213 lines
7.1 KiB
Go
213 lines
7.1 KiB
Go
package cmd
|
|
|
|
import (
|
|
"database/sql"
|
|
"fmt"
|
|
"log"
|
|
"net/http"
|
|
"strconv"
|
|
|
|
"github.com/gin-gonic/gin"
|
|
)
|
|
|
|
// //////////////////////////////////////////////////////////////////////////
|
|
// Check whether user exists or not in the database
|
|
// //////////////////////////////////////////////////////////////////////////
|
|
func checkUserExists(id string) bool {
|
|
dynStmt := `SELECT id_usuario FROM usuarios WHERE id_usuario = $1`
|
|
err := db.QueryRow(dynStmt, id).Scan()
|
|
if err == sql.ErrNoRows {
|
|
return false
|
|
} else {
|
|
return true
|
|
}
|
|
}
|
|
|
|
// //////////////////////////////////////////////////////////////////////////
|
|
// Modify a user by its ID
|
|
// //////////////////////////////////////////////////////////////////////////
|
|
func modifyUser(c *gin.Context) {
|
|
id := c.Param("userid")
|
|
dynStmt := `UPDATE usuarios SET email=$1,nombre=$2,apellido1=$3,apellido2=$4,password=$5 WHERE id_usuario = $6`
|
|
|
|
_, err := strconv.Atoi(id)
|
|
if err != nil {
|
|
e := fmt.Sprintf("Invalid identifier")
|
|
c.IndentedJSON(http.StatusNotFound, setResponse(e, false))
|
|
return
|
|
}
|
|
|
|
if exists := checkUserExists(id); exists != true {
|
|
c.IndentedJSON(http.StatusNotFound, setResponse("User not found", false))
|
|
return
|
|
}
|
|
|
|
user := user{}
|
|
if err := c.BindJSON(&user); err != nil {
|
|
e := fmt.Sprintf("Something went wrong updating the user: %v", err)
|
|
log.Println(e)
|
|
c.IndentedJSON(http.StatusInternalServerError, setResponse(e, false))
|
|
return
|
|
}
|
|
|
|
_, err = db.Exec(dynStmt, user.Email, user.Name, user.Surname1, user.Surname2, hashPW(user.Password), id)
|
|
if err != nil {
|
|
e := fmt.Sprintf("Something went wrong trying to modify the user: %v", err)
|
|
log.Println(e)
|
|
c.IndentedJSON(http.StatusInternalServerError, setResponse(e, false))
|
|
return
|
|
}
|
|
|
|
c.IndentedJSON(http.StatusOK, setResponse("User successfully modified", true))
|
|
}
|
|
|
|
// //////////////////////////////////////////////////////////////////////////
|
|
// Delete a user by its ID
|
|
// //////////////////////////////////////////////////////////////////////////
|
|
func deleteUser(c *gin.Context) {
|
|
id := c.Param("userid")
|
|
dynStmt := `DELETE FROM usuarios WHERE id_usuario = $1`
|
|
|
|
_, err := strconv.Atoi(id)
|
|
if err != nil {
|
|
e := fmt.Sprintf("Invalid identifier")
|
|
c.IndentedJSON(http.StatusNotFound, setResponse(e, false))
|
|
return
|
|
}
|
|
|
|
if exists := checkUserExists(id); exists != true {
|
|
c.IndentedJSON(http.StatusNotFound, setResponse("User not found", false))
|
|
return
|
|
}
|
|
|
|
_, err = db.Exec(dynStmt, id)
|
|
if err != nil {
|
|
e := fmt.Sprintf("Something went wrong trying to delete the user: %v", err)
|
|
log.Println(e)
|
|
c.IndentedJSON(http.StatusInternalServerError, setResponse(e, false))
|
|
return
|
|
}
|
|
c.IndentedJSON(http.StatusOK, setResponse("User successfully deleted", true))
|
|
}
|
|
|
|
// //////////////////////////////////////////////////////////////////////////
|
|
// Create a new user
|
|
// //////////////////////////////////////////////////////////////////////////
|
|
func createUser(c *gin.Context) {
|
|
newuser := user{}
|
|
if err := c.BindJSON(&newuser); err != nil {
|
|
e := fmt.Sprintf("Something went wrong creating the user: %v", err)
|
|
log.Println(e)
|
|
c.IndentedJSON(http.StatusInternalServerError, setResponse(e, false))
|
|
return
|
|
}
|
|
|
|
var dynStmt string
|
|
if newuser.AccountType != "estudiante" && newuser.AccountType != "profesor" {
|
|
if newuser.AccountType == "admin" {
|
|
c.IndentedJSON(http.StatusTeapot, setResponse("Nice try (https://xkcd.com/327/)", false))
|
|
return
|
|
}
|
|
c.IndentedJSON(http.StatusNotFound, setResponse("Invalid account type", false))
|
|
return
|
|
}
|
|
dynStmt = `INSERT INTO usuarios(nombre, apellido1, apellido2, email, password, rol) values($1, $2, $3, $4, $5, $6)`
