From e127360ecfa235af40ad365e38b0c1ae8205dffb Mon Sep 17 00:00:00 2001 From: Zoe Roux Date: Sat, 4 May 2024 13:24:08 +0200 Subject: [PATCH 1/5] Create AddFeed dto, add validation and sqlx --- api/Dockerfile.dev | 2 +- api/cmd/feed.go | 21 --------------------- api/cmd/feeds.go | 40 ++++++++++++++++++++++++++++++++++++++++ api/cmd/main.go | 24 ++++++++++++++++++++---- api/feed.go | 12 ------------ api/feeds.go | 45 +++++++++++++++++++++++++++++++++++++++++++++ api/go.mod | 6 ++++++ api/go.sum | 20 ++++++++++++++++++++ sql/create.sql | 8 ++++---- 9 files changed, 136 insertions(+), 42 deletions(-) delete mode 100644 api/cmd/feed.go create mode 100644 api/cmd/feeds.go delete mode 100644 api/feed.go create mode 100644 api/feeds.go diff --git a/api/Dockerfile.dev b/api/Dockerfile.dev index f6324c7..91aaee2 100644 --- a/api/Dockerfile.dev +++ b/api/Dockerfile.dev @@ -3,4 +3,4 @@ RUN go install github.com/bokwoon95/wgo@latest WORKDIR /app EXPOSE 1597 -CMD wgo run . +CMD wgo run ./cmd diff --git a/api/cmd/feed.go b/api/cmd/feed.go deleted file mode 100644 index 6e4629f..0000000 --- a/api/cmd/feed.go +++ /dev/null @@ -1,21 +0,0 @@ -package main - -import ( - "github.com/labstack/echo/v4" - "github.com/zoriya/vex" -) - -func (h *Handler) AddFeed(c echo.Context) error { - var feed vex.Feed - err := c.Bind(&feed) - if err != nil { - return err - } - - ret := make([]interface{}, 0) - return c.JSON(201, ret) -} - -func (h *Handler) RegisterFeedsRoutes(e *echo.Echo) { - e.POST("/feed", h.AddFeed) -} diff --git a/api/cmd/feeds.go b/api/cmd/feeds.go new file mode 100644 index 0000000..2eabfa4 --- /dev/null +++ b/api/cmd/feeds.go @@ -0,0 +1,40 @@ +package main + +import ( + "log" + "net/http" + + "github.com/google/uuid" + "github.com/labstack/echo/v4" +) + + +type AddFeedDto struct { + Link string `json:"link" validate:"required,url"` + Tags []string `json:"tags" validate:"required"` +} + +func (h *Handler) AddFeed(c echo.Context) error { + user := uuid.New() + + var req AddFeedDto + err := c.Bind(&req) + if err != nil { + return echo.NewHTTPError(http.StatusBadRequest, err.Error()) + } + if err = c.Validate(&req); err != nil { + return err + } + log.Printf("%v", req) + + feed, err := h.feeds.AddFeed(req.Link, req.Tags, user) + if err != nil { + log.Printf("Add feed error: %v", err) + return echo.NewHTTPError(500, "internal server error") + } + return c.JSON(201, feed) +} + +func (h *Handler) RegisterFeedsRoutes(e *echo.Echo) { + e.POST("/feeds", h.AddFeed) +} diff --git a/api/cmd/main.go b/api/cmd/main.go index 178c65f..28d4b08 100644 --- a/api/cmd/main.go +++ b/api/cmd/main.go @@ -1,18 +1,21 @@ package main import ( - "database/sql" "fmt" "log" + "net/http" "os" + "github.com/go-playground/validator/v10" + "github.com/jmoiron/sqlx" "github.com/labstack/echo/v4" "github.com/labstack/echo/v4/middleware" _ "github.com/lib/pq" + "github.com/zoriya/vex" ) type Handler struct { - database *sql.DB + feeds vex.FeedService } func (h *Handler) GetEntries(c echo.Context) error { @@ -20,6 +23,18 @@ func (h *Handler) GetEntries(c echo.Context) error { return