Hashing password

Using postgres' pgcrypt
2025-01-17 10:39:59 +01:00
parent 89f44f4469
commit fdc3122b68
7 changed files with 88 additions and 28 deletions
--- a/backend/api/auth.go
+++ b/backend/api/auth.go
@@ -53,13 +53,8 @@ func HandleLogin(w http.ResponseWriter, r *http.Request) {
 		return
 	}

-	var user core.User
-	count, err := core.DB.NewSelect().
-		Model(&user).
-		Where("email = ? AND password = ?", login.Email, login.Password).
-		Limit(1).
-		ScanAndCount(context.Background())
-	if count == 0 {
+	user, err := core.Verify(context.Background(), login.Email, login.Password)
+	if user == nil {
 		core.JSONError{
 			Status:  core.Error,
 			Message: "User not found.",
--- a/backend/api/core/schemas.go
+++ b/backend/api/core/schemas.go
@@ -36,8 +36,8 @@ const (
 type Status string

 const (
-	Active Status = "Active"
-	Inactive  Status = "Inactive"
+	Active   Status = "Active"
+	Inactive Status = "Inactive"
 )

 type User struct {
@@ -56,6 +56,43 @@ type User struct {
 	Articles  []*Blog   `bun:"rel:has-many,join:user_id=blog_id" json:"articles,omitempty"`
 }

+func (u *User) Insert(ctx context.Context) (sql.Result, error) {
+	u.Password = fmt.Sprintf("crypt('%s', gen_salt('bf'))", u.Password)
+	return DB.NewInsert().
+		Model(u).
+		Value("password", u.Password).
+		Exec(ctx)
+}
+
+func Verify(ctx context.Context, email, password string) (*User, error) {
+	// var user User
+	// query := `
+	// 	SELECT *
+	// 	FROM users
+	// 	WHERE email = ? AND password = crypt(?, password)
+	// `
+	//
+	// err := DB.NewRaw(query, email, password).Scan(ctx, user)
+
+	var user User
+	count, err := DB.NewSelect().
+		Model(&user).
+		Where("email = ? AND password = crypt(?, password)", email, password).
+		Limit(1).
+		ScanAndCount(context.Background())
+	if count == 0 {
+		return nil, fmt.Errorf("invalid email or password")
+	}
+	if err != nil {
+		if err == sql.ErrNoRows {
+			return nil, fmt.Errorf("invalid email or password")
+		}
+		return nil, err
+	}
+
+	return &user, nil
+}
+
 type Event struct {
 	bun.BaseModel `bun:"table:events"`

@@ -69,7 +106,7 @@ type Event struct {
 type EventToUser struct {
 	bun.BaseModel `bun:"table:events_to_users"`

-	EventID uuid.UUID `bun:"type:uuid,pk"` 
+	EventID uuid.UUID `bun:"type:uuid,pk"`
 	UserID  uuid.UUID `bun:"type:uuid,pk"`

 	Event *Event `bun:"rel:belongs-to,join:event_id=event_id"`
@@ -103,12 +140,18 @@ func InitDatabase(dsn DSN) (*bun.DB, error) {
 	sqldb := sql.OpenDB(pgdriver.NewConnector(pgdriver.WithDSN(dsn.ToString())))
 	db := bun.NewDB(sqldb, pgdialect.New())

+	ctx := context.Background()
+
+	_, err := db.ExecContext(ctx, "CREATE EXTENSION IF NOT EXISTS pgcrypto;")
+	if err != nil {
+		return nil, err
+	}
 	db.RegisterModel((*EventToUser)(nil))
-	_, err := db.NewCreateTable().Model((*User)(nil)).IfNotExists().Exec(context.Background())
-	_, err = db.NewCreateTable().Model((*Event)(nil)).IfNotExists().Exec(context.Background())
-	_, err = db.NewCreateTable().Model((*EventToUser)(nil)).IfNotExists().Exec(context.Background())
-	_, err = db.NewCreateTable().Model((*Blog)(nil)).IfNotExists().Exec(context.Background())
-	_, err = db.NewCreateTable().Model((*WebsiteSettings)(nil)).IfNotExists().Exec(context.Background())
+	_, err = db.NewCreateTable().Model((*User)(nil)).IfNotExists().Exec(ctx)
+	_, err = db.NewCreateTable().Model((*Event)(nil)).IfNotExists().Exec(ctx)
+	_, err = db.NewCreateTable().Model((*EventToUser)(nil)).IfNotExists().Exec(ctx)
+	_, err = db.NewCreateTable().Model((*Blog)(nil)).IfNotExists().Exec(ctx)
+	_, err = db.NewCreateTable().Model((*WebsiteSettings)(nil)).IfNotExists().Exec(ctx)
 	if err != nil {
 		return nil, err
 	}
--- a/backend/api/new_blog.go
+++ b/backend/api/new_blog.go
@@ -17,7 +17,7 @@ func HandleCreateBlog(w http.ResponseWriter, r *http.Request) {
 		}.Respond(w, http.StatusMethodNotAllowed)
 		return
 	}
-	
+
 	body, err := io.ReadAll(r.Body)
 	if err != nil {
 		core.JSONError{
@@ -26,16 +26,16 @@ func HandleCreateBlog(w http.ResponseWriter, r *http.Request) {
 		}.Respond(w, http.StatusNoContent)
 		return
 	}
-	var blog core.Blog	
+	var blog core.Blog
 	if err = json.Unmarshal(body, &blog); err != nil {
 		core.JSONError{
 			Status:  core.Error,
 			Message: err.Error(),
 		}.Respond(w, http.StatusNoContent)
 		return
-	}	
+	}

