Compare commits
No commits in common. "75d8996cf9ea3ab6f66173e905fe3a8e39bea916" and "402c51497085474456eda1d870d8f66c40bbb4ca" have entirely different histories.
75d8996cf9
...
402c514970
@ -13,6 +13,7 @@ func RunAllMigrations(app *app.App) error {
|
|||||||
Id: 1, // Id is handled automatically, but it is added here to show it will be skipped during column creation
|
Id: 1, // Id is handled automatically, but it is added here to show it will be skipped during column creation
|
||||||
Username: "migrate",
|
Username: "migrate",
|
||||||
Password: "migrate",
|
Password: "migrate",
|
||||||
|
AuthToken: "migrate",
|
||||||
CreatedAt: time.Now(),
|
CreatedAt: time.Now(),
|
||||||
UpdatedAt: time.Now(),
|
UpdatedAt: time.Now(),
|
||||||
}
|
}
|
||||||
@ -21,16 +22,5 @@ func RunAllMigrations(app *app.App) error {
|
|||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
|
||||||
session := Session{
|
|
||||||
Id: 1,
|
|
||||||
UserId: 1,
|
|
||||||
AuthToken: "migrate",
|
|
||||||
CreatedAt: time.Now(),
|
|
||||||
}
|
|
||||||
err = database.Migrate(app, session)
|
|
||||||
if err != nil {
|
|
||||||
return err
|
|
||||||
}
|
|
||||||
|
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|||||||
@ -1,103 +0,0 @@
|
|||||||
package models
|
|
||||||
|
|
||||||
import (
|
|
||||||
"GoWeb/app"
|
|
||||||
"crypto/rand"
|
|
||||||
"encoding/hex"
|
|
||||||
"log"
|
|
||||||
"net/http"
|
|
||||||
"time"
|
|
||||||
)
|
|
||||||
|
|
||||||
type Session struct {
|
|
||||||
Id int64
|
|
||||||
UserId int64
|
|
||||||
AuthToken string
|
|
||||||
CreatedAt time.Time
|
|
||||||
}
|
|
||||||
|
|
||||||
// CreateSession creates a new session for a user
|
|
||||||
func CreateSession(app *app.App, w http.ResponseWriter, userId int64) (Session, error) {
|
|
||||||
session := Session{}
|
|
||||||
session.UserId = userId
|
|
||||||
session.AuthToken = generateAuthToken(app)
|
|
||||||
session.CreatedAt = time.Now()
|
|
||||||
|
|
||||||
// If the AuthToken column for any user matches the token, set existingAuthToken to true
|
|
||||||
var existingAuthToken bool
|
|
||||||
err := app.Db.QueryRow("SELECT EXISTS(SELECT 1 FROM public.\"Session\" WHERE \"AuthToken\" = $1)", session.AuthToken).Scan(&existingAuthToken)
|
|
||||||
if err != nil {
|
|
||||||
log.Println("Error checking for existing auth token")
|
|
||||||
log.Println(err)
|
|
||||||
return Session{}, err
|
|
||||||
}
|
|
||||||
|
|
||||||
// If duplicate token found, recursively call function until unique token is generated
|
|
||||||
if existingAuthToken == true {
|
|
||||||
log.Println("Duplicate token found in sessions table, generating new token...")
|
|
||||||
return CreateSession(app, w, userId)
|
|
||||||
}
|
|
||||||
|
|
||||||
// Insert session into database
|
|
||||||
err = app.Db.QueryRow("INSERT INTO public.\"Session\" (\"UserId\", \"AuthToken\", \"CreatedAt\") VALUES ($1, $2, $3) RETURNING \"Id\"", session.UserId, session.AuthToken, session.CreatedAt).Scan(&session.Id)
|
|
||||||
if err != nil {
|
|
||||||
log.Println("Error inserting session into database")
|
|
||||||
return Session{}, err
|
|
||||||
}
|
|
||||||
|
|
||||||
createSessionCookie(app, w, session)
|
|
||||||
return session, nil
|
|
||||||
}
|
|
||||||
|
|
||||||
// Generates a random 64-byte string
|
|
||||||
func generateAuthToken(app *app.App) string {
|
|
||||||
// Generate random bytes
|
|
||||||
b := make([]byte, 64)
|
|
||||||
_, err := rand.Read(b)
|
|
||||||
if err != nil {
|
|
||||||
log.Println("Error generating random bytes")
|
|
||||||
}
|
|
||||||
|
|
||||||
// Convert random bytes to hex string
|
|
||||||
return hex.EncodeToString(b)
|
|
||||||
}
|
|
||||||
|
|
||||||
// createSessionCookie creates a new session cookie
|
|
||||||
func createSessionCookie(app *app.App, w http.ResponseWriter, session Session) {
|
|
||||||
cookie := &http.Cookie{
|
|
||||||
Name: "session",
|
|
||||||
Value: session.AuthToken,
