Decided that auth/ should be its own thing since it's so important, and the session store can go in common/web.go for now.

3 days ago · a2080308ca
parent 3e6156e93c
commit a2080308ca
6 changed files with 107 additions and 23 deletions
--- a/admin/handlers.go
+++ b/admin/handlers.go
@ -7,10 +7,11 @@ import (
  "github.com/gofiber/fiber/v2"
  "MY/webapp/data"
  . "MY/webapp/common"
+  "MY/webapp/auth"
 )

 func GetApiTableIndex(c *fiber.Ctx) error {
-  _, err := CheckAuthed(c, true)
+  _, err := auth.Check(c, true)
  if err != nil { return c.Redirect("/") }

  var tables []string
@ -23,7 +24,7 @@ func GetApiTableIndex(c *fiber.Ctx) error {
 }

 func GetApiSelectAll(c *fiber.Ctx) error {
-  _, err := CheckAuthed(c, true)
+  _, err := auth.Check(c, true)
  if err != nil { return c.Redirect("/") }

  table := c.Params("table")
@ -49,14 +50,14 @@ func GetApiSelectAll(c *fiber.Ctx) error {
 }

 func GetPageSelectAll(c *fiber.Ctx) error {
-  _, err := CheckAuthed(c, true)
+  _, err := auth.Check(c, true)
  if err != nil { return c.Redirect("/") }

  return c.Render("admin/table/contents", fiber.Map{"Table": c.Params("table")})
 }

 func GetApiSelectOne(c *fiber.Ctx) error {
-  _, err := CheckAuthed(c, true)
+  _, err := auth.Check(c, true)
  if err != nil { return c.Redirect("/") }

  table := c.Params("table")
@ -72,7 +73,7 @@ func GetApiSelectOne(c *fiber.Ctx) error {
 }

 func GetPageSelectOne(c *fiber.Ctx) error {
-  _, err := CheckAuthed(c, true)
+  _, err := auth.Check(c, true)
  if err != nil { return c.Redirect("/") }

  table := c.Params("table")
@ -86,7 +87,7 @@ func GetPageSelectOne(c *fiber.Ctx) error {
 }

 func PostApiUpdate(c *fiber.Ctx) error {
-  _, err := CheckAuthed(c, true)
+  _, err := auth.Check(c, true)
  if err != nil { return c.Redirect("/") }

  table := c.Params("table")
@ -101,7 +102,7 @@ func PostApiUpdate(c *fiber.Ctx) error {
 }

 func GetPageInsert(c *fiber.Ctx) error {
-  _, err := CheckAuthed(c, true)
+  _, err := auth.Check(c, true)
  if err != nil { return c.Redirect("/") }

  table := c.Params("table")
@ -109,7 +110,7 @@ func GetPageInsert(c *fiber.Ctx) error {
 }

 func GetApiInsert(c *fiber.Ctx) error {
-  _, err := CheckAuthed(c, true)
+  _, err := auth.Check(c, true)
  if err != nil { return c.Redirect("/") }

  table := c.Params("table")
@ -119,7 +120,7 @@ func GetApiInsert(c *fiber.Ctx) error {
 }

 func PostApiInsert(c *fiber.Ctx) error {
-  _, err := CheckAuthed(c, true)
+  _, err := auth.Check(c, true)
  if err != nil { return c.Redirect("/") }

  table := c.Params("table")
@ -135,7 +136,7 @@ func PostApiInsert(c *fiber.Ctx) error {
 }

 func DeleteApi(c *fiber.Ctx) error {
-  _, err := CheckAuthed(c, true)
+  _, err := auth.Check(c, true)
  if err != nil { return c.Redirect("/") }

  table := c.Params("table")
@ -150,7 +151,7 @@ func DeleteApi(c *fiber.Ctx) error {
 }

 func GetPageAdminIndex(c *fiber.Ctx) error {
-  _, err := CheckAuthed(c, true)
+  _, err := auth.Check(c, true)
  if err != nil { return c.Redirect("/") }

  return c.Render("admin/table/index", fiber.Map{})
--- a/api/handlers.go
+++ b/api/handlers.go
@ -5,24 +5,14 @@ import (
  "time"

