x/web-app-template
Archived
Template
2
0
Fork 0
Code Issues 13 Pull Requests 4 Actions Packages Activity

fix: refactor code to be testable #181
All checks were successful
Build and Push Docker Image / Build-And-Push-Docker-Image (push) Successful in 55s
Details
Build Docker Image / Build-Docker-Image (push) Successful in 45s
Details

Browse Source
This commit was merged in pull request #212.
This commit is contained in:
Tim Wundenberg
2024-10-12 21:57:39 +02:00
parent 9fd9f9649e
commit 1ed504c49b
19 changed files with 1022 additions and 710 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
.mockery.yaml
View File

@@ -4,9 +4,9 @@ outpkg: mocks
packages:
me-fit/service:
interfaces:
RandomGenerator:
Clock:
RandomService:
ClockService:
MailService:
me-fit/db:
interfaces:
DbAuth:
AuthDb:

209
db/auth.go
View File

@@ -15,6 +15,7 @@ import (
var (
ErrUserNotFound = errors.New("User not found")
ErrUserExists = errors.New("User already exists")
ErrSessionNotFound = errors.New("Session not found")
)
type User struct {
@@ -41,23 +42,63 @@ func NewUser(id uuid.UUID, email string, emailVerified bool, emailVerifiedAt *ti
}
}
type DbAuth interface {
GetUser(email string) (*User, error)
InsertUser(user *User) error
GetEmailVerificationToken(userId uuid.UUID) (string, error)
InsertEmailVerificationToken(userId uuid.UUID, token string) error
type Session struct {
Id string
UserId uuid.UUID
CreatedAt time.Time
}
type DbAuthSqlite struct {
func NewSession(id string, userId uuid.UUID, createdAt time.Time) *Session {
return &Session{
Id: id,
UserId: userId,
CreatedAt: createdAt,
}
}
type AuthDb interface {
InsertUser(user *User) error
GetUser(email string) (*User, error)
GetUserById(userId uuid.UUID) (*User, error)
DeleteUser(userId uuid.UUID) error
UpdateUserPassword(userId uuid.UUID, newHash []byte) error
InsertEmailVerificationToken(userId uuid.UUID, token string) error
GetEmailVerificationToken(userId uuid.UUID) (string, error)
InsertSession(session *Session) error
GetSession(sessionId string) (*Session, error)
DeleteOldSessions(userId uuid.UUID) error
DeleteSession(sessionId string) error
}
type AuthDbSqlite struct {
db *sql.DB
}
func NewDbAuthSqlite(db *sql.DB) *DbAuthSqlite {
return &DbAuthSqlite{db: db}
func NewAuthDbSqlite(db *sql.DB) *AuthDbSqlite {
return &AuthDbSqlite{db: db}
}
func (db DbAuthSqlite) GetUser(email string) (*User, error) {
func (db AuthDbSqlite) InsertUser(user *User) error {
_, err := db.db.Exec(`
INSERT INTO user (user_uuid, email, email_verified, email_verified_at, is_admin, password, salt, created_at)
VALUES (?, ?, ?, ?, ?, ?, ?, ?)`,
user.Id, user.Email, user.EmailVerified, user.EmailVerifiedAt, user.IsAdmin, user.Password, user.Salt, user.CreateAt)
if err != nil {
if strings.Contains(err.Error(), "email") {
return ErrUserExists
}
utils.LogError("SQL error InsertUser", err)
return types.ErrInternal
}
return nil
}
func (db AuthDbSqlite) GetUser(email string) (*User, error) {
var (
userId uuid.UUID
emailVerified bool
@@ -83,25 +124,102 @@ func (db DbAuthSqlite) GetUser(email string) (*User, error) {
return NewUser(userId, email, emailVerified, emailVerifiedAt, isAdmin, password, salt, createdAt), nil
}
func (db DbAuthSqlite) InsertUser(user *User) error {
_, err := db.db.Exec(`
INSERT INTO user (user_uuid, email, email_verified, email_verified_at, is_admin, password, salt, created_at)
VALUES (?, ?, ?, ?, ?, ?, ?, ?)`,
user.Id, user.Email, user.EmailVerified, user.EmailVerifiedAt, user.IsAdmin, user.Password, user.Salt, user.CreateAt)
func (db AuthDbSqlite) GetUserById(userId uuid.UUID) (*User, error) {
var (
email string
emailVerified bool
emailVerifiedAt *time.Time
isAdmin bool
password []byte
salt []byte
createdAt time.Time
)
err := db.db.QueryRow(`
SELECT email, email_verified, email_verified_at, password, salt, created_at
FROM user
WHERE user_uuid = ?`, userId).Scan(&email, &emailVerified, &emailVerifiedAt, &password, &salt, &createdAt)
if err != nil {
if strings.Contains(err.Error(), "email") {
return ErrUserExists
if err == sql.ErrNoRows {
return nil, ErrUserNotFound
} else {
utils.LogError("SQL error GetUser", err)
return nil, types.ErrInternal
}
}
utils.LogError("SQL error InsertUser", err)
return NewUser(userId, email, emailVerified, emailVerifiedAt, isAdmin, password, salt, createdAt), nil
}
func (db AuthDbSqlite) DeleteUser(userId uuid.UUID) error {
tx, err := db.db.Begin()
if err != nil {
utils.LogError("Could not start transaction", err)
return types.ErrInternal
}
_, err = tx.Exec("DELETE FROM workout WHERE user_id = ?", userId)
if err != nil {
tx.Rollback()
utils.LogError("Could not delete workouts", err)
return types.ErrInternal
}
_, err = tx.Exec("DELETE FROM user_token WHERE user_uuid = ?", userId)
if err != nil {
tx.Rollback()
utils.LogError("Could not delete user tokens", err)
return types.ErrInternal
}
_, err = tx.Exec("DELETE FROM session WHERE user_uuid = ?", userId)
if err != nil {
tx.Rollback()
utils.LogError("Could not delete sessions", err)
return types.ErrInternal
}
_, err = tx.Exec("DELETE FROM user WHERE user_uuid = ?", userId)
if err != nil {
tx.Rollback()
utils.LogError("Could not delete user", err)
return types.ErrInternal
}
err = tx.Commit()
if err != nil {
utils.LogError("Could not commit transaction", err)
return types.ErrInternal
}
return nil
}
func (db DbAuthSqlite) GetEmailVerificationToken(userId uuid.UUID) (string, error) {
func (db AuthDbSqlite) UpdateUserPassword(userId uuid.UUID, newHash []byte) error {
_, err := db.db.Exec("UPDATE user SET password = ? WHERE user_uuid = ?", newHash, userId)
if err != nil {
utils.LogError("Could not update password", err)
return types.ErrInternal
}
return nil
}
func (db AuthDbSqlite) InsertEmailVerificationToken(userId uuid.UUID, token string) error {
_, err := db.db.Exec(`
INSERT INTO user_token (user_uuid, type, token, created_at)
VALUES (?, 'email_verify', ?, datetime())`, userId, token)
if err != nil {
utils.LogError("Could not insert token", err)
return types.ErrInternal
}
return nil
}
func (db AuthDbSqlite) GetEmailVerificationToken(userId uuid.UUID) (string, error) {
var token string
err := db.db.QueryRow(`
@@ -117,15 +235,60 @@ func (db DbAuthSqlite) GetEmailVerificationToken(userId uuid.UUID) (string, erro
return token, nil
}
func (db DbAuthSqlite) InsertEmailVerificationToken(userId uuid.UUID, token string) error {
func (db AuthDbSqlite) InsertSession(session *Session) error {
_, err := db.db.Exec(`
INSERT INTO user_token (user_uuid, type, token, created_at)
VALUES (?, 'email_verify', ?, datetime())`, userId, token)
INSERT INTO session (session_id, user_uuid, created_at)
VALUES (?, ?, ?)`, session.Id, session.UserId, session.CreatedAt)
if err != nil {
utils.LogError("Could not insert token", err)
utils.LogError("Could not insert new session", err)
return types.ErrInternal
}
return nil
}
func (db AuthDbSqlite) GetSession(sessionId string) (*Session, error) {
var (
userId uuid.UUID
sessionCreatedAt time.Time
)
err := db.db.QueryRow(`
SELECT u.user_uuid, s.created_at
FROM session s
INNER JOIN user u ON s.user_uuid = u.user_uuid
WHERE session_id = ?`, sessionId).Scan(&userId, &sessionCreatedAt)
if err != nil {
return nil, ErrSessionNotFound
}
return NewSession(sessionId, userId, sessionCreatedAt), nil
}
func (db AuthDbSqlite) DeleteOldSessions(userId uuid.UUID) error {
// Delete old inactive sessions
_, err := db.db.Exec("DELETE FROM session WHERE created_at < datetime('now','-8 hours') AND user_uuid = ?", userId)
if err != nil {
utils.LogError("Could not delete old sessions", err)
return types.ErrInternal
}
return nil
}
func (db AuthDbSqlite) DeleteSession(sessionId string) error {
if sessionId != "" {
_, err := db.db.Exec("DELETE FROM session WHERE session_id = ?", sessionId)
if err != nil {
utils.LogError("Could not delete session", err)
return types.ErrInternal
}
}
return nil
}

