fix(quality): extract logic from database layer
This commit is contained in:
157
db/auth.go
157
db/auth.go
@@ -1,6 +1,7 @@
|
||||
package db
|
||||
|
||||
import (
|
||||
"log/slog"
|
||||
"me-fit/types"
|
||||
"me-fit/utils"
|
||||
|
||||
@@ -63,6 +64,11 @@ type Token struct {
|
||||
ExpiresAt time.Time
|
||||
}
|
||||
|
||||
var (
|
||||
TokenTypeEmailVerify = "email_verify"
|
||||
TokenTypePasswordReset = "password_reset"
|
||||
)
|
||||
|
||||
func NewToken(userId uuid.UUID, token string, tokenType string, createdAt time.Time, expiresAt time.Time) *Token {
|
||||
return &Token{
|
||||
UserId: userId,
|
||||
@@ -76,18 +82,15 @@ func NewToken(userId uuid.UUID, token string, tokenType string, createdAt time.T
|
||||
type AuthDb interface {
|
||||
InsertUser(user *User) error
|
||||
UpdateUser(user *User) error
|
||||
GetUser(email string) (*User, error)
|
||||
GetUserById(userId uuid.UUID) (*User, error)
|
||||
GetUserByEmail(email string) (*User, error)
|
||||
GetUser(userId uuid.UUID) (*User, error)
|
||||
DeleteUser(userId uuid.UUID) error
|
||||
|
||||
InsertEmailVerificationToken(userId uuid.UUID, token string) error
|
||||
InsertForgotPasswordToken(email string, token string) error
|
||||
GetEmailVerificationToken(userId uuid.UUID) (string, error)
|
||||
InsertToken(token *Token) error
|
||||
GetToken(token string) (*Token, error)
|
||||
GetTokensByUserIdAndType(userId uuid.UUID, tokenType string) ([]*Token, error)
|
||||
DeleteToken(token string) error
|
||||
|
||||
VerifyEmail(token string) error
|
||||
|
||||
InsertSession(session *Session) error
|
||||
GetSession(sessionId string) (*Session, error)
|
||||
DeleteSession(sessionId string) error
|
||||
@@ -135,7 +138,7 @@ func (db AuthDbSqlite) UpdateUser(user *User) error {
|
||||
return nil
|
||||
}
|
||||
|
||||
func (db AuthDbSqlite) GetUser(email string) (*User, error) {
|
||||
func (db AuthDbSqlite) GetUserByEmail(email string) (*User, error) {
|
||||
var (
|
||||
userId uuid.UUID
|
||||
emailVerified bool
|
||||
@@ -162,7 +165,7 @@ func (db AuthDbSqlite) GetUser(email string) (*User, error) {
|
||||
return NewUser(userId, email, emailVerified, emailVerifiedAt, isAdmin, password, salt, createdAt), nil
|
||||
}
|
||||
|
||||
func (db AuthDbSqlite) GetUserById(userId uuid.UUID) (*User, error) {
|
||||
func (db AuthDbSqlite) GetUser(userId uuid.UUID) (*User, error) {
|
||||
var (
|
||||
email string
|
||||
emailVerified bool
|
||||
@@ -234,10 +237,10 @@ func (db AuthDbSqlite) DeleteUser(userId uuid.UUID) error {
|
||||
return nil
|
||||
}
|
||||
|
||||
func (db AuthDbSqlite) InsertEmailVerificationToken(userId uuid.UUID, token string) error {
|
||||
func (db AuthDbSqlite) InsertToken(token *Token) error {
|
||||
_, err := db.db.Exec(`
|
||||
INSERT INTO user_token (user_uuid, type, token, created_at)
|
||||
VALUES (?, 'email_verify', ?, datetime())`, userId, token)
|
||||
INSERT INTO user_token (user_uuid, type, token, created_at, expires_at)
|
||||
VALUES (?, ?, ?, ?, ?)`, token.UserId, token.Type, token.Token, token.CreatedAt, token.ExpiresAt)
|
||||
|
||||
if err != nil {
|
||||
utils.LogError("Could not insert token", err)
|
||||
@@ -247,23 +250,6 @@ func (db AuthDbSqlite) InsertEmailVerificationToken(userId uuid.UUID, token stri
|
||||
return nil
|
||||
}
|
||||
|
||||
func (db AuthDbSqlite) GetEmailVerificationToken(userId uuid.UUID) (string, error) {
|
||||
var token string
|
||||
|
||||
err := db.db.QueryRow(`
|
||||
SELECT token
|
||||
FROM user_token
|
||||
WHERE user_uuid = ?