c.JSON(200, ret) } +type Validator struct { + validator *validator.Validate +} + +func (cv *Validator) Validate(i interface{}) error { + if err := cv.validator.Struct(i); err != nil { + // Optionally, you could return the error to give each route more control over the status code + return echo.NewHTTPError(http.StatusBadRequest, err.Error()) + } + return nil +} + func main() { con := fmt.Sprintf( "postgresql://%v:%v@%v:%v/%v?sslmode=disable", @@ -29,15 +44,16 @@ func main() { os.Getenv("POSTGRES_PORT"), os.Getenv("POSTGRES_DB"), ) - db, err := sql.Open("postgres", con) + db, err := sqlx.Open("postgres", con) if err != nil { log.Fatal(err) } h := Handler{ - database: db, + feeds: vex.NewFeedService(db), } e := echo.New() + e.Validator = &Validator{validator: validator.New()} e.Use(middleware.Logger()) e.GET("/entries", h.GetEntries) h.RegisterFeedsRoutes(e) diff --git a/api/feed.go b/api/feed.go deleted file mode 100644 index 7d577ca..0000000 --- a/api/feed.go +++ /dev/null @@ -1,12 +0,0 @@ -package vex - -import "github.com/google/uuid" - -type Feed struct { - Id uuid.UUID `json:"id"` - Name string `json:"name"` - Link string `json:"link"` - FaviconUrl string `json:"faviconUrl"` - Tags []string `json:"tags"` - SubmitterId uuid.UUID `json:"submitterId"` -} diff --git a/api/feeds.go b/api/feeds.go new file mode 100644 index 0000000..399acfa --- /dev/null +++ b/api/feeds.go @@ -0,0 +1,45 @@ +package vex + +import ( + "github.com/google/uuid" + "github.com/jmoiron/sqlx" + "github.com/lib/pq" +) + +type Feed struct { + Id uuid.UUID + Name string + Link string + FaviconUrl string `db:"favicon_url"` + Tags pq.StringArray + SubmitterId uuid.UUID `db:"submitter_id"` +} + +type FeedService struct { + database *sqlx.DB +} + +func NewFeedService(db *sqlx.DB) FeedService { + return FeedService{database: db} +} + +func (s FeedService) AddFeed(link string, tags []string, submitter uuid.UUID) (Feed, error) { + feed := Feed{ + Id: uuid.New(), + Name: link, + Link: link, + FaviconUrl: link, + Tags: tags, + SubmitterId: submitter, + } + + _, err := s.database.NamedExec( + `insert into feeds (id, name, link, favicon_url, tags, submitter_id) + values (:id, :name, :link, :favicon_url, :tags, :submitter_id)`, + feed, + ) + if err != nil { + return Feed{}, err + } + return feed, nil +} diff --git a/api/go.mod b/api/go.mod index e30be00..dc54d69 100644 --- a/api/go.mod +++ b/api/go.mod @@ -3,14 +3,20 @@ module github.com/zoriya/vex go 1.22.1 require ( + github.com/go-playground/validator/v10 v10.20.0 github.com/google/uuid v1.6.0 + github.com/jmoiron/sqlx v1.4.0 github.com/labstack/echo/v4 v4.12.0 github.com/lib/pq v1.10.9 ) require ( + github.com/gabriel-vasile/mimetype v1.4.3 // indirect + github.com/go-playground/locales v0.14.1 // indirect + github.com/go-playground/universal-translator v0.18.1 // indirect github.com/golang-jwt/jwt v3.2.2+incompatible // indirect github.com/labstack/gommon v0.4.2 // indirect + github.com/leodido/go-urn v1.4.0 // indirect github.com/mattn/go-colorable v0.1.13 // indirect github.com/mattn/go-isatty v0.0.20 // indirect