go-web-starter-kit/api/auth.go

package api

import (
  "errors"
  "golang.org/x/crypto/bcrypt"
  "log"

  "github.com/gofiber/fiber/v2"
  _ "github.com/mattn/go-sqlite3"
  sq "github.com/Masterminds/squirrel"
  "github.com/gofiber/fiber/v2/middleware/session"

  "MY/webapp/data"
  "MY/webapp/config"
)

func IsAdmin(user *data.User) bool {
  return user.Username == config.Settings.Admin
}

func CheckAuthed(c *fiber.Ctx, needs_admin bool) (*session.Session, error) {
  sess, err := STORE.Get(c)
  if err != nil { return sess, err }

  // BUG: this has to come from the databse, just temporary
  admin := sess.Get("admin") == true
  authed := sess.Get("authenticated") == true

  log.Printf("session admin=%v, session authed=%v, needs_admin = %v", admin, authed, needs_admin)

  if needs_admin {
    authed = admin && authed
    log.Printf("after needs_admin block: authed=%v", authed)
  }

  if authed {
    log.Println("user is authed, return nil and sess")
    return sess, nil
  } else {
    log.Println("user is NOT authed, return error")
    return sess, errors.New("Authentication, permission failure")
  }
}

func LogoutUser(c *fiber.Ctx) error {
  sess, err := STORE.Get(c)
  if err != nil { return err }

  sess.Set("authenticated", false)
  err = sess.Save()
  return err
}

func LoginUser(result *data.User, login *data.Login) (bool, error) {
  sql, args, err := sq.Select("username, password").
      From("user").Where("username=?", login.Username).ToSql()

  if err != nil { return false, err }

  err = data.DB.Get(result, sql, args...)
  if err != nil { return false, err }

  pass_good := bcrypt.CompareHashAndPassword([]byte(result.Password), []byte(login.Password))
  if pass_good != nil { return false, pass_good }

  return login.Username == result.Username && pass_good == nil, nil
}

func SetUserPassword(user *data.User) error {
  hashed, err := bcrypt.GenerateFromPassword([]byte(user.Password), 12)
  if err != nil { return err }

  user.Password = string(hashed)
  return nil
}
First commit to get a basic thing going, does run but not much there. 2 months ago			`package api`

			`import (`
			`"errors"`
			`"golang.org/x/crypto/bcrypt"`
			`"log"`

			`"github.com/gofiber/fiber/v2"`
			`_ "github.com/mattn/go-sqlite3"`
			`sq "github.com/Masterminds/squirrel"`
			`"github.com/gofiber/fiber/v2/middleware/session"`

Switched to using MY as the project/module prefix since it's not imported by any other project and needs to be something you checkout and can use without having to sed for a domain. 2 months ago			`"MY/webapp/data"`
			`"MY/webapp/config"`
First commit to get a basic thing going, does run but not much there. 2 months ago			`)`

			`func IsAdmin(user *data.User) bool {`
			`return user.Username == config.Settings.Admin`
			`}`

			`func CheckAuthed(c fiber.Ctx, needs_admin bool) (session.Session, error) {`
			`sess, err := STORE.Get(c)`
			`if err != nil { return sess, err }`

			`// BUG: this has to come from the databse, just temporary`
			`admin := sess.Get("admin") == true`
			`authed := sess.Get("authenticated") == true`

			`log.Printf("session admin=%v, session authed=%v, needs_admin = %v", admin, authed, needs_admin)`

			`if needs_admin {`
			`authed = admin && authed`
			`log.Printf("after needs_admin block: authed=%v", authed)`
			`}`

			`if authed {`
			`log.Println("user is authed, return nil and sess")`
			`return sess, nil`
			`} else {`
			`log.Println("user is NOT authed, return error")`
			`return sess, errors.New("Authentication, permission failure")`
			`}`
			`}`

			`func LogoutUser(c *fiber.Ctx) error {`
			`sess, err := STORE.Get(c)`
			`if err != nil { return err }`

			`sess.Set("authenticated", false)`
			`err = sess.Save()`
			`return err`
			`}`

			`func LoginUser(result data.User, login data.Login) (bool, error) {`
			`sql, args, err := sq.Select("username, password").`
			`From("user").Where("username=?", login.Username).ToSql()`

			`if err != nil { return false, err }`

			`err = data.DB.Get(result, sql, args...)`
			`if err != nil { return false, err }`

			`pass_good := bcrypt.CompareHashAndPassword([]byte(result.Password), []byte(login.Password))`
			`if pass_good != nil { return false, pass_good }`

			`return login.Username == result.Username && pass_good == nil, nil`
			`}`

			`func SetUserPassword(user *data.User) error {`
			`hashed, err := bcrypt.GenerateFromPassword([]byte(user.Password), 12)`
			`if err != nil { return err }`

			`user.Password = string(hashed)`
			`return nil`
			`}`