paadi/memberApp
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

add new user and role table in app (in progress)
All checks were successful
Build Quasar SPA and Go Backend for memberApp / build-spa (push) Successful in 2m12s
Details
Build Quasar SPA and Go Backend for memberApp / build-backend (amd64, , linux) (push) Successful in 5m8s
Details
Build Quasar SPA and Go Backend for memberApp / build-backend (amd64, .exe, windows) (push) Successful in 5m8s
Details
Build Quasar SPA and Go Backend for memberApp / build-backend (arm, 6, , linux) (push) Successful in 4m57s
Details
Build Quasar SPA and Go Backend for memberApp / build-backend (arm64, , linux) (push) Successful in 5m7s
Details

Browse Source
This commit is contained in:
Adrian Zürcher
2025-10-14 16:41:20 +02:00
parent fdf56a4c0b
commit 690b7f4034
45 changed files with 1427 additions and 629 deletions
Download Patch File Download Diff File Expand all files Collapse all files

115
backend/user/login.go
View File

@@ -4,9 +4,7 @@ import (
"backend/dbRequest"
"backend/models"
"backend/utils"
"database/sql"
"encoding/json"
"fmt"
"io"
"net/http"
"time"
@@ -21,101 +19,11 @@ var DOMAIN = "localhost"
var ACCESS_TOKEN_TIME = 15 * time.Minute
var REFRESH_TOKEN_TIME = 72 * time.Hour
func (um *UserManager) AddUser(c *gin.Context) {
body, err := io.ReadAll(c.Request.Body)
if err != nil {
c.JSON(http.StatusBadRequest, models.NewJsonErrorResponse(err))
return
}
user := models.User{}
err = json.Unmarshal(body, &user)
if err != nil {
c.JSON(http.StatusBadRequest, models.NewJsonErrorResponse(err))
return
}
if !user.IsValid() {
c.JSON(http.StatusBadRequest, models.NewJsonErrorMessageResponse("user empty"))
return
}
db, err := sql.Open(um.dbType, um.dbFile)
if dbRequest.CheckDBError(c, user.Name, err) {
return
}
defer db.Close()
var exists bool
if err := db.QueryRow(dbRequest.DBUserLookup, user.Name).Scan(&exists); dbRequest.CheckDBError(c, user.Name, err) {
return
}
if exists {
c.JSON(http.StatusOK, models.NewJsonErrorMessageResponse(fmt.Sprintf("user '%s' exists already", user.Name)))
return
}
hash, err := utils.HashPassword(user.Password)
if err != nil {
c.JSON(http.StatusBadRequest, models.NewJsonErrorResponse(err))
return
}
if _, err := db.Exec(dbRequest.DBNewUser, user.Role, user.Name, hash, "{}"); dbRequest.CheckDBError(c, user.Name, err) {
return
}
c.JSON(http.StatusOK, gin.H{
"message": fmt.Sprintf("user '%s' successfully added", user.Name),
})
}
func (um *UserManager) RemoveUser(c *gin.Context) {
body, err := io.ReadAll(c.Request.Body)
if err != nil {
c.JSON(http.StatusBadRequest, models.NewJsonErrorResponse(err))
return
}
user := models.User{}
err = json.Unmarshal(body, &user)
if err != nil {
c.JSON(http.StatusBadRequest, models.NewJsonErrorResponse(err))
return
}
if !user.IsValid() {
c.JSON(http.StatusBadRequest, models.NewJsonErrorMessageResponse("user empty"))
return
}
db, err := sql.Open(um.dbType, um.dbFile)
if dbRequest.CheckDBError(c, user.Name, err) {
return
}
defer db.Close()
var storedPassword string
if err := db.QueryRow(dbRequest.DBQueryPassword, user.Name).Scan(&storedPassword, &user.Role); dbRequest.CheckDBError(c, user.Name, err) {
return
}
if !utils.CheckPassword(user.Password, storedPassword) {
c.JSON(http.StatusBadRequest, models.NewJsonErrorMessageResponse("wrong password"))
return
}
if _, err := db.Exec(dbRequest.DBRemoveUser, user.Name); dbRequest.CheckDBError(c, user.Name, err) {
return
}
c.JSON(http.StatusOK, gin.H{
"message": fmt.Sprintf("user '%s' successfully removed", user.Name),
})
}
func (um *UserManager) Login(c *gin.Context) {
if !um.databaseOpened(c) {
return
}
body, err := io.ReadAll(c.Request.Body)
if err != nil {
c.JSON(http.StatusBadRequest, models.NewJsonErrorResponse(err))
@@ -134,14 +42,8 @@ func (um *UserManager) Login(c *gin.Context) {
return
}
db, err := sql.Open(um.dbType, um.dbFile)
if dbRequest.CheckDBError(c, user.Name, err) {
return
}
defer db.Close()
var storedPassword, settingsJsonString string
if err := db.QueryRow(dbRequest.DBQueryPassword, user.Name).Scan(&user.Role, &storedPassword, &settingsJsonString); dbRequest.CheckDBError(c, user.Name, err) {
if err := um.database.QueryRow(dbRequest.DBQueryPassword, user.Name).Scan(&user.Id, &user.Role, &storedPassword, &settingsJsonString); dbRequest.CheckDBError(c, user.Name, err) {
return
}
@@ -162,6 +64,7 @@ func (um *UserManager) Login(c *gin.Context) {
// Create token
accessToken := jwt.NewWithClaims(jwt.SigningMethodHS256, jwt.MapClaims{
"id": user.Id,
"username": user.Name,
"role": user.Role,
"type": "access",
@@ -169,6 +72,7 @@ func (um *UserManager) Login(c *gin.Context) {
})
refreshToken := jwt.NewWithClaims(jwt.SigningMethodHS256, jwt.MapClaims{
"id": user.Id,
"username": user.Name,
"role": user.Role,
"type": "refresh",
@@ -194,9 +98,9 @@ func (um *UserManager) Login(c *gin.Context) {
c.SetCookie("refresh_token", refreshString, int(time.Until(refreshTokenExp).Seconds()),
"/", "", secure, true)
fmt.Println(22, user.Settings)
c.JSON(http.StatusOK, gin.H{
"message": "login successful",
"id": user.Id,
"user": user.Name,
"role": user.Role,
"settings": user.Settings,
@@ -225,11 +129,13 @@ func (um *UserManager) Refresh(c *gin.Context) {
}
username := claims["username"].(string)
id := claims["id"].(float64)
role := claims["role"].(string)
// new access token
accessExp := time.Now().Add(ACCESS_TOKEN_TIME)
newAccess := jwt.NewWithClaims(jwt.SigningMethodHS256, jwt.MapClaims{
"id": id,
"username": username,
"role": role,
"exp": accessExp.Unix(),
@@ -259,6 +165,7 @@ func (um *UserManager) Me(c *gin.Context) {
claims := token.Claims.(jwt.MapClaims)
c.JSON(http.StatusOK, gin.H{
"id": claims["id"],
"user": claims["username"],
"role": claims["role"],
})