#73 setup password hashing with argin2id and update some infra
Some checks failed
Build Docker Image / Explore-Gitea-Actions (push) Failing after 59s
Some checks failed
Build Docker Image / Explore-Gitea-Actions (push) Failing after 59s
This commit is contained in:
Tim
49
api/controller/auth.go
Normal file
49
api/controller/auth.go
Normal file
@@ -0,0 +1,49 @@
|
||||
package controller
|
||||
|
||||
import (
|
||||
"crypto/rand"
|
||||
"database/sql"
|
||||
"encoding/base64"
|
||||
"log"
|
||||
"net/http"
|
||||
|
||||
"github.com/google/uuid"
|
||||
"golang.org/x/crypto/argon2"
|
||||
)
|
||||
|
||||
func PostSignup(db *sql.DB) http.HandlerFunc {
|
||||
return func(w http.ResponseWriter, r *http.Request) {
|
||||
// metrics.WithLabelValues("new").Inc()
|
||||
|
||||
var email = r.FormValue("email")
|
||||
var password = r.FormValue("password")
|
||||
|
||||
if email == "" || password == "" {
|
||||
http.Error(w, "Missing required fields", http.StatusBadRequest)
|
||||
return
|
||||
}
|
||||
|
||||
salt := make([]byte, 16)
|
||||
rand.Read(salt)
|
||||
|
||||
hash := argon2.IDKey([]byte(password), salt, 1, 64*1024, 1, 16)
|
||||
hashStr := base64.StdEncoding.EncodeToString(hash)
|
||||
|
||||
user_uuid, err := uuid.NewRandom()
|
||||
if err != nil {
|
||||
http.Error(w, err.Error(), http.StatusInternalServerError)
|
||||
log.Printf("Could not generate UUID: %v", err)
|
||||
return
|
||||
}
|
||||
|
||||
_, err = db.Exec("INSERT INTO user (user_uuid, email, email_verified, is_admin, password, salt, created_at) VALUES (?, ?, FALSE, FALSE, ?, ?, CURRENT_DATE)", user_uuid, email, hash, salt)
|
||||
if err != nil {
|
||||
http.Error(w, err.Error(), http.StatusInternalServerError)
|
||||
log.Printf("Could not insert user: %v", err)
|
||||
return
|
||||
}
|
||||
|
||||
w.WriteHeader(http.StatusCreated)
|
||||
w.Write([]byte(hashStr))
|
||||
}
|
||||
}
|
||||
130
api/controller/workout.go
Normal file
130
api/controller/workout.go
Normal file
@@ -0,0 +1,130 @@
|
||||
package controller
|
||||
|
||||
import (
|
||||
"api/utils"
|
||||
|
||||
"database/sql"
|
||||
"net/http"
|
||||
"strconv"
|
||||
"time"
|
||||
|
||||
"github.com/prometheus/client_golang/prometheus"
|
||||
"github.com/prometheus/client_golang/prometheus/promauto"
|
||||
)
|
||||
|
||||
var (
|
||||
metrics = promauto.NewCounterVec(
|
||||
prometheus.CounterOpts{
|
||||
Name: "mefit_api_workout_total",
|
||||
Help: "The total number of workout api requests processed",
|
||||
},
|
||||
[]string{"type"},
|
||||
)
|
||||
)
|
||||
|
||||
func NewWorkout(db *sql.DB) http.HandlerFunc {
|
||||
return func(w http.ResponseWriter, r *http.Request) {
|
||||
metrics.WithLabelValues("new").Inc()
|
||||
|
||||
var dateStr = r.FormValue("date")
|
||||
var typeStr = r.FormValue("type")
|
||||
var setsStr = r.FormValue("sets")
|
||||
var repsStr = r.FormValue("reps")
|
||||
|
||||
if dateStr == "" || typeStr == "" || setsStr == "" || repsStr == "" {
|
||||
http.Error(w, "Missing required fields", http.StatusBadRequest)
|
||||
return
|
||||
}
|
||||
|
||||
date, err := time.Parse("2006-01-02", dateStr)
|
||||
if err != nil {
|
||||
http.Error(w, err.Error(), http.StatusBadRequest)
|
||||
return
|
||||
}
|
||||
|
||||
sets, err := strconv.Atoi(setsStr)
|
||||
if err != nil {
|
||||
http.Error(w, err.Error(), http.StatusBadRequest)
|
||||
return
|
||||
}
|
||||
|
||||
reps, err := strconv.Atoi(repsStr)
|
||||
if err != nil {
|
||||
http.Error(w, err.Error(), http.StatusBadRequest)
|
||||
return
|
||||
}
|
||||
|
||||
// token := r.Context().Value(middleware.TOKEN_KEY).(*auth.Token)
|
||||
|
||||
_, err = db.Exec("INSERT INTO workout (user_id, date, type, sets, reps) VALUES (?, ?, ?, ?, ?)", "xxx", date, typeStr, sets, reps)
|
||||
|
||||
if err != nil {
|
||||
http.Error(w, err.Error(), http.StatusInternalServerError)
|
||||
return
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
func GetWorkouts(db *sql.DB) http.HandlerFunc {
|
||||
return func(w http.ResponseWriter, r *http.Request) {
|
||||
metrics.WithLabelValues("get").Inc()
|
||||
|
||||
// token := r.Context().Value(middleware.TOKEN_KEY).(*auth.Token)
|
||||
// var userId = token.UID
|
||||
var userId = "xxx"
|
||||
|
||||
rows, err := db.Query("SELECT rowid, date, type, sets, reps FROM workout WHERE user_id = ?", userId)
|
||||
if err != nil {
|
||||
http.Error(w, err.Error(), http.StatusInternalServerError)
|
||||
return
|
||||
}
|
||||
|
||||
var workouts = make([]map[string]interface{}, 0)
|
||||
for rows.Next() {
|
||||
var id int
|
||||
var date string
|
||||
var workoutType string
|
||||
var sets int
|
||||
var reps int
|
||||
|
||||
err = rows.Scan(&id, &date, &workoutType, &sets, &reps)
|
||||
if err != nil {
|
||||
http.Error(w, err.Error(), http.StatusInternalServerError)
|
||||
return
|
||||
}
|
||||
|
||||
workout := map[string]interface{}{
|
||||
"id": id,
|
||||
"date": date,
|
||||
"type": workoutType,
|
||||
"sets": sets,
|
||||
"reps": reps,
|
||||
}
|
||||
workouts = append(workouts, workout)
|
||||
}
|
||||
|
||||
utils.WriteJSON(w, workouts)
|
||||
}
|
||||
}
|
||||
|
||||
func DeleteWorkout(db *sql.DB) http.HandlerFunc {
|
||||
return func(w http.ResponseWriter, r *http.Request) {
|
||||
metrics.WithLabelValues("delete").Inc()
|
||||
|
||||
// token := r.Context().Value(middleware.TOKEN_KEY).(*auth.Token)
|
||||
// var userId = token.UID
|
||||
var userId = "xxx"
|
||||
|
||||
rowId := r.FormValue("id")
|
||||
if rowId == "" {
|
||||
http.Error(w, "Missing required fields", http.StatusBadRequest)
|
||||
return
|
||||
}
|
||||
|
||||
_, err := db.Exec("DELETE FROM workout WHERE user_id = ? AND rowid = ?", userId, rowId)
|
||||
if err != nil {
|
||||
http.Error(w, err.Error(), http.StatusInternalServerError)
|
||||
return
|
||||
}
|
||||
}
|
||||
}
|
||||
Reference in New Issue
Block a user