package cmd import ( "database/sql" "fmt" "log" "net/http" "strconv" "github.com/gin-gonic/gin" ) // ////////////////////////////////////////////////////////////////////////// // Check whether user exists or not in the database // ////////////////////////////////////////////////////////////////////////// func checkUserExists(id string) bool { dynStmt := `SELECT id_usuario FROM usuarios WHERE id_usuario = $1` err := db.QueryRow(dynStmt, id).Scan() if err == sql.ErrNoRows { return false } else { return true } } // ////////////////////////////////////////////////////////////////////////// // Modify a user by its ID // ////////////////////////////////////////////////////////////////////////// func modifyUser(c *gin.Context) { id := c.Param("userid") dynStmt := `UPDATE usuarios SET email=$1,nombre=$2,apellido1=$3,apellido2=$4,password=$5 WHERE id_usuario = $6` _, err := strconv.Atoi(id) if err != nil { e := fmt.Sprintf("Invalid identifier") c.IndentedJSON(http.StatusNotFound, setResponse(e, false)) return } if exists := checkUserExists(id); exists != true { c.IndentedJSON(http.StatusNotFound, setResponse("User not found", false)) return } user := user{} if err := c.BindJSON(&user); err != nil { e := fmt.Sprintf("Something went wrong updating the user: %v", err) log.Println(e) c.IndentedJSON(http.StatusInternalServerError, setResponse(e, false)) return } _, err = db.Exec(dynStmt, user.Email, user.Name, user.Surname1, user.Surname2, hashPW(user.Password), id) if err != nil { e := fmt.Sprintf("Something went wrong trying to modify the user: %v", err) log.Println(e) c.IndentedJSON(http.StatusInternalServerError, setResponse(e, false)) return } c.IndentedJSON(http.StatusOK, setResponse("User successfully modified", true)) } // ////////////////////////////////////////////////////////////////////////// // Delete a user by its ID // ////////////////////////////////////////////////////////////////////////// func deleteUser(c *gin.Context) { id := c.Param("userid") dynStmt := `DELETE FROM usuarios WHERE id_usuario = $1` _, err := strconv.Atoi(id) if err != nil { e := fmt.Sprintf("Invalid identifier") c.IndentedJSON(http.StatusNotFound, setResponse(e, false)) return } if exists := checkUserExists(id); exists != true { c.IndentedJSON(http.StatusNotFound, setResponse("User not found", false)) return } _, err = db.Exec(dynStmt, id) if err != nil { e := fmt.Sprintf("Something went wrong trying to delete the user: %v", err) log.Println(e) c.IndentedJSON(http.StatusInternalServerError, setResponse(e, false)) return } c.IndentedJSON(http.StatusOK, setResponse("User successfully deleted", true)) } // ////////////////////////////////////////////////////////////////////////// // Create a new user // ////////////////////////////////////////////////////////////////////////// func createUser(c *gin.Context) { newuser := user{} if err := c.BindJSON(&newuser); err != nil { e := fmt.Sprintf("Something went wrong creating the user: %v", err) log.Println(e) c.IndentedJSON(http.StatusInternalServerError, setResponse(e, false)) return } var dynStmt string if newuser.AccountType != "estudiante" && newuser.AccountType != "profesor" { if newuser.AccountType == "admin" { c.IndentedJSON(http.StatusTeapot, setResponse("Nice try (https://xkcd.com/327/)", false)) return } c.IndentedJSON(http.StatusNotFound, setResponse("Invalid account type", false)) return } dynStmt = `INSERT INTO usuarios(nombre, apellido1, apellido2, email, password, rol) values($1, $2, $3, $4, $5, $6)` _, err := db.Exec(dynStmt, newuser.Name, newuser.Surname1, newuser.Surname2, newuser.Email, hashPW(newuser.Password), newuser.AccountType) if err != nil { e := fmt.Sprintf("Something went wrong trying to create the user: %v", err) log.Println(e) c.IndentedJSON(http.StatusInternalServerError, setResponse(e, false)) return } e := fmt.Sprintf("User %v has been created!", newuser.Name) c.IndentedJSON(http.StatusOK, setResponse(e, true)) } // ////////////////////////////////////////////////////////////////////////// // Query an individual user by its ID // ////////////////////////////////////////////////////////////////////////// func getUser(c *gin.Context) { id := c.Param("userid") _, err := strconv.Atoi(id) if err != nil { e := fmt.Sprintf("Invalid identifier") c.IndentedJSON(http.StatusNotFound, setResponse(e, false)) return } user := userNoPass{} dynStmt := `SELECT id_usuario,nombre,apellido1,apellido2,email,rol FROM usuarios WHERE id_usuario = $1` err = db.QueryRow(dynStmt, id).Scan(&user.Id, &user.Name, &user.Surname1, &user.Surname2, &user.Email, &user.AccountType) if err != nil { if err == sql.ErrNoRows { c.IndentedJSON(http.StatusNotFound, setResponse("User not found", false)) return } e := fmt.Sprintf("SOMETHING BAD HAPPENED QUERYING THE DATABASE: %v", err) log.Println(e) c.IndentedJSON(http.StatusInternalServerError, setResponse(e, false)) return } c.IndentedJSON(http.StatusOK, setResponse(user, true)) } // ////////////////////////////////////////////////////////////////////////// // Query all users in the database // ////////////////////////////////////////////////////////////////////////// func getUsers(c *gin.Context) { users := []userNoPass{} rows, err := db.Query("SELECT id_usuario,nombre,apellido1,apellido2,email,rol FROM usuarios") if err != nil { e := fmt.Sprintf("SOMETHING BAD HAPPENED QUERYING THE DATABASE: %v", err) log.Println(e) c.IndentedJSON(http.StatusInternalServerError, setResponse(e, false)) return } defer rows.Close() for rows.Next() { user := userNoPass{} err = rows.Scan(&user.Id, &user.Name, &user.Surname1, &user.Surname2, &user.Email, &user.AccountType) if err != nil { e := fmt.Sprintf("SOMETHING BAD HAPPENED SCANNING THE ROWS: %v", err) log.Println(e) c.IndentedJSON(http.StatusInternalServerError, setResponse(e, false)) return } users = append(users, user) } c.IndentedJSON(http.StatusOK, setResponse(users, true)) } // ////////////////////////////////////////////////////////////////////////// // Log into the server by comparing hashed passwords // ////////////////////////////////////////////////////////////////////////// func userLogin(c *gin.Context) { u := user{} uDB := user{} if err := c.BindJSON(&u); err != nil { e := fmt.Sprintf("Something went wrong logging into the user: %v", err) log.Println(e) c.IndentedJSON(http.StatusInternalServerError, setResponse(e, false)) return } dynStmt := `SELECT password FROM usuarios WHERE email = $1` err := db.QueryRow(dynStmt, u.Email).Scan(&uDB.Password) if err != nil { if err == sql.ErrNoRows { c.IndentedJSON(http.StatusNotFound, setResponse("User not found", false)) return } e := fmt.Sprintf("Something went REALLY wrong logging into the user: %v", err) log.Println(e) c.IndentedJSON(http.StatusInternalServerError, setResponse(e, false)) return } if hashPW(u.Password) != uDB.Password { c.IndentedJSON(http.StatusUnauthorized, setResponse("INCORRECT PASSWORD", false)) } else { c.IndentedJSON(http.StatusOK, setResponse("CORRECT PASSWORD :D", true)) } }