Tovi Jaeschke-Rogers
3 years ago
7 changed files with 281 additions and 1 deletions
Split View
Diff Options
-
+65 -0Api/Auth/Login.go
-
+111 -0Api/Auth/Login_test.go
-
+34 -0Api/Auth/Logout.go
-
+51 -0Api/Auth/Session.go
-
+6 -0Api/Routes.go
-
+1 -1Api/Users_test.go
-
+13 -0Database/Users.go
+ 65
- 0
Api/Auth/Login.go
View File
| @ -0,0 +1,65 @@ | |||
| package Auth | |||
| import ( | |||
| "encoding/json" | |||
| "net/http" | |||
| "time" | |||
| "git.tovijaeschke.xyz/tovi/SuddenImpactRecords/Database" | |||
| "git.tovijaeschke.xyz/tovi/SuddenImpactRecords/Models" | |||
| "github.com/gofrs/uuid" | |||
| ) | |||
| type Credentials struct { | |||
| Email string `json:"email"` | |||
| Password string `json:"password"` | |||
| } | |||
| func Login(w http.ResponseWriter, r *http.Request) { | |||
| var ( | |||
| creds Credentials | |||
| userData Models.User | |||
| sessionToken uuid.UUID | |||
| expiresAt time.Time | |||
| err error | |||
| ) | |||
| err = json.NewDecoder(r.Body).Decode(&creds) | |||
| if err != nil { | |||
| w.WriteHeader(http.StatusBadRequest) | |||
| return | |||
| } | |||
| userData, err = Database.GetUserByEmail(creds.Email) | |||
| if err != nil { | |||
| w.WriteHeader(http.StatusUnauthorized) | |||
| return | |||
| } | |||
| if !CheckPasswordHash(creds.Password, userData.Password) { | |||
| w.WriteHeader(http.StatusUnauthorized) | |||
| return | |||
| } | |||
| sessionToken, err = uuid.NewV4() | |||
| if err != nil { | |||
| w.WriteHeader(http.StatusInternalServerError) | |||
| return | |||
| } | |||
| expiresAt = time.Now().Add(1 * time.Hour) | |||
| Sessions[sessionToken.String()] = Session{ | |||
| Username: userData.Email, | |||
| Expiry: expiresAt, | |||
| } | |||
| http.SetCookie(w, &http.Cookie{ | |||
| Name: "session_token", | |||
| Value: sessionToken.String(), | |||
| Expires: expiresAt, | |||
| }) | |||
| w.WriteHeader(http.StatusOK) | |||
| } | |||
+ 111
- 0
Api/Auth/Login_test.go
View File
| @ -0,0 +1,111 @@ | |||
| package Auth | |||
| import ( | |||
| "fmt" | |||
| "math/rand" | |||
| "net/http" | |||
| "net/http/httptest" | |||
| "os" | |||
| "path" | |||
| "runtime" | |||
| "strings" | |||
| "testing" | |||
| "time" | |||
| "git.tovijaeschke.xyz/tovi/SuddenImpactRecords/Database" | |||
| "git.tovijaeschke.xyz/tovi/SuddenImpactRecords/Models" | |||
| "github.com/gorilla/mux" | |||
| ) | |||
| var ( | |||
| r *mux.Router | |||
| letterRunes = []rune("abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ") | |||
| ) | |||
| func init() { | |||
| // Fix working directory for tests | |||
| _, filename, _, _ := runtime.Caller(0) | |||
| dir := path.Join(path.Dir(filename), "..") | |||
| err := os.Chdir(dir) | |||
| if err != nil { | |||
| panic(err) | |||
| } | |||
| Database.InitTest() | |||
| r = mux.NewRouter() | |||
| } | |||
| func randString(n int) string { | |||
| b := make([]rune, n) | |||
| for i := range b { | |||
| b[i] = letterRunes[rand.Intn(len(letterRunes))] | |||
| } | |||
| return string(b) | |||
| } | |||
| func createTestUser(random bool) (Models.User, error) { | |||
| now := time.Now() | |||
| email := "email@email.com" | |||
| if random { | |||
| email = fmt.Sprintf("%s@email.com", randString(16)) | |||
| } | |||
| password, err := HashPassword("password") | |||
| if err != nil { | |||
| return Models.User{}, err | |||