|
|
_, err := db.Exec(dynStmt, newuser.Name, newuser.Surname1, newuser.Surname2, newuser.Email, hashPW(newuser.Password), newuser.AccountType)
|
|
if err != nil {
|
|
e := fmt.Sprintf("Something went wrong trying to create the user: %v", err)
|
|
log.Println(e)
|
|
c.IndentedJSON(http.StatusInternalServerError, setResponse(e, false))
|
|
return
|
|
}
|
|
e := fmt.Sprintf("User %v has been created!", newuser.Name)
|
|
c.IndentedJSON(http.StatusOK, setResponse(e, true))
|
|
}
|
|
|
|
// //////////////////////////////////////////////////////////////////////////
|
|
// Query an individual user by its ID
|
|
// //////////////////////////////////////////////////////////////////////////
|
|
func getUser(c *gin.Context) {
|
|
id := c.Param("userid")
|
|
|
|
_, err := strconv.Atoi(id)
|
|
if err != nil {
|
|
e := fmt.Sprintf("Invalid identifier")
|
|
c.IndentedJSON(http.StatusNotFound, setResponse(e, false))
|
|
return
|
|
}
|
|
|
|
user := userNoPass{}
|
|
dynStmt := `SELECT id_usuario,nombre,apellido1,apellido2,email,rol FROM usuarios WHERE id_usuario = $1`
|
|
err = db.QueryRow(dynStmt, id).Scan(&user.Id, &user.Name, &user.Surname1, &user.Surname2, &user.Email, &user.AccountType)
|
|
if err != nil {
|
|
if err == sql.ErrNoRows {
|
|
c.IndentedJSON(http.StatusNotFound, setResponse("User not found", false))
|
|
return
|
|
}
|
|
e := fmt.Sprintf("SOMETHING BAD HAPPENED QUERYING THE DATABASE: %v", err)
|
|
log.Println(e)
|
|
c.IndentedJSON(http.StatusInternalServerError, setResponse(e, false))
|
|
return
|
|
}
|
|
c.IndentedJSON(http.StatusOK, setResponse(user, true))
|
|
}
|
|
|
|
// //////////////////////////////////////////////////////////////////////////
|
|
// Query all users in the database
|
|
// //////////////////////////////////////////////////////////////////////////
|
|
func getUsers(c *gin.Context) {
|
|
users := []userNoPass{}
|
|
rows, err := db.Query("SELECT id_usuario,nombre,apellido1,apellido2,email,rol FROM usuarios")
|
|
if err != nil {
|
|
e := fmt.Sprintf("SOMETHING BAD HAPPENED QUERYING THE DATABASE: %v", err)
|
|
log.Println(e)
|
|
c.IndentedJSON(http.StatusInternalServerError, setResponse(e, false))
|
|
return
|
|
}
|
|
defer rows.Close()
|
|
for rows.Next() {
|
|
user := userNoPass{}
|
|
err = rows.Scan(&user.Id, &user.Name, &user.Surname1, &user.Surname2, &user.Email, &user.AccountType)
|
|
if err != nil {
|
|
e := fmt.Sprintf("SOMETHING BAD HAPPENED SCANNING THE ROWS: %v", err)
|
|
log.Println(e)
|
|
c.IndentedJSON(http.StatusInternalServerError, setResponse(e, false))
|
|
return
|
|
}
|
|
users = append(users, user)
|
|
}
|
|
c.IndentedJSON(http.StatusOK, setResponse(users, true))
|
|
}
|
|
|
|
// //////////////////////////////////////////////////////////////////////////
|
|
// Log into the server by comparing hashed passwords
|
|
// //////////////////////////////////////////////////////////////////////////
|
|
func userLogin(c *gin.Context) {
|
|
u := user{}
|
|
uDB := user{}
|
|
if err := c.BindJSON(&u); err != nil {
|
|
e := fmt.Sprintf("Something went wrong logging into the user: %v", err)
|
|
log.Println(e)
|
|
c.IndentedJSON(http.StatusInternalServerError, setResponse(e, false))
|
|
return
|
|
}
|
|
dynStmt := `SELECT password FROM usuarios WHERE email = $1`
|
|
err := db.QueryRow(dynStmt, u.Email).Scan(&uDB.Password)
|
|
if err != nil {
|
|
if err == sql.ErrNoRows {
|
|
c.IndentedJSON(http.StatusNotFound, setResponse("User not found", false))
|
|
return
|
|
}
|
|
e := fmt.Sprintf("Something went REALLY wrong logging into the user: %v", err)
|
|
log.Println(e)
|
|
c.IndentedJSON(http.StatusInternalServerError, setResponse(e, false))
|
|
return
|
|
}
|
|
|
|
if hashPW(u.Password) != uDB.Password {
|
|
c.IndentedJSON(http.StatusUnauthorized, setResponse("INCORRECT PASSWORD", false))
|
|
} else {
|
|
c.IndentedJSON(http.StatusOK, setResponse("CORRECT PASSWORD :D", true))
|
|
}
|
|
}
|