add user functions to datastore

This commit is contained in:
Danny van Kooten 2017-01-25 17:11:35 +01:00
parent ed34f069d5
commit 28fa8431ef
3 changed files with 39 additions and 14 deletions

View File

@ -1,16 +1,22 @@
package api
import (
"context"
"encoding/json"
"net/http"
"os"
"github.com/dannyvankooten/ana/datastore"
"github.com/dannyvankooten/ana/models"
"github.com/gorilla/sessions"
"golang.org/x/crypto/bcrypt"
)
type key int
const (
userKey key = 0
)
type login struct {
Email string `json:"email"`
Password string `json:"password"`
@ -24,19 +30,16 @@ var LoginHandler = http.HandlerFunc(func(w http.ResponseWriter, r *http.Request)
// check login creds
var l login
json.NewDecoder(r.Body).Decode(&l)
var hashedPassword string
var u models.User
stmt, _ := datastore.DB.Prepare("SELECT id, email, password FROM users WHERE email = ? LIMIT 1")
err := stmt.QueryRow(l.Email).Scan(&u.ID, &u.Email, &hashedPassword)
u, err := datastore.GetUserByEmail(l.Email)
// compare pwd
if err != nil || bcrypt.CompareHashAndPassword([]byte(hashedPassword), []byte(l.Password)) != nil {
if err != nil || bcrypt.CompareHashAndPassword([]byte(u.HashedPassword), []byte(l.Password)) != nil {
w.WriteHeader(http.StatusUnauthorized)
respond(w, envelope{Error: "invalid_credentials"})
return
}
// TODO: Replace session filesystem store with DB store.
session, _ := store.Get(r, "auth")
session.Values["user_id"] = u.ID
err = session.Save(r, w)
@ -68,14 +71,13 @@ func Authorize(next http.Handler) http.Handler {
}
// find user
var u models.User
stmt, _ := datastore.DB.Prepare("SELECT id, email FROM users WHERE id = ? LIMIT 1")
err := stmt.QueryRow(userID).Scan(&u.ID, &u.Email)
u, err := datastore.GetUser(userID.(int64))
if err != nil {
w.WriteHeader(http.StatusUnauthorized)
return
}
next.ServeHTTP(w, r)
ctx := context.WithValue(r.Context(), userKey, u)
next.ServeHTTP(w, r.WithContext(ctx))
})
}

22
datastore/users.go Normal file
View File

@ -0,0 +1,22 @@
package datastore
import (
"database/sql"
"github.com/dannyvankooten/ana/models"
)
var err error
var stmt *sql.Stmt
var u models.User
func GetUser(id int64) (*models.User, error) {
stmt, err = DB.Prepare("SELECT id, email FROM users WHERE id = ? LIMIT 1")
err = stmt.QueryRow(id).Scan(&u.ID, &u.Email)
return &u, err
}
func GetUserByEmail(email string) (*models.User, error) {
stmt, err = DB.Prepare("SELECT id, email, password FROM users WHERE email = ? LIMIT 1")
err := stmt.QueryRow(email).Scan(&u.ID, &u.Email, &u.HashedPassword)
return &u, err
}

View File

@ -8,6 +8,7 @@ type User struct {
ID int64
Email string
Password string `json:"-"`
HashedPassword string `json:"-"`
}
func (u *User) Save(conn *sql.DB) error {