| } | |||
| userData := Models.User{ | |||
| Email: email, | |||
| Password: password, | |||
| LastLogin: &now, | |||
| FirstName: "Hugh", | |||
| LastName: "Mann", | |||
| } | |||
| err = Database.CreateUser(&userData) | |||
| return userData, err | |||
| } | |||
| func Test_Login(t *testing.T) { | |||
| t.Log("Testing Login...") | |||
| r.HandleFunc("/admin/login", Login).Methods("POST") | |||
| ts := httptest.NewServer(r) | |||
| defer ts.Close() | |||
| userData, err := createTestUser(true) | |||
| if err != nil { | |||
| t.Errorf("Expected nil, recieved %s", err.Error()) | |||
| t.FailNow() | |||
| } | |||
| postJson := ` | |||
| { | |||
| "email": "%s", | |||
| "password": "password" | |||
| } | |||
| ` | |||
| postJson = fmt.Sprintf(postJson, userData.Email) | |||
| res, err := http.Post(ts.URL+"/admin/login", "application/json", strings.NewReader(postJson)) | |||
| if err != nil { | |||
| t.Errorf("Expected nil, recieved %s", err.Error()) | |||
| return | |||
| } | |||
| if res.StatusCode != http.StatusOK { | |||
| t.Errorf("Expected %d, recieved %d", http.StatusOK, res.StatusCode) | |||
| return | |||
| } | |||
| if len(res.Cookies()) != 1 { | |||
| t.Errorf("Expected cookies len 1, recieved %d", len(res.Cookies())) | |||
| return | |||
| } | |||
| } | |||
+ 34
- 0
Api/Auth/Logout.go
View File
| @ -0,0 +1,34 @@ | |||
| package Auth | |||
| import ( | |||
| "net/http" | |||
| "time" | |||
| ) | |||
| func Logout(w http.ResponseWriter, r *http.Request) { | |||
| var ( | |||
| c *http.Cookie | |||
| sessionToken string | |||
| err error | |||
| ) | |||
| c, err = r.Cookie("session_token") | |||
| if err != nil { | |||
| if err == http.ErrNoCookie { | |||
| w.WriteHeader(http.StatusUnauthorized) | |||
| return | |||
| } | |||
| w.WriteHeader(http.StatusBadRequest) | |||
| return | |||
| } | |||
| sessionToken = c.Value | |||
| delete(Sessions, sessionToken) | |||
| http.SetCookie(w, &http.Cookie{ | |||
| Name: "session_token", | |||
| Value: "", | |||
| Expires: time.Now(), | |||
| }) | |||
| } | |||
+ 51
- 0
Api/Auth/Session.go
View File
| @ -0,0 +1,51 @@ | |||
| package Auth | |||
| import ( | |||
| "errors" | |||
| "net/http" | |||
| "time" | |||
| ) | |||
| var ( | |||
| Sessions = map[string]Session{} | |||
| ) | |||
| type Session struct { | |||
| Username string | |||
| Expiry time.Time | |||
| } | |||
| func (s Session) IsExpired() bool { | |||
| return s.Expiry.Before(time.Now()) | |||
| } | |||
| func CheckCookie(r *http.Request) (Session, error) { | |||
| var ( | |||
| c *http.Cookie | |||
| sessionToken string | |||
| userSession Session | |||
| exists bool | |||
| err error | |||
| ) | |||
| c, err = r.Cookie("session_token") | |||
| if err != nil { | |||
| return userSession, err | |||
| } | |||
| sessionToken = c.Value | |||
| // We then get the session from our session map | |||
| userSession, exists = Sessions[sessionToken] | |||
| if !exists { | |||
| return userSession, errors.New("Cookie not found") | |||
| } | |||
| // If the session is present, but has expired, we can delete the session, and return | |||
| // an unauthorized status | |||
| if userSession.IsExpired() { | |||
| delete(Sessions, sessionToken) | |||
| return userSession, errors.New("Cookie expired") | |||
| } | |||
| return userSession, nil | |||
| } | |||