|
||||
AND type = 'email_verify'`, userId).Scan(&token)
|
||||
|
||||
if err != nil && err != sql.ErrNoRows {
|
||||
utils.LogError("Could not get token", err)
|
||||
return "", types.ErrInternal
|
||||
}
|
||||
|
||||
return token, nil
|
||||
}
|
||||
|
||||
func (db AuthDbSqlite) GetToken(token string) (*Token, error) {
|
||||
var (
|
||||
userId uuid.UUID
|
||||
@@ -280,10 +266,15 @@ func (db AuthDbSqlite) GetToken(token string) (*Token, error) {
|
||||
WHERE token = ?
|
||||
AND type = 'email_verify'`, token).Scan(&userId, &tokenType, &createdAtStr, &expiresAtStr)
|
||||
|
||||
if err != nil && err != sql.ErrNoRows {
|
||||
if err != nil {
|
||||
if err == sql.ErrNoRows {
|
||||
slog.Info("Token '" + token + "' not found")
|
||||
return nil, ErrNotFound
|
||||
} else {
|
||||
utils.LogError("Could not get token", err)
|
||||
return nil, types.ErrInternal
|
||||
}
|
||||
}
|
||||
|
||||
createdAt, err = time.Parse(time.RFC3339, createdAtStr)
|
||||
if err != nil {
|
||||
@@ -300,6 +291,54 @@ func (db AuthDbSqlite) GetToken(token string) (*Token, error) {
|
||||
return NewToken(userId, token, tokenType, createdAt, expiresAt), nil
|
||||
}
|
||||
|
||||
func (db AuthDbSqlite) GetTokensByUserIdAndType(userId uuid.UUID, tokenType string) ([]*Token, error) {
|
||||
|
||||
query, err := db.db.Query(`
|
||||
SELECT token, created_at, expires_at
|
||||
FROM user_token
|
||||
WHERE user_uuid = ?
|
||||
AND type = ?`, userId, tokenType)
|
||||
|
||||
if err != nil {
|
||||
utils.LogError("Could not get token", err)
|
||||
return nil, types.ErrInternal
|
||||
}
|
||||
|
||||
var tokens []*Token
|
||||
|
||||
for query.Next() {
|
||||
var (
|
||||
token string
|
||||
createdAtStr string
|
||||
expiresAtStr string
|
||||
createdAt time.Time
|
||||
expiresAt time.Time
|
||||
)
|
||||
|
||||
err := query.Scan(&token, &createdAtStr, &expiresAtStr)
|
||||
if err != nil {
|
||||
utils.LogError("Could not scan token", err)
|
||||
return nil, types.ErrInternal
|
||||
}
|
||||
|
||||
createdAt, err = time.Parse(time.RFC3339, createdAtStr)
|
||||
if err != nil {
|
||||
utils.LogError("Could not parse token.created_at", err)
|
||||
return nil, types.ErrInternal
|
||||
}
|
||||
|
||||
expiresAt, err = time.Parse(time.RFC3339, expiresAtStr)
|
||||
if err != nil {
|
||||
utils.LogError("Could not parse token.expires_at", err)
|
||||
return nil, types.ErrInternal
|
||||
}
|
||||
|
||||
tokens = append(tokens, NewToken(userId, token, tokenType, createdAt, expiresAt))
|
||||
}
|
||||
|
||||
return tokens, nil
|
||||
}
|
||||
|
||||
func (db AuthDbSqlite) DeleteToken(token string) error {
|
||||
_, err := db.db.Exec("DELETE FROM user_token WHERE token = ?", token)
|
||||
if err != nil {
|
||||
@@ -365,61 +404,3 @@ func (db AuthDbSqlite) DeleteSession(sessionId string) error {
|
||||
|
||||
return nil
|
||||
}
|
||||
|
||||
func (db AuthDbSqlite) VerifyEmail(token string) error {
|
||||
|
||||
result, err := db.db.Exec(`
|
||||
UPDATE user
|
||||
SET email_verified = true, email_verified_at = datetime()
|
||||
WHERE user_uuid = (
|
||||
SELECT user_uuid
|
||||
FROM user_token
|
||||
WHERE type = "email_verify"
|
||||
AND token = ?
