nathan/smt
1
0
Fork 0
Code Issues 4 Pull Requests Packages Projects Releases 2 Wiki Activity
Files
45ceae73c4a673078a0a44bb3a9b2f28f7b45e50
smt/controllers/auth.go
Nathan Coad 45ceae73c4
All checks were successful
continuous-integration/drone/push Build is passing
Details
fix logging of password on Login
2023-04-04 12:20:48 +10:00

156 lines
3.6 KiB
Go
Raw Blame History

package controllers
import (
"errors"
"html"
"log"
"net/http"
"strings"
"ccsecrets/models"
"ccsecrets/utils/token"
"github.com/gin-gonic/gin"
"golang.org/x/crypto/bcrypt"
)
type RegisterInput struct {
Username string `json:"username" binding:"required"`
Password string `json:"password" binding:"required"`
RoleId int `json:"roleid"`
}
type LoginInput struct {
Username string `json:"username" binding:"required"`
Password string `json:"password" binding:"required"`
}
func Register(c *gin.Context) {
var input RegisterInput
if err := c.ShouldBindJSON(&input); err != nil {
c.JSON(http.StatusBadRequest, gin.H{"error": err.Error()})
return
}
u := models.User{}
//u.RoleId = 1
u.UserName = input.Username
u.Password = input.Password
// Default to regular user role if not specified
if input.RoleId == 0 {
log.Printf("Register no role specified, defaulting to RoleId of 2.\n")
u.RoleId = 2
} else {
u.RoleId = input.RoleId
}
//remove spaces in username
u.UserName = html.EscapeString(strings.TrimSpace(u.UserName))
// Check if user already exists
testUser, _ := models.GetUserByName(u.UserName)
log.Printf("Register checking if user '%s' already exists\n", u.UserName)
if (models.User{} == testUser) {
log.Printf("Register confirmed no existing username\n")
} else {
err := errors.New("attempt to register conflicting username '" + u.UserName + "'")
log.Printf("Register error : '%s'\n", err)
c.JSON(http.StatusBadRequest, gin.H{"error": err.Error()})
return
}
//turn password into hash
hashedPassword, err := bcrypt.GenerateFromPassword([]byte(u.Password), bcrypt.DefaultCost)
if err != nil {
c.JSON(http.StatusBadRequest, gin.H{"Error hashing password": err.Error()})
return
} else {
//log.Printf("Register generated hashed password value '%s' from '%s'\n", string(hashedPassword), input.Password)
log.Printf("Register generated hashed password value '%s'\n", string(hashedPassword))
}
u.Password = string(hashedPassword)
_, err = u.SaveUser()
if err != nil {
c.JSON(http.StatusBadRequest, gin.H{"Error saving user": err.Error()})
return
}
c.JSON(http.StatusOK, gin.H{"message": "registration success"})
}
func Login(c *gin.Context) {
var input LoginInput
if err := c.ShouldBindJSON(&input); err != nil {
c.JSON(http.StatusBadRequest, gin.H{"error": err.Error()})
return
}
u := models.User{}
u.UserName = input.Username
u.Password = input.Password
log.Printf("Login checking username '%s' and password length '%d'\n", u.UserName, len(u.Password))
token, err := models.LoginCheck(u.UserName, u.Password)
if err != nil {
c.JSON(http.StatusBadRequest, gin.H{"error": "username or password is incorrect."})
return
} else {
log.Printf("Login verified, returning token '%s'\n", token)
}
c.JSON(http.StatusOK, gin.H{"access_token": token})
}
func CurrentUser(c *gin.Context) {
user_id, err := token.ExtractTokenID(c)
if err != nil {
c.JSON(http.StatusBadRequest, gin.H{"error": err.Error()})
return
}
u, err := models.GetUserByID(user_id)
if err != nil {
c.JSON(http.StatusBadRequest, gin.H{"error": err.Error()})
return
}
c.JSON(http.StatusOK, gin.H{"message": "success", "data": u})
}
func GetRoles(c *gin.Context) {
roles, err := models.QueryRoles()
if err != nil {
c.JSON(http.StatusBadRequest, gin.H{"error": err.Error()})
return
}
c.JSON(http.StatusOK, gin.H{"message": "success", "data": roles})
}
func GetUsers(c *gin.Context) {
users, err := models.QueryUsers()
if err != nil {
c.JSON(http.StatusBadRequest, gin.H{"error": err.Error()})
return
}
c.JSON(http.StatusOK, gin.H{"message": "success", "data": users})
}
Reference in New Issue View Git Blame Copy Permalink