10
db/auth_test.go
View File

@@ -35,7 +35,7 @@ func TestUser(t *testing.T) {
t.Parallel()
db := setupDb(t)
underTest := DbAuthSqlite{db: db}
underTest := AuthDbSqlite{db: db}
_, err := underTest.GetUser("someNonExistentEmail")
assert.Equal(t, ErrUserNotFound, err)
@@ -45,7 +45,7 @@ func TestUser(t *testing.T) {
t.Parallel()
db := setupDb(t)
underTest := DbAuthSqlite{db: db}
underTest := AuthDbSqlite{db: db}
verifiedAt := time.Date(2020, 1, 5, 13, 0, 0, 0, time.UTC)
createAt := time.Date(2020, 1, 5, 12, 0, 0, 0, time.UTC)
@@ -64,7 +64,7 @@ func TestUser(t *testing.T) {
t.Parallel()
db := setupDb(t)
underTest := DbAuthSqlite{db: db}
underTest := AuthDbSqlite{db: db}
verifiedAt := time.Date(2020, 1, 5, 13, 0, 0, 0, time.UTC)
createAt := time.Date(2020, 1, 5, 12, 0, 0, 0, time.UTC)
@@ -85,7 +85,7 @@ func TestEmailVerification(t *testing.T) {
t.Parallel()
db := setupDb(t)
underTest := DbAuthSqlite{db: db}
underTest := AuthDbSqlite{db: db}
token, err := underTest.GetEmailVerificationToken(uuid.New())
@@ -96,7 +96,7 @@ func TestEmailVerification(t *testing.T) {
t.Parallel()
db := setupDb(t)
underTest := DbAuthSqlite{db: db}
underTest := AuthDbSqlite{db: db}
userId := uuid.New()
expectedToken := "someToken"

110
db/workout.go Normal file
View File

@@ -0,0 +1,110 @@
package db
import (
"me-fit/types"
"me-fit/utils"
"database/sql"
"errors"
"time"
"github.com/google/uuid"
)
var (
ErrWorkoutNotExists = errors.New("Workout does not exist")
)
type WorkoutDb interface {
InsertWorkout(userId uuid.UUID, workout *WorkoutInsert) (*Workout, error)
GetWorkouts(userId uuid.UUID) ([]Workout, error)
DeleteWorkout(userId uuid.UUID, rowId int) error
}
type WorkoutDbSqlite struct {
db *sql.DB
}
func NewWorkoutDbSqlite(db *sql.DB) *WorkoutDbSqlite {
return &WorkoutDbSqlite{db: db}
}
type WorkoutInsert struct {
Date time.Time
Type string
Sets int
Reps int
}
type Workout struct {
RowId int
Date time.Time
Type string
Sets int
Reps int
}
func NewWorkoutInsert(date time.Time, workoutType string, sets int, reps int) *WorkoutInsert {
return &WorkoutInsert{Date: date, Type: workoutType, Sets: sets, Reps: reps}
}
func NewWorkoutFromInsert(rowId int, workoutInsert *WorkoutInsert) *Workout {
return &Workout{RowId: rowId, Date: workoutInsert.Date, Type: workoutInsert.Type, Sets: workoutInsert.Sets, Reps: workoutInsert.Reps}
}
func (db WorkoutDbSqlite) InsertWorkout(userId uuid.UUID, workout *WorkoutInsert) (*Workout, error) {
var rowId int
err := db.db.QueryRow(`
INSERT INTO workout (user_id, date, type, sets, reps)
VALUES (?, ?, ?, ?, ?)
RETURNING rowid`, userId, workout.Date, workout.Type, workout.Sets, workout.Reps).Scan(&rowId)
if err != nil {
utils.LogError("Error inserting workout", err)
return nil, types.ErrInternal
}
return NewWorkoutFromInsert(rowId, workout), nil
}
func (db WorkoutDbSqlite) GetWorkouts(userId uuid.UUID) ([]Workout, error) {
rows, err := db.db.Query("SELECT rowid, date, type, sets, reps FROM workout WHERE user_id = ? ORDER BY date desc", userId)
if err != nil {
utils.LogError("Could not get workouts", err)
return nil, types.ErrInternal
}
var workouts = make([]Workout, 0)
for rows.Next() {
var workout Workout
err = rows.Scan(&workout.RowId, &workout.Date, &workout.Type, &workout.Sets, &workout.Reps)
if err != nil {
utils.LogError("Could not scan workout", err)
return nil, types.ErrInternal
}
workouts = append(workouts, workout)
}
return workouts, nil
}
func (db WorkoutDbSqlite) DeleteWorkout(userId uuid.UUID, rowId int) error {
res, err := db.db.Exec("DELETE FROM workout WHERE user_id = ? AND rowid = ?", userId, rowId)
if err != nil {
return types.ErrInternal
}
rows, err := res.RowsAffected()
if err != nil {
return types.ErrInternal
}
if rows == 0 {
return ErrWorkoutNotExists
}
return nil
}

238
handler/auth.go
View File

@@ -19,11 +19,11 @@ type HandlerAuth interface {
type HandlerAuthImpl struct {
db *sql.DB
service service.ServiceAuth
service service.AuthService
serverSettings *types.ServerSettings
}
func NewHandlerAuth(db *sql.DB, service service.ServiceAuth, serverSettings *types.ServerSettings) HandlerAuth {
func NewHandlerAuth(db *sql.DB, service service.AuthService, serverSettings *types.ServerSettings) HandlerAuth {
return HandlerAuthImpl{
db: db,
service: service,
@@ -35,17 +35,17 @@ func (handler HandlerAuthImpl) handle(router *http.ServeMux) {
// Don't use auth middleware for these routes, as it makes redirecting very difficult, if the mail is not yet verified
router.Handle("/auth/signin", handler.handleSignInPage())
router.Handle("/auth/signup", handler.handleSignUpPage())
router.Handle("/auth/verify", service.HandleSignUpVerifyPage(handler.db, handler.serverSettings)) // Hint for the user to verify their email
router.Handle("/auth/delete-account", service.HandleDeleteAccountPage(handler.db, handler.serverSettings))
router.Handle("/auth/verify", handler.handleSignUpVerifyPage()) // Hint for the user to verify their email
router.Handle("/auth/delete-account", handler.handleDeleteAccountPage())
router.Handle("/auth/verify-email", service.HandleSignUpVerifyResponsePage(handler.db)) // The link contained in the email
router.Handle("/auth/change-password", service.HandleChangePasswordPage(handler.db, handler.serverSettings))
router.Handle("/auth/reset-password", service.HandleResetPasswordPage(handler.db, handler.serverSettings))
router.Handle("/auth/change-password", handler.handleChangePasswordPage())
router.Handle("/auth/reset-password", handler.handleResetPasswordPage())
router.Handle("/api/auth/signup", handler.handleSignUp())
router.Handle("/api/auth/signin", handler.handleSignIn())
router.Handle("/api/auth/signout", service.HandleSignOutComp(handler.db))
router.Handle("/api/auth/delete-account", service.HandleDeleteAccountComp(handler.db, handler.serverSettings))
router.Handle("/api/auth/verify-resend", service.HandleVerifyResendComp(handler.db, handler.serverSettings))
router.Handle("/api/auth/change-password", service.HandleChangePasswordComp(handler.db))
router.Handle("/api/auth/signout", handler.handleSignOut())
router.Handle("/api/auth/delete-account", handler.HandleDeleteAccountComp())
router.Handle("/api/auth/verify-resend", handler.HandleVerifyResendComp())
router.Handle("/api/auth/change-password", handler.HandleChangePasswordComp())
router.Handle("/api/auth/reset-password", service.HandleResetPasswordComp(handler.db, handler.serverSettings))
router.Handle("/api/auth/reset-password-actual", service.HandleActualResetPasswordComp(handler.db))
}
@@ -56,9 +56,8 @@ var (
func (handler HandlerAuthImpl) handleSignInPage() http.HandlerFunc {
return func(w http.ResponseWriter, r *http.Request) {
user := utils.GetUserFromSession(handler.db, r)
if user == nil {
user, err := handler.service.GetUserFromSessionId(utils.GetSessionID(r))
if err != nil {
userComp := service.UserInfoComp(nil)
signIn := auth.SignInOrUpComp(true)
err := template.Layout(signIn, userComp, handler.serverSettings.Environment).Render(r.Context(), w)
@@ -67,31 +66,40 @@ func (handler HandlerAuthImpl) handleSignInPage() http.HandlerFunc {
utils.LogError("Failed to render sign in page", err)
http.Error(w, "Internal Server Error", http.StatusInternalServerError)
}
}
} else if !user.EmailVerified {
if !user.EmailVerified {
utils.DoRedirect(w, r, "/auth/verify")
} else {
utils.DoRedirect(w, r, "/")
}
}
}
func (handler HandlerAuthImpl) handleSignIn() http.HandlerFunc {
return func(w http.ResponseWriter, r *http.Request) {
user, err := utils.WaitMinimumTime(securityWaitDuration, func() (*service.User, error) {
var email = r.FormValue("email")
var password = r.FormValue("password")
user, err := handler.service.SignIn(email, password)
session, err := handler.service.SignIn(email, password)
if err != nil {
return nil, err
}
err = service.TryCreateSessionAndSetCookie(r, w, handler.db, user.Id)
if err != nil {
return nil, err
cookie := http.Cookie{
Name: "id",
Value: session.Id,
MaxAge: 60 * 60 * 8, // 8 hours
Secure: true,
HttpOnly: true,
SameSite: http.SameSiteStrictMode,
Path: "/",
}
return user, nil
http.SetCookie(w, &cookie)
return session.User, nil
})
if err != nil {
@@ -115,9 +123,8 @@ func (handler HandlerAuthImpl) handleSignIn() http.HandlerFunc {
func (handler HandlerAuthImpl) handleSignUpPage() http.HandlerFunc {
return func(w http.ResponseWriter, r *http.Request) {
user := utils.GetUserFromSession(handler.db, r)
if user == nil {
user, err := handler.service.GetUserFromSessionId(utils.GetSessionID(r))
if err != nil {
userComp := service.UserInfoComp(nil)
signUpComp := auth.SignInOrUpComp(false)
err := template.Layout(signUpComp, userComp, handler.serverSettings.Environment).Render(r.Context(), w)
@@ -126,14 +133,16 @@ func (handler HandlerAuthImpl) handleSignUpPage() http.HandlerFunc {
utils.LogError("Failed to render sign up page", err)
http.Error(w, "Internal Server Error", http.StatusInternalServerError)
}
}
} else if !user.EmailVerified {
if !user.EmailVerified {
utils.DoRedirect(w, r, "/auth/verify")
} else {
utils.DoRedirect(w, r, "/")
}
}
}
func (handler HandlerAuthImpl) handleSignUp() http.HandlerFunc {
return func(w http.ResponseWriter, r *http.Request) {
var email = r.FormValue("email")
@@ -163,3 +172,186 @@ func (handler HandlerAuthImpl) handleSignUp() http.HandlerFunc {
utils.TriggerToast(w, r, "success", "A link to activate your account has been emailed to the address provided.")
}
}
func (handler HandlerAuthImpl) handleSignOut() http.HandlerFunc {
return func(w http.ResponseWriter, r *http.Request) {
err := handler.service.SignOut(utils.GetSessionID(r))
if err != nil {
utils.TriggerToast(w, r, "error", "Internal Server Error")
http.Error(w, err.Error(), http.StatusInternalServerError)
return
}
c := http.Cookie{
Name: "id",
Value: "",
MaxAge: -1,
Secure: true,
HttpOnly: true,
SameSite: http.SameSiteStrictMode,
Path: "/",
}
http.SetCookie(w, &c)
utils.DoRedirect(w, r, "/")
}
}
func (handler HandlerAuthImpl) handleSignUpVerifyPage() http.HandlerFunc {
return func(w http.ResponseWriter, r *http.Request) {
user, err := handler.service.GetUserFromSessionId(utils.GetSessionID(r))
if err != nil {
utils.DoRedirect(w, r, "/auth/signin")
}
if user.EmailVerified {
utils.DoRedirect(w, r, "/")
} else {
userComp := service.UserInfoComp(user)
signIn := auth.VerifyComp()
err := template.Layout(signIn, userComp, handler.serverSettings.Environment).Render(r.Context(), w)
if err != nil {
utils.LogError("Failed to render verify page", err)
http.Error(w, "Internal Server Error", http.StatusInternalServerError)
}
}
}
}
func (handler HandlerAuthImpl) handleDeleteAccountPage() http.HandlerFunc {
return func(w http.ResponseWriter, r *http.Request) {
// An unverified email should be able to delete their account
user, err := handler.service.GetUserFromSessionId(utils.GetSessionID(r))
if err != nil {
utils.DoRedirect(w, r, "/auth/signin")
}
userComp := service.UserInfoComp(user)
comp := auth.DeleteAccountComp()
err = template.Layout(comp, userComp, handler.serverSettings.Environment).Render(r.Context(), w)
if err != nil {
utils.LogError("Failed to render delete account page", err)
http.Error(w, "Internal Server Error", http.StatusInternalServerError)
}
}
}
func (handler HandlerAuthImpl) handleChangePasswordPage() http.HandlerFunc {
return func(w http.ResponseWriter, r *http.Request) {
isPasswordReset := r.URL.Query().Has("token")
user, _ := handler.service.GetUserFromSessionId(utils.GetSessionID(r))
if user == nil && !isPasswordReset {
utils.DoRedirect(w, r, "/auth/signin")
} else {
userComp := service.UserInfoComp(user)
comp := auth.ChangePasswordComp(isPasswordReset)
err := template.Layout(comp, userComp, handler.serverSettings.Environment).Render(r.Context(), w)
if err != nil {
utils.LogError("Failed to render change password page", err)
http.Error(w, "Internal Server Error", http.StatusInternalServerError)
}
}
}
}
func (handler HandlerAuthImpl) handleResetPasswordPage() http.HandlerFunc {
return func(w http.ResponseWriter, r *http.Request) {
user, err := handler.service.GetUserFromSessionId(utils.GetSessionID(r))
if err != nil {
utils.DoRedirect(w, r, "/auth/signin")
}
userComp := service.UserInfoComp(user)
comp := auth.ResetPasswordComp()
err = template.Layout(comp, userComp, handler.serverSettings.Environment).Render(r.Context(), w)
if err != nil {
utils.LogError("Failed to render change password page", err)
http.Error(w, "Internal Server Error", http.StatusInternalServerError)
}
}
}
func (handler HandlerAuthImpl) HandleResetPasswordPage() http.HandlerFunc {
return func(w http.ResponseWriter, r *http.Request) {
user, err := handler.service.GetUserFromSessionId(utils.GetSessionID(r))
if err != nil {
utils.DoRedirect(w, r, "/auth/signin")
return
}
userComp := service.UserInfoComp(user)
comp := auth.ResetPasswordComp()
err = template.Layout(comp, userComp, handler.serverSettings.Environment).Render(r.Context(), w)
if err != nil {
utils.LogError("Failed to render change password page", err)
http.Error(w, "Internal Server Error", http.StatusInternalServerError)
}
}
}
func (handler HandlerAuthImpl) HandleDeleteAccountComp() http.HandlerFunc {
return func(w http.ResponseWriter, r *http.Request) {
user, err := handler.service.GetUserFromSessionId(utils.GetSessionID(r))
if err != nil {
utils.DoRedirect(w, r, "/auth/signin")
return
}
password := r.FormValue("password")
_, err = handler.service.SignIn(user.Email, password)
if err != nil {
utils.TriggerToast(w, r, "error", "Password not correct")
return
}
err = handler.service.DeleteAccount(user)
if err != nil {
utils.TriggerToast(w, r, "error", "Internal Server Error")
return
}
utils.DoRedirect(w, r, "/")
}
}
func (handler HandlerAuthImpl) HandleVerifyResendComp() http.HandlerFunc {
return func(w http.ResponseWriter, r *http.Request) {
user, err := handler.service.GetUserFromSessionId(utils.GetSessionID(r))
if err != nil {
utils.DoRedirect(w, r, "/auth/signin")
return
}
go handler.service.SendVerificationMail(user.Id, user.Email)
w.Write([]byte("<p class=\"mt-8\">Verification email sent</p>"))
}
}
func (handler HandlerAuthImpl) HandleChangePasswordComp() http.HandlerFunc {
return func(w http.ResponseWriter, r *http.Request) {
user, err := handler.service.GetUserFromSessionId(utils.GetSessionID(r))
if err != nil {
utils.DoRedirect(w, r, "/auth/signin")
return
}
currPass := r.FormValue("current-password")
newPass := r.FormValue("new-password")
err = handler.service.ChangePassword(user, currPass, newPass)
if err != nil {
utils.TriggerToast(w, r, "error", "Password not correct")
return
}
utils.TriggerToast(w, r, "success", "Password changed")
}
}

