diff --git a/backend/api/auth.go b/backend/api/auth.go index 74d55ce..4383054 100644 --- a/backend/api/auth.go +++ b/backend/api/auth.go @@ -53,13 +53,8 @@ func HandleLogin(w http.ResponseWriter, r *http.Request) { return } - var user core.User - count, err := core.DB.NewSelect(). - Model(&user). - Where("email = ? AND password = ?", login.Email, login.Password). - Limit(1). - ScanAndCount(context.Background()) - if count == 0 { + user, err := core.Verify(context.Background(), login.Email, login.Password) + if user == nil { core.JSONError{ Status: core.Error, Message: "User not found.", diff --git a/backend/api/core/schemas.go b/backend/api/core/schemas.go index d7e5d55..7473199 100644 --- a/backend/api/core/schemas.go +++ b/backend/api/core/schemas.go @@ -36,8 +36,8 @@ const ( type Status string const ( - Active Status = "Active" - Inactive Status = "Inactive" + Active Status = "Active" + Inactive Status = "Inactive" ) type User struct { @@ -56,6 +56,43 @@ type User struct { Articles []*Blog `bun:"rel:has-many,join:user_id=blog_id" json:"articles,omitempty"` } +func (u *User) Insert(ctx context.Context) (sql.Result, error) { + u.Password = fmt.Sprintf("crypt('%s', gen_salt('bf'))", u.Password) + return DB.NewInsert(). + Model(u). + Value("password", u.Password). + Exec(ctx) +} + +func Verify(ctx context.Context, email, password string) (*User, error) { + // var user User + // query := ` + // SELECT * + // FROM users + // WHERE email = ? AND password = crypt(?, password) + // ` + // + // err := DB.NewRaw(query, email, password).Scan(ctx, user) + + var user User + count, err := DB.NewSelect(). + Model(&user). + Where("email = ? AND password = crypt(?, password)", email, password). + Limit(1). + ScanAndCount(context.Background()) + if count == 0 { + return nil, fmt.Errorf("invalid email or password") + } + if err != nil { + if err == sql.ErrNoRows { + return nil, fmt.Errorf("invalid email or password") + } + return nil, err + } + + return &user, nil +} + type Event struct { bun.BaseModel `bun:"table:events"` @@ -69,7 +106,7 @@ type Event struct { type EventToUser struct { bun.BaseModel `bun:"table:events_to_users"` - EventID uuid.UUID `bun:"type:uuid,pk"` + EventID uuid.UUID `bun:"type:uuid,pk"` UserID uuid.UUID `bun:"type:uuid,pk"` Event *Event `bun:"rel:belongs-to,join:event_id=event_id"` @@ -103,12 +140,18 @@ func InitDatabase(dsn DSN) (*bun.DB, error) { sqldb := sql.OpenDB(pgdriver.NewConnector(pgdriver.WithDSN(dsn.ToString()))) db := bun.NewDB(sqldb, pgdialect.New()) + ctx := context.Background() + + _, err := db.ExecContext(ctx, "CREATE EXTENSION IF NOT EXISTS pgcrypto;") + if err != nil { + return nil, err + } db.RegisterModel((*EventToUser)(nil)) - _, err := db.NewCreateTable().Model((*User)(nil)).IfNotExists().Exec(context.Background()) - _, err = db.NewCreateTable().Model((*Event)(nil)).IfNotExists().Exec(context.Background()) - _, err = db.NewCreateTable().Model((*EventToUser)(nil)).IfNotExists().Exec(context.Background()) - _, err = db.NewCreateTable().Model((*Blog)(nil)).IfNotExists().Exec(context.Background()) - _, err = db.NewCreateTable().Model((*WebsiteSettings)(nil)).IfNotExists().Exec(context.Background()) + _, err = db.NewCreateTable().Model((*User)(nil)).IfNotExists().Exec(ctx) + _, err = db.NewCreateTable().Model((*Event)(nil)).IfNotExists().Exec(ctx) + _, err = db.NewCreateTable().Model((*EventToUser)(nil)).IfNotExists().Exec(ctx) + _, err = db.NewCreateTable().Model((*Blog)(nil)).IfNotExists().Exec(ctx) + _, err = db.NewCreateTable().Model((*WebsiteSettings)(nil)).IfNotExists().Exec(ctx) if err != nil { return nil, err } diff --git a/backend/api/new_blog.go b/backend/api/new_blog.go index 9b1150f..29419f2 100644 --- a/backend/api/new_blog.go +++ b/backend/api/new_blog.go @@ -17,7 +17,7 @@ func HandleCreateBlog(w http.ResponseWriter, r *http.Request) { }.Respond(w, http.StatusMethodNotAllowed) return } - + body, err := io.ReadAll(r.Body) if err != nil { core.JSONError{ @@ -26,16 +26,16 @@ func HandleCreateBlog(w http.ResponseWriter, r *http.Request) { }.Respond(w, http.StatusNoContent) return } - var blog core.Blog + var blog core.Blog if err = json.Unmarshal(body, &blog); err != nil { core.JSONError{ Status: core.Error, Message: err.Error(), }.Respond(w, http.StatusNoContent) return - } + } - _, err = core.DB.NewInsert().Model(blog).Exec(context.Background()) + _, err = core.DB.NewInsert().Model(blog).Exec(context.Background()) if err != nil { core.JSONError{ Status: core.Error, @@ -46,6 +46,6 @@ func HandleCreateBlog(w http.ResponseWriter, r *http.Request) { core.JSONSuccess{ Status: core.Success, Message: "Blog inserted", - Data: blog, + Data: blog, }.Respond(w, http.StatusCreated) } diff --git a/backend/api/new_user.go b/backend/api/new_user.go index 0dbd6d2..b897d9e 100644 --- a/backend/api/new_user.go +++ b/backend/api/new_user.go @@ -32,14 +32,15 @@ func HandleCreateUser(w http.ResponseWriter, r *http.Request) { log.Println(user) - res, err := core.DB.NewInsert().Model(&user).Exec(context.Background()) - if res == nil { - core.JSONError{ - Status: core.Error, - Message: "The user couldn't be inserted.", - }.Respond(w, http.StatusNotAcceptable) - return - } + res, err := user.Insert(context.Background()) + log.Println(res) + // if res == nil { + // core.JSONError{ + // Status: core.Error, + // Message: "The user couldn't be inserted.", + // }.Respond(w, http.StatusNotAcceptable) + // return + // } if err != nil { core.JSONError{ diff --git a/backend/go.mod b/backend/go.mod index 4dcb277..0290aaa 100644 --- a/backend/go.mod +++ b/backend/go.mod @@ -13,9 +13,13 @@ require ( ) require ( + github.com/fatih/color v1.18.0 // indirect github.com/jinzhu/inflection v1.0.0 // indirect + github.com/mattn/go-colorable v0.1.13 // indirect + github.com/mattn/go-isatty v0.0.20 // indirect github.com/puzpuzpuz/xsync/v3 v3.4.0 // indirect github.com/tmthrgd/go-hex v0.0.0-20190904060850-447a3041c3bc // indirect + github.com/uptrace/bun/extra/bundebug v1.2.8 // indirect github.com/vmihailenco/msgpack/v5 v5.4.1 // indirect github.com/vmihailenco/tagparser/v2 v2.0.0 // indirect golang.org/x/crypto v0.31.0 // indirect diff --git a/backend/go.sum b/backend/go.sum index dc8aaad..b23099f 100644 --- a/backend/go.sum +++ b/backend/go.sum @@ -1,5 +1,7 @@ github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= +github.com/fatih/color v1.18.0 h1:S8gINlzdQ840/4pfAwic/ZE0djQEH3wM94VfqLTZcOM= +github.com/fatih/color v1.18.0/go.mod