fix: refactor code to be testable #181
This commit was merged in pull request #212.
This commit is contained in:
397
service/auth.go
397
service/auth.go
@@ -10,9 +10,9 @@ import (
|
||||
"net/mail"
|
||||
"net/url"
|
||||
"strings"
|
||||
"time"
|
||||
|
||||
"me-fit/db"
|
||||
"me-fit/template"
|
||||
"me-fit/template/auth"
|
||||
tempMail "me-fit/template/mail"
|
||||
"me-fit/types"
|
||||
@@ -28,6 +28,7 @@ var (
|
||||
ErrInvalidPassword = errors.New("Password needs to be 8 characters long, contain at least one number, one special, one uppercase and one lowercase character")
|
||||
ErrInvalidEmail = errors.New("Invalid email")
|
||||
ErrAccountExists = errors.New("Account already exists")
|
||||
ErrSessionIdInvalid = errors.New("Session ID is invalid")
|
||||
)
|
||||
|
||||
type User struct {
|
||||
@@ -44,22 +45,41 @@ func NewUser(user *db.User) *User {
|
||||
}
|
||||
}
|
||||
|
||||
type ServiceAuth interface {
|
||||
SignIn(email string, password string) (*User, error)
|
||||
SignUp(email string, password string) (*User, error)
|
||||
SendVerificationMail(userId uuid.UUID, email string)
|
||||
type Session struct {
|
||||
Id string
|
||||
CreatedAt time.Time
|
||||
User *User
|
||||
}
|
||||
|
||||
type ServiceAuthImpl struct {
|
||||
dbAuth db.DbAuth
|
||||
randomGenerator RandomGenerator
|
||||
clock Clock
|
||||
func NewSession(session *db.Session, user *User) *Session {
|
||||
return &Session{
|
||||
Id: session.Id,
|
||||
CreatedAt: session.CreatedAt,
|
||||
User: user,
|
||||
}
|
||||
}
|
||||
|
||||
type AuthService interface {
|
||||
SignIn(email string, password string) (*Session, error)
|
||||
SignUp(email string, password string) (*User, error)
|
||||
SendVerificationMail(userId uuid.UUID, email string)
|
||||
SignOut(sessionId string) error
|
||||
DeleteAccount(user *User) error
|
||||
ChangePassword(user *User, currPass, newPass string) error
|
||||
|
||||
GetUserFromSessionId(sessionId string) (*User, error)
|
||||
}
|
||||
|
||||
type AuthServiceImpl struct {
|
||||
dbAuth db.AuthDb
|
||||
randomGenerator RandomService
|
||||
clock ClockService
|
||||
mailService MailService
|
||||
serverSettings *types.ServerSettings
|
||||
}
|
||||
|
||||
func NewServiceAuthImpl(dbAuth db.DbAuth, randomGenerator RandomGenerator, clock Clock, mailService MailService, serverSettings *types.ServerSettings) *ServiceAuthImpl {
|
||||
return &ServiceAuthImpl{
|
||||
func NewAuthServiceImpl(dbAuth db.AuthDb, randomGenerator RandomService, clock ClockService, mailService MailService, serverSettings *types.ServerSettings) *AuthServiceImpl {
|
||||
return &AuthServiceImpl{
|
||||
dbAuth: dbAuth,
|
||||
randomGenerator: randomGenerator,
|
||||
clock: clock,
|
||||
@@ -68,7 +88,7 @@ func NewServiceAuthImpl(dbAuth db.DbAuth, randomGenerator RandomGenerator, clock
|
||||
}
|
||||
}
|
||||
|
||||
func (service ServiceAuthImpl) SignIn(email string, password string) (*User, error) {
|
||||
func (service AuthServiceImpl) SignIn(email string, password string) (*Session, error) {
|
||||
user, err := service.dbAuth.GetUser(email)
|
||||
if err != nil {
|
||||
if errors.Is(err, db.ErrUserNotFound) {
|
||||
@@ -84,10 +104,36 @@ func (service ServiceAuthImpl) SignIn(email string, password string) (*User, err
|
||||
return nil, ErrInvaidCredentials
|
||||
}
|
||||
|
||||
return NewUser(user), nil
|
||||
session, err := service.createSession(user.Id)
|
||||
if err != nil {
|
||||
return nil, types.ErrInternal
|
||||
}
|
||||
|
||||