26
handler/default.go
View File

@@ -13,25 +13,27 @@ import (
func GetHandler(d *sql.DB, serverSettings *types.ServerSettings) http.Handler {
var router = http.NewServeMux()
router.HandleFunc("/", service.HandleIndexAnd404(d, serverSettings))
authDb := db.NewAuthDbSqlite(d)
workoutDb := db.NewWorkoutDbSqlite(d)
randomGenerator := service.NewRandomGeneratorImpl()
clock := service.NewClockImpl()
dbAuth := db.NewDbAuthSqlite(d)
randomService := service.NewRandomServiceImpl()
clockService := service.NewClockServiceImpl()
mailService := service.NewMailServiceImpl(serverSettings)
serviceAuth := service.NewServiceAuthImpl(dbAuth, randomGenerator, clock, mailService, serverSettings)
handlerAuth := NewHandlerAuth(d, serviceAuth, serverSettings)
authService := service.NewAuthServiceImpl(authDb, randomService, clockService, mailService, serverSettings)
workoutService := service.NewWorkoutServiceImpl(workoutDb, randomService, clockService, mailService, serverSettings)
indexHandler := NewIndexHandler(d, authService, serverSettings)
authHandler := NewHandlerAuth(d, authService, serverSettings)
workoutHandler := NewWorkoutHandler(d, workoutService, authService, serverSettings)
indexHandler.handle(router)
// Serve static files (CSS, JS and images)
router.Handle("/static/", http.StripPrefix("/static/", http.FileServer(http.Dir("./static/"))))
handleWorkout(d, router, serverSettings)
workoutHandler.handle(router)
handlerAuth.handle(router)
authHandler.handle(router)
return middleware.Logging(middleware.EnableCors(serverSettings, router))
}
func authMiddleware(db *sql.DB, h http.Handler) http.Handler {
return middleware.EnsureValidSession(db, h)
}

57
handler/index_and_404.go Normal file
View File

@@ -0,0 +1,57 @@
package handler
import (
"me-fit/service"
"me-fit/template"
"me-fit/types"
"me-fit/utils"
"database/sql"
"net/http"
"github.com/a-h/templ"
)
type IndexHandler interface {
handle(router *http.ServeMux)
}
type IndexHandlerImpl struct {
db *sql.DB
service service.AuthService
serverSettings *types.ServerSettings
}
func NewIndexHandler(db *sql.DB, service service.AuthService, serverSettings *types.ServerSettings) IndexHandler {
return IndexHandlerImpl{
db: db,
service: service,
serverSettings: serverSettings,
}
}
func (handler IndexHandlerImpl) handle(router *http.ServeMux) {
router.Handle("/", handler.handleIndexAnd404())
}
func (handler IndexHandlerImpl) handleIndexAnd404() http.HandlerFunc {
return func(w http.ResponseWriter, r *http.Request) {
user, err := handler.service.GetUserFromSessionId(utils.GetSessionID(r))
var comp templ.Component = nil
userComp := service.UserInfoComp(user)
if r.URL.Path != "/" {
comp = template.Layout(template.NotFound(), userComp, handler.serverSettings.Environment)
w.WriteHeader(http.StatusNotFound)
} else {
comp = template.Layout(template.Index(), userComp, handler.serverSettings.Environment)
}
err = comp.Render(r.Context(), w)
if err != nil {
utils.LogError("Failed to render index", err)
http.Error(w, "Failed to render index", http.StatusInternalServerError)
}
}
}

