Allow logging in by comparing hashed passwords

cmd/serverFunc.go

@@ -45,6 +45,7 @@ func server() {
 	r.POST("/api/user", createUser)
 	r.DELETE("/api/user/:userid", deleteUser)
 	r.PUT("/api/user/:userid", modifyUser)
+	r.POST("/login", userLogin)
 
 	// TODO: Finish the following:
 	// CRUD for quizzes

cmd/structs.go

@@ -10,6 +10,15 @@ type user struct {
 	AccountType string `json:"type"`
 }
 
+type userNoPass struct {
+	Id          int    `json:"id"`
+	Name        string `json:"nombre"`
+	Surname1    string `json:"apellido1"`
+	Surname2    string `json:"apellido2"`
+	Email       string `json:"email"`
+	AccountType string `json:"type"`
+}
+
 type response struct {
 	Contents any  `json:"contents"`
 	Success  bool `json:"success"`

cmd/userapi.go

@@ -11,7 +11,7 @@ import (
 )
 
 // //////////////////////////////////////////////////////////////////////////
-// Placeholder
+// Check whether user exists or not in the database
 // //////////////////////////////////////////////////////////////////////////
 func checkUserExists(id string) bool {
 	dynStmt := `SELECT id_usuario FROM usuarios WHERE id_usuario = $1`
@@ -24,7 +24,7 @@ func checkUserExists(id string) bool {
 }
 
 // //////////////////////////////////////////////////////////////////////////
-// Placeholder
+// Modify a user by its ID
 // //////////////////////////////////////////////////////////////////////////
 func modifyUser(c *gin.Context) {
 	id := c.Param("userid")
@@ -62,7 +62,7 @@ func modifyUser(c *gin.Context) {
 }
 
 // //////////////////////////////////////////////////////////////////////////
-// Placeholder
+// Delete a user by its ID
 // //////////////////////////////////////////////////////////////////////////
 func deleteUser(c *gin.Context) {
 	id := c.Param("userid")
@@ -91,7 +91,7 @@ func deleteUser(c *gin.Context) {
 }
 
 // //////////////////////////////////////////////////////////////////////////
-// Placeholder
+// Create a new user
 // //////////////////////////////////////////////////////////////////////////
 func createUser(c *gin.Context) {
 	newuser := user{}
@@ -124,7 +124,7 @@ func createUser(c *gin.Context) {
 }
 
 // //////////////////////////////////////////////////////////////////////////
-// Placeholder
+// Query an individual user by its ID
 // //////////////////////////////////////////////////////////////////////////
 func getUser(c *gin.Context) {
 	id := c.Param("userid")
@@ -136,7 +136,7 @@ func getUser(c *gin.Context) {
 		return
 	}
 
-	user := user{}
+	user := userNoPass{}
 	dynStmt := `SELECT id_usuario,nombre,apellido1,apellido2,email,rol FROM usuarios WHERE id_usuario = $1`
 	err = db.QueryRow(dynStmt, id).Scan(&user.Id, &user.Name, &user.Surname1, &user.Surname2, &user.Email, &user.AccountType)
 	if err != nil {
@@ -153,10 +153,10 @@ func getUser(c *gin.Context) {
 }
 
 // //////////////////////////////////////////////////////////////////////////
-// Placeholder
+// Query all users in the database
 // //////////////////////////////////////////////////////////////////////////
 func getUsers(c *gin.Context) {
-	users := []user{}
+	users := []userNoPass{}
 	rows, err := db.Query("SELECT id_usuario,nombre,apellido1,apellido2,email,rol FROM usuarios")
 	if err != nil {
 		e := fmt.Sprintf("SOMETHING BAD HAPPENED QUERYING THE DATABASE: %v", err)
@@ -166,7 +166,7 @@ func getUsers(c *gin.Context) {
 	}
 	defer rows.Close()
 	for rows.Next() {
-		user := user{}
+		user := userNoPass{}
 		err = rows.Scan(&user.Id, &user.Name, &user.Surname1, &user.Surname2, &user.Email, &user.AccountType)
 		if err != nil {
 			e := fmt.Sprintf("SOMETHING BAD HAPPENED SCANNING THE ROWS: %v", err)
@@ -178,3 +178,35 @@ func getUsers(c *gin.Context) {
 	}
 	c.IndentedJSON(http.StatusOK, setResponse(users, true))
 }
+
+// //////////////////////////////////////////////////////////////////////////
+// Log into the server by comparing hashed passwords
+// //////////////////////////////////////////////////////////////////////////
+func userLogin(c *gin.Context) {
+	u := user{}
+	uDB := user{}
+	if err := c.BindJSON(&u); err != nil {
+		e := fmt.Sprintf("Something went wrong logging into the user: %v", err)
+		log.Println(e)
+		c.IndentedJSON(http.StatusInternalServerError, setResponse(e, false))
+		return
+	}
+	dynStmt := `SELECT password FROM usuarios WHERE email = $1`
+	err := db.QueryRow(dynStmt, u.Email).Scan(&uDB.Password)
+	if err != nil {
+		if err == sql.ErrNoRows {
+			c.IndentedJSON(http.StatusNotFound, setResponse("User not found", false))
+			return
+		}
+		e := fmt.Sprintf("Something went REALLY wrong logging into the user: %v", err)
+		log.Println(e)
+		c.IndentedJSON(http.StatusInternalServerError, setResponse(e, false))
+		return
+	}
+
+	if hashPW(u.Password) != uDB.Password {
+		c.IndentedJSON(http.StatusUnauthorized, setResponse("INCORRECT PASSWORD", false))
+	} else {
+		c.IndentedJSON(http.StatusOK, setResponse("CORRECT PASSWORD :D", true))
+	}
+}