-	_, err = core.DB.NewInsert().Model(blog).Exec(context.Background())	
+	_, err = core.DB.NewInsert().Model(blog).Exec(context.Background())
 	if err != nil {
 		core.JSONError{
 			Status:  core.Error,
@@ -46,6 +46,6 @@ func HandleCreateBlog(w http.ResponseWriter, r *http.Request) {
 	core.JSONSuccess{
 		Status:  core.Success,
 		Message: "Blog inserted",
-		Data: blog,
+		Data:    blog,
 	}.Respond(w, http.StatusCreated)
 }
--- a/backend/api/new_user.go
+++ b/backend/api/new_user.go
@@ -32,14 +32,15 @@ func HandleCreateUser(w http.ResponseWriter, r *http.Request) {

 	log.Println(user)

-	res, err := core.DB.NewInsert().Model(&user).Exec(context.Background())
-	if res == nil {
-		core.JSONError{
-			Status:  core.Error,
-			Message: "The user couldn't be inserted.",
-		}.Respond(w, http.StatusNotAcceptable)
-		return
-	}
+	res, err := user.Insert(context.Background())
+	log.Println(res)
+	// if res == nil {
+	// 	core.JSONError{
+	// 		Status:  core.Error,
+	// 		Message: "The user couldn't be inserted.",
+	// 	}.Respond(w, http.StatusNotAcceptable)
+	// 	return
+	// }

 	if err != nil {
 		core.JSONError{
--- a/backend/go.mod
+++ b/backend/go.mod
@@ -13,9 +13,13 @@ require (
 )

