diff --git a/.mockery.yaml b/.mockery.yaml index b5f727d..db2c076 100644 --- a/.mockery.yaml +++ b/.mockery.yaml @@ -4,9 +4,9 @@ outpkg: mocks packages: me-fit/service: interfaces: - RandomGenerator: - Clock: + RandomService: + ClockService: MailService: me-fit/db: interfaces: - DbAuth: + AuthDb: diff --git a/db/auth.go b/db/auth.go index d99a2b0..3831004 100644 --- a/db/auth.go +++ b/db/auth.go @@ -13,8 +13,9 @@ import ( ) var ( - ErrUserNotFound = errors.New("User not found") - ErrUserExists = errors.New("User already exists") + ErrUserNotFound = errors.New("User not found") + ErrUserExists = errors.New("User already exists") + ErrSessionNotFound = errors.New("Session not found") ) type User struct { @@ -41,23 +42,63 @@ func NewUser(id uuid.UUID, email string, emailVerified bool, emailVerifiedAt *ti } } -type DbAuth interface { - GetUser(email string) (*User, error) - InsertUser(user *User) error - - GetEmailVerificationToken(userId uuid.UUID) (string, error) - InsertEmailVerificationToken(userId uuid.UUID, token string) error +type Session struct { + Id string + UserId uuid.UUID + CreatedAt time.Time } -type DbAuthSqlite struct { +func NewSession(id string, userId uuid.UUID, createdAt time.Time) *Session { + return &Session{ + Id: id, + UserId: userId, + CreatedAt: createdAt, + } +} + +type AuthDb interface { + InsertUser(user *User) error + GetUser(email string) (*User, error) + GetUserById(userId uuid.UUID) (*User, error) + DeleteUser(userId uuid.UUID) error + UpdateUserPassword(userId uuid.UUID, newHash []byte) error + + InsertEmailVerificationToken(userId uuid.UUID, token string) error + GetEmailVerificationToken(userId uuid.UUID) (string, error) + + InsertSession(session *Session) error + GetSession(sessionId string) (*Session, error) + DeleteOldSessions(userId uuid.UUID) error + DeleteSession(sessionId string) error +} + +type AuthDbSqlite struct { db *sql.DB } -func NewDbAuthSqlite(db *sql.DB) *DbAuthSqlite { - return &DbAuthSqlite{db: db} +func NewAuthDbSqlite(db *sql.DB) *AuthDbSqlite { + return &AuthDbSqlite{db: db} } -func (db DbAuthSqlite) GetUser(email string) (*User, error) { +func (db AuthDbSqlite) InsertUser(user *User) error { + _, err := db.db.Exec(` + INSERT INTO user (user_uuid, email, email_verified, email_verified_at, is_admin, password, salt, created_at) + VALUES (?, ?, ?, ?, ?, ?, ?, ?)`, + user.Id, user.Email, user.EmailVerified, user.EmailVerifiedAt, user.IsAdmin, user.Password, user.Salt, user.CreateAt) + + if err != nil { + if strings.Contains(err.Error(), "email") { + return ErrUserExists + } + + utils.LogError("SQL error InsertUser", err) + return types.ErrInternal + } + + return nil +} + +func (db AuthDbSqlite) GetUser(email string) (*User, error) { var ( userId uuid.UUID emailVerified bool @@ -83,25 +124,102 @@ func (db DbAuthSqlite) GetUser(email string) (*User, error) { return NewUser(userId, email, emailVerified, emailVerifiedAt, isAdmin, password, salt, createdAt), nil } -func (db DbAuthSqlite) InsertUser(user *User) error { - _, err := db.db.Exec(` - INSERT INTO user (user_uuid, email, email_verified, email_verified_at, is_admin, password, salt, created_at) - VALUES (?, ?, ?, ?, ?, ?, ?, ?)`, - user.Id, user.Email, user.EmailVerified, user.EmailVerifiedAt, user.IsAdmin, user.Password, user.Salt, user.CreateAt) +func (db AuthDbSqlite) GetUserById(userId uuid.UUID) (*User, error) { + var ( + email string + emailVerified bool + emailVerifiedAt *time.Time + isAdmin bool + password []byte + salt []byte + createdAt time.Time + ) + + err := db.db.QueryRow(` + SELECT email, email_verified, email_verified_at, password, salt, created_at + FROM user + WHERE user_uuid = ?`, userId).Scan(&email, &emailVerified, &emailVerifiedAt, &password, &salt, &createdAt) if err != nil { - if strings.Contains(err.Error(), "email") { - return ErrUserExists + if err == sql.ErrNoRows { + return nil, ErrUserNotFound + } else { + utils.LogError("SQL error GetUser", err) + return nil, types.ErrInternal } + } - utils.LogError("SQL error InsertUser", err) + return NewUser(userId, email, emailVerified, emailVerifiedAt, isAdmin, password, salt, createdAt), nil +} + +func (db AuthDbSqlite) DeleteUser(userId uuid.UUID) error { + + tx, err := db.db.Begin() + if err != nil { + utils.LogError("Could not start transaction", err) + return types.ErrInternal + } + + _, err = tx.Exec("DELETE FROM workout WHERE user_id = ?", userId) + if err != nil { + tx.Rollback() + utils.LogError("Could not delete workouts", err) + return types.ErrInternal + } + + _, err = tx.Exec("DELETE FROM user_token WHERE user_uuid = ?", userId) + if err != nil { + tx.Rollback() + utils.LogError("Could not delete user tokens", err) + return types.ErrInternal + } + + _, err = tx.Exec("DELETE FROM session WHERE user_uuid = ?", userId) + if err != nil { + tx.Rollback() + utils.LogError("Could not delete sessions", err) + return types.ErrInternal + } + + _, err = tx.Exec("DELETE FROM user WHERE user_uuid = ?", userId) + if err != nil { + tx.Rollback() + utils.LogError("Could not delete user", err) + return types.ErrInternal + } + + err = tx.Commit() + if err != nil { + utils.LogError("Could not commit transaction", err) return types.ErrInternal } return nil } -func (db DbAuthSqlite) GetEmailVerificationToken(userId uuid.UUID) (string, error) { +func (db AuthDbSqlite) UpdateUserPassword(userId uuid.UUID, newHash []byte) error { + _, err := db.db.Exec("UPDATE user SET password = ? WHERE user_uuid = ?", newHash, userId) + if err != nil { + utils.LogError("Could not update password", err) + return types.ErrInternal + } + return nil +} + +func (db AuthDbSqlite) InsertEmailVerificationToken(userId uuid.UUID, token string) error { + _, err := db.db.Exec(` + INSERT INTO user_token (user_uuid, type, token, created_at) + VALUES (?, 'email_verify', ?, datetime())`, userId, token) + + if err != nil { + utils.LogError("Could not insert token", err) + return types.ErrInternal + } + + return nil +} + +func (db AuthDbSqlite) GetEmailVerificationToken(userId uuid.UUID) (string, error) { var token string err := db.db.QueryRow(` @@ -117,15 +235,60 @@ func (db DbAuthSqlite) GetEmailVerificationToken(userId uuid.UUID) (string, erro return token, nil } -func (db DbAuthSqlite) InsertEmailVerificationToken(userId uuid.UUID, token string) error { + +func (db AuthDbSqlite) InsertSession(session *Session) error { + _, err := db.db.Exec(` - INSERT INTO user_token (user_uuid, type, token, created_at) - VALUES (?, 'email_verify', ?, datetime())`, userId, token) + INSERT INTO session (session_id, user_uuid, created_at) + VALUES (?, ?, ?)`, session.Id, session.UserId, session.CreatedAt) if err != nil { - utils.LogError("Could not insert token", err) + utils.LogError("Could not insert new session", err) return types.ErrInternal } return nil } + +func (db AuthDbSqlite) GetSession(sessionId string) (*Session, error) { + + var ( + userId uuid.UUID + sessionCreatedAt time.Time + ) + + err := db.db.QueryRow(` + SELECT u.user_uuid, s.created_at + FROM session s + INNER JOIN user u ON s.user_uuid = u.user_uuid + WHERE session_id = ?`, sessionId).Scan(&userId, &sessionCreatedAt) + + if err != nil { + return nil, ErrSessionNotFound + } + + return NewSession(sessionId, userId, sessionCreatedAt), nil +} + +func (db AuthDbSqlite) DeleteOldSessions(userId uuid.UUID) error { + // Delete old inactive sessions + _, err := db.db.Exec("DELETE FROM session WHERE created_at < datetime('now','-8 hours') AND user_uuid = ?", userId) + if err != nil { + utils.LogError("Could not delete old sessions", err) + return types.ErrInternal + } + return nil +} + +func (db AuthDbSqlite) DeleteSession(sessionId string) error { + if sessionId != "" { + + _, err := db.db.Exec("DELETE FROM session WHERE session_id = ?", sessionId) + if err != nil { + utils.LogError("Could not delete session", err) + return types.ErrInternal + } + } + + return nil +} diff --git a/db/auth_test.go b/db/auth_test.go index d47c319..bb00522 100644 --- a/db/auth_test.go +++ b/db/auth_test.go @@ -35,7 +35,7 @@ func TestUser(t *testing.T) { t.Parallel() db := setupDb(t) - underTest := DbAuthSqlite{db: db} + underTest := AuthDbSqlite{db: db} _, err := underTest.GetUser("someNonExistentEmail") assert.Equal(t, ErrUserNotFound, err) @@ -45,7 +45,7 @@ func TestUser(t *testing.T) { t.Parallel() db := setupDb(t) - underTest := DbAuthSqlite{db: db} + underTest := AuthDbSqlite{db: db} verifiedAt := time.Date(2020, 1, 5, 13, 0, 0, 0, time.UTC) createAt := time.Date(2020, 1, 5, 12, 0, 0, 0, time.UTC) @@ -64,7 +64,7 @@ func TestUser(t *testing.T) { t.Parallel() db := setupDb(t) - underTest := DbAuthSqlite{db: db} + underTest := AuthDbSqlite{db: db} verifiedAt := time.Date(2020, 1, 5, 13, 0, 0, 0, time.UTC) createAt := time.Date(2020, 1, 5, 12, 0, 0, 