implemented user-adding
This commit is contained in:
z1glr
@@ -150,3 +150,9 @@ func UserPending(userName string) (int, error) {
|
||||
return result.Count, nil
|
||||
}
|
||||
}
|
||||
|
||||
func Delete(eventId int) error {
|
||||
_, err := db.DB.Exec("DELETE FROM EVENTS WHERE id = ?", eventId)
|
||||
|
||||
return err
|
||||
}
|
||||
|
||||
@@ -4,8 +4,10 @@ import (
|
||||
"fmt"
|
||||
"time"
|
||||
|
||||
"github.com/google/uuid"
|
||||
cache "github.com/jfarleyx/go-simple-cache"
|
||||
"github.com/johannesbuehl/golunteer/backend/pkg/db"
|
||||
"golang.org/x/crypto/bcrypt"
|
||||
)
|
||||
|
||||
type User struct {
|
||||
@@ -17,6 +19,16 @@ type User struct {
|
||||
|
||||
var c *cache.Cache
|
||||
|
||||
// hashes a password
|
||||
func hashPassword(password string) ([]byte, error) {
|
||||
return bcrypt.GenerateFromPassword([]byte(password), bcrypt.DefaultCost)
|
||||
}
|
||||
|
||||
// validates a password against the password-rules
|
||||
func ValidatePassword(password string) bool {
|
||||
return len(password) >= 12 && len(password) <= 64
|
||||
}
|
||||
|
||||
func Get() (map[string]User, error) {
|
||||
if users, hit := c.Get("users"); !hit {
|
||||
refresh()
|
||||
@@ -27,6 +39,37 @@ func Get() (map[string]User, error) {
|
||||
}
|
||||
}
|
||||
|
||||
type UserAdd struct {
|
||||
UserName string `json:"userName" validate:"required" db:"userName"`
|
||||
Password string `json:"password" validate:"required,min=8"`
|
||||
Admin bool `json:"admin" db:"admin"`
|
||||
}
|
||||
|
||||
func Add(user UserAdd) error {
|
||||
// try to hash the password
|
||||
if hash, err := hashPassword(user.Password); err != nil {
|
||||
return err
|
||||
} else {
|
||||
insertUser := struct {
|
||||
UserAdd
|
||||
Password []byte `db:"password"`
|
||||
TokenID string `db:"tokenID"`
|
||||
}{
|
||||
UserAdd: user,
|
||||
Password: hash,
|
||||
TokenID: uuid.NewString(),
|
||||
}
|
||||
|
||||
if _, err := db.DB.NamedExec("INSERT INTO USERS (name, password, admin, tokenID) VALUES (:userName, :password, :admin, :tokenID)", insertUser); err != nil {
|
||||
return err
|
||||
} else {
|
||||
refresh()
|
||||
|
||||
return nil
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
func refresh() {
|
||||
// get the usersRaw from the database
|
||||
var usersRaw []User
|
||||
|
||||
@@ -88,3 +88,20 @@ func getEventsUserPending(args HandlerArgs) responseMessage {
|
||||
|
||||
return response
|
||||
}
|
||||
|
||||
func deleteEvent(args HandlerArgs) responseMessage {
|
||||
response := responseMessage{}
|
||||
|
||||
// check for admin
|
||||
if !args.User.Admin {
|
||||
response.Status = fiber.StatusForbidden
|
||||
|
||||
// -1 can't be valid
|
||||
} else if eventId := args.C.QueryInt("id", -1); eventId == -1 {
|
||||
response.Status = fiber.StatusBadRequest
|
||||
} else if err := events.Delete(eventId); err != nil {
|
||||
response.Status = fiber.StatusInternalServerError
|
||||
}
|
||||
|
||||
return response
|
||||
}
|
||||
|
||||
@@ -80,9 +80,14 @@ func init() {
|
||||
"events/user/pending": getEventsUserPending,
|
||||
"tasks": getTasks,
|
||||
},
|
||||
"POST": {"events": postEvent},
|
||||
"PATCH": {},
|
||||
"DELETE": {},
|
||||
"POST": {
|
||||
"events": postEvent,
|
||||
"users": postUser,
|
||||
},
|
||||
"PATCH": {},
|
||||
"DELETE": {
|
||||
"event": deleteEvent,
|
||||
},
|
||||
}
|
||||
|
||||
// handle specific requests special
|
||||
|
||||
@@ -1,13 +1,36 @@
|
||||
package router
|
||||
|
||||
import "golang.org/x/crypto/bcrypt"
|
||||
import (
|
||||
"github.com/gofiber/fiber/v2"
|
||||
"github.com/johannesbuehl/golunteer/backend/pkg/db/users"
|
||||
)
|
||||
|
||||
// hashes a password
|
||||
func hashPassword(password string) ([]byte, error) {
|
||||
return bcrypt.GenerateFromPassword([]byte(password), bcrypt.DefaultCost)
|
||||
}
|
||||
func postUser(args HandlerArgs) responseMessage {
|
||||
response := responseMessage{}
|
||||
|
||||
// validates a password against the password-rules
|
||||
func validatePassword(password string) bool {
|
||||
return len(password) >= 12 && len(password) <= 64
|
||||
// check admin
|
||||
if !args.User.Admin {
|
||||
response.Status = fiber.StatusForbidden
|
||||
} else {
|
||||
// parse the body
|
||||
var body users.UserAdd
|
||||
|
||||
if err := args.C.BodyParser(&body); err != nil {
|
||||
response.Status = fiber.StatusBadRequest
|
||||
|
||||
logger.Warn().Msgf("can't parse body: %v", err)
|
||||
|
||||
// validate the body
|
||||
} else if err := validate.Struct(body); err != nil {
|
||||
response.Status = fiber.StatusBadRequest
|
||||
|
||||
logger.Warn().Msgf("invalid body: %v", err)
|
||||
} else if err := users.Add(body); err != nil {
|
||||
response.Status = fiber.StatusInternalServerError
|
||||
|
||||
logger.Warn().Msgf("can't add user: %v", err)
|
||||
}
|
||||
}
|
||||
|
||||
return response
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user