go-urlsh/internal/api/users.go

package api

import (
	"context"
	"crypto/sha256"
	"database/sql"
	"encoding/hex"
	"encoding/json"
	"log"
	"time"

	"code.lila.network/adoralaura/go-urlsh/internal/constants"
	"code.lila.network/adoralaura/go-urlsh/internal/db"
	"code.lila.network/adoralaura/go-urlsh/internal/misc"
	"code.lila.network/adoralaura/go-urlsh/models"
	"github.com/gofiber/fiber/v2"
)

func HandleUserPost(c *fiber.Ctx) error {
	var newuser models.LoginRequest

	err := json.Unmarshal(c.Body(), &newuser)
	if err != nil {
		log.Println(err.Error())
		return fiber.NewError(fiber.StatusBadRequest, "400 Bad Request")
	}

	usercount, err := models.DB.NewSelect().Model((*models.User)(nil)).Count(context.Background())
	if err != nil {
		log.Printf("[POST /api/v1/users] Error querying database for users: %v\n", err.Error())
		return fiber.NewError(fiber.StatusInternalServerError, "500 Internal Server Error")
	}
	if usercount != 0 {
		log.Printf("[POST /api/v1/users] someone trying to create user but user already exists\n")
		return fiber.NewError(fiber.StatusUnauthorized, "401 Unauthorized")
	} else {
		salt := misc.RandomString(15)
		created := time.Now()
		hashbytes := sha256.Sum256([]byte(salt + newuser.Password))

		hash := hex.EncodeToString(hashbytes[:])

		user := new(models.User)
		user.UserName = newuser.Username
		user.PasswordSalt = salt
		user.PasswordHash = hash
		user.Created = created

		_, err = models.DB.NewInsert().Model(user).Exec(context.Background())
		if err != nil {
			log.Printf("[POST /api/v1/users] Error adding user %v to database : %v\n", newuser.Username, err.Error())
			return fiber.NewError(fiber.StatusInternalServerError, "500 Internal Server Error")
		}

		userresponse := models.UserResponse{UserName: newuser.Username, Created: created, MFAEnabled: false}

		c.Status(fiber.StatusCreated)
		err = c.JSON(userresponse)
		if err != nil {
			log.Println(err)
		}
		return nil
	}
}

func HandleUserMe(c *fiber.Ctx) error {
	if !db.IsCookieValid(c.Cookies(constants.LoginCookieName, "")) && !db.IsApiKeyValid(c.GetRespHeader("x-api-key", "")) {
		return fiber.NewError(fiber.StatusUnauthorized, "401 Unauthorized")
	}

	cookie := c.Cookies(constants.LoginCookieName, "")
	apikey := c.GetRespHeader("x-api-key", "")

	var authmethod string
	var user models.User

	if cookie != "" {
		authmethod = "cookie"
	} else {
		authmethod = "apikey"
	}

	switch authmethod {
	case "cookie":
		var session models.Session
		err := models.DB.NewSelect().Model(&session).Where("cookie = ?", cookie).Scan(context.Background())
		if err != nil {
			if err == sql.ErrNoRows {
				log.Printf("[GET /api/v1/users/me] Session %v not found\n", cookie)
			} else {
				log.Printf("[GET /api/v1/users/me] Error querying session %v from database: %v\n", cookie, err)
			}
			return fiber.NewError(fiber.StatusInternalServerError, "500 Internal Server Error")
		}

		err = models.DB.NewSelect().Model(&user).Where("username = ?", session.UserName).Scan(context.Background())
		if err != nil {
			log.Printf("[GET /api/v1/users/me] Error querying user %v from database: %v\n", session.UserName, err)
			return fiber.NewError(fiber.StatusInternalServerError, "500 Internal Server Error")
		}

	case "apikey":
		var key models.ApiKey
		err := models.DB.NewSelect().Model(&key).Where("key = ?", apikey).Scan(context.Background())
		if err != nil {
			if err == sql.ErrNoRows {
				log.Printf("[GET /api/v1/users/me] ApiKey %v not found\n", apikey)
			} else {
				log.Printf("[GET /api/v1/users/me] Error querying apikey %v from database: %v\n", apikey, err)
			}
			return fiber.NewError(fiber.StatusInternalServerError, "500 Internal Server Error")
		}

