mirror of https://github.com/status-im/fathom.git
add user functions to datastore
This commit is contained in:
parent
ed34f069d5
commit
28fa8431ef
24
api/auth.go
24
api/auth.go
|
@ -1,16 +1,22 @@
|
||||||
package api
|
package api
|
||||||
|
|
||||||
import (
|
import (
|
||||||
|
"context"
|
||||||
"encoding/json"
|
"encoding/json"
|
||||||
"net/http"
|
"net/http"
|
||||||
"os"
|
"os"
|
||||||
|
|
||||||
"github.com/dannyvankooten/ana/datastore"
|
"github.com/dannyvankooten/ana/datastore"
|
||||||
"github.com/dannyvankooten/ana/models"
|
|
||||||
"github.com/gorilla/sessions"
|
"github.com/gorilla/sessions"
|
||||||
"golang.org/x/crypto/bcrypt"
|
"golang.org/x/crypto/bcrypt"
|
||||||
)
|
)
|
||||||
|
|
||||||
|
type key int
|
||||||
|
|
||||||
|
const (
|
||||||
|
userKey key = 0
|
||||||
|
)
|
||||||
|
|
||||||
type login struct {
|
type login struct {
|
||||||
Email string `json:"email"`
|
Email string `json:"email"`
|
||||||
Password string `json:"password"`
|
Password string `json:"password"`
|
||||||
|
@ -24,19 +30,16 @@ var LoginHandler = http.HandlerFunc(func(w http.ResponseWriter, r *http.Request)
|
||||||
// check login creds
|
// check login creds
|
||||||
var l login
|
var l login
|
||||||
json.NewDecoder(r.Body).Decode(&l)
|
json.NewDecoder(r.Body).Decode(&l)
|
||||||
var hashedPassword string
|
|
||||||
var u models.User
|
u, err := datastore.GetUserByEmail(l.Email)
|
||||||
stmt, _ := datastore.DB.Prepare("SELECT id, email, password FROM users WHERE email = ? LIMIT 1")
|
|
||||||
err := stmt.QueryRow(l.Email).Scan(&u.ID, &u.Email, &hashedPassword)
|
|
||||||
|
|
||||||
// compare pwd
|
// compare pwd
|
||||||
if err != nil || bcrypt.CompareHashAndPassword([]byte(hashedPassword), []byte(l.Password)) != nil {
|
if err != nil || bcrypt.CompareHashAndPassword([]byte(u.HashedPassword), []byte(l.Password)) != nil {
|
||||||
w.WriteHeader(http.StatusUnauthorized)
|
w.WriteHeader(http.StatusUnauthorized)
|
||||||
respond(w, envelope{Error: "invalid_credentials"})
|
respond(w, envelope{Error: "invalid_credentials"})
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
// TODO: Replace session filesystem store with DB store.
|
|
||||||
session, _ := store.Get(r, "auth")
|
session, _ := store.Get(r, "auth")
|
||||||
session.Values["user_id"] = u.ID
|
session.Values["user_id"] = u.ID
|
||||||
err = session.Save(r, w)
|
err = session.Save(r, w)
|
||||||
|
@ -68,14 +71,13 @@ func Authorize(next http.Handler) http.Handler {
|
||||||
}
|
}
|
||||||
|
|
||||||
// find user
|
// find user
|
||||||
var u models.User
|
u, err := datastore.GetUser(userID.(int64))
|
||||||
stmt, _ := datastore.DB.Prepare("SELECT id, email FROM users WHERE id = ? LIMIT 1")
|
|
||||||
err := stmt.QueryRow(userID).Scan(&u.ID, &u.Email)
|
|
||||||
if err != nil {
|
if err != nil {
|
||||||
w.WriteHeader(http.StatusUnauthorized)
|
w.WriteHeader(http.StatusUnauthorized)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
next.ServeHTTP(w, r)
|
ctx := context.WithValue(r.Context(), userKey, u)
|
||||||
|
next.ServeHTTP(w, r.WithContext(ctx))
|
||||||
})
|
})
|
||||||
}
|
}
|
||||||
|
|
|
@ -0,0 +1,22 @@
|
||||||
|
package datastore
|
||||||
|
|
||||||
|
import (
|
||||||
|
"database/sql"
|
||||||
|
"github.com/dannyvankooten/ana/models"
|
||||||
|
)
|
||||||
|
|
||||||
|
var err error
|
||||||
|
var stmt *sql.Stmt
|
||||||
|
var u models.User
|
||||||
|
|
||||||
|
func GetUser(id int64) (*models.User, error) {
|
||||||
|
stmt, err = DB.Prepare("SELECT id, email FROM users WHERE id = ? LIMIT 1")
|
||||||
|
err = stmt.QueryRow(id).Scan(&u.ID, &u.Email)
|
||||||
|
return &u, err
|
||||||
|
}
|
||||||
|
|
||||||
|
func GetUserByEmail(email string) (*models.User, error) {
|
||||||
|
stmt, err = DB.Prepare("SELECT id, email, password FROM users WHERE email = ? LIMIT 1")
|
||||||
|
err := stmt.QueryRow(email).Scan(&u.ID, &u.Email, &u.HashedPassword)
|
||||||
|
return &u, err
|
||||||
|
}
|
|
@ -5,9 +5,10 @@ import (
|
||||||
)
|
)
|
||||||
|
|
||||||
type User struct {
|
type User struct {
|
||||||
ID int64
|
ID int64
|
||||||
Email string
|
Email string
|
||||||
Password string `json:"-"`
|
Password string `json:"-"`
|
||||||
|
HashedPassword string `json:"-"`
|
||||||
}
|
}
|
||||||
|
|
||||||
func (u *User) Save(conn *sql.DB) error {
|
func (u *User) Save(conn *sql.DB) error {
|
||||||
|
|
Loading…
Reference in New Issue