github.com/valyala/bytebufferpool v1.0.0 // indirect diff --git a/api/go.sum b/api/go.sum index 38a485b..b564c85 100644 --- a/api/go.sum +++ b/api/go.sum @@ -1,13 +1,31 @@ +filippo.io/edwards25519 v1.1.0 h1:FNf4tywRC1HmFuKW5xopWpigGjJKiJSV0Cqo0cJWDaA= +filippo.io/edwards25519 v1.1.0/go.mod h1:BxyFTGdWcka3PhytdK4V28tE5sGfRvvvRV7EaN4VDT4= github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= +github.com/gabriel-vasile/mimetype v1.4.3 h1:in2uUcidCuFcDKtdcBxlR0rJ1+fsokWf+uqxgUFjbI0= +github.com/gabriel-vasile/mimetype v1.4.3/go.mod h1:d8uq/6HKRL6CGdk+aubisF/M5GcPfT7nKyLpA0lbSSk= +github.com/go-playground/assert/v2 v2.2.0 h1:JvknZsQTYeFEAhQwI4qEt9cyV5ONwRHC+lYKSsYSR8s= +github.com/go-playground/assert/v2 v2.2.0/go.mod h1:VDjEfimB/XKnb+ZQfWdccd7VUvScMdVu0Titje2rxJ4= +github.com/go-playground/locales v0.14.1 h1:EWaQ/wswjilfKLTECiXz7Rh+3BjFhfDFKv/oXslEjJA= +github.com/go-playground/locales v0.14.1/go.mod h1:hxrqLVvrK65+Rwrd5Fc6F2O76J/NuW9t0sjnWqG1slY= +github.com/go-playground/universal-translator v0.18.1 h1:Bcnm0ZwsGyWbCzImXv+pAJnYK9S473LQFuzCbDbfSFY= +github.com/go-playground/universal-translator v0.18.1/go.mod h1:xekY+UJKNuX9WP91TpwSH2VMlDf28Uj24BCp08ZFTUY= +github.com/go-playground/validator/v10 v10.20.0 h1:K9ISHbSaI0lyB2eWMPJo+kOS/FBExVwjEviJTixqxL8= +github.com/go-playground/validator/v10 v10.20.0/go.mod h1:dbuPbCMFw/DrkbEynArYaCwl3amGuJotoKCe95atGMM= +github.com/go-sql-driver/mysql v1.8.1 h1:LedoTUt/eveggdHS9qUFC1EFSa8bU2+1pZjSRpvNJ1Y= +github.com/go-sql-driver/mysql v1.8.1/go.mod h1:wEBSXgmK//2ZFJyE+qWnIsVGmvmEKlqwuVSjsCm7DZg= github.com/golang-jwt/jwt v3.2.2+incompatible h1:IfV12K8xAKAnZqdXVzCZ+TOjboZ2keLg81eXfW3O+oY= github.com/golang-jwt/jwt v3.2.2+incompatible/go.mod h1:8pz2t5EyA70fFQQSrl6XZXzqecmYZeUEB8OUGHkxJ+I= github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0= github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= +github.com/jmoiron/sqlx v1.4.0 h1:1PLqN7S1UYp5t4SrVVnt4nUVNemrDAtxlulVe+Qgm3o= +github.com/jmoiron/sqlx v1.4.0/go.mod h1:ZrZ7UsYB/weZdl2Bxg6jCRO9c3YHl8r3ahlKmRT4JLY= github.com/labstack/echo/v4 v4.12.0 h1:IKpw49IMryVB2p1a4dzwlhP1O2Tf2E0Ir/450lH+kI0= github.com/labstack/echo/v4 v4.12.0/go.mod h1:UP9Cr2DJXbOK3Kr9ONYzNowSh7HP0aG0ShAyycHSJvM= github.com/labstack/gommon v0.4.2 h1:F8qTUNXgG1+6WQmqoUWnz8WiEU60mXVVw0P4ht1WRA0= github.com/labstack/gommon v0.4.2/go.mod h1:QlUFxVM+SNXhDL/Z7YhocGIBYOiwB0mXm1+1bAPHPyU= +github.com/leodido/go-urn v1.4.0 h1:WT9HwE9SGECu3lg4d/dIA+jxlljEa1/ffXKmRjqdmIQ= +github.com/leodido/go-urn v1.4.0/go.mod h1:bvxc+MVxLKB4z00jd1z+Dvzr47oO32F/QSNjSBOlFxI= github.com/lib/pq v1.10.9 h1:YXG7RB+JIjhP29X+OtkiDnYaXQwpS4JEWq7dtCCRUEw= github.com/lib/pq v1.10.9/go.mod h1:AlVN5x4E4T544tWzH6hKfbfQvm3HdbOxrmggDNAPY9o= github.com/mattn/go-colorable v0.1.13 h1:fFA4WZxdEF4tXPZVKMLwD8oUnCTTo08duU7wxecdEvA= @@ -15,6 +33,8 @@ github.com/mattn/go-colorable v0.1.13/go.mod h1:7S9/ev0klgBDR4GtXTXX8a3vIGJpMovk github.com/mattn/go-isatty v0.0.16/go.mod h1:kYGgaQfpe5nmfYZH+SKPsOc2e4SrIfOl2e/yFXSvRLM= github.com/mattn/go-isatty v0.0.20 h1:xfD0iDuEKnDkl03q4limB+vH+GxLEtL/jb4xVJSWWEY= github.com/mattn/go-isatty