Página inicial Explorar Ajuda
Entrar
cmte
/
micro-services
1
0
Fork 0
Arquivos Issues 0 Pull Requests 0 Wiki
Ver código fonte

model: refactor AuthUser into GetUser and CreateUser types

This will help avoid leaking password and/or password hashes
Douglas A 2 anos atrás
pai
80f970a81a
commit
e2cd4230be
2 arquivos alterados com 44 adições e 28 exclusões
Visão dividida Mostrar estatísticas do Diff
  1. 16 12
      cmd/auth/main.go
  2. 28 16
      model/user.go

+ 16 - 12
cmd/auth/main.go
Ver arquivo 

@@ -19,12 +19,11 @@ type ResponseLogin struct {
 
 
 type ResponseSignup struct {
 
 	Created bool           `json:"created"`
 
-	User    model.AuthUser `json:"user,omitempty"`
 
+	User    model.CreateUser `json:"user,omitempty"`
 
 }
 
 
-func (r *ResponseSignup) JsonResponseSignInSetAndWrite(rw http.ResponseWriter, authenticated bool, u *model.AuthUser) error {
 
+func (r *ResponseSignup) JsonResponseSignInSetAndWrite(rw http.ResponseWriter, authenticated bool, u *model.CreateUser) error {
 
 	r.Created = authenticated
 
-	u.PasswordHash = ""
 
 	r.User = *u
 
 	b, err := json.Marshal(r)
 
 	if err != nil {
 
@@ -56,7 +55,7 @@ func setupRoute() {
 
 	crypt := internals.NewCrypt()
 
 
 	http.HandleFunc("/all", func(rw http.ResponseWriter, r *http.Request) {
 
-		var authUser model.AuthUser
 
+		var authUser model.GetUser
 
 
 		if r.Method == "POST" {
 
 			rw.WriteHeader(http.StatusMethodNotAllowed)
 
@@ -80,7 +79,7 @@ func setupRoute() {
 
 	})
 
 
 	http.HandleFunc("/signup", func(rw http.ResponseWriter, r *http.Request) {
 
-		var authUser model.AuthUser
 
+		var newUser model.CreateUser
 
 
 		res := &ResponseSignup{Created: false}
 
 
@@ -95,24 +94,23 @@ func setupRoute() {
 
 			return
 
 		}
 
 
-		err = json.Unmarshal(reqBody, &authUser)
 
+		err = json.Unmarshal(reqBody, &newUser)
 
 		if err != nil {
 
 			rw.WriteHeader(http.StatusBadRequest)
 
 			return
 
 		}
 
 
-		id, err := authUser.CreateUser(dao, crypt)
 
+		_, err = newUser.CreateUser(dao, crypt)
 
 		if err != nil {
 
 			rw.WriteHeader(http.StatusBadRequest)
 
-			res.JsonResponseSignInSetAndWrite(rw, false, &model.AuthUser{})
 
+			res.JsonResponseSignInSetAndWrite(rw, false, &model.CreateUser{})
 
 			return
 
 		}
 
 
-		authUser.Id = id
 
 
 		rw.WriteHeader(http.StatusOK)
 
 		rw.Header().Add("Content-Type", "application/json")
 
-		if err = res.JsonResponseSignInSetAndWrite(rw, true, &authUser); err != nil {
 
+		if err = res.JsonResponseSignInSetAndWrite(rw, true, &newUser); err != nil {
 
 			log.Fatalf("could not write back to client: %v", err)
 
 		}
 
 
@@ -121,6 +119,8 @@ func setupRoute() {
 
 	http.HandleFunc("/login", func(rw http.ResponseWriter, r *http.Request) {
 
 		var authUser model.AuthUser
 
 
+        rw.Header().Add("Access-Control-Allow-Origin", "*")
 
+
 
 		res := &ResponseLogin{Authenticated: false}
 
 
 		if r.Method == "GET" {
 
@@ -150,8 +150,12 @@ func setupRoute() {
 
 
 		authUser.Id = id
 
 
-		rw.WriteHeader(http.StatusOK)
 
 		rw.Header().Add("Content-Type", "application/json")
 
+ 
+        // TODO: This wont work on http connection. Needs to update the server to https
 
+        //rw.Header().Add("Set-Cookie", "jwt=1234567; Expires: Wed, 24 Aug 2022 00:00:00 GMT; Secure; HttpOnly")
 
+
 
+		rw.WriteHeader(http.StatusOK)
 
 		if err = res.JsonResponseSetAndWrite(rw, true, &authUser); err != nil {
 
 			log.Fatalf("could not write back to client: %v", err)
 
 		}
 
@@ -160,5 +164,5 @@ func setupRoute() {
 
 
 func main() {
 
 	setupRoute()
 
-	log.Fatal(http.ListenAndServe("localhost:8080", nil))
 
+	log.Fatal(http.ListenAndServe("192.168.100.227:8080", nil))
 
 }

+ 28 - 16
model/user.go
Ver arquivo 

@@ -28,13 +28,39 @@ func (u *AuthUser) AuthenticateUser(repo *dao.UserRepository, c *internals.Crypt
 
 
 }
 
 
-func (u *AuthUser) CreateUser(repo *dao.UserRepository, c *internals.Crypt) (string, error) {
 
+type GetUser struct {
 
+        Id  string `json:"id"`
 
+        Username string `json:"username"`
 
+ 
+}
 
+
 
+func (u *GetUser) GetAllUsers(repo *dao.UserRepository) ([]GetUser, error) {
 
+	var res = []GetUser{}
 
+	users, err := repo.GetAllUsers()
 
+	if err != nil {
 
+		return []GetUser{}, err
 
+	}
 
+
 
+	for _, u := range users {
 
+		user := GetUser{Username: u.Username, Id: u.Id}
 
+		res = append(res, user)
 
+	}
 
+
 
+	return res, nil
 
+}
 
+
 
+type CreateUser struct {
 
+        Username  string `json:"username"`
 
+        Password  string `json:"password"`
 
+}
 
+
 
+func (u *CreateUser) CreateUser(repo *dao.UserRepository, c *internals.Crypt) (string, error) {
 
 
 	_, err := repo.GetUserByUsername(u.Username)
 
 	if err == nil {
 
 		return "", errors.New("user already exists")
 
 	}
 
-	hashed_password, err := c.HashPassword(u.PasswordHash)
 
+	hashed_password, err := c.HashPassword(u.Password)
 
 	if err != nil {
 
 		return "", err
 
 	}
 
@@ -43,17 +69,3 @@ func (u *AuthUser) CreateUser(repo *dao.UserRepository, c *internals.Crypt) (str
 
 	return id, nil
 
 }
 
 
-func (u *AuthUser) GetAllUsers(repo *dao.UserRepository) ([]AuthUser, error) {
 
-	var res = []AuthUser{}
 
-	users, err := repo.GetAllUsers()
 
-	if err != nil {
 
-		return []AuthUser{}, err
 
-	}
 
-
 
-	for _, u := range users {
 
-		user := AuthUser{Username: u.Username, Id: u.Id, PasswordHash: ""}
 
-		res = append(res, user)
 
-	}
 
-
 
-	return res, nil
 
-}