  "github.com/gofiber/fiber/v2"
-  "github.com/gofiber/fiber/v2/middleware/session"
-  "MY/webapp/common"
 )

 func Setup(app *fiber.App) {
-  common.STORE = session.New()
-
  // this forces static pages to reload
  app.Static("/", "./public", fiber.Static{
    Compress: false,
    CacheDuration: 1 * time.Nanosecond,
  })
-
-  // api/auth.go
-  app.Get("/api/authcheck", GetApiAuthCheck)
-  app.Get("/api/logout", GetApiLogout)
-  app.Post("/api/register", PostApiRegister)
-  app.Post("/api/login", PostApiLogin)
 }

 func Shutdown() {
--- a/auth/handlers.go
+++ b/auth/handlers.go
@ -1,4 +1,4 @@
-package api
+package auth

 import (
  "github.com/gofiber/fiber/v2"
@ -10,7 +10,7 @@ import (
 )

 func GetApiAuthCheck(c *fiber.Ctx) error {
-  _, err := CheckAuthed(c, false)
+  _, err := Check(c, false)
  // auth failure or not authed is determined by err, with nil meaning YES AUTHED
  return c.JSON(fiber.Map{"is_authed": err == nil})
 }
@ -63,3 +63,11 @@ func PostApiLogin(c *fiber.Ctx) error {
    return c.Redirect("/login/")
  }
 }
+
+
+func Setup(app *fiber.App) {
+  app.Get("/api/authcheck", GetApiAuthCheck)
+  app.Get("/api/logout", GetApiLogout)
+  app.Post("/api/register", PostApiRegister)
+  app.Post("/api/login", PostApiLogin)
+}
--- a/auth/helpers.go
+++ b/auth/helpers.go
@ -0,0 +1,76 @@
+package auth
+
+import (
+  "errors"
+  "golang.org/x/crypto/bcrypt"
+  "log"
+
+  "github.com/gofiber/fiber/v2"
+  _ "github.com/mattn/go-sqlite3"
+  sq "github.com/Masterminds/squirrel"
+  "github.com/gofiber/fiber/v2/middleware/session"
+
+  "MY/webapp/data"
+  "MY/webapp/config"
+  "MY/webapp/common"
+)
+
+func IsAdmin(user *data.User) bool {
+  return user.Username == config.Settings.Admin
+}
+
+func Check(c *fiber.Ctx, needs_admin bool) (*session.Session, error) {
+  sess, err := common.STORE.Get(c)
+  if err != nil { return sess, err }
+
+  // BUG: this has to come from the databse, just temporary
+  admin := sess.Get("admin") == true
+  authed := sess.Get("authenticated") == true
+
+  if needs_admin {
+    authed = admin && authed
+    log.Printf("after needs_admin block: authed=%v", authed)
+  }
+
+  if authed {
+    log.Println("user is authed, return nil and sess")
+    return sess, nil
+  } else {
+    log.Println("user is NOT authed, return error")
+    return sess, errors.New("Authentication, permission failure")
+  }
+}
+
+func LogoutUser(c *fiber.Ctx) error {
+  sess, err := common.STORE.Get(c)
+  if err != nil { return err }
+
+  err = sess.Destroy()
+  if err != nil { return err }
+
+  err = sess.Save()
+  return err
+}
+
+func LoginUser(result *data.User, login *data.Login) (bool, error) {
+  sql, args, err := sq.Select("username, password").
+      From("user").Where("username=?", login.Username).ToSql()
+
+  if err != nil { return false, err }
+
+  err = data.DB.Get(result, sql, args...)
+  if err != nil { return false, err }
+
+  pass_good := bcrypt.CompareHashAndPassword([]byte(result.Password), []byte(login.Password))
+  if pass_good != nil { return false, pass_good }
+
+  return login.Username == result.Username && pass_good == nil, nil
+}
+
+func SetUserPassword(user *data.User) error {
+  hashed, err := bcrypt.GenerateFromPassword([]byte(user.Password), 12)
+  if err != nil { return err }
+
+  user.Password = string(hashed)
+  return nil
+}
--- a/common/web.go
+++ b/common/web.go
@ -3,8 +3,11 @@ package common
 import (
  "strings"
  "github.com/gofiber/fiber/v2"
+  "github.com/gofiber/fiber/v2/middleware/session"
 )

+var STORE *session.Store
+
 func Page(path string) (func(c *fiber.Ctx) error) {
  page_id := strings.ReplaceAll(path, "/", "-") + "-page"

--- a/main.go
+++ b/main.go
@ -8,6 +8,7 @@ import (
  "github.com/gofiber/fiber/v2"
  "github.com/gofiber/fiber/v2/middleware/logger"
  "github.com/gofiber/template/html/v2"
+  "github.com/gofiber/fiber/v2/middleware/session"

  _ "github.com/mattn/go-sqlite3"
  recov "github.com/gofiber/fiber/v2/middleware/recover"
@ -16,6 +17,8 @@ import (
  "MY/webapp/data"
  "MY/webapp/config"
  "MY/webapp/admin"
+  "MY/webapp/common"
+  "MY/webapp/auth"
 )

 func main() {
@ -37,7 +40,10 @@ func main() {
  app.Use(logger.New())
  app.Use(recov.New())

+  common.STORE = session.New()
+
  data.Setup(config.Settings.Database.Driver, config.Settings.Database.Url)
+  auth.Setup(app)
  api.Setup(app)
  admin.Setup(app)