z1glr/golunteer
1
0
Fork 0
Code Issues Actions Packages Projects Releases Wiki Activity

started "real work"

Browse Source
This commit is contained in:
z1glr
2025-01-10 14:06:53 +00:00
parent e2aa65b416
commit 45f600268f
30 changed files with 9811 additions and 8584 deletions
Download Patch File Download Diff File Expand all files Collapse all files

35
backend/pkg/router/events.go
View File

@@ -5,28 +5,29 @@ import (
"github.com/johannesbuehl/golunteer/backend/pkg/db/events"
)
func getEvents(c *fiber.Ctx) responseMessage {
func getEventsAssignments(args HandlerArgs) responseMessage {
response := responseMessage{}
// get all eventRows
if eventRows, err := events.All(); err != nil {
if events, err := events.WithAssignments(); err != nil {
response.Status = fiber.StatusInternalServerError
logger.Error().Msgf("events retrieving failed: %v", err)
logger.Error().Msgf("can't retrieve events with assignments: %v", err)
} else {
// get the data for all the allEvents
allEvents := []events.Event{}
for _, eventRow := range eventRows {
if e, err := eventRow.Event(); err != nil {
logger.Error().Msgf("error while populating event with id = %d: %v", eventRow.Id, err)
} else {
allEvents = append(allEvents, e)
}
// response.Data = struct{ Events []events.Event }{Events: allEvents}
response.Data = allEvents
}
response.Data = events
}
return response
}
func getEventsUserPending(args HandlerArgs) responseMessage {
response := responseMessage{}
if count, err := events.UserPending(args.User.UserName); err != nil {
response.Status = fiber.StatusInternalServerError
logger.Warn().Msgf("can't query database for users %q pending events: %v", args.User.UserName, err)
} else {
response.Data = count
}
return response

113
backend/pkg/router/login.go
View File

@@ -1,67 +1,98 @@
package router
import (
"strconv"
"github.com/gofiber/fiber/v2"
"github.com/johannesbuehl/golunteer/backend/pkg/db"
"golang.org/x/crypto/bcrypt"
)
type UserLogin struct {
UserName string `json:"userName"`
LoggedIn bool `json:"loggedIn"`
}
// handle welcome-messages from clients
func handleWelcome(c *fiber.Ctx) error {
logger.Debug().Msgf("HTTP %s request: %q", c.Method(), c.OriginalURL())
response := responseMessage{}
response.Data = UserLogin{
LoggedIn: false,
response.Data = UserChecked{
Admin: false,
}
if ok, err := checkUser(c); err != nil {
if user, err := checkUser(c); err != nil {
response.Status = fiber.StatusInternalServerError
logger.Warn().Msgf("can't check user: %v", err)
} else if !ok {
} else if user == nil {
response.Status = fiber.StatusNoContent
logger.Debug().Msgf("user not authorized")
} else {
if uid, _, err := extractJWT(c); err != nil {
response.Status = fiber.StatusBadRequest
logger.Error().Msgf("can't extract JWT: %v", err)
} else {
if users, err := db.SelectOld[UserDB]("users", "uid = ? LIMIT 1", strconv.Itoa(uid)); err != nil {
response.Status = fiber.StatusInternalServerError
logger.Error().Msgf("can't get users from database: %v", err)
} else {
if len(users) != 1 {
response.Status = fiber.StatusForbidden
response.Message = "unknown user"
removeSessionCookie(c)
} else {
user := users[0]
response.Data = UserLogin{
UserName: user.UserName,
LoggedIn: true,
}
}
logger.Debug().Msgf("welcomed user with uid = %v", uid)
}
response.Data = UserChecked{
UserName: user.UserName,
Admin: user.Admin,
}
logger.Debug().Msgf("welcomed user %q", user.UserName)
}
return response.send(c)
}
const messageWrongLogin = "Unkown user or wrong password"
func handleLogin(c *fiber.Ctx) error {
panic("not implemented yet")
logger.Debug().Msgf("HTTP %s request: %q", c.Method(), c.OriginalURL())
// extract username and password from the request
requestBody := struct {
Username string `json:"userName" validate:"required"`
Password string `json:"password" validate:"required"`
}{}
var response responseMessage
if err := c.BodyParser(&requestBody); err != nil {
logger.Debug().Msgf("can't parse login-body: %v", err)
response.Status = fiber.StatusBadRequest
// validate the body
} else if err := validate.Struct(requestBody); err != nil {
logger.Warn().Msgf("can't parse login-body: %v", err)
} else {
// query the database for the user
var result userDB
if err := db.DB.QueryRowx("SELECT password, admin, tokenID FROM USERS WHERE name = ?", requestBody.Username).StructScan(&result); err != nil {
response.Status = fiber.StatusForbidden
response.Message = messageWrongLogin
logger.Info().Msgf("can't get user with name = %q from database", requestBody.Username)
} else {
// hash the password
if bcrypt.CompareHashAndPassword(result.Password, []byte(requestBody.Password)) != nil {
response.Status = fiber.StatusForbidden
logger.Info().Msgf("login denied: wrong password for user with name = %q", requestBody.Username)
} else {
// password is correct -> generate the JWT
if jwt, err := config.SignJWT(JWTPayload{
UserID: requestBody.Username,
TokenID: result.TokenID,
}); err != nil {
response.Status = fiber.StatusInternalServerError
logger.Error().Msgf("can't create JWT: %v", err)
} else {
setSessionCookie(c, &jwt)
response.Data = UserChecked{
UserName: requestBody.Username,
Admin: true,
}
logger.Debug().Msgf("user %q logged in", requestBody.Username)
}
}
}
}
return response.send(c)
}
// handles logout-requests
@@ -70,9 +101,5 @@ func handleLogout(c *fiber.Ctx) error {
removeSessionCookie(c)
return responseMessage{
Data: UserLogin{
LoggedIn: false,
},
}.send(c)
return responseMessage{}.send(c)
}

