update

.gitignore

@@ -1,6 +1,8 @@
 api\ tests.txt
 ccsecrets
 ccsecrets.*
+smt
+smt.*
 .env
 *.pem
 .DS_Store

middlewares/middlewares.go

@@ -14,6 +14,7 @@ func JwtAuthMiddleware() gin.HandlerFunc {
 	return func(c *gin.Context) {
 		err := token.TokenValid(c)
 		if err != nil {
+			log.Printf("JwtAuthMiddleware token is not valid : '%s'\n", err)
 			c.String(http.StatusUnauthorized, "Unauthorized")
 			c.Abort()
 			return
@@ -25,10 +26,9 @@ func JwtAuthMiddleware() gin.HandlerFunc {
 func JwtAuthAdminMiddleware() gin.HandlerFunc {
 	return func(c *gin.Context) {
 
-		// TODO - also verify user role of admin
-
 		err := token.TokenValid(c)
 		if err != nil {
+			log.Printf("JwtAuthAdminMiddleware token is not valid : '%s'\n", err)
 			c.String(http.StatusUnauthorized, "Unauthorized")
 			c.Abort()
 			return
@@ -38,6 +38,7 @@ func JwtAuthAdminMiddleware() gin.HandlerFunc {
 		user_id, err := token.ExtractTokenID(c)
 
 		if err != nil {
+			log.Printf("JwtAuthAdminMiddleware could not extract user ID from context : '%s'\n", err)
 			c.JSON(http.StatusBadRequest, gin.H{"error": err.Error()})
 			c.Abort()
 			return
@@ -52,6 +53,7 @@ func JwtAuthAdminMiddleware() gin.HandlerFunc {
 		}
 		log.Printf("JwtAuthAdminMiddleware retrieved UserRole object '%v'\n", ur)
 
+		// Verify that the user has a role with the admin flag set
 		if !ur.Admin {
 			c.String(http.StatusUnauthorized, "User role is Non-Admin")
 			c.Abort()

models/user.go

@@ -29,16 +29,21 @@ func (u *User) SaveUser() (*User, error) {
 	var err error
 
 	// TODO - validate username not already in use
-
+	_, err = GetUserByName(u.UserName)
-	result, err := db.NamedExec((`INSERT INTO users (RoleId, UserName, Password) VALUES (:RoleId, :UserName, :Password)`), u)
-
 	if err != nil {
-		log.Printf("SaveUser error executing sql record : '%s'\n", err)
+		log.Printf("SaveUser Username already exists : '%v'\n", err)
-		return &User{}, err
 	} else {
-		affected, _ := result.RowsAffected()
+		log.Printf("SaveUser confirmed no existing user, continuing with creation of user '%s'\n", u.UserName)
-		id, _ := result.LastInsertId()
+		result, err := db.NamedExec((`INSERT INTO users (RoleId, UserName, Password) VALUES (:RoleId, :UserName, :Password)`), u)
-		log.Printf("SaveUser insert returned result id '%d' affecting %d row(s).\n", id, affected)
+
+		if err != nil {
+			log.Printf("SaveUser error executing sql record : '%s'\n", err)
+			return &User{}, err
+		} else {
+			affected, _ := result.RowsAffected()
+			id, _ := result.LastInsertId()
+			log.Printf("SaveUser insert returned result id '%d' affecting %d row(s).\n", id, affected)
+		}
 	}
 
 	return u, nil

utils/token/token.go

@@ -24,6 +24,7 @@ func GenerateToken(user_id uint) (string, error) {
 	claims["authorized"] = true
 	claims["user_id"] = user_id
 	claims["exp"] = time.Now().Add(time.Hour * time.Duration(token_lifespan)).Unix()
+	// https://pkg.go.dev/github.com/golang-jwt/jwt/v5#New
 	token := jwt.NewWithClaims(jwt.SigningMethodHS256, claims)
 
 	return token.SignedString([]byte(os.Getenv("API_SECRET")))
@@ -36,8 +37,8 @@ func TokenValid(c *gin.Context) error {
 		if _, ok := token.Method.(*jwt.SigningMethodHMAC); !ok {
 			return nil, fmt.Errorf("unexpected signing method: %v", token.Header["alg"])
 		}
-		//return []byte(os.Getenv("API_SECRET")), nil
+		// This code says signature is invalid if we return an empty []byte but I don't know why
-		return []byte(""), nil
+		return []byte(os.Getenv("API_SECRET")), nil
 	})
 	if err != nil {
 		return err
@@ -64,9 +65,8 @@ func ExtractTokenID(c *gin.Context) (uint, error) {
 		if _, ok := token.Method.(*jwt.SigningMethodHMAC); !ok {
 			return nil, fmt.Errorf("unexpected signing method: %v", token.Header["alg"])
 		}
-		// Why return the secret??
+		// Why return the secret?? Code doesn't work if we don't return the secret
-		//return []byte(os.Getenv("API_SECRET")), nil
+		return []byte(os.Getenv("API_SECRET")), nil
-		return 0, nil
 	})
 	if err != nil {
 		return 0, err