v0.0.20/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y= +github.com/mattn/go-sqlite3 v1.14.22 h1:2gZY6PC6kBnID23Tichd1K+Z0oS6nE/XwU+Vz/5o4kU= +github.com/mattn/go-sqlite3 v1.14.22/go.mod h1:Uh1q+B4BYcTPb+yiD3kU8Ct7aC0hY9fxUwlHK0RXw+Y= github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= github.com/stretchr/testify v1.8.4 h1:CcVxjf3Q8PM0mHUKJCdn+eZZtm5yQwehR5yeSVQQcUk= diff --git a/sql/create.sql b/sql/create.sql index 2639a83..eb16519 100644 --- a/sql/create.sql +++ b/sql/create.sql @@ -2,13 +2,13 @@ create table if not exists users( id uuid not null primary key, name text not null, password varchar(100) not null, - email text not null + email text not null unique ); create table if not exists feeds( id uuid not null primary key, name text not null, - link text not null, + link text not null unique, favicon_url text not null, tags text[] not null, submitter_id uuid not null references users(id) @@ -16,7 +16,7 @@ create table if not exists feeds( create table if not exists entries( id uuid not null primary key, - feed_id uuid not null references feed(id), + feed_id uuid not null references feeds(id), title text not null, link text not null, date timestamp with time zone not null, @@ -31,6 +31,6 @@ create table if not exists entries_users( is_bookmarked bool not null, is_read_later bool not null, is_ignored bool not null, - constraint entries_users_pk primary keys(user_id, feed_id) + constraint entries_users_pk primary key(user_id, feed_id) ); From d281c81dfa3666e55bc3ed0dbe9fa229c2058d1d Mon Sep 17 00:00:00 2001 From: Zoe Roux Date: Sat, 4 May 2024 16:37:19 +0200 Subject: [PATCH 2/5] Add users services and jwt --- .env.example | 2 + api/cmd/feeds.go | 5 +-- api/cmd/main.go | 18 ++++++-- api/cmd/users.go | 106 +++++++++++++++++++++++++++++++++++++++++++++++ api/go.mod | 6 ++- api/go.sum | 4 ++ api/users.go | 66 +++++++++++++++++++++++++++++ 7 files changed, 199 insertions(+), 8 deletions(-) create mode 100644 api/cmd/users.go create mode 100644 api/users.go diff --git a/.env.example b/.env.example index f14e063..ec019d8 100644 --- a/.env.example +++ b/.env.example @@ -1,6 +1,8 @@ # vi: ft=sh # shellcheck disable=SC2034 +JWT_SECRET=secret + # Database things POSTGRES_USER=vex POSTGRES_PASSWORD=pass diff --git a/api/cmd/feeds.go b/api/cmd/feeds.go index 2eabfa4..c42ba56 100644 --- a/api/cmd/feeds.go +++ b/api/cmd/feeds.go @@ -25,7 +25,6 @@ func (h *Handler) AddFeed(c echo.Context) error { if err = c.Validate(&req); err != nil { return err } - log.Printf("%v", req) feed, err := h.feeds.AddFeed(req.Link, req.Tags, user) if err != nil { @@ -35,6 +34,6 @@ func (h *Handler) AddFeed(c echo.Context) error { return c.JSON(201, feed) } -func (h *Handler) RegisterFeedsRoutes(e *echo.Echo) { - e.POST("/feeds", h.AddFeed) +func (h *Handler) RegisterFeedsRoutes(echo *echo.Echo, restricted *echo.Group) { + restricted.POST("/feeds", h.AddFeed) } diff --git a/api/cmd/main.go b/api/cmd/main.go index 28d4b08..7d21b29 100644 --- a/api/cmd/main.go +++ b/api/cmd/main.go @@ -8,6 +8,7 @@ import ( "github.com/go-playground/validator/v10" "github.com/jmoiron/sqlx" + "github.com/labstack/echo-jwt/v4" "github.com/labstack/echo/v4" "github.com/labstack/echo/v4/middleware" _ "github.com/lib/pq" @@ -15,7 +16,9 @@ import ( ) type Handler struct { - feeds vex.FeedService + feeds vex.FeedService + users vex.UserService + jwtSecret []byte } func (h *Handler) GetEntries(c echo.Context) error { @@ -49,14 +52,23 @@ func main() { log.Fatal(err) } h := Handler{ - feeds: vex.NewFeedService(db), + feeds: vex.NewFeedService(db), + users: vex.NewUserService(db), + jwtSecret: []byte(os.Getenv("JWT_SECRET")), } e := echo.New() e.Validator = &Validator{validator: validator.New()} e.Use(middleware.Logger()) + + r := e.Group("") + e.Use(echojwt.WithConfig(echojwt.Config{ + SigningKey: h.jwtSecret, + })) + e.GET("/entries", h.GetEntries) - h.RegisterFeedsRoutes(e) + h.RegisterLoginRoutes(e, r) + h.RegisterFeedsRoutes(e, r) e.Start(":1597") } diff --git a/api/cmd/users.go b/api/cmd/users.go new file mode 100644 index 0000000..253bd25 --- /dev/null +++ b/api/cmd/users.go @@ -0,0 +1,106 @@ +package main + +import ( + "net/http" + + "github.com/golang-jwt/jwt" + "github.com/google/uuid" + "github.com/labstack/echo/v4" + "github.com/zoriya/vex" +) + +type LoginDto struct { + Email string `json:"email" validate:"required"` + Password string `json:"password" validate:"required"` +} + +type RegisterDto struct { + Name string `json:"name" validate:"required"` + Email string `json:"email" validate:"required"` + Password string `json:"password" validate:"required,max(60)"` +} + +func (h *Handler) Login(c echo.Context) error { + var req LoginDto + err := c.Bind(&req) + if err != nil { + return echo.NewHTTPError(http.StatusBadRequest, err.Error()) + } + if err = c.Validate(&req); err != nil { + return err + } + + user := h.users.GetByEmail(req.Email) + if user == nil { + return echo.NewHTTPError(403, "Invalid email") + } + if !h.users.CheckPassword(req.Password, user.Password) { + return echo.NewHTTPError(403, "Invalid password") + } + return h.CreateToken(c, user) +} + +func (h *Handler) CreateToken(c echo.Context, user *vex.User) error { + claims := &jwt.StandardClaims{ + Subject: user.Id.String(), + } + token := jwt.NewWithClaims(jwt.SigningMethodHS256, claims) + t, err := token.SignedString(h.jwtSecret) + if err != nil { + return err + } + return c.JSON(http.StatusOK, echo.Map{ + "token": t, + }) +} + +func (h *Handler) Register(c echo.Context) error { + var req RegisterDto + err := c.Bind(&req) + if err != nil { + return echo.NewHTTPError(http.StatusBadRequest, err.Error()) + } + if err = c.Validate(&req); err != nil { + return err + } + + user, err := h.users.Create(req.Name, req.Email, req.Password) + if err != nil { + return err + } + return h.CreateToken(c, &user) +} + +func (h *Handler) GetMe(c echo.Context) error { + id, err := GetCurrentUserId(c) + if err != nil { + return err + } + user := h.users.GetById(id) + if user == nil { + return echo.NewHTTPError(500, "Internal server error") + } + return c.JSON(200, user) +} + +func GetCurrentUserId(c echo.Context) (uuid.UUID, error) { + user := c.Get("user").