tbs

2024-12-06 21:54:59 +01:00
parent 0170d63ae9
commit 04c6d0e71d
5 changed files with 192 additions and 45 deletions
--- a/db/auth.go
+++ b/db/auth.go
@@ -13,8 +13,8 @@ import (
 )

 var (
-	ErrNotFound   = errors.New("value not found")
-	ErrUserExists = errors.New("user already exists")
+	ErrNotFound      = errors.New("value not found")
+	ErrAlreadyExists = errors.New("row already exists")
 )

 type User struct {
@@ -59,20 +59,25 @@ func NewSession(id string, userId uuid.UUID, createdAt time.Time, expiresAt time

 type Token struct {
 	UserId    uuid.UUID
+	SessionId string
 	Token     string
-	Type      string
+	Type      TokenType
 	CreatedAt time.Time
 	ExpiresAt time.Time
 }

+type TokenType string
+
 var (
-	TokenTypeEmailVerify   = "email_verify"
-	TokenTypePasswordReset = "password_reset"
+	TokenTypeEmailVerify   TokenType = "email_verify"
+	TokenTypePasswordReset TokenType = "password_reset"
+	TokenTypeCsrf          TokenType = "csrf"
 )

-func NewToken(userId uuid.UUID, token string, tokenType string, createdAt time.Time, expiresAt time.Time) *Token {
+func NewToken(userId uuid.UUID, sessionId string, token string, tokenType TokenType, createdAt time.Time, expiresAt time.Time) *Token {
 	return &Token{
 		UserId:    userId,
+		SessionId: sessionId,
 		Token:     token,
 		Type:      tokenType,
 		CreatedAt: createdAt,
@@ -89,7 +94,8 @@ type Auth interface {

 	InsertToken(token *Token) error
 	GetToken(token string) (*Token, error)
-	GetTokensByUserIdAndType(userId uuid.UUID, tokenType string) ([]*Token, error)
+	GetTokensByUserIdAndType(userId uuid.UUID, tokenType TokenType) ([]*Token, error)
+	GetTokensBySessionIdAndType(sessionId string, tokenType TokenType) ([]*Token, error)
 	DeleteToken(token string) error

 	InsertSession(session *Session) error
@@ -114,7 +120,7 @@ func (db AuthSqlite) InsertUser(user *User) error {

 	if err != nil {
 		if strings.Contains(err.Error(), "email") {
-			return ErrUserExists
+			return ErrAlreadyExists
 		}

 		log.Error("SQL error InsertUser: %v", err)
@@ -208,7 +214,7 @@ func (db AuthSqlite) DeleteUser(userId uuid.UUID) error {
 		return types.ErrInternal
 	}

-	_, err = tx.Exec("DELETE FROM user_token WHERE user_id = ?", userId)
+	_, err = tx.Exec("DELETE FROM token WHERE user_id = ?", userId)
 	if err != nil {
 		_ = tx.Rollback()
 		log.Error("Could not delete user tokens: %v", err)
@@ -240,8 +246,8 @@ func (db AuthSqlite) DeleteUser(userId uuid.UUID) error {

 func (db AuthSqlite) InsertToken(token *Token) error {
 	_, err := db.db.Exec(`
-		INSERT INTO user_token (user_id, type, token, created_at, expires_at)
-		VALUES (?, ?, ?, ?, ?)`, token.UserId, token.Type, token.Token, token.CreatedAt, token.ExpiresAt)
+		INSERT INTO token (user_id, session_id, type, token, created_at, expires_at)
+		VALUES (?, ?, ?, ?, ?, ?)`, token.UserId, token.SessionId, token.Type, token.Token, token.CreatedAt, token.ExpiresAt)

 	if err != nil {
 		log.Error("Could not insert token: %v", err)
@@ -254,7 +260,8 @@ func (db AuthSqlite) InsertToken(token *Token) error {
 func (db AuthSqlite) GetToken(token string) (*Token, error) {
 	var (
 		userId       uuid.UUID
-		tokenType    string
+		sessionId    string
+		tokenType    TokenType
 		createdAtStr string
 		expiresAtStr string
 		createdAt    time.Time
@@ -262,10 +269,9 @@ func (db AuthSqlite) GetToken(token string) (*Token, error) {
 	)

 	err := db.db.QueryRow(`
-		SELECT user_id, type, created_at, expires_at 
-		FROM user_token 
-		WHERE token = ? 
-		AND type = 'email_verify'`, token).Scan(&userId, &tokenType, &createdAtStr, &expiresAtStr)
+		SELECT user_id, session_id, type, created_at, expires_at 
+		FROM token
+		WHERE token = ?`, token).Scan(&userId, &sessionId, &tokenType, &createdAtStr, &expiresAtStr)

 	if err != nil {
 		if err == sql.ErrNoRows {
@@ -289,14 +295,14 @@ func (db AuthSqlite) GetToken(token string) (*Token, error) {
 		return nil, types.ErrInternal
 	}

-	return NewToken(userId, token, tokenType, createdAt, expiresAt), nil
+	return NewToken(userId, sessionId, token, tokenType, createdAt, expiresAt), nil
 }

-func (db AuthSqlite) GetTokensByUserIdAndType(userId uuid.UUID, tokenType string) ([]*Token, error) {
+func (db AuthSqlite) GetTokensByUserIdAndType(userId uuid.UUID, tokenType TokenType) ([]*Token, error) {

 	query, err := db.db.Query(`
 		SELECT token, created_at, expires_at 
-		FROM user_token 
+		FROM token 
 		WHERE user_id = ?
 		AND type = ?`, userId, tokenType)

@@ -305,9 +311,32 @@ func (db AuthSqlite) GetTokensByUserIdAndType(userId uuid.UUID, tokenType string
 		return nil, types.ErrInternal
 	}

+	return getTokensFromQuery(query, userId, "", tokenType)
+}
+
+func (db AuthSqlite) GetTokensBySessionIdAndType(sessionId string, tokenType TokenType) ([]*Token, error) {
+
+	query, err := db.db.Query(`
+		SELECT token, created_at, expires_at 
+		FROM token 
+		WHERE session_id = ?
+		AND type = ?`, sessionId, tokenType)
+
+	if err != nil {
+		log.Error("Could not get token: %v", err)
+		return nil, types.ErrInternal
+	}
+
+	return getTokensFromQuery(query, uuid.Nil, sessionId, tokenType)
+}
+
+func getTokensFromQuery(query *sql.Rows, userId uuid.UUID, sessionId string, tokenType TokenType) ([]*Token, error) {
 	var tokens []*Token

+	hasRows := false
 	for query.Next() {
+		hasRows = true
+
 		var (
 			token        string
 			createdAtStr string
@@ -334,14 +363,18 @@ func (db AuthSqlite) GetTokensByUserIdAndType(userId uuid.UUID, tokenType string
 			return nil, types.ErrInternal
 		}

-		tokens = append(tokens, NewToken(userId, token, tokenType, createdAt, expiresAt))
+		tokens = append(tokens, NewToken(userId, sessionId, token, tokenType, createdAt, expiresAt))
+	}
+
+	if !hasRows {
+		return nil, ErrNotFound
 	}

 	return tokens, nil
 }

 func (db AuthSqlite) DeleteToken(token string) error {
-	_, err := db.db.Exec("DELETE FROM user_token WHERE token = ?", token)
+	_, err := db.db.Exec("DELETE FROM token WHERE token = ?", token)
 	if err != nil {
 		log.Error("Could not delete token: %v", err)
 		return types.ErrInternal