0, time.UTC) @@ -85,7 +85,7 @@ func TestEmailVerification(t *testing.T) { t.Parallel() db := setupDb(t) - underTest := DbAuthSqlite{db: db} + underTest := AuthDbSqlite{db: db} token, err := underTest.GetEmailVerificationToken(uuid.New()) @@ -96,7 +96,7 @@ func TestEmailVerification(t *testing.T) { t.Parallel() db := setupDb(t) - underTest := DbAuthSqlite{db: db} + underTest := AuthDbSqlite{db: db} userId := uuid.New() expectedToken := "someToken" diff --git a/db/workout.go b/db/workout.go new file mode 100644 index 0000000..c4d8df8 --- /dev/null +++ b/db/workout.go @@ -0,0 +1,110 @@ +package db + +import ( + "me-fit/types" + "me-fit/utils" + + "database/sql" + "errors" + "time" + + "github.com/google/uuid" +) + +var ( + ErrWorkoutNotExists = errors.New("Workout does not exist") +) + +type WorkoutDb interface { + InsertWorkout(userId uuid.UUID, workout *WorkoutInsert) (*Workout, error) + GetWorkouts(userId uuid.UUID) ([]Workout, error) + DeleteWorkout(userId uuid.UUID, rowId int) error +} + +type WorkoutDbSqlite struct { + db *sql.DB +} + +func NewWorkoutDbSqlite(db *sql.DB) *WorkoutDbSqlite { + return &WorkoutDbSqlite{db: db} +} + +type WorkoutInsert struct { + Date time.Time + Type string + Sets int + Reps int +} + +type Workout struct { + RowId int + Date time.Time + Type string + Sets int + Reps int +} + +func NewWorkoutInsert(date time.Time, workoutType string, sets int, reps int) *WorkoutInsert { + return &WorkoutInsert{Date: date, Type: workoutType, Sets: sets, Reps: reps} +} + +func NewWorkoutFromInsert(rowId int, workoutInsert *WorkoutInsert) *Workout { + return &Workout{RowId: rowId, Date: workoutInsert.Date, Type: workoutInsert.Type, Sets: workoutInsert.Sets, Reps: workoutInsert.Reps} +} + +func (db WorkoutDbSqlite) InsertWorkout(userId uuid.UUID, workout *WorkoutInsert) (*Workout, error) { + var rowId int + err := db.db.QueryRow(` + INSERT INTO workout (user_id, date, type, sets, reps) + VALUES (?, ?, ?, ?, ?) + RETURNING rowid`, userId, workout.Date, workout.Type, workout.Sets, workout.Reps).Scan(&rowId) + if err != nil { + utils.LogError("Error inserting workout", err) + return nil, types.ErrInternal + } + + return NewWorkoutFromInsert(rowId, workout), nil +} + +func (db WorkoutDbSqlite) GetWorkouts(userId uuid.UUID) ([]Workout, error) { + + rows, err := db.db.Query("SELECT rowid, date, type, sets, reps FROM workout WHERE user_id = ? ORDER BY date desc", userId) + if err != nil { + utils.LogError("Could not get workouts", err) + return nil, types.ErrInternal + } + + var workouts = make([]Workout, 0) + for rows.Next() { + var workout Workout + + err = rows.Scan(&workout.RowId, &workout.Date, &workout.Type, &workout.Sets, &workout.Reps) + if err != nil { + utils.LogError("Could not scan workout", err) + return nil, types.ErrInternal + } + + workouts = append(workouts, workout) + } + + return workouts, nil +} + +func (db WorkoutDbSqlite) DeleteWorkout(userId uuid.UUID, rowId int) error { + + res, err := db.db.Exec("DELETE FROM workout WHERE user_id = ? AND rowid = ?", userId, rowId) + if err != nil { + return types.ErrInternal + } + + rows, err := res.RowsAffected() + if err != nil { + return types.ErrInternal + } + + if rows == 0 { + return ErrWorkoutNotExists + } + + return nil +} diff --git a/handler/auth.go b/handler/auth.go index ea155fb..344efa8 100644 --- a/handler/auth.go +++ b/handler/auth.go @@ -19,11 +19,11 @@ type HandlerAuth interface { type HandlerAuthImpl struct { db *sql.DB - service service.ServiceAuth + service service.AuthService serverSettings *types.ServerSettings } -func NewHandlerAuth(db *sql.DB, service service.ServiceAuth, serverSettings *types.ServerSettings) HandlerAuth { +func NewHandlerAuth(db *sql.DB, service service.AuthService, serverSettings *types.ServerSettings) HandlerAuth { return HandlerAuthImpl{ db: db, service: service, @@ -35,17 +35,17 @@ func (handler HandlerAuthImpl) handle(router *http.ServeMux) { // Don't use auth middleware for these routes, as it makes redirecting very difficult, if the mail is not yet verified router.Handle("/auth/signin", handler.handleSignInPage()) router.Handle("/auth/signup", handler.handleSignUpPage()) - router.Handle("/auth/verify", service.HandleSignUpVerifyPage(handler.db, handler.serverSettings)) // Hint for the user to verify their email - router.Handle("/auth/delete-account", service.HandleDeleteAccountPage(handler.db, handler.serverSettings)) + router.Handle("/auth/verify", handler.handleSignUpVerifyPage()) // Hint for the user to verify their email + router.Handle("/auth/delete-account", handler.handleDeleteAccountPage()) router.Handle("/auth/verify-email", service.HandleSignUpVerifyResponsePage(handler.db)) // The link contained in the email - router.Handle("/auth/change-password", service.HandleChangePasswordPage(handler.db, handler.serverSettings)) - router.Handle("/auth/reset-password", service.HandleResetPasswordPage(handler.db, handler.serverSettings)) + router.Handle("/auth/change-password", handler.handleChangePasswordPage()) + router.Handle("/auth/reset-password", handler.handleResetPasswordPage()) router.Handle("/api/auth/signup", handler.handleSignUp()) router.Handle("/api/auth/signin", handler.handleSignIn()) - router.Handle("/api/auth/signout", service.HandleSignOutComp(handler.db)) - router.Handle("/api/auth/delete-account", service.HandleDeleteAccountComp(handler.db, handler.serverSettings)) - router.Handle("/api/auth/verify-resend", service.HandleVerifyResendComp(handler.db, handler.serverSettings)) - router.Handle("/api/auth/change-password", service.HandleChangePasswordComp(handler.db)) + router.Handle("/api/auth/signout", handler.handleSignOut()) + router.Handle("/api/auth/delete-account", handler.HandleDeleteAccountComp()) + router.Handle("/api/auth/verify-resend", handler.HandleVerifyResendComp()) + router.Handle("/api/auth/change-password", handler.HandleChangePasswordComp()) router.Handle("/api/auth/reset-password", service.HandleResetPasswordComp(handler.db, handler.serverSettings)) router.Handle("/api/auth/reset-password-actual", service.HandleActualResetPasswordComp(handler.db)) } @@ -56,9 +56,8 @@ var ( func (handler HandlerAuthImpl) handleSignInPage() http.HandlerFunc { return func(w http.ResponseWriter, r *http.Request) { - user := utils.GetUserFromSession(handler.db, r) - - if user == nil { + user, err := handler.service.GetUserFromSessionId(utils.GetSessionID(r)) + if err != nil { userComp := service.UserInfoComp(nil) signIn := auth.SignInOrUpComp(true) err := template.Layout(signIn, userComp, handler.serverSettings.Environment).Render(r.Context(), w) @@ -67,31 +66,40 @@ func (handler HandlerAuthImpl) handleSignInPage() http.HandlerFunc { utils.LogError("Failed to render sign in page", err) http.Error(w, "Internal Server Error", http.StatusInternalServerError) } + } - } else if !user.EmailVerified { + if !user.EmailVerified { utils.DoRedirect(w, r, "/auth/verify") } else { utils.DoRedirect(w, r, "/") } } } + func (handler HandlerAuthImpl) handleSignIn() http.HandlerFunc { return func(w http.ResponseWriter, r *http.Request) { user, err := utils.WaitMinimumTime(securityWaitDuration, func() (*service.User, error) { var email = r.FormValue("email") var password = r.FormValue("password") - user, err := handler.service.SignIn(email, password) + session, err := handler.service.SignIn(email, password) if err != nil { return nil, err } - err = service.TryCreateSessionAndSetCookie(r, w, handler.db, user.Id) - if err != nil { - return nil, err + cookie := http.Cookie{ + Name: "id", + Value: session.Id, + MaxAge: 60 * 60 * 8, // 8 hours + Secure: true, + HttpOnly: true, + SameSite: http.SameSiteStrictMode, + Path: "/", } - return user, nil + http.SetCookie(w, &cookie) + + return session.User, nil }) if err != nil { @@ -115,9 +123,8 @@ func (handler HandlerAuthImpl) handleSignIn() http.HandlerFunc { func (handler HandlerAuthImpl) handleSignUpPage() http.HandlerFunc { return func(w http.ResponseWriter, r *http.Request) { - user := utils.GetUserFromSession(handler.db, r) - - if user == nil { + user, err := handler.service.GetUserFromSessionId(utils.GetSessionID(r)) + if err != nil { userComp := service.UserInfoComp(nil) signUpComp := auth.SignInOrUpComp(false) err := template.Layout(signUpComp, userComp, handler.serverSettings.Environment).Render(r.Context(), w) @@ -126,14 +133,16 @@ func (handler HandlerAuthImpl) handleSignUpPage() http.HandlerFunc { utils.LogError("Failed to render sign up page", err) http.Error(w, "Internal Server Error", http.StatusInternalServerError) } + } - } else if !user.EmailVerified { + if !user.EmailVerified { utils.DoRedirect(w, r, "/auth/verify") } else { utils.DoRedirect(w, r, "/") } } } + func (handler HandlerAuthImpl) handleSignUp() http.HandlerFunc { return func(w http.ResponseWriter, r *http.Request) { var email = r.FormValue("email") @@ -163,3 +172,186 @@ func (handler HandlerAuthImpl) handleSignUp() http.HandlerFunc { utils.TriggerToast(w, r, "success", "A link to activate your account has been emailed to the address provided.") } } + +func (handler HandlerAuthImpl) handleSignOut() http.HandlerFunc { + return func(w http.ResponseWriter, r *http.Request) { + err := handler.service.SignOut(utils.GetSessionID(r)) + if err != nil { + utils.TriggerToast(w, r, "error", "Internal Server Error") + http.Error(w, err.Error(), http.StatusInternalServerError) + return + } + + c := http.Cookie{ + Name: "id", + Value: "", + MaxAge: -1, + Secure: true, + HttpOnly: true, + SameSite: http.SameSiteStrictMode, + Path: "/", + } + + http.SetCookie(w, &c) + utils.DoRedirect(w, r, "/") + } +} + +func (handler HandlerAuthImpl) handleSignUpVerifyPage() http.HandlerFunc { + return func(w http.ResponseWriter, r *http.Request) { + user, err := handler.service.GetUserFromSessionId(utils.GetSessionID(r)) + if err != nil { + utils.DoRedirect(w, r, "/auth/signin") + } + + if user.EmailVerified { + utils.DoRedirect(w, r, "/") + } else { + userComp := service.UserInfoComp(user) + signIn := auth.VerifyComp() + err := template.Layout(signIn, userComp, handler.serverSettings.Environment).Render(r.Context(), w) + if err != nil { + utils.LogError("Failed to render verify page", err) + http.Error(w, "Internal Server Error", http.StatusInternalServerError) + } + } + } +} + +func (handler HandlerAuthImpl) handleDeleteAccountPage() http.HandlerFunc { + return func(w http.ResponseWriter, r *http.Request) { + // An unverified email should be able to delete their account + user, err := handler.service.GetUserFromSessionId(utils.GetSessionID(r)) + if err != nil { + utils.DoRedirect(w, r, "/auth/signin") + } + + userComp := service.UserInfoComp(user) + comp := auth.DeleteAccountComp() + err = template.Layout(comp, userComp, handler.serverSettings.Environment).Render(r.Context(), w) + if err != nil { + utils.LogError("Failed to render delete account page", err) + http.Error(w, "Internal Server Error", http.StatusInternalServerError) + } + } +} + +func (handler HandlerAuthImpl) handleChangePasswordPage() http.HandlerFunc { + return func(w http.ResponseWriter, r *http.Request) { + + isPasswordReset := r.URL.Query().Has("token") + + user, _ := handler.service.GetUserFromSessionId(utils.GetSessionID(r)) + + if user == nil && !isPasswordReset { + utils.DoRedirect(w, r, "/auth/signin") + } else { + userComp := service.UserInfoComp(user) + comp := auth.ChangePasswordComp(isPasswordReset) + err := template.Layout(comp, userComp, handler.serverSettings.Environment).Render(r.Context(), w) + if err != nil { + utils.LogError("Failed to render change password page", err) + http.Error(w, "Internal Server Error", http.StatusInternalServerError) + } + } + } +} + +func (handler HandlerAuthImpl) handleResetPasswordPage() http.HandlerFunc { + return func(w http.ResponseWriter, r *http.Request) { + + user, err := handler.service.GetUserFromSessionId(utils.GetSessionID(r)) + if err != nil { + utils.DoRedirect(w, r, "/auth/signin") + } + + userComp := service.UserInfoComp(user) + comp := auth.ResetPasswordComp() + err = template.Layout(comp, userComp, handler.serverSettings.Environment).Render(r.Context(), w) + if err != nil { + utils.LogError("Failed to render change password page", err) + http.Error(w, "Internal Server Error", http.StatusInternalServerError) + } + } +} + +func (handler HandlerAuthImpl) HandleResetPasswordPage() http.HandlerFunc { + return func(w http.ResponseWriter, r *http.Request) { + + user, err := handler.service.GetUserFromSessionId(utils.GetSessionID(r)) + if err != nil { + utils.DoRedirect(w, r, "/auth/signin") + return + } + + userComp := service.UserInfoComp(user) + comp := auth.ResetPasswordComp() + err = template.Layout(comp, userComp, handler.serverSettings.Environment).Render(r.Context(), w) + if err != nil { + utils.LogError("Failed to render change password page", err) + http.Error(w, "Internal Server Error", http.StatusInternalServerError) + } + } +} + +func (handler HandlerAuthImpl) HandleDeleteAccountComp() http.HandlerFunc { + return func(w http.ResponseWriter, r *http.Request) { + user, err := handler.service.GetUserFromSessionId(utils.GetSessionID(r)) + if err != nil { + utils.DoRedirect(w, r, "/auth/signin") + return + } + + password := r.FormValue("password") + + _, err = handler.service.SignIn(user.Email, password) + if err != nil { + utils.TriggerToast(w, r, "error", "Password not correct") + return + } + + err = handler.service.DeleteAccount(user) + if err != nil { + utils.TriggerToast(w, r, "error", "Internal Server Error") + return + } + + utils.DoRedirect(w, r, "/") + } +} + +func (handler HandlerAuthImpl) HandleVerifyResendComp() http.HandlerFunc { + return func(w http.ResponseWriter, r *http.Request) { + user, err := handler.service.GetUserFromSessionId(utils.GetSessionID(r)) + if err != nil { + utils.DoRedirect(w, r, "/auth/signin") + return + } + + go handler.service.SendVerificationMail(user.Id, user.Email) + + w.Write([]byte("

Verification email sent

")) + } +} + +func (handler HandlerAuthImpl) HandleChangePasswordComp() http.HandlerFunc { + return func(w http.ResponseWriter, r *http.Request) { + + user, err := handler.service.GetUserFromSessionId(utils.GetSessionID(r)) + if err != nil { + utils.DoRedirect(w, r, "/auth/signin") + return + } + + currPass := r.FormValue("current-password") + newPass := r.FormValue("new-password") + + err = handler.service.ChangePassword(user, currPass, newPass) + if err != nil { + utils.TriggerToast(w, r, "error", "Password not correct") + return + } + + utils.TriggerToast(w, r, "success", "Password changed") + } +} diff --git a/handler/default.go b/handler/default.go index ea0cf5a..b1dc2fc 100644 --- a/handler/default.go +++ b/handler/default.go @@ -13,25 +13,27 @@ import ( func GetHandler(d *sql.DB, serverSettings *types.ServerSettings) http.Handler { var router = http.NewServeMux() - router.HandleFunc("/", service.HandleIndexAnd404(d, serverSettings)) + authDb := db.NewAuthDbSqlite(d) + workoutDb := db.NewWorkoutDbSqlite(d) - randomGenerator := service.NewRandomGeneratorImpl() - clock := service.NewClockImpl() - dbAuth := db.NewDbAuthSqlite(d) + randomService := service.NewRandomServiceImpl() + clockService := service.NewClockServiceImpl() mailService := service.NewMailServiceImpl(serverSettings) - serviceAuth := service.NewServiceAuthImpl(dbAuth, randomGenerator, clock, mailService, serverSettings) - handlerAuth := NewHandlerAuth(d, serviceAuth, serverSettings) + authService := service.NewAuthServiceImpl(authDb, randomService, clockService, mailService, serverSettings) + workoutService := service.NewWorkoutServiceImpl(workoutDb, randomService, clockService, mailService, serverSettings) + + indexHandler := NewIndexHandler(d, authService, serverSettings) + authHandler := NewHandlerAuth(d, authService, serverSettings) + workoutHandler := NewWorkoutHandler(d, workoutService, authService, serverSettings) + + indexHandler.handle(router) // Serve static files (CSS, JS and images) router.Handle("/static/", http.StripPrefix("/static/", http.FileServer(http.Dir("./static/")))) - handleWorkout(d, router, serverSettings) + workoutHandler.handle(router) - handlerAuth.handle(router) + authHandler.handle(router) return middleware.Logging(middleware.EnableCors(serverSettings, router)) } - -func authMiddleware(db *sql.DB, h http.Handler) http.Handler { - return middleware.EnsureValidSession(db, h) -} diff --git a/handler/index_and_404.go b/handler/index_and_404.go new file mode 100644 index 0000000..796bdcb --- /dev/null +++ b/handler/index_and_404.go @@ -0,0 +1,57 @@ +package handler + +import ( + "me-fit/service" + "me-fit/template" + "me-fit/types" + "me-fit/utils" + + "database/sql" + "net/http" + + "github.com/a-h/templ" +) + +type IndexHandler interface { + handle(router *http.ServeMux) +} + +type IndexHandlerImpl struct { + db *sql.DB + service service.AuthService + serverSettings *types.ServerSettings +} + +func NewIndexHandler(db *sql.DB, service service.AuthService, serverSettings *types.ServerSettings) IndexHandler { + return IndexHandlerImpl{ + db: db, + service: service, + serverSettings: serverSettings, + } +} + +func (handler IndexHandlerImpl) handle(router *http.ServeMux) { + router.Handle("/", handler.handleIndexAnd404()) +} + +func (handler IndexHandlerImpl) handleIndexAnd404() http.HandlerFunc { + return func(w http.ResponseWriter, r *http.Request) { + user, err := handler.service.GetUserFromSessionId(utils.GetSessionID(r)) + + var comp templ.Component = nil + userComp := service.UserInfoComp(user) + + if r.URL.Path != "/" { + comp = template.Layout(template.NotFound(), userComp, handler.serverSettings.Environment) + w.WriteHeader(http.StatusNotFound) + } else { + comp = template.Layout(template.Index(), userComp, handler.serverSettings.Environment) + } + + err = comp.Render(r.Context(), w) + if err != nil { + utils.LogError("Failed to render index", err) + http.Error(w, "Failed to render index", http.StatusInternalServerError) + } + } +} diff --git a/handler/workout.go b/handler/workout.go index 7252b2d..0139639 100644 --- a/handler/workout.go +++ b/handler/workout.go @@ -2,15 +2,147 @@ package handler import ( "me-fit/service" + "me-fit/template" + "me-fit/template/workout" "me-fit/types" + "me-fit/utils" "database/sql" + "log/slog" "net/http" + "strconv" + "time" ) -func handleWorkout(db *sql.DB, router *http.ServeMux, serverSettings *types.ServerSettings) { - router.Handle("/workout", authMiddleware(db, service.HandleWorkoutPage(db, serverSettings))) - router.Handle("POST /api/workout", authMiddleware(db, service.HandleWorkoutNewComp(db))) - router.Handle("GET /api/workout", authMiddleware(db, service.HandleWorkoutGetComp(db))) - router.Handle("DELETE /api/workout/{id}", authMiddleware(db, service.HandleWorkoutDeleteComp(db))) +type WorkoutHandler interface { + handle(router *http.ServeMux) +} + +type WorkoutHandlerImpl struct { + db *sql.DB + service service.WorkoutService + auth service.AuthService + serverSettings *types.ServerSettings +} + +func NewWorkoutHandler(db *sql.DB, service service.WorkoutService, auth service.AuthService, serverSettings *types.ServerSettings) HandlerAuth { + return WorkoutHandlerImpl{ + db: db, + service: service, + auth: auth, + serverSettings: serverSettings, + } +} + +func (handler WorkoutHandlerImpl) handle(router *http.ServeMux) { + router.Handle("/workout", handler.handleWorkoutPage()) + router.Handle("POST /api/workout", handler.handleAddWorkout()) + router.Handle("GET /api/workout", handler.handleGetWorkout()) + router.Handle("DELETE /api/workout/{id}", handler.handleDeleteWorkout()) +} + +func (handler WorkoutHandlerImpl) handleWorkoutPage() http.HandlerFunc { + return func(w http.ResponseWriter, r *http.Request) { + user, err := handler.auth.GetUserFromSessionId(utils.GetSessionID(r)) + if err != nil { + utils.DoRedirect(w, r, "/auth/signin") + return + } + + currentDate := time.Now().Format("2006-01-02") + inner := workout.WorkoutComp(currentDate) + userComp := service.UserInfoComp(user) + err = template.Layout(inner, userComp, handler.serverSettings.Environment).Render(r.Context(), w) + if err != nil { + utils.LogError("Failed to render workout page", err) + http.Error(w, "Internal Server Error", http.StatusInternalServerError) + } + } +} + +func (handler WorkoutHandlerImpl) handleAddWorkout() http.HandlerFunc { + return func(w http.ResponseWriter, r *http.Request) { + user, err := handler.auth.GetUserFromSessionId(utils.GetSessionID(r)) + if err != nil { + utils.DoRedirect(w, r, "/auth/signin") + return + } + + var dateStr = r.FormValue("date") + var typeStr = r.FormValue("type") + var setsStr = r.FormValue("sets") + var repsStr = r.FormValue("reps") + + wo := service.NewWorkoutDto("", dateStr, typeStr, setsStr, repsStr) + wo, err = handler.service.AddWorkout(user, wo) + if err != nil { + utils.TriggerToast(w, r, "error", "Invalid input values") + http.Error(w, "Invalid input values", http.StatusBadRequest) + return + } + wor := workout.Workout{Id: wo.RowId, Date: wo.Date, Type: wo.Type, Sets: wo.Sets, Reps: wo.Reps} + + err = workout.WorkoutItemComp(wor, true).Render(r.Context(), w) + if err != nil { + utils.LogError("Could not render workoutitem", err) + utils.TriggerToast(w, r, "error", "Internal Server Error") + http.Error(w, err.Error(), http.StatusInternalServerError) + } + } +} + +func (handler WorkoutHandlerImpl) handleGetWorkout() http.HandlerFunc { + return func(w http.ResponseWriter, r *http.Request) { + user, err := handler.auth.GetUserFromSessionId(utils.GetSessionID(r)) + if err != nil { + utils.DoRedirect(w, r, "/auth/signin") + return + } + + workouts, err := handler.service.GetWorkouts(user) + if err != nil { + return + } + + wos := make([]workout.Workout, 0) + for _, wo := range workouts { + wos = append(wos, workout.Workout{Id: wo.RowId, Date: wo.Date, Type: wo.Type, Sets: wo.Sets, Reps: wo.Reps}) + } + + workout.WorkoutListComp(wos).Render(r.Context(), w) + } +} + +func (handler WorkoutHandlerImpl) handleDeleteWorkout() http.HandlerFunc { + return func(w http.ResponseWriter, r *http.Request) { + user, err := handler.auth.GetUserFromSessionId(utils.GetSessionID(r)) + if err != nil { + utils.DoRedirect(w, r, "/auth/signin") + return + } + + rowId := r.PathValue("id") + if rowId == "" { + http.Error(w, "Missing required fields", http.StatusBadRequest) + slog.Warn("Missing required fields for workout delete") + utils.TriggerToast(w, r, "error", "Missing ID field") + return + } + + rowIdInt, err := strconv.Atoi(rowId) + if err != nil { + http.Error(w, "Invalid ID", http.StatusBadRequest) + slog.Warn("Invalid ID for workout delete") + utils.TriggerToast(w, r, "error", "Invalid ID") + return + } + + err = handler.service.DeleteWorkout(user, rowIdInt) + if err != nil { + http.Error(w, "Internal Server Error", http.StatusInternalServerError) + slog.Error("Could not delete workout: " + err.Error()) + utils.TriggerToast(w, r, "error", "Internal Server Error") + return + } + } } diff --git a/middleware/auth.go b/middleware/auth.go deleted file mode 100644 index e48c010..0000000 --- a/middleware/auth.go +++ /dev/null @@ -1,30 +0,0 @@ -package middleware - -import ( - "me-fit/utils" - - "context" - "database/sql" - "net/http" -) - -func EnsureValidSession(db *sql.DB, next http.Handler) http.Handler { - - return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { - - user := utils.GetUserFromSession(db, r) - if user == nil { - utils.DoRedirect(w, r, "/auth/signin") - return - } - - if !user.EmailVerified && r.URL.Path != "/auth/verify" { - utils.DoRedirect(w, r, "/auth/verify") - return - } - - ctx := context.WithValue(r.Context(), utils.ContextKeyUser, user) - - next.ServeHTTP(w, r.WithContext(ctx)) - }) -} diff --git a/mocks/default.go b/mocks/default.go deleted file mode 100644 index f07c6b5..0000000 --- a/mocks/default.go +++ /dev/null @@ -1,5 +0,0 @@ -package mocks - -import ( - _ "github.com/stretchr/testify/mock" -) diff --git a/service/auth.go b/service/auth.go index c1f3663..8d7fc10 100644 --- a/service/auth.go +++ b/service/auth.go @@ -10,9 +10,9 @@ import ( "net/mail" "net/url" "strings" + "time" "me-fit/db" - "me-fit/template" "me-fit/template/auth" tempMail "me-fit/template/mail" "me-fit/types" @@ -28,6 +28,7 @@ var ( ErrInvalidPassword = errors.New("Password needs to be 8 characters long, contain at least one number, one special, one uppercase and one lowercase character") ErrInvalidEmail = errors.New("Invalid email") ErrAccountExists = errors.New("Account already exists") + ErrSessionIdInvalid = errors.New("Session ID is invalid") ) type User struct { @@ -44,22 +45,41 @@ func NewUser(user *db.User) *User { } } -type ServiceAuth interface { - SignIn(email string, password string) (*User, error) - SignUp(email string, password string) (*User, error) - SendVerificationMail(userId uuid.UUID, email string) +type Session struct { + Id string + CreatedAt time.Time + User *User } -type ServiceAuthImpl struct { - dbAuth db.DbAuth - randomGenerator RandomGenerator - clock Clock +func NewSession(session *db.Session, user *User) *Session { + return &Session{ + Id: session.Id, + CreatedAt: session.CreatedAt, + User: user, + } +} + +type AuthService interface { + SignIn(email string, password string) (*Session, error) + SignUp(email string, password string) (*User, error) + SendVerificationMail(userId uuid.UUID, email string) + SignOut(sessionId string) error + DeleteAccount(user *User) error + ChangePassword(user *User, currPass, newPass string) error + + GetUserFromSessionId(sessionId string) (*User, error) +} + +type AuthServiceImpl struct { + dbAuth db.AuthDb + randomGenerator RandomService + clock ClockService mailService MailService serverSettings *types.ServerSettings } -func NewServiceAuthImpl(dbAuth db.DbAuth, randomGenerator RandomGenerator, clock Clock, mailService MailService, serverSettings *types.ServerSettings) *ServiceAuthImpl { - return &ServiceAuthImpl{ +func NewAuthServiceImpl(dbAuth db.AuthDb, randomGenerator RandomService, clock ClockService, mailService MailService, serverSettings *types.ServerSettings) *AuthServiceImpl { + return &AuthServiceImpl{ dbAuth: dbAuth, randomGenerator: randomGenerator, clock: clock, @@ -68,7 +88,7 @@ func NewServiceAuthImpl(dbAuth db.DbAuth, randomGenerator RandomGenerator, clock } } -func (service ServiceAuthImpl) SignIn(email string, password string) (*User, error) { +func (service AuthServiceImpl) SignIn(email string, password string) (*Session, error) { user, err := service.dbAuth.GetUser(email) if err != nil { if errors.Is(err, db.ErrUserNotFound) { @@ -84,10 +104,36 @@ func (service ServiceAuthImpl) SignIn(email string, password string) (*User, err return nil, ErrInvaidCredentials } - return NewUser(user), nil + session, err := service.createSession(user.Id) + if err != nil { + return nil, types.ErrInternal + } + + return NewSession(session, NewUser(user)), nil } -func (service ServiceAuthImpl) SignUp(email string, password string) (*User, error) { +func (service AuthServiceImpl) createSession(userId uuid.UUID) (*db.Session, error) { + sessionId, err := service.randomGenerator.String(32) + if err != nil { + return nil, types.ErrInternal + } + + err = service.dbAuth.DeleteOldSessions(userId) + if err != nil { + return nil, types.ErrInternal + } + + session := db.NewSession(sessionId, userId, service.clock.Now()) + + err = service.dbAuth.InsertSession(session) + if err != nil { + return nil, types.ErrInternal + } + + return session, nil +} + +func (service AuthServiceImpl) SignUp(email string, password string) (*User, error) { _, err := mail.ParseAddress(email) if err != nil { return nil, ErrInvalidEmail @@ -123,7 +169,7 @@ func (service ServiceAuthImpl) SignUp(email string, password string) (*User, err return NewUser(dbUser), nil } -func (service ServiceAuthImpl) SendVerificationMail(userId uuid.UUID, email string) { +func (service AuthServiceImpl) SendVerificationMail(userId uuid.UUID, email string) { var token string token, err := service.dbAuth.GetEmailVerificationToken(userId) @@ -153,45 +199,35 @@ func (service ServiceAuthImpl) SendVerificationMail(userId uuid.UUID, email stri service.mailService.SendMail(email, "Welcome to ME-FIT", w.String()) } +func (service AuthServiceImpl) SignOut(sessionId string) error { + + return service.dbAuth.DeleteSession(sessionId) +} + +func (service AuthServiceImpl) GetUserFromSessionId(sessionId string) (*User, error) { + if sessionId == "" { + return nil, ErrSessionIdInvalid + } + + session, err := service.dbAuth.GetSession(sessionId) + if err != nil { + return nil, types.ErrInternal + } + + user, err := service.dbAuth.GetUserById(session.UserId) + if err != nil { + return nil, types.ErrInternal + } + + if session.CreatedAt.Add(time.Duration(8 * time.Hour)).Before(service.clock.Now()) { + return nil, nil + } else { + return NewUser(user), nil + } +} + // TODO -func HandleSignUpVerifyPage(db *sql.DB, serverSettings *types.ServerSettings) http.HandlerFunc { - return func(w http.ResponseWriter, r *http.Request) { - user := utils.GetUserFromSession(db, r) - if user == nil { - utils.DoRedirect(w, r, "/auth/signin") - } else if user.EmailVerified { - utils.DoRedirect(w, r, "/") - } else { - userComp := UserInfoComp(user) - signIn := auth.VerifyComp() - err := template.Layout(signIn, userComp, serverSettings.Environment).Render(r.Context(), w) - if err != nil { - utils.LogError("Failed to render verify page", err) - http.Error(w, "Internal Server Error", http.StatusInternalServerError) - } - } - } -} - -func HandleDeleteAccountPage(db *sql.DB, serverSettings *types.ServerSettings) http.HandlerFunc { - return func(w http.ResponseWriter, r *http.Request) { - // An unverified email should be able to delete their account - user := utils.GetUserFromSession(db, r) - if user == nil { - utils.DoRedirect(w, r, "/auth/signin") - } else { - userComp := UserInfoComp(user) - comp := auth.DeleteAccountComp() - err := template.Layout(comp, userComp, serverSettings.Environment).Render(r.Context(), w) - if err != nil { - utils.LogError("Failed to render delete account page", err) - http.Error(w, "Internal Server Error", http.StatusInternalServerError) - } - } - } -} - func HandleSignUpVerifyResponsePage(db *sql.DB) http.HandlerFunc { return func(w http.ResponseWriter, r *http.Request) { @@ -234,45 +270,7 @@ func HandleSignUpVerifyResponsePage(db *sql.DB) http.HandlerFunc { } } -func HandleChangePasswordPage(db *sql.DB, serverSettings *types.ServerSettings) http.HandlerFunc { - return func(w http.ResponseWriter, r *http.Request) { - - isPasswordReset := r.URL.Query().Has("token") - - user := utils.GetUserFromSession(db, r) - if user == nil && !isPasswordReset { - utils.DoRedirect(w, r, "/auth/signin") - } else { - userComp := UserInfoComp(user) - comp := auth.ChangePasswordComp(isPasswordReset) - err := template.Layout(comp, userComp, serverSettings.Environment).Render(r.Context(), w) - if err != nil { - utils.LogError("Failed to render change password page", err) - http.Error(w, "Internal Server Error", http.StatusInternalServerError) - } - } - } -} - -func HandleResetPasswordPage(db *sql.DB, serverSettings *types.ServerSettings) http.HandlerFunc { - return func(w http.ResponseWriter, r *http.Request) { - - user := utils.GetUserFromSession(db, r) - if user != nil { - utils.DoRedirect(w, r, "/auth/signin") - } else { - userComp := UserInfoComp(nil) - comp := auth.ResetPasswordComp() - err := template.Layout(comp, userComp, serverSettings.Environment).Render(r.Context(), w) - if err != nil { - utils.LogError("Failed to render change password page", err) - http.Error(w, "Internal Server Error", http.StatusInternalServerError) - } - } - } -} - -func UserInfoComp(user *types.User) templ.Component { +func UserInfoComp(user *User) templ.Component { if user != nil { return auth.UserComp(user.Email) @@ -281,168 +279,46 @@ func UserInfoComp(user *types.User) templ.Component { } } -func HandleSignOutComp(db *sql.DB) http.HandlerFunc { - return func(w http.ResponseWriter, r *http.Request) { - user := utils.GetUserFromSession(db, r) +func (service AuthServiceImpl) DeleteAccount(user *User) error { - if user != nil { - _, err := db.Exec("DELETE FROM session WHERE session_id = ?", user.SessionId) - if err != nil { - utils.LogError("Could not delete session", err) - utils.TriggerToast(w, r, "error", "Internal Server Error") - http.Error(w, err.Error(), http.StatusInternalServerError) - return - } - } - - c := http.Cookie{ - Name: "id", - Value: "", - MaxAge: -1, - Secure: true, - HttpOnly: true, - SameSite: http.SameSiteStrictMode, - Path: "/", - } - - http.SetCookie(w, &c) - utils.DoRedirect(w, r, "/") + err := service.dbAuth.DeleteUser(user.Id) + if err != nil { + return err } + + go service.mailService.SendMail(user.Email, "Account deleted", "Your account has been deleted") + + return nil } -func HandleDeleteAccountComp(db *sql.DB, serverSettings *types.ServerSettings) http.HandlerFunc { - mailService := NewMailServiceImpl(serverSettings) - return func(w http.ResponseWriter, r *http.Request) { - user := utils.GetUserFromSession(db, r) - if user == nil { - utils.DoRedirect(w, r, "/auth/signin") - return - } +func (service AuthServiceImpl) ChangePassword(user *User, currPass, newPass string) error { - password := r.FormValue("password") - if password == "" { - utils.TriggerToast(w, r, "error", "Password is required") - return - } - - var ( - storedHash []byte - salt []byte - ) - - err := db.QueryRow("SELECT password, salt FROM user WHERE user_uuid = ?", user.Id).Scan(&storedHash, &salt) - if err != nil { - utils.LogError("Could not get password", err) - utils.TriggerToast(w, r, "error", "Internal Server Error") - return - } - - currHash := GetHashPassword(password, salt) - if subtle.ConstantTimeCompare(currHash, storedHash) == 0 { - utils.TriggerToast(w, r, "error", "Password is not correct") - return - } - - _, err = db.Exec("DELETE FROM workout WHERE user_id = ?", user.Id) - if err != nil { - utils.LogError("Could not delete workouts", err) - utils.TriggerToast(w, r, "error", "Internal Server Error") - return - } - - _, err = db.Exec("DELETE FROM user_token WHERE user_uuid = ?", user.Id) - if err != nil { - utils.LogError("Could not delete user tokens", err) - utils.TriggerToast(w, r, "error", "Internal Server Error") - return - } - - _, err = db.Exec("DELETE FROM session WHERE user_uuid = ?", user.Id) - if err != nil { - utils.LogError("Could not delete sessions", err) - utils.TriggerToast(w, r, "error", "Internal Server Error") - return - } - - _, err = db.Exec("DELETE FROM user WHERE user_uuid = ?", user.Id) - if err != nil { - utils.LogError("Could not delete user", err) - utils.TriggerToast(w, r, "error", "Internal Server Error") - return - } - - go mailService.SendMail(user.Email, "Account deleted", "Your account has been deleted") - - utils.DoRedirect(w, r, "/") + if !isPasswordValid(newPass) { + return ErrInvalidPassword } -} -func HandleVerifyResendComp(db *sql.DB, serverSettings *types.ServerSettings) http.HandlerFunc { - return func(w http.ResponseWriter, r *http.Request) { - user := utils.GetUserFromSession(db, r) - if user == nil || user.EmailVerified { - utils.DoRedirect(w, r, "/auth/signin") - return - } - - // TODO - // go sendVerificationEmail(db, user.Id.String(), user.Email, serverSettings) - - w.Write([]byte("