|
|
||||||
Path: "/",
|
|
||||||
MaxAge: 86400,
|
|
||||||
HttpOnly: true,
|
|
||||||
Secure: true,
|
|
||||||
}
|
|
||||||
|
|
||||||
http.SetCookie(w, cookie)
|
|
||||||
}
|
|
||||||
|
|
||||||
// deleteSessionCookie deletes the session cookie
|
|
||||||
func deleteSessionCookie(app *app.App, w http.ResponseWriter) {
|
|
||||||
cookie := &http.Cookie{
|
|
||||||
Name: "session",
|
|
||||||
Value: "",
|
|
||||||
Path: "/",
|
|
||||||
MaxAge: -1,
|
|
||||||
}
|
|
||||||
|
|
||||||
http.SetCookie(w, cookie)
|
|
||||||
}
|
|
||||||
|
|
||||||
// DeleteSessionByAuthToken deletes a session from the database by AuthToken
|
|
||||||
func DeleteSessionByAuthToken(app *app.App, w http.ResponseWriter, authToken string) error {
|
|
||||||
// Delete session from database
|
|
||||||
_, err := app.Db.Exec("DELETE FROM public.\"Session\" WHERE \"AuthToken\" = $1", authToken)
|
|
||||||
if err != nil {
|
|
||||||
log.Println("Error deleting session from database")
|
|
||||||
return err
|
|
||||||
}
|
|
||||||
|
|
||||||
deleteSessionCookie(app, w)
|
|
||||||
|
|
||||||
return nil
|
|
||||||
}
|
|
||||||
147
models/user.go
147
models/user.go
@ -2,7 +2,11 @@ package models
|
|||||||
|
|
||||||
import (
|
import (
|
||||||
"GoWeb/app"
|
"GoWeb/app"
|
||||||
|
"crypto/rand"
|
||||||
|
"database/sql"
|
||||||
|
"encoding/hex"
|
||||||
"log"
|
"log"
|
||||||
|
"math"
|
||||||
"net/http"
|
"net/http"
|
||||||
"strconv"
|
"strconv"
|
||||||
"time"
|
"time"
|
||||||
@ -14,6 +18,7 @@ type User struct {
|
|||||||
Id int64
|
Id int64
|
||||||
Username string
|
Username string
|
||||||
Password string
|
Password string
|
||||||
|
AuthToken string
|
||||||
CreatedAt time.Time
|
CreatedAt time.Time
|
||||||
UpdatedAt time.Time
|
UpdatedAt time.Time
|
||||||
}
|
}
|
||||||
@ -23,13 +28,14 @@ func GetCurrentUser(app *app.App, r *http.Request) (User, error) {
|
|||||||
cookie, err := r.Cookie("session")
|
cookie, err := r.Cookie("session")
|
||||||
if err != nil {
|
if err != nil {
|
||||||
log.Println("Error getting session cookie")
|
log.Println("Error getting session cookie")
|
||||||
|
log.Println(err)
|
||||||
return User{}, err
|
return User{}, err
|
||||||
}
|
}
|
||||||
|
|
||||||
var userId int64
|
var userId int64
|
||||||
|
|
||||||
// Query row by AuthToken
|
// Query row by session cookie
|
||||||
err = app.Db.QueryRow("SELECT \"Id\" FROM public.\"Session\" WHERE \"AuthToken\" = $1", cookie.Value).Scan(&userId)
|
err = app.Db.QueryRow("SELECT \"Id\" FROM public.\"User\" WHERE \"AuthToken\" = $1", cookie.Value).Scan(&userId)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
log.Println("Error querying session row with session: " + cookie.Value)
|
log.Println("Error querying session row with session: " + cookie.Value)
|
||||||
return User{}, err
|
return User{}, err
|
||||||
@ -43,26 +49,37 @@ func GetUserById(app *app.App, id int64) (User, error) {
|
|||||||
user := User{}
|
user := User{}
|
||||||
|
|
||||||
// Query row by id
|
// Query row by id
|
||||||
err := app.Db.QueryRow("SELECT \"Id\", \"Username\", \"Password\", \"CreatedAt\", \"UpdatedAt\" FROM public.\"User\" WHERE \"Id\" = $1", id).Scan(&user.Id, &user.Username, &user.Password, &user.CreatedAt, &user.UpdatedAt)
|
row, err := app.Db.Query("SELECT \"Id\", \"Username\", \"Password\", \"AuthToken\", \"CreatedAt\", \"UpdatedAt\" FROM public.\"User\" WHERE \"Id\" = $1", id)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
log.Println("Get user error (user not found) for user id:" + strconv.FormatInt(id, 10))
|
log.Println("Error querying user row with id: " + strconv.FormatInt(id, 10))
|
||||||
return User{}, err
|
return User{}, err
|
||||||
}
|
}
|
||||||
|
|
||||||
return user, nil
|
defer func(row *sql.Rows) {
|
||||||
}
|
err := row.Close()
|
||||||
|
|
||||||
// GetUserByUsername finds a users table row in the database by username and returns a struct representing this row
|
|