|
||||
);
|
||||
`, token)
|
||||
|
||||
if err != nil {
|
||||
utils.LogError("Could not update user on verify response", err)
|
||||
return types.ErrInternal
|
||||
}
|
||||
|
||||
i, err := result.RowsAffected()
|
||||
if err != nil {
|
||||
utils.LogError("Could not get rows affected on verify response", err)
|
||||
return types.ErrInternal
|
||||
}
|
||||
|
||||
if i == 0 {
|
||||
return types.ErrInternal
|
||||
}
|
||||
|
||||
return nil
|
||||
}
|
||||
|
||||
func (db AuthDbSqlite) InsertForgotPasswordToken(email string, token string) error {
|
||||
|
||||
res, err := db.db.Exec(`
|
||||
INSERT INTO user_token (user_uuid, type, token, created_at, expires_at)
|
||||
SELECT user_uuid, 'password_reset', ?, datetime(), datetime('now', '+15 minute')
|
||||
FROM user
|
||||
WHERE email = ?
|
||||
`, token, email)
|
||||
|
||||
if err != nil {
|
||||
utils.LogError("Could not insert token", err)
|
||||
return types.ErrInternal
|
||||
}
|
||||
|
||||
i, err := res.RowsAffected()
|
||||
if err != nil {
|
||||
utils.LogError("Could not get rows affected", err)
|
||||
return types.ErrInternal
|
||||
}
|
||||
|
||||
if i == 0 {
|
||||
return ErrNotFound
|
||||
}
|
||||
|
||||
return nil
|
||||
}
|
||||
|
||||
@@ -37,7 +37,7 @@ func TestUser(t *testing.T) {
|
||||
|
||||
underTest := AuthDbSqlite{db: db}
|
||||
|
||||
_, err := underTest.GetUser("someNonExistentEmail")
|
||||
_, err := underTest.GetUserByEmail("someNonExistentEmail")
|
||||
assert.Equal(t, ErrNotFound, err)
|
||||
})
|
||||
|
||||
@@ -54,7 +54,7 @@ func TestUser(t *testing.T) {
|
||||
err := underTest.InsertUser(expected)
|
||||
assert.Nil(t, err)
|
||||
|
||||
actual, err := underTest.GetUser(expected.Email)
|
||||
actual, err := underTest.GetUserByEmail(expected.Email)
|
||||
assert.Nil(t, err)
|
||||
|
||||
assert.Equal(t, expected, actual)
|
||||
@@ -81,32 +81,35 @@ func TestUser(t *testing.T) {
|
||||
func TestEmailVerification(t *testing.T) {
|
||||
t.Parallel()
|
||||
|
||||
t.Run("should return empty string if no token is safed", func(t *testing.T) {
|
||||
t.Run("should return NotFound", func(t *testing.T) {
|
||||
t.Parallel()
|
||||
db := setupDb(t)
|
||||
|
||||
underTest := AuthDbSqlite{db: db}
|
||||
|
||||
token, err := underTest.GetEmailVerificationToken(uuid.New())
|
||||
token, err := underTest.GetToken("someNonExistentToken")
|
||||
|
||||
assert.Nil(t, err)
|
||||
assert.Equal(t, "", token)
|
||||
assert.Equal(t, ErrNotFound, err)
|
||||
assert.Nil(t, token)
|
||||
})
|
||||
t.Run("should insert and return token", func(t *testing.T) {
|
||||
t.Parallel()
|
||||
db := setupDb(t)
|
||||
|
||||
underTest := AuthDbSqlite{db: db}
|
||||
tokenStr := "some secure token"
|
||||
createdAt := time.Date(2020, 1, 5, 13, 0, 0, 0, time.UTC)
|
||||
|
||||
userId := uuid.New()
|
||||
expectedToken := "someToken"
|
||||
expectedToken := NewToken(uuid.New(), tokenStr, TokenTypeEmailVerify, createdAt, createdAt.Add(24*time.Hour))
|
||||
|
||||
err := underTest.InsertEmailVerificationToken(userId, expectedToken)
|
||||
err := underTest.InsertToken(expectedToken)
|
||||