		err = models.DB.NewSelect().Model(&user).Where("username = ?", key.UserName).Scan(context.Background())
		if err != nil {
			log.Printf("[GET /api/v1/users/me] Error querying user %v from database: %v\n", key.UserName, err)
			return fiber.NewError(fiber.StatusInternalServerError, "500 Internal Server Error")
		}
	}

	var userresponse = new(models.UserResponse)
	userresponse.UserName = user.UserName
	userresponse.Created = user.Created

	hasmfa, err := db.UserHasMFA(user)
	if err != nil {
		log.Printf("[GET /api/v1/users/me] Error checking MFA status: %q\n", err)
		return fiber.NewError(fiber.StatusInternalServerError, "500 Internal Server Error")
	}
	userresponse.MFAEnabled = hasmfa

	err = c.JSON(userresponse)
	if err != nil {
		log.Printf("[GET /api/v1/users/me] Error marshaling JSON response: %q\n", err)
		return fiber.NewError(fiber.StatusInternalServerError, "500 Internal Server Error")
	}
	return nil
}
add login method and api endpoint 2023-04-27 10:37:42 +02:00			`package api`

			`import (`
			`"context"`
			`"crypto/sha256"`
add account page 2023-06-16 14:30:27 +02:00			`"database/sql"`
add login method and api endpoint 2023-04-27 10:37:42 +02:00			`"encoding/hex"`
			`"encoding/json"`
			`"log"`
			`"time"`
Add minimal working 2fa implementation 2024-05-04 17:06:01 +02:00
			`"code.lila.network/adoralaura/go-urlsh/internal/constants"`
			`"code.lila.network/adoralaura/go-urlsh/internal/db"`
			`"code.lila.network/adoralaura/go-urlsh/internal/misc"`
			`"code.lila.network/adoralaura/go-urlsh/models"`
			`"github.com/gofiber/fiber/v2"`
add login method and api endpoint 2023-04-27 10:37:42 +02:00			`)`

			`func HandleUserPost(c *fiber.Ctx) error {`
			`var newuser models.LoginRequest`

			`err := json.Unmarshal(c.Body(), &newuser)`
			`if err != nil {`
			`log.Println(err.Error())`
			`return fiber.NewError(fiber.StatusBadRequest, "400 Bad Request")`
			`}`

			`usercount, err := models.DB.NewSelect().Model((*models.User)(nil)).Count(context.Background())`
			`if err != nil {`
			`log.Printf("[POST /api/v1/users] Error querying database for users: %v\n", err.Error())`
			`return fiber.NewError(fiber.StatusInternalServerError, "500 Internal Server Error")`
			`}`
			`if usercount != 0 {`
			`log.Printf("[POST /api/v1/users] someone trying to create user but user already exists\n")`
			`return fiber.NewError(fiber.StatusUnauthorized, "401 Unauthorized")`
			`} else {`
			`salt := misc.RandomString(15)`
			`created := time.Now()`
			`hashbytes := sha256.Sum256([]byte(salt + newuser.Password))`

			`hash := hex.EncodeToString(hashbytes[:])`

			`user := new(models.User)`
			`user.UserName = newuser.Username`
			`user.PasswordSalt = salt`
			`user.PasswordHash = hash`
			`user.Created = created`

			`_, err = models.DB.NewInsert().Model(user).Exec(context.Background())`
			`if err != nil {`
			`log.Printf("[POST /api/v1/users] Error adding user %v to database : %v\n", newuser.Username, err.Error())`
			`return fiber.NewError(fiber.StatusInternalServerError, "500 Internal Server Error")`
			`}`

Add minimal working 2fa implementation 2024-05-04 17:06:01 +02:00			`userresponse := models.UserResponse{UserName: newuser.Username, Created: created, MFAEnabled: false}`
add login method and api endpoint 2023-04-27 10:37:42 +02:00
			`c.Status(fiber.StatusCreated)`
			`err = c.JSON(userresponse)`
			`if err != nil {`
			`log.Println(err)`
			`}`
			`return nil`
			`}`
			`}`
add account page 2023-06-16 14:30:27 +02:00
			`func HandleUserMe(c *fiber.Ctx) error {`
Add minimal working 2fa implementation 2024-05-04 17:06:01 +02:00			`if !db.IsCookieValid(c.Cookies(constants.LoginCookieName, "")) && !db.IsApiKeyValid(c.GetRespHeader("x-api-key", "")) {`
add account page 2023-06-16 14:30:27 +02:00			`return fiber.NewError(fiber.StatusUnauthorized, "401 Unauthorized")`
			`}`

