
|
|
|
|
err := row.Close()
|
|
|
|
if err != nil {
|
|
|
|
log.Println("Error closing database row")
|
|
|
|
log.Println(err)
|
|
|
|
}
|
|
|
|
}(row)
|
|
|
|
|
2023-02-28 20:54:55 +00:00
|
|
|
return user, nil
|
|
|
|
}
|
|
|
|
|
|
|
|
// GetUserByUsername finds a users table row in the database by username and returns a struct representing this row
|
|
|
|
func GetUserByUsername(app *app.App, username string) (User, error) {
|
|
|
|
user := User{}
|
|
|
|
|
|
|
|
// Query row by username
|
|
|
|
row, err := app.Db.Query("SELECT \"Id\", \"Username\", \"Password\", \"CreatedAt\", \"UpdatedAt\" FROM public.\"User\" WHERE \"Username\" = $1", username)
|
2022-10-20 16:59:57 +00:00
|
|
|
if err != nil {
|
2023-02-28 20:54:55 +00:00
|
|
|
log.Println("Error querying user row with username: " + username)
|
2022-10-20 16:59:57 +00:00
|
|
|
return User{}, err
|
|
|
|
}
|
|
|
|
|
2023-02-28 20:54:55 +00:00
|
|
|
defer func(row *sql.Rows) {
|
|
|
|
err := row.Close()
|
|
|
|
if err != nil {
|
|
|
|
log.Println("Error closing database row")
|
|
|
|
log.Println(err)
|
|
|
|
}
|
|
|
|
}(row)
|
2023-02-14 15:43:02 +00:00
|
|
|
|
2022-10-20 16:59:57 +00:00
|
|
|
return user, nil
|
|
|
|
}
|
|
|
|
|
|
|
|
// CreateUser creates a users table row in the database
|
|
|
|
func CreateUser(app *app.App, username string, password string, createdAt time.Time, updatedAt time.Time) (User, error) {
|
|
|
|
// Hash password
|
|
|
|
hash, err := bcrypt.GenerateFromPassword([]byte(password), bcrypt.DefaultCost)
|
|
|
|
if err != nil {
|
|
|
|
log.Println("Error hashing password when creating user")
|
|
|
|
return User{}, err
|
|
|
|
}
|
|
|
|
|
|
|
|
var lastInsertId int64
|
|
|
|
|
2023-02-14 15:43:02 +00:00
|
|
|
sqlStatement := "INSERT INTO public.\"User\" (\"Username\", \"Password\", \"CreatedAt\", \"UpdatedAt\") VALUES ($1, $2, $3, $4) RETURNING \"Id\""
|
2022-10-20 16:59:57 +00:00
|
|
|
err = app.Db.QueryRow(sqlStatement, username, string(hash), createdAt, updatedAt).Scan(&lastInsertId)
|
|
|
|
if err != nil {
|
|
|
|
log.Println("Error creating user row")
|
|
|
|
return User{}, err
|
|
|
|
}
|
|
|
|
|
|
|
|
return GetUserById(app, lastInsertId)
|
|
|
|
}
|
|
|
|
|
2023-02-28 20:54:55 +00:00
|
|
|
// AuthenticateUser validates the password for the specified user
|
|
|
|
func AuthenticateUser(app *app.App, w http.ResponseWriter, username string, password string) (Session, error) {
|
|
|
|
var user User
|
2022-10-20 16:59:57 +00:00
|
|
|
|
2023-02-28 20:54:55 +00:00
|
|
|
// Query row by username
|
|
|
|
err := app.Db.QueryRow("SELECT \"Id\", \"Username\", \"Password\", \"CreatedAt\", \"UpdatedAt\" FROM public.\"User\" WHERE \"Username\" = $1", username).Scan(&user.Id, &user.Username, &user.Password, &user.CreatedAt, &user.UpdatedAt)
|
2022-10-20 16:59:57 +00:00
|
|
|
if err != nil {
|
2023-02-28 20:54:55 +00:00
|
|
|
log.Println("Authentication error (user not found) for user:" + username)
|
2022-10-20 16:59:57 +00:00
|
|
|
log.Println(err)
|
2023-02-28 20:54:55 +00:00
|
|
|
return Session{}, err
|
2022-10-20 16:59:57 +00:00
|
|
|
}
|
2023-02-28 20:54:55 +00:00
|
|
|
fmt.Println(user)
|
2022-10-20 16:59:57 +00:00
|
|
|
|
|
|
|
// Validate password
|
2023-02-28 20:54:55 +00:00
|
|
|
err = bcrypt.CompareHashAndPassword([]byte(user.Password), []byte(password))
|
2022-10-20 16:59:57 +00:00
|
|
|
if err != nil { // Failed to validate password, doesn't match
|
|
|
|
log.Println("Authentication error (incorrect password) for user:" + username)
|
|
|
|
log.Println(err)
|
2023-02-28 20:54:55 +00:00
|
|
|
return Session{}, err
|
2022-10-20 16:59:57 +00:00
|
|
|
} else {
|
2023-02-28 20:54:55 +00:00
|
|
|
return CreateSession(app, w, user.Id)
|
2022-11-06 16:50:54 +00:00
|
|
|
}
|
2022-10-22 02:04:46 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
// LogoutUser deletes the session cookie and token from the database
|
|
|
|
func LogoutUser(app *app.App, w http.ResponseWriter, r *http.Request) {
|
|
|
|
// Get cookie from request
|
|
|
|
cookie, err := r.Cookie("session")
|
|
|
|
if err != nil {
|
|
|
|
log.Println("Error getting cookie from request")
|
|
|
|
log.Println(err)
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
|
|
|
// Set token to empty string
|
2023-02-28 20:54:55 +00:00
|
|
|
err = DeleteSessionByAuthToken(app, w, cookie.Value)
|
2022-10-22 02:04:46 +00:00
|
|
|
if err != nil {
|
2023-02-28 20:54:55 +00:00
|
|
|
log.Println("Error deleting session by auth token")
|
2022-10-22 02:04:46 +00:00
|
|
|
log.Println(err)
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
|
|
|
// Delete cookie
|
|
|
|
cookie = &http.Cookie{
|
2022-11-01 22:31:19 +00:00
|
|
|
Name: "session",
|
2022-10-22 02:04:46 +00:00
|
|
|
Value: "",
|
|
|
|
Path: "/",
|
|
|
|
MaxAge: -1,
|
|
|
|
}
|
|
|
|
|
|
|
|
http.SetCookie(w, cookie)
|
|
|
|
}
|