assert.Nil(t, err)
|
||||
|
||||
actualToken, err := underTest.GetEmailVerificationToken(userId)
|
||||
actualToken, err := underTest.GetToken(tokenStr)
|
||||
assert.Nil(t, err)
|
||||
|
||||
t.Logf("expectedToken: %v", expectedToken)
|
||||
t.Logf("actualToken: %v", actualToken)
|
||||
assert.Equal(t, expectedToken, actualToken)
|
||||
})
|
||||
}
|
||||
|
||||
@@ -88,7 +88,7 @@ func NewAuthServiceImpl(dbAuth db.AuthDb, randomGenerator RandomService, clock C
|
||||
}
|
||||
|
||||
func (service AuthServiceImpl) SignIn(email string, password string) (*Session, error) {
|
||||
user, err := service.dbAuth.GetUser(email)
|
||||
user, err := service.dbAuth.GetUserByEmail(email)
|
||||
if err != nil {
|
||||
if errors.Is(err, db.ErrNotFound) {
|
||||
return nil, ErrInvaidCredentials
|
||||
@@ -170,27 +170,34 @@ func (service AuthServiceImpl) SignUp(email string, password string) (*User, err
|
||||
}
|
||||
|
||||
func (service AuthServiceImpl) SendVerificationMail(userId uuid.UUID, email string) {
|
||||
var token string
|
||||
|
||||
token, err := service.dbAuth.GetEmailVerificationToken(userId)
|
||||
tokens, err := service.dbAuth.GetTokensByUserIdAndType(userId, db.TokenTypeEmailVerify)
|
||||
if err != nil {
|
||||
return
|
||||
}
|
||||
|
||||
if token == "" {
|
||||
token, err := service.randomGenerator.String(32)
|
||||
var token *db.Token
|
||||
|
||||
if len(tokens) > 0 {
|
||||
token = tokens[0]
|
||||
}
|
||||
|
||||
if token == nil {
|
||||
newTokenStr, err := service.randomGenerator.String(32)
|
||||
if err != nil {
|
||||
return
|
||||
}
|
||||
|
||||
err = service.dbAuth.InsertEmailVerificationToken(userId, token)
|
||||
token = db.NewToken(userId, newTokenStr, db.TokenTypeEmailVerify, service.clock.Now(), service.clock.Now().Add(24*time.Hour))
|
||||
|
||||
err = service.dbAuth.InsertToken(token)
|
||||
if err != nil {
|
||||
return
|
||||
}
|
||||
}
|
||||
|
||||
var w strings.Builder
|
||||
err = mailTemplate.Register(service.serverSettings.BaseUrl, token).Render(context.Background(), &w)
|
||||
err = mailTemplate.Register(service.serverSettings.BaseUrl, token.Token).Render(context.Background(), &w)
|
||||
if err != nil {
|
||||
utils.LogError("Could not render welcome email", err)
|
||||
return
|
||||
@@ -199,13 +206,42 @@ func (service AuthServiceImpl) SendVerificationMail(userId uuid.UUID, email stri
|
||||
service.mailService.SendMail(email, "Welcome to ME-FIT", w.String())
|
||||
}
|
||||
|
||||
func (service AuthServiceImpl) VerifyUserEmail(token string) error {
|
||||
func (service AuthServiceImpl) VerifyUserEmail(tokenStr string) error {
|
||||
|
||||
if token == "" {
|
||||
if tokenStr == "" {
|
||||
return types.ErrInternal
|
||||
}
|
||||
|
||||
return service.dbAuth.VerifyEmail(token)
|
||||
token, err := service.dbAuth.GetToken(tokenStr)
|
||||
if err != nil {
|
||||
return types.ErrInternal
|
||||
}
|
||||
|
||||
user, err := service.dbAuth.GetUser(token.UserId)
|
||||
if err != nil {
|
||||
return types.ErrInternal
|
||||
}
|
||||
|
||||
if token.Type != db.TokenTypeEmailVerify {
|
||||
return types.ErrInternal