142
handler/workout.go
View File

@@ -2,15 +2,147 @@ package handler
import (
"me-fit/service"
"me-fit/template"
"me-fit/template/workout"
"me-fit/types"
"me-fit/utils"
"database/sql"
"log/slog"
"net/http"
"strconv"
"time"
)
func handleWorkout(db *sql.DB, router *http.ServeMux, serverSettings *types.ServerSettings) {
router.Handle("/workout", authMiddleware(db, service.HandleWorkoutPage(db, serverSettings)))
router.Handle("POST /api/workout", authMiddleware(db, service.HandleWorkoutNewComp(db)))
router.Handle("GET /api/workout", authMiddleware(db, service.HandleWorkoutGetComp(db)))
router.Handle("DELETE /api/workout/{id}", authMiddleware(db, service.HandleWorkoutDeleteComp(db)))
type WorkoutHandler interface {
handle(router *http.ServeMux)
}
type WorkoutHandlerImpl struct {
db *sql.DB
service service.WorkoutService
auth service.AuthService
serverSettings *types.ServerSettings
}
func NewWorkoutHandler(db *sql.DB, service service.WorkoutService, auth service.AuthService, serverSettings *types.ServerSettings) HandlerAuth {
return WorkoutHandlerImpl{
db: db,
service: service,
auth: auth,
serverSettings: serverSettings,
}
}
func (handler WorkoutHandlerImpl) handle(router *http.ServeMux) {
router.Handle("/workout", handler.handleWorkoutPage())
router.Handle("POST /api/workout", handler.handleAddWorkout())
router.Handle("GET /api/workout", handler.handleGetWorkout())
router.Handle("DELETE /api/workout/{id}", handler.handleDeleteWorkout())
}
func (handler WorkoutHandlerImpl) handleWorkoutPage() http.HandlerFunc {
return func(w http.ResponseWriter, r *http.Request) {
user, err := handler.auth.GetUserFromSessionId(utils.GetSessionID(r))
if err != nil {
utils.DoRedirect(w, r, "/auth/signin")
return
}
currentDate := time.Now().Format("2006-01-02")
inner := workout.WorkoutComp(currentDate)
userComp := service.UserInfoComp(user)
err = template.Layout(inner, userComp, handler.serverSettings.Environment).Render(r.Context(), w)
if err != nil {
utils.LogError("Failed to render workout page", err)
http.Error(w, "Internal Server Error", http.StatusInternalServerError)
}
}
}
func (handler WorkoutHandlerImpl) handleAddWorkout() http.HandlerFunc {
return func(w http.ResponseWriter, r *http.Request) {
user, err := handler.auth.GetUserFromSessionId(utils.GetSessionID(r))
if err != nil {
utils.DoRedirect(w, r, "/auth/signin")
return
}
var dateStr = r.FormValue("date")
var typeStr = r.FormValue("type")
var setsStr = r.FormValue("sets")
var repsStr = r.FormValue("reps")
wo := service.NewWorkoutDto("", dateStr, typeStr, setsStr, repsStr)
wo, err = handler.service.AddWorkout(user, wo)
if err != nil {
utils.TriggerToast(w, r, "error", "Invalid input values")
http.Error(w, "Invalid input values", http.StatusBadRequest)
return
}
wor := workout.Workout{Id: wo.RowId, Date: wo.Date, Type: wo.Type, Sets: wo.Sets, Reps: wo.Reps}
err = workout.WorkoutItemComp(wor, true).Render(r.Context(), w)
if err != nil {
utils.LogError("Could not render workoutitem", err)
utils.TriggerToast(w, r, "error", "Internal Server Error")
http.Error(w, err.Error(), http.StatusInternalServerError)
}
}
}
func (handler WorkoutHandlerImpl) handleGetWorkout() http.HandlerFunc {
return func(w http.ResponseWriter, r *http.Request) {
user, err := handler.auth.GetUserFromSessionId(utils.GetSessionID(r))
if err != nil {
utils.DoRedirect(w, r, "/auth/signin")
return
}
workouts, err := handler.service.GetWorkouts(user)
if err != nil {
return
}
wos := make([]workout.Workout, 0)
for _, wo := range workouts {
wos = append(wos, workout.Workout{Id: wo.RowId, Date: wo.Date, Type: wo.Type, Sets: wo.Sets, Reps: wo.Reps})
}
workout.WorkoutListComp(wos).Render(r.Context(), w)
}
}
func (handler WorkoutHandlerImpl) handleDeleteWorkout() http.HandlerFunc {
return func(w http.ResponseWriter, r *http.Request) {
user, err := handler.auth.GetUserFromSessionId(utils.GetSessionID(r))
if err != nil {
utils.DoRedirect(w, r, "/auth/signin")
return
}
rowId := r.PathValue("id")
if rowId == "" {
http.Error(w, "Missing required fields", http.StatusBadRequest)
slog.Warn("Missing required fields for workout delete")
utils.TriggerToast(w, r, "error", "Missing ID field")
return
}
rowIdInt, err := strconv.Atoi(rowId)
if err != nil {
http.Error(w, "Invalid ID", http.StatusBadRequest)
slog.Warn("Invalid ID for workout delete")
utils.TriggerToast(w, r, "error", "Invalid ID")
return
}
err = handler.service.DeleteWorkout(user, rowIdInt)
if err != nil {
http.Error(w, "Internal Server Error", http.StatusInternalServerError)
slog.Error("Could not delete workout: " + err.Error())
utils.TriggerToast(w, r, "error", "Internal Server Error")
return
}
}
}

30
middleware/auth.go
View File

@@ -1,30 +0,0 @@
package middleware
import (
"me-fit/utils"
"context"
"database/sql"
"net/http"
)
func EnsureValidSession(db *sql.DB, next http.Handler) http.Handler {
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
user := utils.GetUserFromSession(db, r)
if user == nil {
utils.DoRedirect(w, r, "/auth/signin")
return
}
if !user.EmailVerified && r.URL.Path != "/auth/verify" {
utils.DoRedirect(w, r, "/auth/verify")
return
}
ctx := context.WithValue(r.Context(), utils.ContextKeyUser, user)
next.ServeHTTP(w, r.WithContext(ctx))
})
}

5
mocks/default.go
View File

@@ -1,5 +0,0 @@
package mocks
import (
_ "github.com/stretchr/testify/mock"
)