(*jwt.Token) + if user == nil { + return uuid.UUID{}, echo.NewHTTPError(401, "Unauthorized") + } + claims := user.Claims.(*jwt.StandardClaims) + if claims == nil { + return uuid.UUID{}, echo.NewHTTPError(403, "Missing claims") + } + ret, err := uuid.Parse(claims.Subject) + if err != nil { + return uuid.UUID{}, echo.NewHTTPError(403, "Invalid id") + } + return ret, nil +} + +func (h *Handler) RegisterLoginRoutes(e *echo.Echo, r *echo.Group) { + e.POST("/login", h.Login) + e.POST("/register", h.Register) + r.GET("/register", h.GetMe) +} diff --git a/api/go.mod b/api/go.mod index dc54d69..b144c98 100644 --- a/api/go.mod +++ b/api/go.mod @@ -4,24 +4,26 @@ go 1.22.1 require ( github.com/go-playground/validator/v10 v10.20.0 + github.com/golang-jwt/jwt v3.2.2+incompatible github.com/google/uuid v1.6.0 github.com/jmoiron/sqlx v1.4.0 + github.com/labstack/echo-jwt/v4 v4.2.0 github.com/labstack/echo/v4 v4.12.0 github.com/lib/pq v1.10.9 + golang.org/x/crypto v0.22.0 ) require ( github.com/gabriel-vasile/mimetype v1.4.3 // indirect github.com/go-playground/locales v0.14.1 // indirect github.com/go-playground/universal-translator v0.18.1 // indirect - github.com/golang-jwt/jwt v3.2.2+incompatible // indirect + github.com/golang-jwt/jwt/v5 v5.0.0 // indirect github.com/labstack/gommon v0.4.2 // indirect github.com/leodido/go-urn v1.4.0 // indirect github.com/mattn/go-colorable v0.1.13 // indirect github.com/mattn/go-isatty v0.0.20 // indirect github.com/valyala/bytebufferpool v1.0.0 // indirect github.com/valyala/fasttemplate v1.2.2 // indirect - golang.org/x/crypto v0.22.0 // indirect golang.org/x/net v0.24.0 // indirect golang.org/x/sys v0.19.0 // indirect golang.org/x/text v0.14.0 // indirect diff --git a/api/go.sum b/api/go.sum index b564c85..27884ac 100644 --- a/api/go.sum +++ b/api/go.sum @@ -16,10 +16,14 @@ github.com/go-sql-driver/mysql v1.8.1 h1:LedoTUt/eveggdHS9qUFC1EFSa8bU2+1pZjSRpv github.com/go-sql-driver/mysql v1.8.1/go.mod h1:wEBSXgmK//2ZFJyE+qWnIsVGmvmEKlqwuVSjsCm7DZg= github.com/golang-jwt/jwt v3.2.2+incompatible h1:IfV12K8xAKAnZqdXVzCZ+TOjboZ2keLg81eXfW3O+oY= github.com/golang-jwt/jwt v3.2.2+incompatible/go.mod h1:8pz2t5EyA70fFQQSrl6XZXzqecmYZeUEB8OUGHkxJ+I= +github.com/golang-jwt/jwt/v5 v5.0.0 h1:1n1XNM9hk7O9mnQoNBGolZvzebBQ7p93ULHRc28XJUE= +github.com/golang-jwt/jwt/v5 v5.0.0/go.mod h1:pqrtFR0X4osieyHYxtmOUWsAWrfe1Q5UVIyoH402zdk= github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0= github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= github.com/jmoiron/sqlx v1.4.0 h1:1PLqN7S1UYp5t4SrVVnt4nUVNemrDAtxlulVe+Qgm3o= github.com/jmoiron/sqlx v1.4.0/go.mod h1:ZrZ7UsYB/weZdl2Bxg6jCRO9c3YHl8r3ahlKmRT4JLY= +github.com/labstack/echo-jwt/v4 v4.2.0 h1:odSISV9JgcSCuhgQSV/6Io3i7nUmfM/QkBeR5GVJj5c= +github.com/labstack/echo-jwt/v4 v4.2.0/go.mod h1:MA2RqdXdEn4/uEglx0HcUOgQSyBaTh5JcaHIan3biwU= github.com/labstack/echo/v4 v4.12.0 h1:IKpw49IMryVB2p1a4dzwlhP1O2Tf2E0Ir/450lH+kI0= github.com/labstack/echo/v4 v4.12.0/go.mod h1:UP9Cr2DJXbOK3Kr9ONYzNowSh7HP0aG0ShAyycHSJvM= github.com/labstack/gommon v0.4.2 h1:F8qTUNXgG1+6WQmqoUWnz8WiEU60mXVVw0P4ht1WRA0= diff --git a/api/users.go b/api/users.go new file mode 100644 index 0000000..9092ace --- /dev/null +++ b/api/users.go @@ -0,0 +1,66 @@ +package vex + +import ( + "github.com/google/uuid" + "github.com/jmoiron/sqlx" + "golang.org/x/crypto/bcrypt" +) + +type User struct { + Id uuid.UUID + Name string + Email string + Password []byte +} + +type UserService struct { + database *sqlx.DB +} + +func NewUserService(db *sqlx.DB) UserService { + return UserService{database: db} +} + +func (s UserService) GetById(id uuid.UUID) *User { + var user User + err := s.database.Get(&user, "select u.* from users as u where u.id = $1", id) + if err != nil { + return nil + } + return &user +} + +func (s UserService) GetByEmail(email string) *User { + var user User + err := s.database.Get(&user, "select u.* from users as u where u.email = $1", email) + if err != nil { + return nil + } + return &user +} + +func (s UserService) CheckPassword(password string, reference []byte) bool { + return bcrypt.CompareHashAndPassword(reference, []byte(password)) == nil +} + +func (s UserService) Create(name string, email string, password string) (User, error) { + pass, err := bcrypt.GenerateFromPassword([]byte(password), bcrypt.DefaultCost) + if err != nil { + return User{}, err + } + user := User{ + Id: uuid.New(), + Name: name, + Email: email, + Password: pass, + } + _, err = s.database.NamedExec( + `insert into users (id, name, email, password) + values (:id, :name, :email, :password)`, + user, + ) + if err != nil { + return User{}, err + } + return user, nil +} From d3752a0147b395feab218a0c21baa48c9caa7142 Mon Sep 17 00:00:00 2001 From: Zoe Roux Date: Sat, 4 May 2024 17:13:34 +0200 Subject: [PATCH 3/5] Fix /me --- api/cmd/main.go | 2 +- api/cmd/users.go | 28 +++++++++++++++++++--------- 2 files changed, 20 insertions(+), 10 deletions(-) diff --git a/api/cmd/main.go b/api/cmd/main.go index 7d21b29..9556946 100644 --- a/api/cmd/main.go +++ b/api/cmd/main.go @@ -62,7 +62,7 @@ func main() { e.Use(middleware.Logger()) r := e.Group("") - e.Use(echojwt.WithConfig(echojwt.Config{ + r.Use(echojwt.WithConfig(echojwt.Config{ SigningKey: h.jwtSecret, })) diff --git a/api/cmd/users.go b/api/cmd/users.go index 253bd25..d074a69 100644 --- a/api/cmd/users.go +++ b/api/cmd/users.go @@ -3,7 +3,7 @@ package main import ( "net/http" - "github.com/golang-jwt/jwt" + "github.com/golang-jwt/jwt/v5" "github.com/google/uuid" "github.com/labstack/echo/v4" "github.com/zoriya/vex" @@ -17,7 +17,13 @@ type LoginDto struct { type RegisterDto struct { Name string `json:"name" validate:"required"` Email string `json:"email" validate:"required"` - Password string `json:"password" validate:"required,max(60)"` + Password string `json:"password" validate:"required"` +} + +type UserDto struct { + Id uuid.UUID `json:"id"` + Name string `json:"name"` + Email string `json:"email"` } func (h *Handler) Login(c echo.Context) error { @@ -41,7 +47,7 @@ func (h *Handler) Login(c echo.Context) error { } func (h *Handler) CreateToken(c echo.Context, user *vex.User) error { - claims := &jwt.StandardClaims{ + claims := &jwt.RegisteredClaims{ Subject: user.Id.String(), } token := jwt.NewWithClaims(jwt.SigningMethodHS256, claims) @@ -80,7 +86,11 @@ func (h *Handler) GetMe(c echo.Context) error { if user == nil { return echo.NewHTTPError(500, "Internal server error") } - return c.JSON(200, user) + return c.JSON(200, UserDto{ + Id: user.Id, + Name: user.Name, + Email: user.Email, + }) } func GetCurrentUserId(c echo.Context) (uuid.UUID, error) { @@ -88,11 +98,11 @@ func GetCurrentUserId(c echo.Context) (uuid.UUID, error) { if user == nil { return uuid.UUID{}, echo.NewHTTPError(401, "Unauthorized") } - claims := user.Claims.(*jwt.StandardClaims) - if claims == nil { - return uuid.UUID{}, echo.NewHTTPError(403, "Missing claims") + sub, err := user.Claims.GetSubject() + if err != nil { + return uuid.UUID{}, echo.NewHTTPError(403, "Could not retrive subject") } - ret, err := uuid.Parse(claims.Subject) + ret, err := uuid.Parse(sub) if err != nil { return uuid.UUID{}, echo.NewHTTPError(403, "Invalid id") } @@ -102,5 +112,5 @@ func GetCurrentUserId(c echo.Context) (uuid.UUID, error) { func (h *Handler) RegisterLoginRoutes(e *echo.Echo, r *echo.Group) { e.POST("/login", h.Login) e.POST("/register", h.Register) - r.GET("/register", h.GetMe) + r.GET("/me", h.GetMe) } From bb5a86ab4fc98b778d5852a874ec5b97513004e8 Mon Sep 17 00:00:00 2001 From: Zoe Roux Date: Sat, 4 May 2024 17:15:12 +0200 Subject: [PATCH 4/5] Proper email duplication handling --- api/cmd/users.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/api/cmd/users.go b/api/cmd/users.go index d074a69..e1a786a 100644 --- a/api/cmd/users.go +++ b/api/cmd/users.go @@ -72,7 +72,7 @@ func (h *Handler) Register(c echo.Context) error { user, err := h.users.Create(req.Name, req.Email, req.Password) if err != nil { - return err + return echo.NewHTTPError(409,"Email already taken") } return h.CreateToken(c, &user) } From 4f1a4c41e5903d1bf297992e4b8d2c223edb21ce Mon Sep 17 00:00:00 2001 From: Zoe Roux Date: Sat, 4 May 2024 17:19:10 +0200 Subject: [PATCH 5/5] Use current user in add feed route --- api/cmd/feeds.go | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/api/cmd/feeds.go b/api/cmd/feeds.go index c42ba56..d107587 100644 --- a/api/cmd/feeds.go +++ b/api/cmd/feeds.go @@ -4,21 +4,22 @@ import ( "log" "net/http" - "github.com/google/uuid" "github.com/labstack/echo/v4" ) - type AddFeedDto struct { Link string `json:"link" validate:"required,url"` Tags []string `json:"tags" validate:"required"` } func (h *Handler) AddFeed(c echo.Context) error { - user := uuid.New() + user, err := GetCurrentUserId(c) + if err != nil { + return err + } var req AddFeedDto - err := c.Bind(&req) + err = c.Bind(&req) if err != nil { return echo.NewHTTPError(http.StatusBadRequest, err.Error()) } @@ -34,6 +35,6 @@ func (h *Handler) AddFeed(c echo.Context) error { return c.JSON(201, feed) } -func (h *Handler) RegisterFeedsRoutes(echo *echo.Echo, restricted *echo.Group) { - restricted.POST("/feeds", h.AddFeed) +func (h *Handler) RegisterFeedsRoutes(echo *echo.Echo, r *echo.Group) { + r.POST("/feeds", h.AddFeed) }