go-urlsh/internal/api/users.go

139 lines
4.5 KiB
Go
Raw Normal View History

2023-04-27 10:37:42 +02:00
package api
import (
"context"
"crypto/sha256"
2023-06-16 14:30:27 +02:00
"database/sql"
2023-04-27 10:37:42 +02:00
"encoding/hex"
"encoding/json"
"log"
"time"
2024-05-04 17:06:01 +02:00
"code.lila.network/adoralaura/go-urlsh/internal/constants"
"code.lila.network/adoralaura/go-urlsh/internal/db"
"code.lila.network/adoralaura/go-urlsh/internal/misc"
"code.lila.network/adoralaura/go-urlsh/models"
"github.com/gofiber/fiber/v2"
2023-04-27 10:37:42 +02:00
)
2024-09-30 13:19:01 +02:00
func (am APIRouteManager) HandleUserPost(c *fiber.Ctx) error {
2023-04-27 10:37:42 +02:00
var newuser models.LoginRequest
err := json.Unmarshal(c.Body(), &newuser)
if err != nil {
log.Println(err.Error())
return fiber.NewError(fiber.StatusBadRequest, "400 Bad Request")
}
2024-09-30 13:19:01 +02:00
usercount, err := am.db.NewSelect().Model((*models.User)(nil)).Count(context.Background())
2023-04-27 10:37:42 +02:00
if err != nil {
log.Printf("[POST /api/v1/users] Error querying database for users: %v\n", err.Error())
return fiber.NewError(fiber.StatusInternalServerError, "500 Internal Server Error")
}
if usercount != 0 {
log.Printf("[POST /api/v1/users] someone trying to create user but user already exists\n")
return fiber.NewError(fiber.StatusUnauthorized, "401 Unauthorized")
} else {
salt := misc.RandomString(15)
created := time.Now()
hashbytes := sha256.Sum256([]byte(salt + newuser.Password))
hash := hex.EncodeToString(hashbytes[:])
user := new(models.User)
user.UserName = newuser.Username
user.PasswordSalt = salt
user.PasswordHash = hash
user.Created = created
2024-09-30 13:19:01 +02:00
_, err = am.db.NewInsert().Model(user).Exec(context.Background())
2023-04-27 10:37:42 +02:00
if err != nil {
log.Printf("[POST /api/v1/users] Error adding user %v to database : %v\n", newuser.Username, err.Error())
return fiber.NewError(fiber.StatusInternalServerError, "500 Internal Server Error")
}
2024-05-04 17:06:01 +02:00
userresponse := models.UserResponse{UserName: newuser.Username, Created: created, MFAEnabled: false}
2023-04-27 10:37:42 +02:00
c.Status(fiber.StatusCreated)
err = c.JSON(userresponse)
if err != nil {
log.Println(err)
}
return nil
}
}
2023-06-16 14:30:27 +02:00
2024-09-30 13:19:01 +02:00
func (am APIRouteManager) HandleUserMe(c *fiber.Ctx) error {
2024-05-04 17:06:01 +02:00
if !db.IsCookieValid(c.Cookies(constants.LoginCookieName, "")) && !db.IsApiKeyValid(c.GetRespHeader("x-api-key", "")) {
2023-06-16 14:30:27 +02:00
return fiber.NewError(fiber.StatusUnauthorized, "401 Unauthorized")
}
2024-05-04 17:06:01 +02:00
cookie := c.Cookies(constants.LoginCookieName, "")
2023-06-16 14:30:27 +02:00
apikey := c.GetRespHeader("x-api-key", "")
var authmethod string
var user models.User
if cookie != "" {
authmethod = "cookie"
} else {
authmethod = "apikey"
}
switch authmethod {
case "cookie":
var session models.Session
2024-09-30 13:19:01 +02:00
err := am.db.NewSelect().Model(&session).Where("cookie = ?", cookie).Scan(context.Background())
2023-06-16 14:30:27 +02:00
if err != nil {
if err == sql.ErrNoRows {
2024-05-04 17:06:01 +02:00
log.Printf("[GET /api/v1/users/me] Session %v not found\n", cookie)
2023-06-16 14:30:27 +02:00
} else {
2024-05-04 17:06:01 +02:00
log.Printf("[GET /api/v1/users/me] Error querying session %v from database: %v\n", cookie, err)
2023-06-16 14:30:27 +02:00
}
return fiber.NewError(fiber.StatusInternalServerError, "500 Internal Server Error")
}
2024-09-30 13:19:01 +02:00
err = am.db.NewSelect().Model(&user).Where("username = ?", session.UserName).Scan(context.Background())
2023-06-16 14:30:27 +02:00
if err != nil {
2024-05-04 17:06:01 +02:00
log.Printf("[GET /api/v1/users/me] Error querying user %v from database: %v\n", session.UserName, err)
2023-06-16 14:30:27 +02:00
return fiber.NewError(fiber.StatusInternalServerError, "500 Internal Server Error")
}
case "apikey":
var key models.ApiKey
2024-09-30 13:19:01 +02:00
err := am.db.NewSelect().Model(&key).Where("key = ?", apikey).Scan(context.Background())
2023-06-16 14:30:27 +02:00
if err != nil {
if err == sql.ErrNoRows {
2024-05-04 17:06:01 +02:00
log.Printf("[GET /api/v1/users/me] ApiKey %v not found\n", apikey)
2023-06-16 14:30:27 +02:00
} else {
2024-05-04 17:06:01 +02:00
log.Printf("[GET /api/v1/users/me] Error querying apikey %v from database: %v\n", apikey, err)
2023-06-16 14:30:27 +02:00
}
return fiber.NewError(fiber.StatusInternalServerError, "500 Internal Server Error")
}
2024-09-30 13:19:01 +02:00
err = am.db.NewSelect().Model(&user).Where("username = ?", key.UserName).Scan(context.Background())
2023-06-16 14:30:27 +02:00
if err != nil {
2024-05-04 17:06:01 +02:00
log.Printf("[GET /api/v1/users/me] Error querying user %v from database: %v\n", key.UserName, err)
2023-06-16 14:30:27 +02:00
return fiber.NewError(fiber.StatusInternalServerError, "500 Internal Server Error")
}
}
var userresponse = new(models.UserResponse)
userresponse.UserName = user.UserName
userresponse.Created = user.Created
2024-05-04 17:06:01 +02:00
hasmfa, err := db.UserHasMFA(user)
if err != nil {
log.Printf("[GET /api/v1/users/me] Error checking MFA status: %q\n", err)
return fiber.NewError(fiber.StatusInternalServerError, "500 Internal Server Error")
}
userresponse.MFAEnabled = hasmfa
err = c.JSON(userresponse)
2023-06-16 14:30:27 +02:00
if err != nil {
2024-05-04 17:06:01 +02:00
log.Printf("[GET /api/v1/users/me] Error marshaling JSON response: %q\n", err)
return fiber.NewError(fiber.StatusInternalServerError, "500 Internal Server Error")
2023-06-16 14:30:27 +02:00
}
return nil
}