375
service/auth.go
View File

@@ -10,9 +10,9 @@ import (
"net/mail"
"net/url"
"strings"
"time"
"me-fit/db"
"me-fit/template"
"me-fit/template/auth"
tempMail "me-fit/template/mail"
"me-fit/types"
@@ -28,6 +28,7 @@ var (
ErrInvalidPassword = errors.New("Password needs to be 8 characters long, contain at least one number, one special, one uppercase and one lowercase character")
ErrInvalidEmail = errors.New("Invalid email")
ErrAccountExists = errors.New("Account already exists")
ErrSessionIdInvalid = errors.New("Session ID is invalid")
)
type User struct {
@@ -44,22 +45,41 @@ func NewUser(user *db.User) *User {
}
}
type ServiceAuth interface {
SignIn(email string, password string) (*User, error)
SignUp(email string, password string) (*User, error)
SendVerificationMail(userId uuid.UUID, email string)
type Session struct {
Id string
CreatedAt time.Time
User *User
}
type ServiceAuthImpl struct {
dbAuth db.DbAuth
randomGenerator RandomGenerator
clock Clock
func NewSession(session *db.Session, user *User) *Session {
return &Session{
Id: session.Id,
CreatedAt: session.CreatedAt,
User: user,
}
}
type AuthService interface {
SignIn(email string, password string) (*Session, error)
SignUp(email string, password string) (*User, error)
SendVerificationMail(userId uuid.UUID, email string)
SignOut(sessionId string) error
DeleteAccount(user *User) error
ChangePassword(user *User, currPass, newPass string) error
GetUserFromSessionId(sessionId string) (*User, error)
}
type AuthServiceImpl struct {
dbAuth db.AuthDb
randomGenerator RandomService
clock ClockService
mailService MailService
serverSettings *types.ServerSettings
}
func NewServiceAuthImpl(dbAuth db.DbAuth, randomGenerator RandomGenerator, clock Clock, mailService MailService, serverSettings *types.ServerSettings) *ServiceAuthImpl {
return &ServiceAuthImpl{
func NewAuthServiceImpl(dbAuth db.AuthDb, randomGenerator RandomService, clock ClockService, mailService MailService, serverSettings *types.ServerSettings) *AuthServiceImpl {
return &AuthServiceImpl{
dbAuth: dbAuth,
randomGenerator: randomGenerator,
clock: clock,
@@ -68,7 +88,7 @@ func NewServiceAuthImpl(dbAuth db.DbAuth, randomGenerator RandomGenerator, clock
}
}
func (service ServiceAuthImpl) SignIn(email string, password string) (*User, error) {
func (service AuthServiceImpl) SignIn(email string, password string) (*Session, error) {
user, err := service.dbAuth.GetUser(email)
if err != nil {
if errors.Is(err, db.ErrUserNotFound) {
@@ -84,10 +104,36 @@ func (service ServiceAuthImpl) SignIn(email string, password string) (*User, err
return nil, ErrInvaidCredentials
}
return NewUser(user), nil
session, err := service.createSession(user.Id)
if err != nil {
return nil, types.ErrInternal
}
return NewSession(session, NewUser(user)), nil
}
func (service ServiceAuthImpl) SignUp(email string, password string) (*User, error) {
func (service AuthServiceImpl) createSession(userId uuid.UUID) (*db.Session, error) {
sessionId, err := service.randomGenerator.String(32)
if err != nil {
return nil, types.ErrInternal
}
err = service.dbAuth.DeleteOldSessions(userId)
if err != nil {
return nil, types.ErrInternal
}
session := db.NewSession(sessionId, userId, service.clock.Now())
err = service.dbAuth.InsertSession(session)
if err != nil {
return nil, types.ErrInternal
}
return session, nil
}
func (service AuthServiceImpl) SignUp(email string, password string) (*User, error) {
_, err := mail.ParseAddress(email)
if err != nil {
return nil, ErrInvalidEmail
@@ -123,7 +169,7 @@ func (service ServiceAuthImpl) SignUp(email string, password string) (*User, err
return NewUser(dbUser), nil
}
func (service ServiceAuthImpl) SendVerificationMail(userId uuid.UUID, email string) {
func (service AuthServiceImpl) SendVerificationMail(userId uuid.UUID, email string) {
var token string
token, err := service.dbAuth.GetEmailVerificationToken(userId)
@@ -153,45 +199,35 @@ func (service ServiceAuthImpl) SendVerificationMail(userId uuid.UUID, email stri
service.mailService.SendMail(email, "Welcome to ME-FIT", w.String())
}
func (service AuthServiceImpl) SignOut(sessionId string) error {
return service.dbAuth.DeleteSession(sessionId)
}
func (service AuthServiceImpl) GetUserFromSessionId(sessionId string) (*User, error) {
if sessionId == "" {
return nil, ErrSessionIdInvalid
}
session, err := service.dbAuth.GetSession(sessionId)
if err != nil {
return nil, types.ErrInternal
}
user, err := service.dbAuth.GetUserById(session.UserId)
if err != nil {
return nil, types.ErrInternal
}
if session.CreatedAt.Add(time.Duration(8 * time.Hour)).Before(service.clock.Now()) {
return nil, nil
} else {
return NewUser(user), nil
}
}
// TODO
func HandleSignUpVerifyPage(db *sql.DB, serverSettings *types.ServerSettings) http.HandlerFunc {
return func(w http.ResponseWriter, r *http.Request) {
user := utils.GetUserFromSession(db, r)
if user == nil {
utils.DoRedirect(w, r, "/auth/signin")
} else if user.EmailVerified {
utils.DoRedirect(w, r, "/")
} else {
userComp := UserInfoComp(user)
signIn := auth.VerifyComp()
err := template.Layout(signIn, userComp, serverSettings.Environment).Render(r.Context(), w)
if err != nil {
utils.LogError("Failed to render verify page", err)
http.Error(w, "Internal Server Error", http.StatusInternalServerError)
}
}
}
}
func HandleDeleteAccountPage(db *sql.DB, serverSettings *types.ServerSettings) http.HandlerFunc {
return func(w http.ResponseWriter, r *http.Request) {
// An unverified email should be able to delete their account
user := utils.GetUserFromSession(db, r)
if user == nil {
utils.DoRedirect(w, r, "/auth/signin")
} else {
userComp := UserInfoComp(user)
comp := auth.DeleteAccountComp()
err := template.Layout(comp, userComp, serverSettings.Environment).Render(r.Context(), w)
if err != nil {
utils.LogError("Failed to render delete account page", err)
http.Error(w, "Internal Server Error", http.StatusInternalServerError)
}
}
}
}
func HandleSignUpVerifyResponsePage(db *sql.DB) http.HandlerFunc {
return func(w http.ResponseWriter, r *http.Request) {
@@ -234,45 +270,7 @@ func HandleSignUpVerifyResponsePage(db *sql.DB) http.HandlerFunc {
}
}
func HandleChangePasswordPage(db *sql.DB, serverSettings *types.ServerSettings) http.HandlerFunc {
return func(w http.ResponseWriter, r *http.Request) {
isPasswordReset := r.URL.Query().Has("token")
user := utils.GetUserFromSession(db, r)
if user == nil && !isPasswordReset {
utils.DoRedirect(w, r, "/auth/signin")
} else {
userComp := UserInfoComp(user)
comp := auth.ChangePasswordComp(isPasswordReset)
err := template.Layout(comp, userComp, serverSettings.Environment).Render(r.Context(), w)
if err != nil {
utils.LogError("Failed to render change password page", err)
http.Error(w, "Internal Server Error", http.StatusInternalServerError)
}
}
}
}
func HandleResetPasswordPage(db *sql.DB, serverSettings *types.ServerSettings) http.HandlerFunc {