Add minimal working 2fa implementation 2024-05-04 17:06:01 +02:00			`cookie := c.Cookies(constants.LoginCookieName, "")`
add account page 2023-06-16 14:30:27 +02:00			`apikey := c.GetRespHeader("x-api-key", "")`

			`var authmethod string`
			`var user models.User`

			`if cookie != "" {`
			`authmethod = "cookie"`
			`} else {`
			`authmethod = "apikey"`
			`}`

			`switch authmethod {`
			`case "cookie":`
			`var session models.Session`
			`err := models.DB.NewSelect().Model(&session).Where("cookie = ?", cookie).Scan(context.Background())`
			`if err != nil {`
			`if err == sql.ErrNoRows {`
Add minimal working 2fa implementation 2024-05-04 17:06:01 +02:00			`log.Printf("[GET /api/v1/users/me] Session %v not found\n", cookie)`
add account page 2023-06-16 14:30:27 +02:00			`} else {`
Add minimal working 2fa implementation 2024-05-04 17:06:01 +02:00			`log.Printf("[GET /api/v1/users/me] Error querying session %v from database: %v\n", cookie, err)`
add account page 2023-06-16 14:30:27 +02:00			`}`
			`return fiber.NewError(fiber.StatusInternalServerError, "500 Internal Server Error")`
			`}`

			`err = models.DB.NewSelect().Model(&user).Where("username = ?", session.UserName).Scan(context.Background())`
			`if err != nil {`
Add minimal working 2fa implementation 2024-05-04 17:06:01 +02:00			`log.Printf("[GET /api/v1/users/me] Error querying user %v from database: %v\n", session.UserName, err)`
add account page 2023-06-16 14:30:27 +02:00			`return fiber.NewError(fiber.StatusInternalServerError, "500 Internal Server Error")`
			`}`

			`case "apikey":`
			`var key models.ApiKey`
			`err := models.DB.NewSelect().Model(&key).Where("key = ?", apikey).Scan(context.Background())`
			`if err != nil {`
			`if err == sql.ErrNoRows {`
Add minimal working 2fa implementation 2024-05-04 17:06:01 +02:00			`log.Printf("[GET /api/v1/users/me] ApiKey %v not found\n", apikey)`
add account page 2023-06-16 14:30:27 +02:00			`} else {`
Add minimal working 2fa implementation 2024-05-04 17:06:01 +02:00			`log.Printf("[GET /api/v1/users/me] Error querying apikey %v from database: %v\n", apikey, err)`
add account page 2023-06-16 14:30:27 +02:00			`}`
			`return fiber.NewError(fiber.StatusInternalServerError, "500 Internal Server Error")`
			`}`

			`err = models.DB.NewSelect().Model(&user).Where("username = ?", key.UserName).Scan(context.Background())`
			`if err != nil {`
Add minimal working 2fa implementation 2024-05-04 17:06:01 +02:00			`log.Printf("[GET /api/v1/users/me] Error querying user %v from database: %v\n", key.UserName, err)`
add account page 2023-06-16 14:30:27 +02:00			`return fiber.NewError(fiber.StatusInternalServerError, "500 Internal Server Error")`
			`}`
			`}`

			`var userresponse = new(models.UserResponse)`
			`userresponse.UserName = user.UserName`
			`userresponse.Created = user.Created`

Add minimal working 2fa implementation 2024-05-04 17:06:01 +02:00			`hasmfa, err := db.UserHasMFA(user)`
			`if err != nil {`
			`log.Printf("[GET /api/v1/users/me] Error checking MFA status: %q\n", err)`
			`return fiber.NewError(fiber.StatusInternalServerError, "500 Internal Server Error")`
			`}`
			`userresponse.MFAEnabled = hasmfa`

			`err = c.JSON(userresponse)`
add account page 2023-06-16 14:30:27 +02:00			`if err != nil {`
Add minimal working 2fa implementation 2024-05-04 17:06:01 +02:00			`log.Printf("[GET /api/v1/users/me] Error marshaling JSON response: %q\n", err)`
			`return fiber.NewError(fiber.StatusInternalServerError, "500 Internal Server Error")`
add account page 2023-06-16 14:30:27 +02:00			`}`
			`return nil`
			`}`