Verification email sent

")) + if currPass == newPass { + return ErrInvalidPassword } -} -func HandleChangePasswordComp(db *sql.DB) http.HandlerFunc { - return func(w http.ResponseWriter, r *http.Request) { - - user := utils.GetUserFromSession(db, r) - if user == nil { - utils.DoRedirect(w, r, "/auth/signin") - return - } - - currPass := r.FormValue("current-password") - newPass := r.FormValue("new-password") - - if !isPasswordValid(newPass) { - utils.TriggerToast(w, r, "error", ErrInvalidPassword.Error()) - return - } - - if currPass == newPass { - utils.TriggerToast(w, r, "error", "Please use a new password") - return - } - - var ( - storedHash []byte - salt []byte - ) - - err := db.QueryRow("SELECT password, salt FROM user WHERE user_uuid = ?", user.Id).Scan(&storedHash, &salt) - if err != nil { - utils.LogError("Could not get password", err) - utils.TriggerToast(w, r, "error", "Internal Server Error") - return - } - - currHash := GetHashPassword(currPass, salt) - if subtle.ConstantTimeCompare(currHash, storedHash) == 0 { - utils.TriggerToast(w, r, "error", "Current Password is not correct") - return - } - - newHash := GetHashPassword(newPass, salt) - - _, err = db.Exec("UPDATE user SET password = ? WHERE user_uuid = ?", newHash, user.Id) - if err != nil { - utils.LogError("Could not update password", err) - utils.TriggerToast(w, r, "error", "Internal Server Error") - return - } - - utils.TriggerToast(w, r, "success", "Password changed") + _, err := service.SignIn(user.Email, currPass) + if err != nil { + return err } + + userDb, err := service.dbAuth.GetUserById(user.Id) + if err != nil { + return err + } + + newHash := GetHashPassword(newPass, userDb.Salt) + + err = service.dbAuth.UpdateUserPassword(user.Id, newHash) + if err != nil { + return err + } + + return nil } func HandleActualResetPasswordComp(db *sql.DB) http.HandlerFunc { @@ -517,7 +393,7 @@ func HandleResetPasswordComp(db *sql.DB, serverSettings *types.ServerSettings) h return } - token, err := NewRandomGeneratorImpl().String(32) + token, err := NewRandomServiceImpl().String(32) if err != nil { return } @@ -556,39 +432,6 @@ func HandleResetPasswordComp(db *sql.DB, serverSettings *types.ServerSettings) h } } -func TryCreateSessionAndSetCookie(r *http.Request, w http.ResponseWriter, db *sql.DB, user_uuid uuid.UUID) error { - sessionId, err := NewRandomGeneratorImpl().String(32) - if err != nil { - return types.ErrInternal - } - - // Delete old inactive sessions - _, err = db.Exec("DELETE FROM session WHERE created_at < datetime('now','-8 hours') AND user_uuid = ?", user_uuid) - if err != nil { - utils.LogError("Could not delete old sessions", err) - return types.ErrInternal - } - - _, err = db.Exec("INSERT INTO session (session_id, user_uuid, created_at) VALUES (?, ?, datetime())", sessionId, user_uuid) - if err != nil { - utils.LogError("Could not insert session", err) - return types.ErrInternal - } - - cookie := http.Cookie{ - Name: "id", - Value: sessionId, - MaxAge: 60 * 60 * 8, // 8 hours - Secure: true, - HttpOnly: true, - SameSite: http.SameSiteStrictMode, - Path: "/", - } - http.SetCookie(w, &cookie) - - return nil -} - func GetHashPassword(password string, salt []byte) []byte { return argon2.IDKey([]byte(password), salt, 1, 64*1024, 1, 16) } diff --git a/service/auth_test.go b/service/auth_test.go index aeede82..e968f44 100644 --- a/service/auth_test.go +++ b/service/auth_test.go @@ -4,9 +4,9 @@ import ( "me-fit/db" "me-fit/mocks" "me-fit/types" - "strings" "errors" + "strings" "testing" "time" @@ -33,24 +33,25 @@ func TestSignIn(t *testing.T) { time.Date(2020, 1, 1, 0, 0, 0, 0, time.UTC), ) - mockDbAuth := mocks.NewMockDbAuth(t) - mockDbAuth.EXPECT().GetUser("test@test.de").Return(user, nil) - mockRandom := mocks.NewMockRandomGenerator(t) - mockClock := mocks.NewMockClock(t) + dbSession := db.NewSession("sessionId", user.Id, time.Date(2020, 1, 1, 0, 0, 0, 0, time.UTC)) + + mockAuthDb := mocks.NewMockAuthDb(t) + mockAuthDb.EXPECT().GetUser("test@test.de").Return(user, nil) + mockAuthDb.EXPECT().DeleteOldSessions(user.Id).Return(nil) + mockAuthDb.EXPECT().InsertSession(dbSession).Return(nil) + mockRandom := mocks.NewMockRandomService(t) + mockRandom.EXPECT().String(32).Return("sessionId", nil) + mockClock := mocks.NewMockClockService(t) + mockClock.EXPECT().Now().Return(time.Date(2020, 1, 1, 0, 0, 0, 0, time.UTC)) mockMail := mocks.NewMockMailService(t) - underTest := NewServiceAuthImpl(mockDbAuth, mockRandom, mockClock, mockMail, &types.ServerSettings{}) + underTest := NewAuthServiceImpl(mockAuthDb, mockRandom, mockClock, mockMail, &types.ServerSettings{}) - actualUser, err := underTest.SignIn(user.Email, "password") + actualSession, err := underTest.SignIn(user.Email, "password") assert.Nil(t, err) - expectedUser := User{ - Id: user.Id, - Email: user.Email, - EmailVerified: user.EmailVerified, - } - - assert.Equal(t, expectedUser, *actualUser) + expectedSession := NewSession(dbSession, NewUser(user)) + assert.Equal(t, expectedSession, actualSession) }) t.Run("should return ErrInvalidCretentials if password is not correct", func(t *testing.T) { @@ -69,13 +70,13 @@ func TestSignIn(t *testing.T) { time.Date(2020, 1, 1, 0, 0, 0, 0, time.UTC), ) - mockDbAuth := mocks.NewMockDbAuth(t) - mockDbAuth.EXPECT().GetUser(user.Email).Return(user, nil) - mockRandom := mocks.NewMockRandomGenerator(t) - mockClock := mocks.NewMockClock(t) + mockAuthDb := mocks.NewMockAuthDb(t) + mockAuthDb.EXPECT().GetUser(user.Email).Return(user, nil) + mockRandom := mocks.NewMockRandomService(t) + mockClock := mocks.NewMockClockService(t) mockMail := mocks.NewMockMailService(t) - underTest := NewServiceAuthImpl(mockDbAuth, mockRandom, mockClock, mockMail, &types.ServerSettings{}) + underTest := NewAuthServiceImpl(mockAuthDb, mockRandom, mockClock, mockMail, &types.ServerSettings{}) _, err := underTest.SignIn("test@test.de", "wrong password") @@ -84,13 +85,13 @@ func TestSignIn(t *testing.T) { t.Run("should return ErrInvalidCretentials if user has not been found", func(t *testing.T) { t.Parallel() - mockDbAuth := mocks.NewMockDbAuth(t) - mockDbAuth.EXPECT().GetUser("test").Return(nil, db.ErrUserNotFound) - mockRandom := mocks.NewMockRandomGenerator(t) - mockClock := mocks.NewMockClock(t) + mockAuthDb := mocks.NewMockAuthDb(t) + mockAuthDb.EXPECT().GetUser("test").Return(nil, db.ErrUserNotFound) + mockRandom := mocks.NewMockRandomService(t) + mockClock := mocks.NewMockClockService(t) mockMail := mocks.NewMockMailService(t) - underTest := NewServiceAuthImpl(mockDbAuth, mockRandom, mockClock, mockMail, &types.ServerSettings{}) + underTest := NewAuthServiceImpl(mockAuthDb, mockRandom, mockClock, mockMail, &types.ServerSettings{}) _, err := underTest.SignIn("test", "test") assert.Equal(t, ErrInvaidCredentials, err) @@ -98,13 +99,13 @@ func TestSignIn(t *testing.T) { t.Run("should forward ErrInternal on any other error", func(t *testing.T) { t.Parallel() - mockDbAuth := mocks.NewMockDbAuth(t) - mockDbAuth.EXPECT().GetUser("test").Return(nil, errors.New("Some undefined error")) - mockRandom := mocks.NewMockRandomGenerator(t) - mockClock := mocks.NewMockClock(t) + mockAuthDb := mocks.NewMockAuthDb(t) + mockAuthDb.EXPECT().GetUser("test").Return(nil, errors.New("Some undefined error")) + mockRandom := mocks.NewMockRandomService(t) + mockClock := mocks.NewMockClockService(t) mockMail := mocks.NewMockMailService(t) - underTest := NewServiceAuthImpl(mockDbAuth, mockRandom, mockClock, mockMail, &types.ServerSettings{}) + underTest := NewAuthServiceImpl(mockAuthDb, mockRandom, mockClock, mockMail, &types.ServerSettings{}) _, err := underTest.SignIn("test", "test") @@ -117,12 +118,12 @@ func TestSignUp(t *testing.T) { t.Run("should check for correct email address", func(t *testing.T) { t.Parallel() - mockDbAuth := mocks.NewMockDbAuth(t) - mockRandom := mocks.NewMockRandomGenerator(t) - mockClock := mocks.NewMockClock(t) + mockAuthDb := mocks.NewMockAuthDb(t) + mockRandom := mocks.NewMockRandomService(t) + mockClock := mocks.NewMockClockService(t) mockMail := mocks.NewMockMailService(t) - underTest := NewServiceAuthImpl(mockDbAuth, mockRandom, mockClock, mockMail, &types.ServerSettings{}) + underTest := NewAuthServiceImpl(mockAuthDb, mockRandom, mockClock, mockMail, &types.ServerSettings{}) _, err := underTest.SignUp("invalid email address", "SomeStrongPassword123!") @@ -131,12 +132,12 @@ func TestSignUp(t *testing.T) { t.Run("should check for password complexity", func(t *testing.T) { t.Parallel() - mockDbAuth := mocks.NewMockDbAuth(t) - mockRandom := mocks.NewMockRandomGenerator(t) - mockClock := mocks.NewMockClock(t) + mockAuthDb := mocks.NewMockAuthDb(t) + mockRandom := mocks.NewMockRandomService(t) + mockClock := mocks.NewMockClockService(t) mockMail := mocks.NewMockMailService(t) - underTest := NewServiceAuthImpl(mockDbAuth, mockRandom, mockClock, mockMail, &types.ServerSettings{}) + underTest := NewAuthServiceImpl(mockAuthDb, mockRandom, mockClock, mockMail, &types.ServerSettings{}) weakPasswords := []string{ "123!ab", // too short @@ -153,9 +154,9 @@ func TestSignUp(t *testing.T) { t.Run("should signup correctly", func(t *testing.T) { t.Parallel() - mockDbAuth := mocks.NewMockDbAuth(t) - mockRandom := mocks.NewMockRandomGenerator(t) - mockClock := mocks.NewMockClock(t) + mockAuthDb := mocks.NewMockAuthDb(t) + mockRandom := mocks.NewMockRandomService(t) + mockClock := mocks.NewMockClockService(t) mockMail := mocks.NewMockMailService(t) expected := User{ @@ -164,7 +165,7 @@ func TestSignUp(t *testing.T) { EmailVerified: false, } - random := NewRandomGeneratorImpl() + random := NewRandomServiceImpl() salt, err := random.Bytes(16) assert.Nil(t, err) password := "SomeStrongPassword123!" @@ -176,9 +177,9 @@ func TestSignUp(t *testing.T) { mockClock.EXPECT().Now().Return(createTime) - mockDbAuth.EXPECT().InsertUser(db.NewUser(expected.Id, expected.Email, false, nil, false, GetHashPassword(password, salt), salt, createTime)).Return(nil) + mockAuthDb.EXPECT().InsertUser(db.NewUser(expected.Id, expected.Email, false, nil, false, GetHashPassword(password, salt), salt, createTime)).Return(nil) - underTest := NewServiceAuthImpl(mockDbAuth, mockRandom, mockClock, mockMail, &types.ServerSettings{}) + underTest := NewAuthServiceImpl(mockAuthDb, mockRandom, mockClock, mockMail, &types.ServerSettings{}) actual, err := underTest.SignUp(expected.Email, password) @@ -189,9 +190,9 @@ func TestSignUp(t *testing.T) { t.Run("should return ErrAccountExists", func(t *testing.T) { t.Parallel() - mockDbAuth := mocks.NewMockDbAuth(t) - mockRandom := mocks.NewMockRandomGenerator(t) - mockClock := mocks.NewMockClock(t) + mockAuthDb := mocks.NewMockAuthDb(t) + mockRandom := mocks.NewMockRandomService(t) + mockClock := mocks.NewMockClockService(t) mockMail := mocks.NewMockMailService(t) user := User{ @@ -199,7 +200,7 @@ func TestSignUp(t *testing.T) { Email: "some@valid.email", } - random := NewRandomGeneratorImpl() + random := NewRandomServiceImpl() salt, err := random.Bytes(16) assert.Nil(t, err) password := "SomeStrongPassword123!" @@ -211,9 +212,9 @@ func TestSignUp(t *testing.T) { mockClock.EXPECT().Now().Return(createTime) - mockDbAuth.EXPECT().InsertUser(db.NewUser(user.Id, user.Email, false, nil, false, GetHashPassword(password, salt), salt, createTime)).Return(db.ErrUserExists) + mockAuthDb.EXPECT().InsertUser(db.NewUser(user.Id, user.Email, false, nil, false, GetHashPassword(password, salt), salt, createTime)).Return(db.ErrUserExists) - underTest := NewServiceAuthImpl(mockDbAuth, mockRandom, mockClock, mockMail, &types.ServerSettings{}) + underTest := NewAuthServiceImpl(mockAuthDb, mockRandom, mockClock, mockMail, &types.ServerSettings{}) _, err = underTest.SignUp(user.Email, password) assert.Equal(t, ErrAccountExists, err) @@ -230,16 +231,16 @@ func TestSendVerificationMail(t *testing.T) { email := "some@email.de" userId := uuid.New() - mockDbAuth := mocks.NewMockDbAuth(t) - mockRandom := mocks.NewMockRandomGenerator(t) - mockClock := mocks.NewMockClock(t) + mockAuthDb := mocks.NewMockAuthDb(t) + mockRandom := mocks.NewMockRandomService(t) + mockClock := mocks.NewMockClockService(t) mockMail := mocks.NewMockMailService(t) - mockDbAuth.EXPECT().GetEmailVerificationToken(userId).Return(token, nil) + mockAuthDb.EXPECT().GetEmailVerificationToken(userId).Return(token, nil) mockMail.EXPECT().SendMail(email, "Welcome to ME-FIT", mock.MatchedBy(func(message string) bool { return strings.Contains(message, token) })).Return(nil) - underTest := NewServiceAuthImpl(mockDbAuth, mockRandom, mockClock, mockMail, &types.ServerSettings{}) + underTest := NewAuthServiceImpl(mockAuthDb, mockRandom, mockClock, mockMail, &types.ServerSettings{}) underTest.SendVerificationMail(userId, email) }) diff --git a/service/clock.go b/service/clock.go index cf7cae9..9da6e35 100644 --- a/service/clock.go +++ b/service/clock.go @@ -2,16 +2,16 @@ package service import "time" -type Clock interface { +type ClockService interface { Now() time.Time } -type ClockImpl struct{} +type ClockServiceImpl struct{} -func NewClockImpl() Clock { - return &ClockImpl{} +func NewClockServiceImpl() ClockService { + return &ClockServiceImpl{} } -func (c *ClockImpl) Now() time.Time { +func (c *ClockServiceImpl) Now() time.Time { return time.Now() } diff --git a/service/index_and_404.go b/service/index_and_404.go deleted file mode 100644 index 085f032..0000000 --- a/service/index_and_404.go +++ /dev/null @@ -1,33 +0,0 @@ -package service - -import ( - "database/sql" - "me-fit/template" - "me-fit/types" - "me-fit/utils" - "net/http" - - "github.com/a-h/templ" -) - -func HandleIndexAnd404(db *sql.DB, serverSettings *types.ServerSettings) http.HandlerFunc { - return func(w http.ResponseWriter, r *http.Request) { - user := utils.GetUserFromSession(db, r) - - var comp templ.Component = nil - userComp := UserInfoComp(user) - - if r.URL.Path != "/" { - comp = template.Layout(template.NotFound(), userComp, serverSettings.Environment) - w.WriteHeader(http.StatusNotFound) - } else { - comp = template.Layout(template.Index(), userComp, serverSettings.Environment) - } - - err := comp.Render(r.Context(), w) - if err != nil { - utils.LogError("Failed to render index", err) - http.Error(w, "Failed to render index", http.StatusInternalServerError) - } - } -} diff --git a/service/random_generator.go b/service/random_generator.go index 4e4e4c5..9fc7a6c 100644 --- a/service/random_generator.go +++ b/service/random_generator.go @@ -10,20 +10,20 @@ import ( "github.com/google/uuid" ) -type RandomGenerator interface { +type RandomService interface { Bytes(size int) ([]byte, error) String(size int) (string, error) UUID() (uuid.UUID, error) } -type RandomGeneratorImpl struct { +type RandomServiceImpl struct { } -func NewRandomGeneratorImpl() *RandomGeneratorImpl { - return &RandomGeneratorImpl{} +func NewRandomServiceImpl() *RandomServiceImpl { + return &RandomServiceImpl{} } -func (r *RandomGeneratorImpl) Bytes(size int) ([]byte, error) { +func (r *RandomServiceImpl) Bytes(size int) ([]byte, error) { b := make([]byte, 32) _, err := rand.Read(b) if err != nil { @@ -34,7 +34,7 @@ func (r *RandomGeneratorImpl) Bytes(size int) ([]byte, error) { return b, nil } -func (r *RandomGeneratorImpl) String(size int) (string, error) { +func (r *RandomServiceImpl) String(size int) (string, error) { bytes, err := r.Bytes(size) if err != nil { return "", types.ErrInternal @@ -43,6 +43,6 @@ func (r *RandomGeneratorImpl) String(size int) (string, error) { return base64.StdEncoding.EncodeToString(bytes), nil } -func (r *RandomGeneratorImpl) UUID() (uuid.UUID, error) { +func (r *RandomServiceImpl) UUID() (uuid.UUID, error) { return uuid.NewRandom() } diff --git a/service/workout.go b/service/workout.go index 8ea45de..97d0b1e 100644 --- a/service/workout.go +++ b/service/workout.go @@ -1,183 +1,128 @@ package service import ( - "log/slog" - "me-fit/template" - "me-fit/template/workout" + "me-fit/db" "me-fit/types" - "me-fit/utils" - "database/sql" - "net/http" + "errors" "strconv" "time" ) -func HandleWorkoutPage(db *sql.DB, serverSettings *types.ServerSettings) http.HandlerFunc { - return func(w http.ResponseWriter, r *http.Request) { - user := utils.GetUser(r) - if user == nil { - utils.DoRedirect(w, r, "/auth/signin") - return - } +type WorkoutService interface { + AddWorkout(user *User, workoutDto *WorkoutDto) (*WorkoutDto, error) + DeleteWorkout(user *User, rowId int) error + GetWorkouts(user *User) ([]*WorkoutDto, error) +} - currentDate := time.Now().Format("2006-01-02") - inner := workout.WorkoutComp(currentDate) - userComp := UserInfoComp(user) - err := template.Layout(inner, userComp, serverSettings.Environment).Render(r.Context(), w) - if err != nil { - utils.LogError("Failed to render workout page", err) - http.Error(w, "Internal Server Error", http.StatusInternalServerError) - } +type WorkoutServiceImpl struct { + dbWorkout db.WorkoutDb + randomGenerator RandomService + clock ClockService + mailService MailService + serverSettings *types.ServerSettings +} + +func NewWorkoutServiceImpl(dbWorkout db.WorkoutDb, randomGenerator RandomService, clock ClockService, mailService MailService, serverSettings *types.ServerSettings) WorkoutService { + return WorkoutServiceImpl{ + dbWorkout: dbWorkout, + randomGenerator: randomGenerator, + clock: clock, + mailService: mailService, + serverSettings: serverSettings, } } -func HandleWorkoutNewComp(db *sql.DB) http.HandlerFunc { - return func(w http.ResponseWriter, r *http.Request) { - user := utils.GetUser(r) - if user == nil { - utils.DoRedirect(w, r, "/auth/signin") - return - } +type WorkoutDto struct { + RowId string + Date string + Type string + Sets string + Reps string +} - var dateStr = r.FormValue("date") - var typeStr = r.FormValue("type") - var setsStr = r.FormValue("sets") - var repsStr = r.FormValue("reps") - - if dateStr == "" || typeStr == "" || setsStr == "" || repsStr == "" { - utils.TriggerToast(w, r, "error", "Missing required fields") - http.Error(w, "Missing required fields", http.StatusBadRequest) - return - } - - date, err := time.Parse("2006-01-02", dateStr) - if err != nil { - utils.TriggerToast(w, r, "error", "Invalid date") - http.Error(w, err.Error(), http.StatusBadRequest) - return - } - sets, err := strconv.Atoi(setsStr) - if err != nil { - utils.TriggerToast(w, r, "error", "Invalid number") - http.Error(w, err.Error(), http.StatusBadRequest) - return - } - reps, err := strconv.Atoi(repsStr) - if err != nil { - utils.TriggerToast(w, r, "error", "Invalid number") - http.Error(w, err.Error(), http.StatusBadRequest) - return - } - - var rowId int - err = db.QueryRow("INSERT INTO workout (user_id, date, type, sets, reps) VALUES (?, ?, ?, ?, ?) RETURNING rowid", user.Id, date, typeStr, sets, reps).Scan(&rowId) - if err != nil { - utils.LogError("Could not insert workout", err) - utils.TriggerToast(w, r, "error", "Internal Server Error") - http.Error(w, err.Error(), http.StatusInternalServerError) - return - } - - wo := workout.Workout{ - Id: strconv.Itoa(rowId), - Date: renderDate(date), - Type: r.FormValue("type"), - Sets: r.FormValue("sets"), - Reps: r.FormValue("reps"), - } - - err = workout.WorkoutItemComp(wo, true).Render(r.Context(), w) - if err != nil { - utils.LogError("Could not render workoutitem", err) - utils.TriggerToast(w, r, "error", "Internal Server Error") - http.Error(w, err.Error(), http.StatusInternalServerError) - } +func NewWorkoutDtoFromDb(workout *db.Workout) *WorkoutDto { + return &WorkoutDto{ + RowId: strconv.Itoa(workout.RowId), + Date: renderDate(workout.Date), + Type: workout.Type, + Sets: strconv.Itoa(workout.Sets), + Reps: strconv.Itoa(workout.Reps), + } +} +func NewWorkoutDto(rowId string, date string, workoutType string, sets string, reps string) *WorkoutDto { + return &WorkoutDto{ + RowId: rowId, + Date: date, + Type: workoutType, + Sets: sets, + Reps: reps, } } -func HandleWorkoutGetComp(db *sql.DB) http.HandlerFunc { - return func(w http.ResponseWriter, r *http.Request) { - user := utils.GetUser(r) - if user == nil { - utils.DoRedirect(w, r, "/auth/signin") - return - } +var ( + ErrInputValues = errors.New("Invalid input values") +) - rows, err := db.Query("SELECT rowid, date, type, sets, reps FROM workout WHERE user_id = ? ORDER BY date desc", user.Id) - if err != nil { - utils.LogError("Could not get workouts", err) - utils.TriggerToast(w, r, "error", "Internal Server Error") - http.Error(w, err.Error(), http.StatusInternalServerError) - return - } +func (service WorkoutServiceImpl) AddWorkout(user *User, workoutDto *WorkoutDto) (*WorkoutDto, error) { - var workouts = make([]workout.Workout, 0) - for rows.Next() { - var workout workout.Workout - - err = rows.Scan(&workout.Id, &workout.Date, &workout.Type, &workout.Sets, &workout.Reps) - if err != nil { - utils.LogError("Could not scan workout", err) - utils.TriggerToast(w, r, "error", "Internal Server Error") - http.Error(w, err.Error(), http.StatusInternalServerError) - return - } - - workout.Date, err = renderDateStr(workout.Date) - if err != nil { - utils.LogError("Could not render date", err) - utils.TriggerToast(w, r, "error", "Internal Server Error") - http.Error(w, err.Error(), http.StatusInternalServerError) - return - } - - workouts = append(workouts, workout) - } - - workout.WorkoutListComp(workouts).Render(r.Context(), w) + if workoutDto.Date == "" || workoutDto.Type == "" || workoutDto.Sets == "" || workoutDto.Reps == "" { + return nil, ErrInputValues } + + date, err := time.Parse("2006-01-02", workoutDto.Date) + if err != nil { + return nil, ErrInputValues + } + + sets, err := strconv.Atoi(workoutDto.Sets) + if err != nil { + return nil, ErrInputValues + } + + reps, err := strconv.Atoi(workoutDto.Reps) + if err != nil { + return nil, ErrInputValues + } + + workoutInsert := db.NewWorkoutInsert(date, workoutDto.Type, sets, reps) + + workout, err := service.dbWorkout.InsertWorkout(user.Id, workoutInsert) + if err != nil { + return nil, err + } + + return NewWorkoutDtoFromDb(workout), nil } -func HandleWorkoutDeleteComp(db *sql.DB) http.HandlerFunc { - return func(w http.ResponseWriter, r *http.Request) { - user := utils.GetUser(r) - if user == nil { - utils.DoRedirect(w, r, "/auth/signin") - return - } - - rowId := r.PathValue("id") - if rowId == "" { - http.Error(w, "Missing required fields", http.StatusBadRequest) - slog.Warn("Missing required fields for workout delete") - utils.TriggerToast(w, r, "error", "Missing ID field") - return - } - - res, err := db.Exec("DELETE FROM workout WHERE user_id = ? AND rowid = ?", user.Id, rowId) - if err != nil { - http.Error(w, err.Error(), http.StatusInternalServerError) - utils.LogError("Could not delete workout", err) - utils.TriggerToast(w, r, "error", "Internal Server Error") - return - } - - rows, err := res.RowsAffected() - if err != nil { - http.Error(w, err.Error(), http.StatusInternalServerError) - utils.LogError("Could not get rows affected", err) - utils.TriggerToast(w, r, "error", "Internal Server Error") - return - } - - if rows == 0 { - http.Error(w, "Not found", http.StatusNotFound) - slog.Warn("Could not find workout to delete") - utils.TriggerToast(w, r, "error", "Not found. Refresh the page.") - return - } +func (service WorkoutServiceImpl) DeleteWorkout(user *User, rowId int) error { + if user == nil { + return types.ErrInternal } + + return service.dbWorkout.DeleteWorkout(user.Id, rowId) +} + +func (service WorkoutServiceImpl) GetWorkouts(user *User) ([]*WorkoutDto, error) { + if user == nil { + return nil, types.ErrInternal + } + + workouts, err := service.dbWorkout.GetWorkouts(user.Id) + if err != nil { + return nil, err + } + + // for _, workout := range workouts { + // workout.Date = renderDate(workout.Date) + // } + + workoutsDto := make([]*WorkoutDto, len(workouts)) + for i, workout := range workouts { + workoutsDto[i] = NewWorkoutDtoFromDb(&workout) + } + + return workoutsDto, nil } func renderDateStr(date string) (string, error) { diff --git a/template/workout/workout.templ b/template/workout/workout.templ index 5f4ca57..c605663 100644 --- a/template/workout/workout.templ +++ b/template/workout/workout.templ @@ -9,29 +9,13 @@ templ WorkoutComp(currentDate string) { hx-swap="outerHTML" >

Track your workout

- + - - + +
diff --git a/types/types.go b/types/types.go index d40f2dd..7c1b413 100644 --- a/types/types.go +++ b/types/types.go @@ -2,17 +2,8 @@ package types import ( "errors" - - "github.com/google/uuid" ) var ( ErrInternal = errors.New("Internal server error") ) - -type User struct { - Id uuid.UUID - Email string - SessionId string - EmailVerified bool -} diff --git a/utils/http.go b/utils/http.go index b6e29a4..64ff202 100644 --- a/utils/http.go +++ b/utils/http.go @@ -1,10 +1,8 @@ package utils import ( - "database/sql" "fmt" "log/slog" - "me-fit/types" "net/http" "time" @@ -52,44 +50,6 @@ func DoRedirect(w http.ResponseWriter, r *http.Request, url string) { } } -func GetUser(r *http.Request) *types.User { - user := r.Context().Value(ContextKeyUser) - if user != nil { - return user.(*types.User) - } else { - return nil - } -} - -func GetUserFromSession(db *sql.DB, r *http.Request) *types.User { - sessionId := getSessionID(r) - if sessionId == "" { - return nil - } - - var user types.User - var createdAt time.Time - - user.SessionId = sessionId - - err := db.QueryRow(` - SELECT u.user_uuid, u.email, u.email_verified, s.created_at - FROM session s - INNER JOIN user u ON s.user_uuid = u.user_uuid - WHERE session_id = ?`, sessionId).Scan(&user.Id, &user.Email, &user.EmailVerified, &createdAt) - if err != nil { - slog.Warn("Could not verify session: " + err.Error()) - return nil - } - - if createdAt.Add(time.Duration(8 * time.Hour)).Before(time.Now()) { - return nil - } else { - return &user - } - -} - func WaitMinimumTime[T interface{}](waitTime time.Duration, function func() (T, error)) (T, error) { start := time.Now() result, err := function() @@ -97,7 +57,7 @@ func WaitMinimumTime[T interface{}](waitTime time.Duration, function func() (T, return result, err } -func getSessionID(r *http.Request) string { +func GetSessionID(r *http.Request) string { for _, c := range r.Cookies() { if c.Name == "id" { return c.Value