return func(w http.ResponseWriter, r *http.Request) {
user := utils.GetUserFromSession(db, r)
if user != nil {
utils.DoRedirect(w, r, "/auth/signin")
} else {
userComp := UserInfoComp(nil)
comp := auth.ResetPasswordComp()
err := template.Layout(comp, userComp, serverSettings.Environment).Render(r.Context(), w)
if err != nil {
utils.LogError("Failed to render change password page", err)
http.Error(w, "Internal Server Error", http.StatusInternalServerError)
}
}
}
}
func UserInfoComp(user *types.User) templ.Component {
func UserInfoComp(user *User) templ.Component {
if user != nil {
return auth.UserComp(user.Email)
@@ -281,168 +279,46 @@ func UserInfoComp(user *types.User) templ.Component {
}
}
func HandleSignOutComp(db *sql.DB) http.HandlerFunc {
return func(w http.ResponseWriter, r *http.Request) {
user := utils.GetUserFromSession(db, r)
func (service AuthServiceImpl) DeleteAccount(user *User) error {
if user != nil {
_, err := db.Exec("DELETE FROM session WHERE session_id = ?", user.SessionId)
err := service.dbAuth.DeleteUser(user.Id)
if err != nil {
utils.LogError("Could not delete session", err)
utils.TriggerToast(w, r, "error", "Internal Server Error")
http.Error(w, err.Error(), http.StatusInternalServerError)
return
}
return err
}
c := http.Cookie{
Name: "id",
Value: "",
MaxAge: -1,
Secure: true,
HttpOnly: true,
SameSite: http.SameSiteStrictMode,
Path: "/",
}
go service.mailService.SendMail(user.Email, "Account deleted", "Your account has been deleted")
http.SetCookie(w, &c)
utils.DoRedirect(w, r, "/")
}
return nil
}
func HandleDeleteAccountComp(db *sql.DB, serverSettings *types.ServerSettings) http.HandlerFunc {
mailService := NewMailServiceImpl(serverSettings)
return func(w http.ResponseWriter, r *http.Request) {
user := utils.GetUserFromSession(db, r)
if user == nil {
utils.DoRedirect(w, r, "/auth/signin")
return
}
password := r.FormValue("password")
if password == "" {
utils.TriggerToast(w, r, "error", "Password is required")
return
}
var (
storedHash []byte
salt []byte
)
err := db.QueryRow("SELECT password, salt FROM user WHERE user_uuid = ?", user.Id).Scan(&storedHash, &salt)
if err != nil {
utils.LogError("Could not get password", err)
utils.TriggerToast(w, r, "error", "Internal Server Error")
return
}
currHash := GetHashPassword(password, salt)
if subtle.ConstantTimeCompare(currHash, storedHash) == 0 {
utils.TriggerToast(w, r, "error", "Password is not correct")
return
}
_, err = db.Exec("DELETE FROM workout WHERE user_id = ?", user.Id)
if err != nil {
utils.LogError("Could not delete workouts", err)
utils.TriggerToast(w, r, "error", "Internal Server Error")
return
}
_, err = db.Exec("DELETE FROM user_token WHERE user_uuid = ?", user.Id)
if err != nil {
utils.LogError("Could not delete user tokens", err)
utils.TriggerToast(w, r, "error", "Internal Server Error")
return
}
_, err = db.Exec("DELETE FROM session WHERE user_uuid = ?", user.Id)
if err != nil {
utils.LogError("Could not delete sessions", err)
utils.TriggerToast(w, r, "error", "Internal Server Error")
return
}
_, err = db.Exec("DELETE FROM user WHERE user_uuid = ?", user.Id)
if err != nil {
utils.LogError("Could not delete user", err)
utils.TriggerToast(w, r, "error", "Internal Server Error")
return
}
go mailService.SendMail(user.Email, "Account deleted", "Your account has been deleted")
utils.DoRedirect(w, r, "/")
}
}
func HandleVerifyResendComp(db *sql.DB, serverSettings *types.ServerSettings) http.HandlerFunc {
return func(w http.ResponseWriter, r *http.Request) {
user := utils.GetUserFromSession(db, r)
if user == nil || user.EmailVerified {
utils.DoRedirect(w, r, "/auth/signin")
return
}
// TODO
// go sendVerificationEmail(db, user.Id.String(), user.Email, serverSettings)
w.Write([]byte("<p class=\"mt-8\">Verification email sent</p>"))
}
}
func HandleChangePasswordComp(db *sql.DB) http.HandlerFunc {
return func(w http.ResponseWriter, r *http.Request) {
user := utils.GetUserFromSession(db, r)
if user == nil {
utils.DoRedirect(w, r, "/auth/signin")
return
}
currPass := r.FormValue("current-password")
newPass := r.FormValue("new-password")
func (service AuthServiceImpl) ChangePassword(user *User, currPass, newPass string) error {
if !isPasswordValid(newPass) {
utils.TriggerToast(w, r, "error", ErrInvalidPassword.Error())
return
return ErrInvalidPassword
}
if currPass == newPass {
utils.TriggerToast(w, r, "error", "Please use a new password")
return
return ErrInvalidPassword
}
var (
storedHash []byte
salt []byte
)
err := db.QueryRow("SELECT password, salt FROM user WHERE user_uuid = ?", user.Id).Scan(&storedHash, &salt)
_, err := service.SignIn(user.Email, currPass)
if err != nil {
utils.LogError("Could not get password", err)
utils.TriggerToast(w, r, "error", "Internal Server Error")
return
return err
}
currHash := GetHashPassword(currPass, salt)
if subtle.ConstantTimeCompare(currHash, storedHash) == 0 {
utils.TriggerToast(w, r, "error", "Current Password is not correct")
return
}
newHash := GetHashPassword(newPass, salt)
_, err = db.Exec("UPDATE user SET password = ? WHERE user_uuid = ?", newHash, user.Id)
userDb, err := service.dbAuth.GetUserById(user.Id)
if err != nil {
utils.LogError("Could not update password", err)
utils.TriggerToast(w, r, "error", "Internal Server Error")
return
return err
}
utils.TriggerToast(w, r, "success", "Password changed")
newHash := GetHashPassword(newPass, userDb.Salt)
err = service.dbAuth.UpdateUserPassword(user.Id, newHash)
if err != nil {
return err
}
return nil
}
func HandleActualResetPasswordComp(db *sql.DB) http.HandlerFunc {
@@ -517,7 +393,7 @@ func HandleResetPasswordComp(db *sql.DB, serverSettings *types.ServerSettings) h
return
}
token, err := NewRandomGeneratorImpl().String(32)
token, err := NewRandomServiceImpl().String(32)
if err != nil {
return
}
@@ -556,39 +432,6 @@ func HandleResetPasswordComp(db *sql.DB, serverSettings *types.ServerSettings) h
}
}
func TryCreateSessionAndSetCookie(r *http.Request, w http.ResponseWriter, db *sql.DB, user_uuid uuid.UUID) error {
sessionId, err := NewRandomGeneratorImpl().String(32)
if err != nil {
return types.ErrInternal
}
// Delete old inactive sessions
_, err = db.Exec("DELETE FROM session WHERE created_at < datetime('now','-8 hours') AND user_uuid = ?", user_uuid)
if err != nil {
utils.LogError("Could not delete old sessions", err)
return types.ErrInternal
}
_, err = db.Exec("INSERT INTO session (session_id, user_uuid, created_at) VALUES (?, ?, datetime())", sessionId, user_uuid)
if err != nil {
utils.LogError("Could not insert session", err)
return types.ErrInternal
}
cookie := http.Cookie{
Name: "id",
Value: sessionId,
MaxAge: 60 * 60 * 8, // 8 hours
Secure: true,
HttpOnly: true,
SameSite: http.SameSiteStrictMode,
Path: "/",
}
http.SetCookie(w, &cookie)
return nil
}
func GetHashPassword(password string, salt []byte) []byte {
return argon2.IDKey([]byte(password), salt, 1, 64*1024, 1, 16)
}