||||||
func GetUserByUsername(app *app.App, username string) (User, error) {
|
|
||||||
user := User{}
|
|
||||||
|
|
||||||
// Query row by username
|
|
||||||
err := app.Db.QueryRow("SELECT \"Id\", \"Username\", \"Password\", \"CreatedAt\", \"UpdatedAt\" FROM public.\"User\" WHERE \"Username\" = $1", username).Scan(&user.Id, &user.Username, &user.Password, &user.CreatedAt, &user.UpdatedAt)
|
|
||||||
if err != nil {
|
if err != nil {
|
||||||
log.Println("Get user error (user not found) for user:" + username)
|
log.Println("Error closing database row")
|
||||||
|
log.Println(err)
|
||||||
|
}
|
||||||
|
}(row)
|
||||||
|
|
||||||
|
// Feed row data into user struct
|
||||||
|
row.Next()
|
||||||
|
var authToken sql.NullString
|
||||||
|
err = row.Scan(&user.Id, &user.Username, &user.Password, &authToken, &user.CreatedAt, &user.UpdatedAt)
|
||||||
|
if err != nil {
|
||||||
|
log.Println("Error reading queried row from database")
|
||||||
|
log.Println(err)
|
||||||
return User{}, err
|
return User{}, err
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// If the AuthToken column is null in the database it is handled here by setting user.authToken to an empty string
|
||||||
|
if authToken.Valid {
|
||||||
|
user.AuthToken = authToken.String
|
||||||
|
} else {
|
||||||
|
user.AuthToken = ""
|
||||||
|
}
|
||||||
|
|
||||||
return user, nil
|
return user, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -87,40 +104,118 @@ func CreateUser(app *app.App, username string, password string, createdAt time.T
|
|||||||
return GetUserById(app, lastInsertId)
|
return GetUserById(app, lastInsertId)
|
||||||
}
|
}
|
||||||
|
|
||||||
// AuthenticateUser validates the password for the specified user
|
// AuthenticateUser validates the password for the specified user if it matches a session cookie is created and returned
|
||||||
func AuthenticateUser(app *app.App, w http.ResponseWriter, username string, password string) (Session, error) {
|
func AuthenticateUser(app *app.App, w http.ResponseWriter, username string, password string) (string, error) {
|
||||||
var user User
|
var hashedPassword []byte
|
||||||
|
|
||||||
// Query row by username
|
// Query row by username, scan password column
|
||||||
err := app.Db.QueryRow("SELECT \"Id\", \"Username\", \"Password\", \"CreatedAt\", \"UpdatedAt\" FROM public.\"User\" WHERE \"Username\" = $1", username).Scan(&user.Id, &user.Username, &user.Password, &user.CreatedAt, &user.UpdatedAt)
|
err := app.Db.QueryRow("SELECT \"Password\" FROM public.\"User\" WHERE \"Username\" = $1", username).Scan(&hashedPassword)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
log.Println("Authentication error (user not found) for user:" + username)
|
log.Println("Unable to find row with username: " + username)
|
||||||
return Session{}, err
|
log.Println(err)
|
||||||
|
return "", err
|
||||||
}
|
}
|
||||||
|
|
||||||
// Validate password
|
// Validate password
|
||||||
err = bcrypt.CompareHashAndPassword([]byte(user.Password), []byte(password))
|
err = bcrypt.CompareHashAndPassword(hashedPassword, []byte(password))
|
||||||
if err != nil { // Failed to validate password, doesn't match
|
if err != nil { // Failed to validate password, doesn't match
|
||||||
log.Println("Authentication error (incorrect password) for user:" + username)
|
log.Println("Authentication error (incorrect password) for user:" + username)
|
||||||
return Session{}, err
|
log.Println(err)
|
||||||
|
return "", err
|
||||||
} else {
|
} else {
|
||||||
return CreateSession(app, w, user.Id)
|
return createSessionCookie(app, w, username)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// createSessionCookie creates a new session token and cookie and returns the token value
|
||||||
|
func createSessionCookie(app *app.App, w http.ResponseWriter, username string) (string, error) {
|
||||||
|
// Generate random 64 character string (alpha-numeric)