114
backend/pkg/router/router.go
View File

@@ -4,6 +4,7 @@ import (
"fmt"
"time"
"github.com/go-playground/validator/v10"
"github.com/gofiber/fiber/v2"
"github.com/golang-jwt/jwt/v5"
_config "github.com/johannesbuehl/golunteer/backend/pkg/config"
@@ -11,6 +12,8 @@ import (
_logger "github.com/johannesbuehl/golunteer/backend/pkg/logger"
)
var validate *validator.Validate
var logger = _logger.Logger
var config = _config.Config
@@ -47,7 +50,14 @@ func (result responseMessage) send(c *fiber.Ctx) error {
}
}
type HandlerArgs struct {
C *fiber.Ctx
User UserChecked
}
func init() {
validate = validator.New()
// setup fiber
app = fiber.New(fiber.Config{
AppName: "johannes-pv",
@@ -63,8 +73,8 @@ func init() {
}
// map with the individual registered endpoints
endpoints := map[string]map[string]func(*fiber.Ctx) responseMessage{
"GET": {"events": getEvents},
endpoints := map[string]map[string]func(HandlerArgs) responseMessage{
"GET": {"events/assignments": getEventsAssignments, "events/user/pending": getEventsUserPending},
"POST": {},
"PATCH": {},
"DELETE": {},
@@ -81,7 +91,28 @@ func init() {
handleMethods[method]("/api/"+address, func(c *fiber.Ctx) error {
logger.Debug().Msgf("HTTP %s request: %q", c.Method(), c.OriginalURL())
return handler(c).send(c)
var response responseMessage
if user, err := checkUser(c); err != nil {
response = responseMessage{
Status: fiber.StatusBadRequest,
}
logger.Error().Msgf("can't check user: %v", err)
} else if user == nil {
response = responseMessage{
Status: fiber.StatusNoContent,
}
logger.Log().Msgf("user not authorized")
} else {
response = handler(HandlerArgs{
C: c,
User: *user,
})
}
return response.send(c)
})
}
}
@@ -125,7 +156,7 @@ func removeSessionCookie(c *fiber.Ctx) {
// payload of the JSON webtoken
type JWTPayload struct {
UserID int `json:"userID"`
UserID string `json:"userID"`
TokenID string `json:"tokenID"`
}
@@ -138,7 +169,7 @@ type JWT struct {
// extracts the json webtoken from the request
//
// @returns (userID, tokenID, error)
func extractJWT(c *fiber.Ctx) (int, string, error) {
func extractJWT(c *fiber.Ctx) (string, string, error) {
// get the session-cookie
cookie := c.Cookies("session")
@@ -151,70 +182,57 @@ func extractJWT(c *fiber.Ctx) (int, string, error) {
})
if err != nil {
return -1, "", err
return "", "", err
}
// extract the claims from the JWT
if claims, ok := token.Claims.(*JWT); ok && token.Valid {
return claims.CustomClaims.UserID, claims.CustomClaims.TokenID, nil
} else {
return -1, "", fmt.Errorf("invalid JWT")
return "", "", fmt.Errorf("invalid JWT")
}
}
// user-entry in the database
type UserDB struct {
UserName string `json:"userName"`
Password []byte `json:"password"`
Admin bool `json:"admin"`
TokenID string `json:"tokenID"`
type userDB struct {
UserName string `db:"userName"`
Password []byte `db:"password"`
Admin bool `db:"admin"`
TokenID string `db:"tokenID"`
}
type UserChecked struct {
UserName string `json:"userName" db:"userName"`
Admin bool `json:"admin" db:"admin"`
}
// checks wether the request is from a valid user
func checkUser(c *fiber.Ctx) (bool, error) {
uid, tid, err := extractJWT(c)
func checkUser(c *fiber.Ctx) (*UserChecked, error) {
userName, tokenID, err := extractJWT(c)
if err != nil {
return false, nil
return nil, nil
}
var dbResult struct {
TokenID string `db:"tokenID"`
Admin bool `db:"admin"`
}
// retrieve the user from the database
response, err := db.SelectOld[UserDB]("users", "uid = ? LIMIT 1", uid)
if err := db.DB.QueryRowx("SELECT tokenID, admin FROM USERS WHERE name = ?", userName).StructScan(&dbResult); err != nil {
return nil, err
if err != nil {
return false, err
}
// if exactly one user came back and the tID is valid, the user is authorized
if len(response) == 1 && response[0].TokenID == tid {
// if the tokenID is valid, the user is authorized
} else if dbResult.TokenID != tokenID {
return nil, err
} else {
// reset the expiration of the cookie
setSessionCookie(c, nil)
return true, err
} else {
return false, err
}
}
// checks wether the request is from the admin
func checkAdmin(c *fiber.Ctx) (bool, error) {
uid, tokenID, err := extractJWT(c)
if err != nil {
return false, err
}
// retrieve the user from the database
response, err := db.SelectOld[UserDB]("users", "uid = ? LIMIT 1", uid)
if err != nil {
return false, err
}
// if exactly one user came back and its name is "admin", the user is the admin
if len(response) != 1 {
return false, fmt.Errorf("user doesn't exist")
} else {
return response[0].UserName == "admin" && response[0].TokenID == tokenID, err
return &UserChecked{
UserName: userName,
Admin: dbResult.Admin,
}, err
}
}