package cmd import ( "crypto/sha256" "database/sql" "encoding/hex" "fmt" "log" "net/http" "strconv" "github.com/gin-gonic/gin" _ "github.com/lib/pq" "github.com/spf13/viper" ) var ( ListenPort = "8080" db *sql.DB DB_Host string DB_Port string DB_User string DB_Pass string DB_Name string ) func server() { log.SetPrefix("[DRAHOOT] ") setPort() if err := getDBInfo(); err != nil { log.Fatalf("INVALID DB INFO: %v\nPlease refer to the example configuration file in the repo at https://git.bulgariu.xyz/raul/drahoot/src/branch/main/sample-config (default config path = ~/.config/drahoot/drahoot.toml)", err) } if err := openDB(); err != nil { log.Fatalf("Error happened trying to connect to database: %v", err) } gin.SetMode(gin.ReleaseMode) r := gin.Default() r.GET("/api/ping", ping) //r.GET("/", helloWorld) // TODO: Have fun creating new endpoints r.GET("/api/user", getUsers) r.GET("/api/user/:userid", getUser) r.POST("/api/user", createUser) r.DELETE("/api/user/:userid", deleteUser) r.PUT("/api/user/:userid", modifyUser) r.Run(":" + ListenPort) } func modifyUser(c *gin.Context) { id := c.Param("userid") dynStmt := `UPDATE usuarios SET email=$1,nombre=$2,apellido1=$3,apellido2=$4,password=$5 WHERE id_usuario = $6` _, err := strconv.Atoi(id) if err != nil { e := fmt.Sprintf("Invalid identifier") c.IndentedJSON(http.StatusNotFound, setResponse(e, false)) return } user := user{} if err := c.BindJSON(&user); err != nil { e := fmt.Sprintf("Something went wrong updating the user: %v", err) log.Println(e) c.IndentedJSON(http.StatusInternalServerError, setResponse(e, false)) return } _, err = db.Exec(dynStmt, user.Email, user.Name, user.Surname1, user.Surname2, hashPW(user.Password), id) if err != nil { e := fmt.Sprintf("Something went wrong trying to modify the user: %v", err) log.Println(e, user.Email, user.Name, user.Surname1, user.Surname2, hashPW(user.Password), id) c.IndentedJSON(http.StatusInternalServerError, setResponse(e, false)) return } c.IndentedJSON(http.StatusOK, setResponse(user, true)) } func deleteUser(c *gin.Context) { id := c.Param("userid") dynStmt := `DELETE FROM usuarios WHERE id_usuario = $1` _, err := strconv.Atoi(id) if err != nil { e := fmt.Sprintf("Invalid identifier") c.IndentedJSON(http.StatusNotFound, setResponse(e, false)) return } _, err = db.Exec(dynStmt, id) if err != nil { e := fmt.Sprintf("Something went wrong trying to delete the user: %v", err) log.Println(e) c.IndentedJSON(http.StatusInternalServerError, setResponse(e, false)) return } e := fmt.Sprintf("User successfully deleted") c.IndentedJSON(http.StatusOK, setResponse(e, true)) } func createUser(c *gin.Context) { newuser := user{} if err := c.BindJSON(&newuser); err != nil { e := fmt.Sprintf("Something went wrong creating the user: %v", err) log.Println(e) c.IndentedJSON(http.StatusInternalServerError, setResponse(e, false)) return } var dynStmt string if newuser.AccountType != "estudiante" && newuser.AccountType != "profesor" { if newuser.AccountType == "admin" { e := fmt.Sprintf("Nice try (https://xkcd.com/327/)") c.IndentedJSON(http.StatusTeapot, setResponse(e, false)) return } e := fmt.Sprintf("Invalid account type\n") c.IndentedJSON(http.StatusNotFound, setResponse(e, false)) return } dynStmt = `INSERT INTO usuarios(nombre, apellido1, apellido2, email, password, rol) values($1, $2, $3, $4, $5, $6)` _, err := db.Exec(dynStmt, newuser.Name, newuser.Surname1, newuser.Surname2, newuser.Email, hashPW(newuser.Password), newuser.AccountType) if