add users

backend/internal/users/password.go

@@ -0,0 +1,51 @@
+package users
+
+import (
+	"encoding/json"
+	"fmt"
+	"log"
+	"net/http"
+
+	"git.schreifuchs.ch/schreifuchs/ng-blog/backend/internal/auth"
+	"git.schreifuchs.ch/schreifuchs/ng-blog/backend/internal/model"
+	"golang.org/x/crypto/bcrypt"
+)
+
+func (s Service) ChangePassword(w http.ResponseWriter, r *http.Request) {
+	var err error
+	var req Password
+	user := model.NewUser()
+
+	if err = json.NewDecoder(r.Body).Decode(&req); err != nil {
+		w.WriteHeader(http.StatusUnauthorized)
+		return
+	}
+
+	if claims, ok := auth.ExtractClaims(r.Context()); !ok {
+		log.Println("Error: was not able to extract Claims")
+		w.WriteHeader(http.StatusInternalServerError)
+	} else {
+		user.ID = claims.UserID
+	}
+
+	if len([]byte(req.Password)) > 72 {
+		fmt.Fprint(w, "Password to long, max 72 bytes")
+		w.WriteHeader(http.StatusBadRequest)
+		return
+	}
+
+	if user.Password, err = bcrypt.GenerateFromPassword([]byte(req.Password), 6); err != nil {
+		log.Println("Error: ", err)
+		w.WriteHeader(http.StatusInternalServerError)
+		return
+	}
+	err = s.db.Model(&user).
+		Where("id = ?", user.ID).
+		Update("password", user.Password).
+		Error
+	if err != nil {
+		log.Printf("Error: %v", err)
+		w.WriteHeader(http.StatusInternalServerError)
+	}
+	w.WriteHeader(http.StatusOK)
+}

backend/internal/users/resource.go

@@ -0,0 +1,19 @@
+package users
+
+import (
+	"gorm.io/gorm"
+)
+
+type Service struct {
+	db *gorm.DB
+}
+
+func New(db *gorm.DB) *Service {
+	return &Service{
+		db: db,
+	}
+}
+
+type Password struct {
+	Password string `json:"password"`
+}

backend/internal/users/roles.go

@@ -0,0 +1,104 @@
+package users
+
+import (
+	"encoding/json"
+	"errors"
+	"fmt"
+	"log"
+	"net/http"
+
+	"git.schreifuchs.ch/schreifuchs/ng-blog/backend/internal/auth"
+	"git.schreifuchs.ch/schreifuchs/ng-blog/backend/internal/model"
+	"github.com/google/uuid"
+	"github.com/gorilla/mux"
+	"gorm.io/gorm"
+)
+
+func (s *Service) GetUsers(w http.ResponseWriter, r *http.Request) {
+	var users []model.User
+
+	err := s.db.Find(&users).Error
+	if err != nil {
+		log.Printf("Error while getting users: %v", err)
+		w.WriteHeader(http.StatusInternalServerError)
+	}
+
+	res, err := json.Marshal(&users)
+	if err != nil {
+		log.Printf("Error while marshaling users: %v", err)
+		w.WriteHeader(http.StatusInternalServerError)
+	}
+
+	w.Write(res)
+}
+
+func (s *Service) SetUserRole(w http.ResponseWriter, r *http.Request) {
+	var role model.Role
+	userUUIDstr, ok := mux.Vars(r)["userUUID"]
+	if !ok {
+		w.WriteHeader(http.StatusNotFound)
+		return
+	}
+	userUUID, err := uuid.Parse(userUUIDstr)
+	if err != nil {
+		w.WriteHeader(http.StatusNotFound)
+		return
+	}
+	if err := json.NewDecoder(r.Body).Decode(&role); err != nil {
+		fmt.Fprint(w, err.Error())
+		w.WriteHeader(http.StatusBadRequest)
+		return
+	}
+
+	err = s.db.Model(&model.User{}).
+		Where("uuid = ?", userUUID).
+		Update("role", role).
+		Error
+	if err != nil {
+		log.Printf("Error while update user role: %v", err)
+		w.WriteHeader(http.StatusInternalServerError)
+		return
+	}
+
+	w.WriteHeader(http.StatusNoContent)
+}
+
+func (s *Service) DeleteUser(w http.ResponseWriter, r *http.Request) {
+	claims, ok := auth.ExtractClaims(r.Context())
+	if !ok {
+		log.Println("Error while extracting claims")
+		w.WriteHeader(http.StatusInternalServerError)
+		return
+	}
+
+	userUUIDstr, ok := mux.Vars(r)["userUUID"]
+	if !ok {
+		w.WriteHeader(http.StatusNotFound)
+		return
+	}
+	userUUID, err := uuid.Parse(userUUIDstr)
+	if err != nil {
+		w.WriteHeader(http.StatusNotFound)
+		return
+	}
+
+	if claims.Role != model.RoleAdmin && userUUIDstr != claims.Subject {
+		w.WriteHeader(http.StatusForbidden)
+		return
+	}
+
+	if err = s.db.Where("uuid = ?", userUUID).Delete(&model.User{}).Error; err != nil {
+
+		if errors.Is(err, gorm.ErrCheckConstraintViolated) {
+			fmt.Fprint(w, "Username is already in use")
+			w.WriteHeader(http.StatusBadRequest)
+			return
+		}
+
+		log.Printf("Error: %v", err)
+		w.WriteHeader(http.StatusInternalServerError)
+		return
+	}
+
+	w.WriteHeader(http.StatusNoContent)
+}