From c4f7b2e28260abd063ccc1881ac211b2fc680b3c Mon Sep 17 00:00:00 2001 From: raul Date: Fri, 13 Dec 2024 09:30:55 +0100 Subject: [PATCH] Allow logging in by comparing hashed passwords --- cmd/serverFunc.go | 1 + cmd/structs.go | 9 +++++++++ cmd/userapi.go | 50 ++++++++++++++++++++++++++++++++++++++--------- 3 files changed, 51 insertions(+), 9 deletions(-) diff --git a/cmd/serverFunc.go b/cmd/serverFunc.go index 1d24ce6..739452c 100644 --- a/cmd/serverFunc.go +++ b/cmd/serverFunc.go @@ -45,6 +45,7 @@ func server() { r.POST("/api/user", createUser) r.DELETE("/api/user/:userid", deleteUser) r.PUT("/api/user/:userid", modifyUser) + r.POST("/login", userLogin) // TODO: Finish the following: // CRUD for quizzes diff --git a/cmd/structs.go b/cmd/structs.go index 19619d6..8c91e04 100644 --- a/cmd/structs.go +++ b/cmd/structs.go @@ -10,6 +10,15 @@ type user struct { AccountType string `json:"type"` } +type userNoPass struct { + Id int `json:"id"` + Name string `json:"nombre"` + Surname1 string `json:"apellido1"` + Surname2 string `json:"apellido2"` + Email string `json:"email"` + AccountType string `json:"type"` +} + type response struct { Contents any `json:"contents"` Success bool `json:"success"` diff --git a/cmd/userapi.go b/cmd/userapi.go index 258d3e1..1d5065a 100644 --- a/cmd/userapi.go +++ b/cmd/userapi.go @@ -11,7 +11,7 @@ import ( ) // ////////////////////////////////////////////////////////////////////////// -// Placeholder +// Check whether user exists or not in the database // ////////////////////////////////////////////////////////////////////////// func checkUserExists(id string) bool { dynStmt := `SELECT id_usuario FROM usuarios WHERE id_usuario = $1` @@ -24,7 +24,7 @@ func checkUserExists(id string) bool { } // ////////////////////////////////////////////////////////////////////////// -// Placeholder +// Modify a user by its ID // ////////////////////////////////////////////////////////////////////////// func modifyUser(c *gin.Context) { id := c.Param("userid") @@ -62,7 +62,7 @@ func modifyUser(c *gin.Context) { } // ////////////////////////////////////////////////////////////////////////// -// Placeholder +// Delete a user by its ID // ////////////////////////////////////////////////////////////////////////// func deleteUser(c *gin.Context) { id := c.Param("userid") @@ -91,7 +91,7 @@ func deleteUser(c *gin.Context) { } // ////////////////////////////////////////////////////////////////////////// -// Placeholder +// Create a new user // ////////////////////////////////////////////////////////////////////////// func createUser(c *gin.Context) { newuser := user{} @@ -124,7 +124,7 @@ func createUser(c *gin.Context) { } // ////////////////////////////////////////////////////////////////////////// -// Placeholder +// Query an individual user by its ID // ////////////////////////////////////////////////////////////////////////// func getUser(c *gin.Context) { id := c.Param("userid") @@ -136,7 +136,7 @@ func getUser(c *gin.Context) { return } - user := user{} + user := userNoPass{} dynStmt := `SELECT id_usuario,nombre,apellido1,apellido2,email,rol FROM usuarios WHERE id_usuario = $1` err = db.QueryRow(dynStmt, id).Scan(&user.Id, &user.Name, &user.Surname1, &user.Surname2, &user.Email, &user.AccountType) if err != nil { @@ -153,10 +153,10 @@ func getUser(c *gin.Context) { } // ////////////////////////////////////////////////////////////////////////// -// Placeholder +// Query all users in the database // ////////////////////////////////////////////////////////////////////////// func getUsers(c *gin.Context) { - users := []user{} + users := []userNoPass{} rows, err := db.Query("SELECT id_usuario,nombre,apellido1,apellido2,email,rol FROM usuarios") if err != nil { e := fmt.Sprintf("SOMETHING BAD HAPPENED QUERYING THE DATABASE: %v", err) @@ -166,7 +166,7 @@ func getUsers(c *gin.Context) { } defer rows.Close() for rows.Next() { - user := user{} + user := userNoPass{} err = rows.Scan(&user.Id, &user.Name, &user.Surname1, &user.Surname2, &user.Email, &user.AccountType) if err != nil { e := fmt.Sprintf("SOMETHING BAD HAPPENED SCANNING THE ROWS: %v", err) @@ -178,3 +178,35 @@ func getUsers(c *gin.Context) { } c.IndentedJSON(http.StatusOK, setResponse(users, true)) } + +// ////////////////////////////////////////////////////////////////////////// +// Log into the server by comparing hashed passwords +// ////////////////////////////////////////////////////////////////////////// +func userLogin(c *gin.Context) { + u := user{} + uDB := user{} + if err := c.BindJSON(&u); err != nil { + e := fmt.Sprintf("Something went wrong logging into the user: %v", err) + log.Println(e) + c.IndentedJSON(http.StatusInternalServerError, setResponse(e, false)) + return + } + dynStmt := `SELECT password FROM usuarios WHERE email = $1` + err := db.QueryRow(dynStmt, u.Email).Scan(&uDB.Password) + if err != nil { + if err == sql.ErrNoRows { + c.IndentedJSON(http.StatusNotFound, setResponse("User not found", false)) + return + } + e := fmt.Sprintf("Something went REALLY wrong logging into the user: %v", err) + log.Println(e) + c.IndentedJSON(http.StatusInternalServerError, setResponse(e, false)) + return + } + + if hashPW(u.Password) != uDB.Password { + c.IndentedJSON(http.StatusUnauthorized, setResponse("INCORRECT PASSWORD", false)) + } else { + c.IndentedJSON(http.StatusOK, setResponse("CORRECT PASSWORD :D", true)) + } +}