err != nil { e := fmt.Sprintf("Something went wrong trying to create the user: %v", err) log.Println(e) c.IndentedJSON(http.StatusInternalServerError, setResponse(e, false)) return } e := fmt.Sprintf("User %v has been created!", newuser.Name) c.IndentedJSON(http.StatusOK, setResponse(e, true)) } func setResponse(content any, success bool) response { msg := response{Contents: content, Success: success} return msg } func getUser(c *gin.Context) { id := c.Param("userid") _, err := strconv.Atoi(id) if err != nil { e := fmt.Sprintf("Invalid identifier") c.IndentedJSON(http.StatusNotFound, setResponse(e, false)) return } user := user{} dynStmt := `SELECT id_usuario,nombre,apellido1,apellido2,email,rol FROM usuarios WHERE id_usuario = $1` err = db.QueryRow(dynStmt, id).Scan(&user.Id, &user.Name, &user.Surname1, &user.Surname2, &user.Email, &user.AccountType) if err != nil { if err == sql.ErrNoRows { c.IndentedJSON(http.StatusNotFound, setResponse("User not found", false)) return } e := fmt.Sprintf("SOMETHING BAD HAPPENED QUERYING THE DATABASE: %v", err) log.Println(e) c.IndentedJSON(http.StatusInternalServerError, setResponse(e, false)) return } c.IndentedJSON(http.StatusOK, setResponse(user, true)) } func getUsers(c *gin.Context) { users := []user{} rows, err := db.Query("SELECT id_usuario,nombre,apellido1,apellido2,email,rol FROM usuarios") if err != nil { e := fmt.Sprintf("SOMETHING BAD HAPPENED QUERYING THE DATABASE: %v", err) log.Println(e) c.IndentedJSON(http.StatusInternalServerError, setResponse(e, false)) return } defer rows.Close() for rows.Next() { user := user{} err = rows.Scan(&user.Id, &user.Name, &user.Surname1, &user.Surname2, &user.Email, &user.AccountType) if err != nil { e := fmt.Sprintf("SOMETHING BAD HAPPENED SCANNING THE ROWS: %v", err) log.Println(e) c.IndentedJSON(http.StatusInternalServerError, setResponse(e, false)) return } users = append(users, user) } c.IndentedJSON(http.StatusOK, setResponse(users, true)) } func ping(c *gin.Context) { c.IndentedJSON(http.StatusOK, setResponse("Pong!", true)) } func hashPW(plain string) string { hashedPW := sha256.New() hashedPW.Write([]byte(plain)) sha256hash := hex.EncodeToString(hashedPW.Sum(nil)) return sha256hash } func getDBInfo() error { dbhost := viper.GetString("Server.DB_Host") if dbhost == "" { e := fmt.Errorf("No database IP address present in config file!\n") return e } else { DB_Host = dbhost } dbport := viper.GetString("Server.DB_Port") if dbport == "" { e := fmt.Errorf("No database port present in config file!\n") return e } else { DB_Port = dbport } dbuser := viper.GetString("Server.DB_User") if dbuser == "" { e := fmt.Errorf("No database username present in config file!\n") return e } else { DB_User = dbuser } dbpass := viper.GetString("Server.DB_Pass") if dbpass == "" { e := fmt.Errorf("No database password present in config file!\n") return e } else { DB_Pass = dbpass } dbname := viper.GetString("Server.DB_Name") if dbname == "" { e := fmt.Errorf("No database name present in config file!\n") return e } else { DB_Name = dbname } return nil } func openDB() error { psqlconn := fmt.Sprintf("host=%s port=%s user=%s password=%s dbname=%s sslmode=disable", DB_Host, DB_Port, DB_User, DB_Pass, DB_Name) dba, err := sql.Open("postgres", psqlconn) if err != nil { return err } db = dba return nil } func setPort() { p := viper.GetString("Server.Port") if p != "" { ListenPort = p } }