h1:4FelSpRwEGDpQ12mAdzqdOukCy4u8WUtOY6lkT/6HfU= github.com/golang-jwt/jwt v3.2.2+incompatible h1:IfV12K8xAKAnZqdXVzCZ+TOjboZ2keLg81eXfW3O+oY= github.com/golang-jwt/jwt v3.2.2+incompatible/go.mod h1:8pz2t5EyA70fFQQSrl6XZXzqecmYZeUEB8OUGHkxJ+I= github.com/golang-jwt/jwt/v5 v5.2.1 h1:OuVbFODueb089Lh128TAcimifWaLhJwVflnrgM17wHk= @@ -12,6 +14,11 @@ github.com/joho/godotenv v1.5.1 h1:7eLL/+HRGLY0ldzfGMeQkb7vMd0as4CfYvUVzLqw0N0= github.com/joho/godotenv v1.5.1/go.mod h1:f4LDr5Voq0i2e/R5DDNOoa2zzDfwtkZa6DnEwAbqwq4= github.com/lib/pq v1.10.9 h1:YXG7RB+JIjhP29X+OtkiDnYaXQwpS4JEWq7dtCCRUEw= github.com/lib/pq v1.10.9/go.mod h1:AlVN5x4E4T544tWzH6hKfbfQvm3HdbOxrmggDNAPY9o= +github.com/mattn/go-colorable v0.1.13 h1:fFA4WZxdEF4tXPZVKMLwD8oUnCTTo08duU7wxecdEvA= +github.com/mattn/go-colorable v0.1.13/go.mod h1:7S9/ev0klgBDR4GtXTXX8a3vIGJpMovkB8vQcUbaXHg= +github.com/mattn/go-isatty v0.0.16/go.mod h1:kYGgaQfpe5nmfYZH+SKPsOc2e4SrIfOl2e/yFXSvRLM= +github.com/mattn/go-isatty v0.0.20 h1:xfD0iDuEKnDkl03q4limB+vH+GxLEtL/jb4xVJSWWEY= +github.com/mattn/go-isatty v0.0.20/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y= github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= github.com/puzpuzpuz/xsync/v3 v3.4.0 h1:DuVBAdXuGFHv8adVXjWWZ63pJq+NRXOWVXlKDBZ+mJ4= @@ -26,12 +33,16 @@ github.com/uptrace/bun/dialect/pgdialect v1.2.8 h1:9n3qVh6yc+u7F3lpXzsWrAFJG1yLH github.com/uptrace/bun/dialect/pgdialect v1.2.8/go.mod h1:plksD43MjAlPGYLD9/SzsLUpGH5poXE9IB1+ka/sEzE= github.com/uptrace/bun/driver/pgdriver v1.2.8 h1:5XrNn/9enSrWhhrUpz+6PY9S1vcg/jhCQPJu+ZmsKX4= github.com/uptrace/bun/driver/pgdriver v1.2.8/go.mod h1:cwRRwqabgePwYBiLlXtbeNmPD7LGJnqP21J2ZKP4ah8= +github.com/uptrace/bun/extra/bundebug v1.2.8 h1:Epv0ycLOnoKWPky+rufP2F/PrcSlKkd4tmVIFOdq90A= +github.com/uptrace/bun/extra/bundebug v1.2.8/go.mod h1:ucnmuPw/5ePbNFj2SPmV0lQh3ZvL+3HCrpvRxIYZyWQ= github.com/vmihailenco/msgpack/v5 v5.4.1 h1:cQriyiUvjTwOHg8QZaPihLWeRAAVoCpE00IUPn0Bjt8= github.com/vmihailenco/msgpack/v5 v5.4.1/go.mod h1:GaZTsDaehaPpQVyxrf5mtQlH+pc21PIudVV/E3rRQok= github.com/vmihailenco/tagparser/v2 v2.0.0 h1:y09buUbR+b5aycVFQs/g70pqKVZNBmxwAhO7/IwNM9g= github.com/vmihailenco/tagparser/v2 v2.0.0/go.mod h1:Wri+At7QHww0WTrCBeu4J6bNtoV6mEfg5OIWRZA9qds= golang.org/x/crypto v0.31.0 h1:ihbySMvVjLAeSH1IbfcRTkD/iNscyz8rGzjF/E5hV6U= golang.org/x/crypto v0.31.0/go.mod h1:kDsLvtWBEx7MV9tJOj9bnXsPbxwJQ6csT/x4KIN4Ssk= +golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.29.0 h1:TPYlXGxvx1MGTn2GiZDhnjPA9wZzZeGKHHmKhHYvgaU= golang.org/x/sys v0.29.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= diff --git a/backend/main.go b/backend/main.go index 6a1878f..e799caf 100644 --- a/backend/main.go +++ b/backend/main.go @@ -3,6 +3,7 @@ package main import ( "fmt" "github.com/joho/godotenv" + "github.com/uptrace/bun/extra/bundebug" "log" "net/http" "os" @@ -23,6 +24,7 @@ func main() { log.Fatalf("Error loading .env file: %v", err) } environ := os.Getenv("ENVIRONMENT") + port := os.Getenv("BACKEND_DOCKER_PORT") if environ == "DEV" { port = os.Getenv("BACKEND_PORT") @@ -41,6 +43,10 @@ func main() { log.Fatal(err) } + core.DB.AddQueryHook(bundebug.NewQueryHook(bundebug.WithVerbose(true))) + + defer core.DB.Close() + mux := http.NewServeMux() core.HandleRoutes(mux, map[string]core.Handler{