|
||||
}
|
||||
|
||||
now := service.clock.Now()
|
||||
|
||||
if token.ExpiresAt.Before(now) {
|
||||
return types.ErrInternal
|
||||
}
|
||||
|
||||
user.EmailVerified = true
|
||||
user.EmailVerifiedAt = &now
|
||||
|
||||
err = service.dbAuth.UpdateUser(user)
|
||||
if err != nil {
|
||||
return types.ErrInternal
|
||||
}
|
||||
|
||||
_ = service.dbAuth.DeleteToken(token.Token)
|
||||
return nil
|
||||
}
|
||||
|
||||
func (service AuthServiceImpl) SignOut(sessionId string) error {
|
||||
@@ -223,7 +259,7 @@ func (service AuthServiceImpl) GetUserFromSessionId(sessionId string) (*User, er
|
||||
return nil, types.ErrInternal
|
||||
}
|
||||
|
||||
user, err := service.dbAuth.GetUserById(session.UserId)
|
||||
user, err := service.dbAuth.GetUser(session.UserId)
|
||||
if err != nil {
|
||||
return nil, types.ErrInternal
|
||||
}
|
||||
@@ -273,7 +309,7 @@ func (service AuthServiceImpl) ChangePassword(user *User, currPass, newPass stri
|
||||
return err
|
||||
}
|
||||
|
||||
userDb, err := service.dbAuth.GetUserById(user.Id)
|
||||
userDb, err := service.dbAuth.GetUser(user.Id)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
@@ -292,22 +328,34 @@ func (service AuthServiceImpl) ChangePassword(user *User, currPass, newPass stri
|
||||
|
||||
func (service AuthServiceImpl) ForgotPassword(email string) error {
|
||||
|
||||
token, err := service.randomGenerator.String(32)
|
||||
tokenStr, err := service.randomGenerator.String(32)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
err = service.dbAuth.InsertForgotPasswordToken(email, token)
|
||||
user, err := service.dbAuth.GetUserByEmail(email)
|
||||
if err != nil {
|
||||
if err == db.ErrNotFound {
|
||||
return nil
|
||||
} else {
|
||||
return types.ErrInternal
|
||||
}
|
||||
}
|
||||
|
||||
token := db.NewToken(user.Id, tokenStr, db.TokenTypePasswordReset, service.clock.Now(), service.clock.Now().Add(15*time.Minute))
|
||||
|
||||
err = service.dbAuth.InsertToken(token)
|
||||
if err != nil {
|
||||
return types.ErrInternal
|
||||
}
|
||||
|
||||
if err != db.ErrNotFound {
|
||||
var mail strings.Builder
|
||||
err = mailTemplate.ResetPassword(service.serverSettings.BaseUrl, token).Render(context.Background(), &mail)
|
||||
err = mailTemplate.ResetPassword(service.serverSettings.BaseUrl, token.Token).Render(context.Background(), &mail)
|
||||
if err != nil {
|
||||
utils.LogError("Could not render reset password email", err)
|
||||
return types.ErrInternal
|
||||
}
|
||||
go service.mailService.SendMail(email, "Reset Password", mail.String())
|
||||
}
|
||||
|
||||
return nil
|
||||
}
|
||||
@@ -328,7 +376,7 @@ func (service AuthServiceImpl) ForgotPasswordResponse(tokenStr string, newPass s
|
||||
return err
|
||||
}
|
||||
|
||||
user, err := service.dbAuth.GetUserById(token.UserId)
|
||||
user, err := service.dbAuth.GetUser(token.UserId)
|
||||
if err != nil {
|
||||
utils.LogError("Could not get user from token", err)
|
||||
return types.ErrInternal
|
||||
|
||||
@@ -36,7 +36,7 @@ func TestSignIn(t *testing.T) {
|
||||
dbSession := db.NewSession("sessionId", user.Id, time.Date(2020, 1, 1, 0, 0, 0, 0, time.UTC))
