add users

backend/internal/auth/controller.go

@@ -2,38 +2,115 @@ package auth
 
 import (
 	"encoding/json"
+	"errors"
+	"fmt"
+	"log"
 	"net/http"
+	"slices"
+
+	"golang.org/x/crypto/bcrypt"
+	"gorm.io/gorm"
 
 	"git.schreifuchs.ch/schreifuchs/ng-blog/backend/internal/model"
 )
 
-func (s *Service) Login(w http.ResponseWriter, r *http.Request) {
-	login := model.Login{}
-	if err := json.NewDecoder(r.Body).Decode(&login); err != nil {
+func (s *Service) Signup(w http.ResponseWriter, r *http.Request) {
+	var err error
+	var login Login
+	user := model.NewUser()
+
+	if err = json.NewDecoder(r.Body).Decode(&login); err != nil {
 		w.WriteHeader(http.StatusUnauthorized)
 		return
 	}
 
-	if login.Name == s.cfg.AdminName && login.Password == s.cfg.AdminPassword {
-		token, err := createJWT([]byte(s.cfg.Secret))
-		if err != nil {
-			w.WriteHeader(http.StatusUnauthorized)
+	if len([]byte(login.Password)) > 72 {
+		fmt.Fprint(w, "Password to long, max 72 bytes")
+		w.WriteHeader(http.StatusBadRequest)
+		return
+	}
+	if user.Password, err = bcrypt.GenerateFromPassword([]byte(login.Password), 6); err != nil {
+		log.Println("Error: ", err)
+		w.WriteHeader(http.StatusInternalServerError)
+		return
+	}
+	user.Name = login.Name
+	user.Role = s.cfg.DefaultRole
+
+	err = s.db.Save(&user).Error
+	if err != nil {
+		if errors.Is(err, gorm.ErrCheckConstraintViolated) {
+			fmt.Fprint(w, "Username is already in use")
+			w.WriteHeader(http.StatusBadRequest)
 			return
 		}
 
-		err = json.NewEncoder(w).Encode(&model.LoginResponse{
-			Token: token,
-		})
-		if err != nil {
-			w.WriteHeader(http.StatusUnauthorized)
-			return
-		}
-		w.WriteHeader(http.StatusOK)
-		return
+		log.Printf("Error: %v", err)
+		w.WriteHeader(http.StatusInternalServerError)
 	}
 }
 
-func (s *Service) Authenticated(next http.HandlerFunc) http.Handler {
+func (s *Service) Login(w http.ResponseWriter, r *http.Request) {
+	var login Login
+	var user model.User
+
+	if err := json.NewDecoder(r.Body).Decode(&login); err != nil {
+		w.WriteHeader(http.StatusBadRequest)
+		return
+	}
+
+	if err := s.db.First(&user).Error; err != nil {
+		fmt.Fprint(w, "user not found")
+		w.WriteHeader(http.StatusBadRequest)
+	}
+	if err := bcrypt.CompareHashAndPassword(user.Password, []byte(login.Password)); err != nil {
+		fmt.Fprint(w, "Invalid Password")
+		w.WriteHeader(http.StatusBadRequest)
+	}
+
+	token, err := s.createJWT(&user)
+	if err != nil {
+		w.WriteHeader(http.StatusBadRequest)
+		return
+	}
+
+	res, err := json.Marshal(&LoginResponse{
+		Token: token,
+	})
+	if err != nil {
+		log.Println("Error: ", err)
+		w.WriteHeader(http.StatusInternalServerError)
+		return
+	}
+
+	w.Write(res)
+}
+
+func (s *Service) Logout(w http.ResponseWriter, r *http.Request) {
+	token, err := extractToken(r)
+	if err != nil {
+		log.Printf("Error while extracting token: %s", err.Error())
+		w.WriteHeader(http.StatusInternalServerError)
+		return
+	}
+
+	claims, err := s.validateJWT(token)
+	if err != nil {
+		fmt.Fprint(w, "Invalid token")
+		w.WriteHeader(http.StatusBadRequest)
+		return
+	}
+
+	if err = s.db.Save(&model.InvalidJWT{JWT: token, ValidUntil: claims.ExpiresAt.Time}).Error; err != nil {
+		log.Printf("Error while saving logout token: %v", err)
+		w.WriteHeader(http.StatusInternalServerError)
+		return
+	}
+
+	w.WriteHeader(http.StatusNoContent)
+}
+
+func (s *Service) Authenticated(next http.HandlerFunc, roles ...model.Role) http.Handler {
 	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
 		// Our middleware logic goes here...
 		token, err := extractToken(r)
@@ -42,12 +119,18 @@ func (s *Service) Authenticated(next http.HandlerFunc) http.Handler {
 			return
 		}
 
-		err = validateJWT(token, []byte(s.cfg.Secret))
+		claims, err := s.validateJWT(token)
 		if err != nil {
 			w.WriteHeader(http.StatusUnauthorized)
 			return
 		}
 
+		// if roles specified check if satisfied
+		if len(roles) > 0 && !slices.Contains(roles, claims.Role) {
+			w.WriteHeader(http.StatusForbidden)
+			return
+		}
+		r = writeToContext(r, &claims)
 		next(w, r)
 	})
 }