|
||||||
|
buff := make([]byte, int(math.Ceil(float64(64)/2)))
|
||||||
|
_, err := rand.Read(buff)
|
||||||
|
if err != nil {
|
||||||
|
log.Println("Error creating random buffer for session token value")
|
||||||
|
log.Println(err)
|
||||||
|
return "", err
|
||||||
|
}
|
||||||
|
str := hex.EncodeToString(buff)
|
||||||
|
token := str[:64]
|
||||||
|
|
||||||
|
// If the auth_token column for any user matches the token, set existingAuthToken to true
|
||||||
|
var existingAuthToken bool
|
||||||
|
err = app.Db.QueryRow("SELECT EXISTS(SELECT 1 FROM public.\"User\" WHERE \"AuthToken\" = $1)", token).Scan(&existingAuthToken)
|
||||||
|
if err != nil {
|
||||||
|
log.Println("Error checking for existing auth token")
|
||||||
|
log.Println(err)
|
||||||
|
return "", err
|
||||||
|
}
|
||||||
|
|
||||||
|
// If duplicate token found, recursively call function until unique token is generated
|
||||||
|
if existingAuthToken == true {
|
||||||
|
log.Println("Duplicate token found in sessions table")
|
||||||
|
return createSessionCookie(app, w, username)
|
||||||
|
}
|
||||||
|
|
||||||
|
// Store token in auth_token column of the users table
|
||||||
|
_, err = app.Db.Exec("UPDATE public.\"User\" SET \"AuthToken\" = $1 WHERE \"Username\" = $2", token, username)
|
||||||
|
if err != nil {
|
||||||
|
log.Println("Error setting auth_token column in users table")
|
||||||
|
log.Println(err)
|
||||||
|
return "", err
|
||||||
|
}
|
||||||
|
|
||||||
|
// Create session cookie, containing token
|
||||||
|
cookie := &http.Cookie{
|
||||||
|
Name: "session",
|
||||||
|
Value: token,
|
||||||
|
Path: "/",
|
||||||
|
MaxAge: 86400,
|
||||||
|
HttpOnly: true,
|
||||||
|
Secure: true,
|
||||||
|
}
|
||||||
|
|
||||||
|
http.SetCookie(w, cookie)
|
||||||
|
|
||||||
|
return token, nil
|
||||||
|
}
|
||||||
|
|
||||||
|
// ValidateSessionCookie validates the session cookie and returns the username of the user if valid
|
||||||
|
func ValidateSessionCookie(app *app.App, r *http.Request) (string, error) {
|
||||||
|
// Get cookie from request
|
||||||
|
cookie, err := r.Cookie("session")
|
||||||
|
if err != nil {
|
||||||
|
log.Println("Error getting cookie from request")
|
||||||
|
log.Println(err)
|
||||||
|
return "", err
|
||||||
|
}
|
||||||
|
|
||||||
|
// Query row by token
|
||||||
|
var username string
|
||||||
|
err = app.Db.QueryRow("SELECT \"Username\" FROM public.\"User\" WHERE \"AuthToken\" = $1", cookie.Value).Scan(&username)
|
||||||
|
if err != nil {
|
||||||
|
log.Println("Error querying row by token")
|
||||||
|
log.Println(err)
|
||||||
|
return "", err
|
||||||
|
}
|
||||||
|
|
||||||
|
return username, nil
|
||||||
|
}
|
||||||
|
|
||||||
// LogoutUser deletes the session cookie and token from the database
|
// LogoutUser deletes the session cookie and token from the database
|
||||||
func LogoutUser(app *app.App, w http.ResponseWriter, r *http.Request) {
|
func LogoutUser(app *app.App, w http.ResponseWriter, r *http.Request) {
|
||||||
// Get cookie from request
|
// Get cookie from request
|
||||||
cookie, err := r.Cookie("session")
|
cookie, err := r.Cookie("session")
|
||||||
if err != nil {
|
if err != nil {
|
||||||
log.Println("Error getting cookie from request")
|
log.Println("Error getting cookie from request")
|
||||||
|
log.Println(err)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
// Set token to empty string
|
// Set token to empty string
|
||||||
err = DeleteSessionByAuthToken(app, w, cookie.Value)
|
sqlStatement := "UPDATE public.\"User\" SET \"AuthToken\" = $1 WHERE \"AuthToken\" = $2"
|
||||||
|
_, err = app.Db.Exec(sqlStatement, "", cookie.Value)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
log.Println("Error deleting session by auth token")
|
log.Println("Error setting auth_token column in users table")
|
||||||
|
log.Println(err)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user