|
||||
|
||||
mockAuthDb := mocks.NewMockAuthDb(t)
|
||||
mockAuthDb.EXPECT().GetUser("test@test.de").Return(user, nil)
|
||||
mockAuthDb.EXPECT().GetUserByEmail("test@test.de").Return(user, nil)
|
||||
mockAuthDb.EXPECT().DeleteOldSessions(user.Id).Return(nil)
|
||||
mockAuthDb.EXPECT().InsertSession(dbSession).Return(nil)
|
||||
mockRandom := mocks.NewMockRandomService(t)
|
||||
@@ -71,7 +71,7 @@ func TestSignIn(t *testing.T) {
|
||||
)
|
||||
|
||||
mockAuthDb := mocks.NewMockAuthDb(t)
|
||||
mockAuthDb.EXPECT().GetUser(user.Email).Return(user, nil)
|
||||
mockAuthDb.EXPECT().GetUserByEmail(user.Email).Return(user, nil)
|
||||
mockRandom := mocks.NewMockRandomService(t)
|
||||
mockClock := mocks.NewMockClockService(t)
|
||||
mockMail := mocks.NewMockMailService(t)
|
||||
@@ -86,7 +86,7 @@ func TestSignIn(t *testing.T) {
|
||||
t.Parallel()
|
||||
|
||||
mockAuthDb := mocks.NewMockAuthDb(t)
|
||||
mockAuthDb.EXPECT().GetUser("test").Return(nil, db.ErrNotFound)
|
||||
mockAuthDb.EXPECT().GetUserByEmail("test").Return(nil, db.ErrNotFound)
|
||||
mockRandom := mocks.NewMockRandomService(t)
|
||||
mockClock := mocks.NewMockClockService(t)
|
||||
mockMail := mocks.NewMockMailService(t)
|
||||
@@ -100,7 +100,7 @@ func TestSignIn(t *testing.T) {
|
||||
t.Parallel()
|
||||
|
||||
mockAuthDb := mocks.NewMockAuthDb(t)
|
||||
mockAuthDb.EXPECT().GetUser("test").Return(nil, errors.New("Some undefined error"))
|
||||
mockAuthDb.EXPECT().GetUserByEmail("test").Return(nil, errors.New("Some undefined error"))
|
||||
mockRandom := mocks.NewMockRandomService(t)
|
||||
mockClock := mocks.NewMockClockService(t)
|
||||
mockMail := mocks.NewMockMailService(t)
|
||||
@@ -227,7 +227,9 @@ func TestSendVerificationMail(t *testing.T) {
|
||||
t.Run("should use stored token and send mail", func(t *testing.T) {
|
||||
t.Parallel()
|
||||
|
||||
token := "someRandomTokenToUse"
|
||||
token := db.NewToken(uuid.New(), "someRandomTokenToUse", db.TokenTypeEmailVerify, time.Date(2020, 1, 1, 0, 0, 0, 0, time.UTC), time.Date(2020, 1, 2, 0, 0, 0, 0, time.UTC))
|
||||
tokens := []*db.Token{token}
|
||||
|
||||
email := "some@email.de"
|
||||
userId := uuid.New()
|
||||
|
||||
@@ -236,9 +238,11 @@ func TestSendVerificationMail(t *testing.T) {
|
||||
mockClock := mocks.NewMockClockService(t)
|
||||
mockMail := mocks.NewMockMailService(t)
|
||||
|
||||
mockAuthDb.EXPECT().GetEmailVerificationToken(userId).Return(token, nil)
|
||||
mockAuthDb.EXPECT().GetTokensByUserIdAndType(userId, db.TokenTypeEmailVerify).Return(tokens, nil)
|
||||
|
||||
mockMail.EXPECT().SendMail(email, "Welcome to ME-FIT", mock.MatchedBy(func(message string) bool { return strings.Contains(message, token) })).Return()
|
||||
mockMail.EXPECT().SendMail(email, "Welcome to ME-FIT", mock.MatchedBy(func(message string) bool {
|
||||
return strings.Contains(message, token.Token)
|
||||
})).Return()
|
||||
|
||||
underTest := NewAuthServiceImpl(mockAuthDb, mockRandom, mockClock, mockMail, &types.ServerSettings{})
|
||||
|
||||
|
||||
Reference in New Issue
Block a user