 require (
+	github.com/fatih/color v1.18.0 // indirect
 	github.com/jinzhu/inflection v1.0.0 // indirect
+	github.com/mattn/go-colorable v0.1.13 // indirect
+	github.com/mattn/go-isatty v0.0.20 // indirect
 	github.com/puzpuzpuz/xsync/v3 v3.4.0 // indirect
 	github.com/tmthrgd/go-hex v0.0.0-20190904060850-447a3041c3bc // indirect
+	github.com/uptrace/bun/extra/bundebug v1.2.8 // indirect
 	github.com/vmihailenco/msgpack/v5 v5.4.1 // indirect
 	github.com/vmihailenco/tagparser/v2 v2.0.0 // indirect
 	golang.org/x/crypto v0.31.0 // indirect
--- a/backend/go.sum
+++ b/backend/go.sum
@@ -1,5 +1,7 @@
 github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/fatih/color v1.18.0 h1:S8gINlzdQ840/4pfAwic/ZE0djQEH3wM94VfqLTZcOM=
+github.com/fatih/color v1.18.0/go.mod h1:4FelSpRwEGDpQ12mAdzqdOukCy4u8WUtOY6lkT/6HfU=
 github.com/golang-jwt/jwt v3.2.2+incompatible h1:IfV12K8xAKAnZqdXVzCZ+TOjboZ2keLg81eXfW3O+oY=
 github.com/golang-jwt/jwt v3.2.2+incompatible/go.mod h1:8pz2t5EyA70fFQQSrl6XZXzqecmYZeUEB8OUGHkxJ+I=
 github.com/golang-jwt/jwt/v5 v5.2.1 h1:OuVbFODueb089Lh128TAcimifWaLhJwVflnrgM17wHk=
@@ -12,6 +14,11 @@ github.com/joho/godotenv v1.5.1 h1:7eLL/+HRGLY0ldzfGMeQkb7vMd0as4CfYvUVzLqw0N0=
 github.com/joho/godotenv v1.5.1/go.mod h1:f4LDr5Voq0i2e/R5DDNOoa2zzDfwtkZa6DnEwAbqwq4=
 github.com/lib/pq v1.10.9 h1:YXG7RB+JIjhP29X+OtkiDnYaXQwpS4JEWq7dtCCRUEw=
 github.com/lib/pq v1.10.9/go.mod h1:AlVN5x4E4T544tWzH6hKfbfQvm3HdbOxrmggDNAPY9o=
+github.com/mattn/go-colorable v0.1.13 h1:fFA4WZxdEF4tXPZVKMLwD8oUnCTTo08duU7wxecdEvA=
+github.com/mattn/go-colorable v0.1.13/go.mod h1:7S9/ev0klgBDR4GtXTXX8a3vIGJpMovkB8vQcUbaXHg=
+github.com/mattn/go-isatty v0.0.16/go.mod h1:kYGgaQfpe5nmfYZH+SKPsOc2e4SrIfOl2e/yFXSvRLM=
+github.com/mattn/go-isatty v0.0.20 h1:xfD0iDuEKnDkl03q4limB+vH+GxLEtL/jb4xVJSWWEY=
+github.com/mattn/go-isatty v0.0.20/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y=
 github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
 github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
 github.com/puzpuzpuz/xsync/v3 v3.4.0 h1:DuVBAdXuGFHv8adVXjWWZ63pJq+NRXOWVXlKDBZ+mJ4=
@@ -26,12 +33,16 @@ github.com/uptrace/bun/dialect/pgdialect v1.2.8 h1:9n3qVh6yc+u7F3lpXzsWrAFJG1yLH
 github.com/uptrace/bun/dialect/pgdialect v1.2.8/go.mod h1:plksD43MjAlPGYLD9/SzsLUpGH5poXE9IB1+ka/sEzE=
 github.com/uptrace/bun/driver/pgdriver v1.2.8 h1:5XrNn/9enSrWhhrUpz+6PY9S1vcg/jhCQPJu+ZmsKX4=
 github.com/uptrace/bun/driver/pgdriver v1.2.8/go.mod h1:cwRRwqabgePwYBiLlXtbeNmPD7LGJnqP21J2ZKP4ah8=
+github.com/uptrace/bun/extra/bundebug v1.2.8 h1:Epv0ycLOnoKWPky+rufP2F/PrcSlKkd4tmVIFOdq90A=
+github.com/uptrace/bun/extra/bundebug v1.2.8/go.mod h1:ucnmuPw/5ePbNFj2SPmV0lQh3ZvL+3HCrpvRxIYZyWQ=
 github.com/vmihailenco/msgpack/v5 v5.4.1 h1:cQriyiUvjTwOHg8QZaPihLWeRAAVoCpE00IUPn0Bjt8=
 github.com/vmihailenco/msgpack/v5 v5.4.1/go.mod h1:GaZTsDaehaPpQVyxrf5mtQlH+pc21PIudVV/E3rRQok=
 github.com/vmihailenco/tagparser/v2 v2.0.0 h1:y09buUbR+b5aycVFQs/g70pqKVZNBmxwAhO7/IwNM9g=
 github.com/vmihailenco/tagparser/v2 v2.0.0/go.mod h1:Wri+At7QHww0WTrCBeu4J6bNtoV6mEfg5OIWRZA9qds=
 golang.org/x/crypto v0.31.0 h1:ihbySMvVjLAeSH1IbfcRTkD/iNscyz8rGzjF/E5hV6U=
 golang.org/x/crypto v0.31.0/go.mod h1:kDsLvtWBEx7MV9tJOj9bnXsPbxwJQ6csT/x4KIN4Ssk=
+golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.29.0 h1:TPYlXGxvx1MGTn2GiZDhnjPA9wZzZeGKHHmKhHYvgaU=
 golang.org/x/sys v0.29.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
 gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
--- a/backend/main.go
+++ b/backend/main.go
@@ -3,6 +3,7 @@ package main
 import (
 	"fmt"
 	"github.com/joho/godotenv"
+	"github.com/uptrace/bun/extra/bundebug"
 	"log"
 	"net/http"
 	"os"
@@ -23,6 +24,7 @@ func main() {
 		log.Fatalf("Error loading .env file: %v", err)
 	}
 	environ := os.Getenv("ENVIRONMENT")
+
 	port := os.Getenv("BACKEND_DOCKER_PORT")
 	if environ == "DEV" {
 		port = os.Getenv("BACKEND_PORT")
@@ -41,6 +43,10 @@ func main() {
 		log.Fatal(err)
 	}

+	core.DB.AddQueryHook(bundebug.NewQueryHook(bundebug.WithVerbose(true)))
+
+	defer core.DB.Close()
+
 	mux := http.NewServeMux()

 	core.HandleRoutes(mux, map[string]core.Handler{