return NewSession(session, NewUser(user)), nil
|
||||
}
|
||||
|
||||
func (service ServiceAuthImpl) SignUp(email string, password string) (*User, error) {
|
||||
func (service AuthServiceImpl) createSession(userId uuid.UUID) (*db.Session, error) {
|
||||
sessionId, err := service.randomGenerator.String(32)
|
||||
if err != nil {
|
||||
return nil, types.ErrInternal
|
||||
}
|
||||
|
||||
err = service.dbAuth.DeleteOldSessions(userId)
|
||||
if err != nil {
|
||||
return nil, types.ErrInternal
|
||||
}
|
||||
|
||||
session := db.NewSession(sessionId, userId, service.clock.Now())
|
||||
|
||||
err = service.dbAuth.InsertSession(session)
|
||||
if err != nil {
|
||||
return nil, types.ErrInternal
|
||||
}
|
||||
|
||||
return session, nil
|
||||
}
|
||||
|
||||
func (service AuthServiceImpl) SignUp(email string, password string) (*User, error) {
|
||||
_, err := mail.ParseAddress(email)
|
||||
if err != nil {
|
||||
return nil, ErrInvalidEmail
|
||||
@@ -123,7 +169,7 @@ func (service ServiceAuthImpl) SignUp(email string, password string) (*User, err
|
||||
return NewUser(dbUser), nil
|
||||
}
|
||||
|
||||
func (service ServiceAuthImpl) SendVerificationMail(userId uuid.UUID, email string) {
|
||||
func (service AuthServiceImpl) SendVerificationMail(userId uuid.UUID, email string) {
|
||||
var token string
|
||||
|
||||
token, err := service.dbAuth.GetEmailVerificationToken(userId)
|
||||
@@ -153,45 +199,35 @@ func (service ServiceAuthImpl) SendVerificationMail(userId uuid.UUID, email stri
|
||||
service.mailService.SendMail(email, "Welcome to ME-FIT", w.String())
|
||||
}
|
||||
|
||||
func (service AuthServiceImpl) SignOut(sessionId string) error {
|
||||
|
||||
return service.dbAuth.DeleteSession(sessionId)
|
||||
}
|
||||
|
||||
func (service AuthServiceImpl) GetUserFromSessionId(sessionId string) (*User, error) {
|
||||
if sessionId == "" {
|
||||
return nil, ErrSessionIdInvalid
|
||||
}
|
||||
|
||||
session, err := service.dbAuth.GetSession(sessionId)
|
||||
if err != nil {
|
||||
return nil, types.ErrInternal
|
||||
}
|
||||
|
||||
user, err := service.dbAuth.GetUserById(session.UserId)
|
||||
if err != nil {
|
||||
return nil, types.ErrInternal
|
||||
}
|
||||
|
||||
if session.CreatedAt.Add(time.Duration(8 * time.Hour)).Before(service.clock.Now()) {
|
||||
return nil, nil
|
||||
} else {
|
||||
return NewUser(user), nil
|
||||
}
|
||||
}
|
||||
|
||||
// TODO
|
||||
|
||||
func HandleSignUpVerifyPage(db *sql.DB, serverSettings *types.ServerSettings) http.HandlerFunc {
|
||||
return func(w http.ResponseWriter, r *http.Request) {
|
||||
user := utils.GetUserFromSession(db, r)
|
||||
if user == nil {
|
||||
utils.DoRedirect(w, r, "/auth/signin")
|
||||
} else if user.EmailVerified {
|
||||
utils.DoRedirect(w, r, "/")
|
||||
} else {
|
||||
userComp := UserInfoComp(user)
|
||||
signIn := auth.VerifyComp()
|
||||
err := template.Layout(signIn, userComp, serverSettings.Environment).Render(r.Context(), w)
|
||||
if err != nil {
|
||||
utils.LogError("Failed to render verify page", err)
|
||||
http.Error(w, "Internal Server Error", http.StatusInternalServerError)
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
func HandleDeleteAccountPage(db *sql.DB, serverSettings *types.ServerSettings) http.HandlerFunc {
|
||||
return func(w http.ResponseWriter, r *http.Request) {
|
||||
// An unverified email should be able to delete their account
|
||||
user := utils.GetUserFromSession(db, r)
|
||||
if user == nil {
|
||||
utils.DoRedirect(w, r, "/auth/signin")
|
||||
} else {
|
||||
userComp := UserInfoComp(user)
|
||||
comp := auth.DeleteAccountComp()
|
||||
err := template.Layout(comp, userComp, serverSettings.Environment).Render(r.Context(), w)
|
||||
if err != nil {
|
||||
utils.LogError("Failed to render delete account page", err)
|
||||
http.Error(w, "Internal Server Error", http.StatusInternalServerError)
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
func HandleSignUpVerifyResponsePage(db *sql.DB) http.HandlerFunc {
|
||||
return func(w http.ResponseWriter, r *http.Request) {
|
||||
|
||||
@@ -234,45 +270,7 @@ func HandleSignUpVerifyResponsePage(db *sql.DB) http.HandlerFunc {
|
||||
}
|
||||
}
|
||||
|
||||
func HandleChangePasswordPage(db *sql.DB, serverSettings *types.ServerSettings) http.HandlerFunc {
|
||||
return func(w http.ResponseWriter, r *http.Request) {
|
||||
|
||||
isPasswordReset := r.URL.Query().Has("token")
|
||||
|
||||
user := utils.GetUserFromSession(db, r)
|
||||
if user == nil && !isPasswordReset {
|
||||
utils.DoRedirect(w, r, "/auth/signin")
|
||||
} else {
|
||||
userComp := UserInfoComp(user)
|
||||
comp := auth.ChangePasswordComp(isPasswordReset)
|
||||
err := template.Layout(comp, userComp, serverSettings.Environment).Render(r.Context(), w)
|
||||
if err != nil {
|
||||
utils.LogError("Failed to render change password page", err)
|
||||
http.Error(w, "Internal Server Error", http.StatusInternalServerError)
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
func HandleResetPasswordPage(db *sql.DB, serverSettings *types.ServerSettings) http.HandlerFunc {
|
||||
return func(w http.ResponseWriter, r *http.Request) {
|
||||
|
||||
user := utils.GetUserFromSession(db, r)
|
||||
if user != nil {
|
||||
utils.DoRedirect(w, r, "/auth/signin")
|
||||
} else {
|
||||
userComp := UserInfoComp(nil)
|
||||
comp := auth.ResetPasswordComp()
|
||||
err := template.Layout(comp, userComp, serverSettings.Environment).Render(r.Context(), w)
|
||||
if err != nil {
|
||||
utils.LogError("Failed to render change password page", err)
|
||||
http.Error(w, "Internal Server Error", http.StatusInternalServerError)
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
func UserInfoComp(user *types.User) templ.Component {
|
||||
func UserInfoComp(user *User) templ.Component {
|
||||
|
||||
if user != nil {
|
||||
return auth.UserComp(user.Email)
|
||||
@@ -281,168 +279,46 @@ func UserInfoComp(user *types.User) templ.Component {
|
||||
}
|
||||
}
|
||||
|
||||
func HandleSignOutComp(db *sql.DB) http.HandlerFunc {
|
||||
return func(w http.ResponseWriter, r *http.Request) {
|
||||
user := utils.GetUserFromSession(db, r)
|
||||
func (service AuthServiceImpl) DeleteAccount(user *User) error {
|
||||
|
||||
if user != nil {
|
||||
_, err := db.Exec("DELETE FROM session WHERE session_id = ?", user.SessionId)
|
||||
if err != nil {
|
||||
utils.LogError("Could not delete session", err)
|
||||
utils.TriggerToast(w, r, "error", "Internal Server Error")
|
||||
http.Error(w, err.Error(), http.StatusInternalServerError)
|
||||
return
|
||||
}
|
||||
}
|
||||
|
||||
c := http.Cookie{
|
||||
Name: "id",
|
||||
Value: "",
|
||||
MaxAge: -1,
|
||||
Secure: true,
|
||||
HttpOnly: true,
|
||||
SameSite: http.SameSiteStrictMode,
|
||||
Path: "/",
|
||||
}
|
||||
|
||||
http.SetCookie(w, &c)
|
||||
utils.DoRedirect(w, r, "/")
|
||||
err := service.dbAuth.DeleteUser(user.Id)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
go service.mailService.SendMail(user.Email, "Account deleted", "Your account has been deleted")
|
||||
|
||||
return nil
|
||||
}
|
||||
|
||||
func HandleDeleteAccountComp(db *sql.DB, serverSettings *types.ServerSettings) http.HandlerFunc {
|
||||
mailService := NewMailServiceImpl(serverSettings)
|
||||
return func(w http.ResponseWriter, r *http.Request) {
|
||||
user := utils.GetUserFromSession(db, r)
|
||||
if user == nil {
|
||||
utils.DoRedirect(w, r, "/auth/signin")
|
||||
return
|
||||
}
|
||||
func (service AuthServiceImpl) ChangePassword(user *User, currPass, newPass string) error {
|
||||
|
||||
password := r.FormValue("password")
|
||||
if password == "" {
|
||||
utils.TriggerToast(w, r, "error", "Password is required")
|
||||
return
|
||||
}
|
||||
|
||||
var (
|
||||
storedHash []byte
|
||||
salt []byte
|
||||
)
|
||||
|
||||
err := db.QueryRow("SELECT password, salt FROM user WHERE user_uuid = ?", user.Id).Scan(&storedHash, &salt)
|
||||
if err != nil {
|
||||
utils.LogError("Could not get password", err)
|
||||
utils.TriggerToast(w, r, "error", "Internal Server Error")
|
||||
return
|
||||
}
|
||||
|
||||
currHash := GetHashPassword(password, salt)
|
||||
if subtle.ConstantTimeCompare(currHash, storedHash) == 0 {
|
||||
utils.TriggerToast(w, r, "error", "Password is not correct")
|
||||
return
|
||||
}
|
||||
|
||||
_, err = db.Exec("DELETE FROM workout WHERE user_id = ?", user.Id)
|
||||
if err != nil {
|
||||
utils.LogError("Could not delete workouts", err)
|
||||
utils.TriggerToast(w, r, "error", "Internal Server Error")
|
||||
return
|
||||
}
|
||||
|
||||
_, err = db.Exec("DELETE FROM user_token WHERE user_uuid = ?", user.Id)
|
||||
if err != nil {
|
||||
utils.LogError("Could not delete user tokens", err)
|
||||
utils.TriggerToast(w, r, "error", "Internal Server Error")
|
||||
return
|
||||
}
|
||||
|
||||
_, err = db.Exec("DELETE FROM session WHERE user_uuid = ?", user.Id)
|
||||
if err != nil {
|
||||
utils.LogError("Could not delete sessions", err)
|
||||
utils.TriggerToast(w, r, "error", "Internal Server Error")
|
||||
return
|
||||
}
|
||||
|
||||
_, err = db.Exec("DELETE FROM user WHERE user_uuid = ?", user.Id)
|
||||
if err != nil {
|
||||
utils.LogError("Could not delete user", err)
|
||||
utils.TriggerToast(w, r, "error", "Internal Server Error")
|
||||
return
|
||||
}
|
||||
|
||||
go mailService.SendMail(user.Email, "Account deleted", "Your account has been deleted")
|
||||
|
||||
utils.DoRedirect(w, r, "/")
|
||||
if !isPasswordValid(newPass) {
|
||||
return ErrInvalidPassword
|
||||
}
|
||||
}
|
||||
|
||||
func HandleVerifyResendComp(db *sql.DB, serverSettings *types.ServerSettings) http.HandlerFunc {
|
||||
return func(w http.ResponseWriter, r *http.Request) {
|
||||
user := utils.GetUserFromSession(db, r)
|
||||
if user == nil || user.EmailVerified {
|
||||
utils.DoRedirect(w, r, "/auth/signin")
|
||||
return
|
||||
}
|
||||
|
||||
// TODO
|
||||
// go sendVerificationEmail(db, user.Id.String(), user.Email, serverSettings)
|
||||
|
||||
w.Write([]byte("<p class=\"mt-8\">Verification email sent</p>"))
|
||||
if currPass == newPass {
|
||||
return ErrInvalidPassword
|
||||
}
|
||||
}
|
||||
|
||||
func HandleChangePasswordComp(db *sql.DB) http.HandlerFunc {
|
||||
return func(w http.ResponseWriter, r *http.Request) {
|
||||
|
||||
user := utils.GetUserFromSession(db, r)
|
||||
if user == nil {
|
||||
utils.DoRedirect(w, r, "/auth/signin")
|
||||
return
|
||||
}
|
||||
|
||||
currPass := r.FormValue("current-password")
|
||||
