-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #8 from IgorPolyakov/main
Auth it!
- Loading branch information
Showing
9 changed files
with
218 additions
and
4 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,66 @@ | ||
package api | ||
|
||
import ( | ||
"ctf01d/internal/app/repository" | ||
api_helpers "ctf01d/internal/app/utils" | ||
"database/sql" | ||
"encoding/json" | ||
"net/http" | ||
) | ||
|
||
type RequestLogin struct { | ||
Username string `json:"user_name"` | ||
Password string `json:"password"` | ||
} | ||
|
||
func LoginSessionHandler(db *sql.DB, w http.ResponseWriter, r *http.Request) { | ||
var req RequestLogin | ||
if err := json.NewDecoder(r.Body).Decode(&req); err != nil { | ||
http.Error(w, "Invalid request body", http.StatusBadRequest) | ||
return | ||
} | ||
userRepo := repository.NewUserRepository(db) | ||
user, err := userRepo.GetByUserName(r.Context(), req.Username) | ||
if err != nil || !api_helpers.CheckPasswordHash(req.Password, user.PasswordHash) { | ||
api_helpers.RespondWithJSON(w, http.StatusUnauthorized, map[string]string{"error": "Invalid password or user"}) | ||
return | ||
} | ||
|
||
sessionRepo := repository.NewSessionRepository(db) | ||
sessionId, err := sessionRepo.StoreSessionInDB(r.Context(), user.Id) | ||
if err != nil { | ||
http.Error(w, "Failed to store session in DB", http.StatusInternalServerError) | ||
return | ||
} | ||
|
||
http.SetCookie(w, &http.Cookie{ | ||
Name: "session_id", | ||
HttpOnly: true, | ||
Value: sessionId, | ||
Path: "/", | ||
MaxAge: 96 * 3600, // fixme, брать из db | ||
}) | ||
|
||
api_helpers.RespondWithJSON(w, http.StatusOK, map[string]string{"data": "User logged in"}) | ||
} | ||
|
||
func LogoutSessionHandler(db *sql.DB, w http.ResponseWriter, r *http.Request) { | ||
cookie, err := r.Cookie("session_id") | ||
if err != nil { | ||
http.Error(w, "No session found", http.StatusUnauthorized) | ||
return | ||
} | ||
sessionRepo := repository.NewSessionRepository(db) | ||
err = sessionRepo.DeleteSessionInDB(r.Context(), cookie.Value) | ||
if err != nil { | ||
http.Error(w, "Failed to delete session", http.StatusInternalServerError) | ||
return | ||
} | ||
http.SetCookie(w, &http.Cookie{ | ||
Name: "session_id", | ||
Value: "", | ||
Path: "/", | ||
MaxAge: -1, // Удаление куки | ||
}) | ||
api_helpers.RespondWithJSON(w, http.StatusOK, map[string]string{"data": "User logout successful"}) | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,54 @@ | ||
package repository | ||
|
||
import ( | ||
"context" | ||
"database/sql" | ||
"fmt" | ||
"time" | ||
) | ||
|
||
type SessionRepository interface { | ||
GetSessionFromDB(ctx context.Context, sessionId string) (int, error) | ||
StoreSessionInDB(ctx context.Context, userId int) (string, error) | ||
DeleteSessionInDB(ctx context.Context, cookie string) error | ||
} | ||
|
||
type sessionRepo struct { | ||
db *sql.DB | ||
} | ||
|
||
func NewSessionRepository(db *sql.DB) SessionRepository { | ||
return &sessionRepo{db: db} | ||
} | ||
|
||
func (r *sessionRepo) GetSessionFromDB(ctx context.Context, sessionId string) (int, error) { | ||
var userId int | ||
err := r.db.QueryRowContext(ctx, "SELECT user_id FROM sessions WHERE id = $1 AND expires_at > NOW()", sessionId).Scan(&userId) | ||
return userId, err | ||
} | ||
|
||
func (r *sessionRepo) StoreSessionInDB(ctx context.Context, userId int) (string, error) { | ||
var session string | ||
query := ` | ||
INSERT INTO sessions (user_id, expires_at) | ||
VALUES ($1, $2) | ||
ON CONFLICT (user_id) DO | ||
UPDATE SET expires_at = EXCLUDED.expires_at | ||
RETURNING id | ||
` | ||
err := r.db.QueryRowContext(ctx, query, userId, time.Now().Add(96*time.Hour)).Scan(&session) | ||
fmt.Println(session) | ||
if err != nil { | ||
return "", err | ||
} | ||
return session, nil | ||
} | ||
|
||
func (r *sessionRepo) DeleteSessionInDB(ctx context.Context, sessionId string) error { | ||
query := "DELETE FROM sessions where id = $1" | ||
_, err := r.db.ExecContext(ctx, query, sessionId) | ||
if err != nil { | ||
return err | ||
} | ||
return nil | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters