z1glr/golunteer
1
0
Fork 0
Code Issues Actions Packages Projects Releases Wiki Activity

started "real work"

Browse Source
This commit is contained in:
z1glr
2025-01-10 14:06:53 +00:00
parent e2aa65b416
commit 45f600268f
30 changed files with 9811 additions and 8584 deletions
Download Patch File Download Diff File Expand all files Collapse all files

113
backend/pkg/router/login.go
View File

@@ -1,67 +1,98 @@
package router
import (
"strconv"
"github.com/gofiber/fiber/v2"
"github.com/johannesbuehl/golunteer/backend/pkg/db"
"golang.org/x/crypto/bcrypt"
)
type UserLogin struct {
UserName string `json:"userName"`
LoggedIn bool `json:"loggedIn"`
}
// handle welcome-messages from clients
func handleWelcome(c *fiber.Ctx) error {
logger.Debug().Msgf("HTTP %s request: %q", c.Method(), c.OriginalURL())
response := responseMessage{}
response.Data = UserLogin{
LoggedIn: false,
response.Data = UserChecked{
Admin: false,
}
if ok, err := checkUser(c); err != nil {
if user, err := checkUser(c); err != nil {
response.Status = fiber.StatusInternalServerError
logger.Warn().Msgf("can't check user: %v", err)
} else if !ok {
} else if user == nil {
response.Status = fiber.StatusNoContent
logger.Debug().Msgf("user not authorized")
} else {
if uid, _, err := extractJWT(c); err != nil {
response.Status = fiber.StatusBadRequest
logger.Error().Msgf("can't extract JWT: %v", err)
} else {
if users, err := db.SelectOld[UserDB]("users", "uid = ? LIMIT 1", strconv.Itoa(uid)); err != nil {
response.Status = fiber.StatusInternalServerError
logger.Error().Msgf("can't get users from database: %v", err)
} else {
if len(users) != 1 {
response.Status = fiber.StatusForbidden
response.Message = "unknown user"
removeSessionCookie(c)
} else {
user := users[0]
response.Data = UserLogin{
UserName: user.UserName,
LoggedIn: true,
}
}
logger.Debug().Msgf("welcomed user with uid = %v", uid)
}
response.Data = UserChecked{
UserName: user.UserName,
Admin: user.Admin,
}
logger.Debug().Msgf("welcomed user %q", user.UserName)
}
return response.send(c)
}
const messageWrongLogin = "Unkown user or wrong password"
func handleLogin(c *fiber.Ctx) error {
panic("not implemented yet")
logger.Debug().Msgf("HTTP %s request: %q", c.Method(), c.OriginalURL())
// extract username and password from the request
requestBody := struct {
Username string `json:"userName" validate:"required"`
Password string `json:"password" validate:"required"`
}{}
var response responseMessage
if err := c.BodyParser(&requestBody); err != nil {
logger.Debug().Msgf("can't parse login-body: %v", err)
response.Status = fiber.StatusBadRequest
// validate the body
} else if err := validate.Struct(requestBody); err != nil {
logger.Warn().Msgf("can't parse login-body: %v", err)
} else {
// query the database for the user
var result userDB
if err := db.DB.QueryRowx("SELECT password, admin, tokenID FROM USERS WHERE name = ?", requestBody.Username).StructScan(&result); err != nil {
response.Status = fiber.StatusForbidden
response.Message = messageWrongLogin
logger.Info().Msgf("can't get user with name = %q from database", requestBody.Username)
} else {
// hash the password
if bcrypt.CompareHashAndPassword(result.Password, []byte(requestBody.Password)) != nil {
response.Status = fiber.StatusForbidden
logger.Info().Msgf("login denied: wrong password for user with name = %q", requestBody.Username)
} else {
// password is correct -> generate the JWT
if jwt, err := config.SignJWT(JWTPayload{
UserID: requestBody.Username,
TokenID: result.TokenID,
}); err != nil {
response.Status = fiber.StatusInternalServerError
logger.Error().Msgf("can't create JWT: %v", err)
} else {
setSessionCookie(c, &jwt)
response.Data = UserChecked{
UserName: requestBody.Username,
Admin: true,
}
logger.Debug().Msgf("user %q logged in", requestBody.Username)
}
}
}
}
return response.send(c)
}
// handles logout-requests
@@ -70,9 +101,5 @@ func handleLogout(c *fiber.Ctx) error {
removeSessionCookie(c)
return responseMessage{
Data: UserLogin{
LoggedIn: false,
},
}.send(c)
return responseMessage{}.send(c)
}