newPass := r.FormValue("new-password")
|
||||
|
||||
if !isPasswordValid(newPass) {
|
||||
utils.TriggerToast(w, r, "error", ErrInvalidPassword.Error())
|
||||
return
|
||||
}
|
||||
|
||||
if currPass == newPass {
|
||||
utils.TriggerToast(w, r, "error", "Please use a new password")
|
||||
return
|
||||
}
|
||||
|
||||
var (
|
||||
storedHash []byte
|
||||
salt []byte
|
||||
)
|
||||
|
||||
err := db.QueryRow("SELECT password, salt FROM user WHERE user_uuid = ?", user.Id).Scan(&storedHash, &salt)
|
||||
if err != nil {
|
||||
utils.LogError("Could not get password", err)
|
||||
utils.TriggerToast(w, r, "error", "Internal Server Error")
|
||||
return
|
||||
}
|
||||
|
||||
currHash := GetHashPassword(currPass, salt)
|
||||
if subtle.ConstantTimeCompare(currHash, storedHash) == 0 {
|
||||
utils.TriggerToast(w, r, "error", "Current Password is not correct")
|
||||
return
|
||||
}
|
||||
|
||||
newHash := GetHashPassword(newPass, salt)
|
||||
|
||||
_, err = db.Exec("UPDATE user SET password = ? WHERE user_uuid = ?", newHash, user.Id)
|
||||
if err != nil {
|
||||
utils.LogError("Could not update password", err)
|
||||
utils.TriggerToast(w, r, "error", "Internal Server Error")
|
||||
return
|
||||
}
|
||||
|
||||
utils.TriggerToast(w, r, "success", "Password changed")
|
||||
_, err := service.SignIn(user.Email, currPass)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
userDb, err := service.dbAuth.GetUserById(user.Id)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
newHash := GetHashPassword(newPass, userDb.Salt)
|
||||
|
||||
err = service.dbAuth.UpdateUserPassword(user.Id, newHash)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
return nil
|
||||
}
|
||||
|
||||
func HandleActualResetPasswordComp(db *sql.DB) http.HandlerFunc {
|
||||
@@ -517,7 +393,7 @@ func HandleResetPasswordComp(db *sql.DB, serverSettings *types.ServerSettings) h
|
||||
return
|
||||
}
|
||||
|
||||
token, err := NewRandomGeneratorImpl().String(32)
|
||||
token, err := NewRandomServiceImpl().String(32)
|
||||
if err != nil {
|
||||
return
|
||||
}
|
||||
@@ -556,39 +432,6 @@ func HandleResetPasswordComp(db *sql.DB, serverSettings *types.ServerSettings) h
|
||||
}
|
||||
}
|
||||
|
||||
func TryCreateSessionAndSetCookie(r *http.Request, w http.ResponseWriter, db *sql.DB, user_uuid uuid.UUID) error {
|
||||
sessionId, err := NewRandomGeneratorImpl().String(32)
|
||||
if err != nil {
|
||||
return types.ErrInternal
|
||||
}
|
||||
|
||||
// Delete old inactive sessions
|
||||
_, err = db.Exec("DELETE FROM session WHERE created_at < datetime('now','-8 hours') AND user_uuid = ?", user_uuid)
|
||||
if err != nil {
|
||||
utils.LogError("Could not delete old sessions", err)
|
||||
return types.ErrInternal
|
||||
}
|
||||
|
||||
_, err = db.Exec("INSERT INTO session (session_id, user_uuid, created_at) VALUES (?, ?, datetime())", sessionId, user_uuid)
|
||||
if err != nil {
|
||||
utils.LogError("Could not insert session", err)
|
||||
return types.ErrInternal
|
||||
}
|
||||
|
||||
cookie := http.Cookie{
|
||||
Name: "id",
|
||||
Value: sessionId,
|
||||
MaxAge: 60 * 60 * 8, // 8 hours
|
||||
Secure: true,
|
||||
HttpOnly: true,
|
||||
SameSite: http.SameSiteStrictMode,
|
||||
Path: "/",
|
||||
}
|
||||
http.SetCookie(w, &cookie)
|
||||
|
||||
return nil
|
||||
}
|
||||
|
||||
func GetHashPassword(password string, salt []byte) []byte {
|
||||
return argon2.IDKey([]byte(password), salt, 1, 64*1024, 1, 16)
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user