109
service/auth_test.go
View File

@@ -4,9 +4,9 @@ import (
"me-fit/db"
"me-fit/mocks"
"me-fit/types"
"strings"
"errors"
"strings"
"testing"
"time"
@@ -33,24 +33,25 @@ func TestSignIn(t *testing.T) {
time.Date(2020, 1, 1, 0, 0, 0, 0, time.UTC),
)
mockDbAuth := mocks.NewMockDbAuth(t)
mockDbAuth.EXPECT().GetUser("test@test.de").Return(user, nil)
mockRandom := mocks.NewMockRandomGenerator(t)
mockClock := mocks.NewMockClock(t)
dbSession := db.NewSession("sessionId", user.Id, time.Date(2020, 1, 1, 0, 0, 0, 0, time.UTC))
mockAuthDb := mocks.NewMockAuthDb(t)
mockAuthDb.EXPECT().GetUser("test@test.de").Return(user, nil)
mockAuthDb.EXPECT().DeleteOldSessions(user.Id).Return(nil)
mockAuthDb.EXPECT().InsertSession(dbSession).Return(nil)
mockRandom := mocks.NewMockRandomService(t)
mockRandom.EXPECT().String(32).Return("sessionId", nil)
mockClock := mocks.NewMockClockService(t)
mockClock.EXPECT().Now().Return(time.Date(2020, 1, 1, 0, 0, 0, 0, time.UTC))
mockMail := mocks.NewMockMailService(t)
underTest := NewServiceAuthImpl(mockDbAuth, mockRandom, mockClock, mockMail, &types.ServerSettings{})
underTest := NewAuthServiceImpl(mockAuthDb, mockRandom, mockClock, mockMail, &types.ServerSettings{})
actualUser, err := underTest.SignIn(user.Email, "password")
actualSession, err := underTest.SignIn(user.Email, "password")
assert.Nil(t, err)
expectedUser := User{
Id: user.Id,
Email: user.Email,
EmailVerified: user.EmailVerified,
}
assert.Equal(t, expectedUser, *actualUser)
expectedSession := NewSession(dbSession, NewUser(user))
assert.Equal(t, expectedSession, actualSession)
})
t.Run("should return ErrInvalidCretentials if password is not correct", func(t *testing.T) {
@@ -69,13 +70,13 @@ func TestSignIn(t *testing.T) {
time.Date(2020, 1, 1, 0, 0, 0, 0, time.UTC),
)
mockDbAuth := mocks.NewMockDbAuth(t)
mockDbAuth.EXPECT().GetUser(user.Email).Return(user, nil)
mockRandom := mocks.NewMockRandomGenerator(t)
mockClock := mocks.NewMockClock(t)
mockAuthDb := mocks.NewMockAuthDb(t)
mockAuthDb.EXPECT().GetUser(user.Email).Return(user, nil)
mockRandom := mocks.NewMockRandomService(t)
mockClock := mocks.NewMockClockService(t)
mockMail := mocks.NewMockMailService(t)
underTest := NewServiceAuthImpl(mockDbAuth, mockRandom, mockClock, mockMail, &types.ServerSettings{})
underTest := NewAuthServiceImpl(mockAuthDb, mockRandom, mockClock, mockMail, &types.ServerSettings{})
_, err := underTest.SignIn("test@test.de", "wrong password")
@@ -84,13 +85,13 @@ func TestSignIn(t *testing.T) {
t.Run("should return ErrInvalidCretentials if user has not been found", func(t *testing.T) {
t.Parallel()
mockDbAuth := mocks.NewMockDbAuth(t)
mockDbAuth.EXPECT().GetUser("test").Return(nil, db.ErrUserNotFound)
mockRandom := mocks.NewMockRandomGenerator(t)
mockClock := mocks.NewMockClock(t)
mockAuthDb := mocks.NewMockAuthDb(t)
mockAuthDb.EXPECT().GetUser("test").Return(nil, db.ErrUserNotFound)
mockRandom := mocks.NewMockRandomService(t)
mockClock := mocks.NewMockClockService(t)
mockMail := mocks.NewMockMailService(t)
underTest := NewServiceAuthImpl(mockDbAuth, mockRandom, mockClock, mockMail, &types.ServerSettings{})
underTest := NewAuthServiceImpl(mockAuthDb, mockRandom, mockClock, mockMail, &types.ServerSettings{})
_, err := underTest.SignIn("test", "test")
assert.Equal(t, ErrInvaidCredentials, err)
@@ -98,13 +99,13 @@ func TestSignIn(t *testing.T) {
t.Run("should forward ErrInternal on any other error", func(t *testing.T) {
t.Parallel()
mockDbAuth := mocks.NewMockDbAuth(t)
mockDbAuth.EXPECT().GetUser("test").Return(nil, errors.New("Some undefined error"))
mockRandom := mocks.NewMockRandomGenerator(t)
mockClock := mocks.NewMockClock(t)
mockAuthDb := mocks.NewMockAuthDb(t)
mockAuthDb.EXPECT().GetUser("test").Return(nil, errors.New("Some undefined error"))
mockRandom := mocks.NewMockRandomService(t)
mockClock := mocks.NewMockClockService(t)
mockMail := mocks.NewMockMailService(t)
underTest := NewServiceAuthImpl(mockDbAuth, mockRandom, mockClock, mockMail, &types.ServerSettings{})
underTest := NewAuthServiceImpl(mockAuthDb, mockRandom, mockClock, mockMail, &types.ServerSettings{})
_, err := underTest.SignIn("test", "test")
@@ -117,12 +118,12 @@ func TestSignUp(t *testing.T) {
t.Run("should check for correct email address", func(t *testing.T) {
t.Parallel()
mockDbAuth := mocks.NewMockDbAuth(t)
mockRandom := mocks.NewMockRandomGenerator(t)
mockClock := mocks.NewMockClock(t)
mockAuthDb := mocks.NewMockAuthDb(t)
mockRandom := mocks.NewMockRandomService(t)
mockClock := mocks.NewMockClockService(t)
mockMail := mocks.NewMockMailService(t)
underTest := NewServiceAuthImpl(mockDbAuth, mockRandom, mockClock, mockMail, &types.ServerSettings{})
underTest := NewAuthServiceImpl(mockAuthDb, mockRandom, mockClock, mockMail, &types.ServerSettings{})
_, err := underTest.SignUp("invalid email address", "SomeStrongPassword123!")
@@ -131,12 +132,12 @@ func TestSignUp(t *testing.T) {
t.Run("should check for password complexity", func(t *testing.T) {
t.Parallel()
mockDbAuth := mocks.NewMockDbAuth(t)
mockRandom := mocks.NewMockRandomGenerator(t)
mockClock := mocks.NewMockClock(t)
mockAuthDb := mocks.NewMockAuthDb(t)
mockRandom := mocks.NewMockRandomService(t)
mockClock := mocks.NewMockClockService(t)
mockMail := mocks.NewMockMailService(t)
underTest := NewServiceAuthImpl(mockDbAuth, mockRandom, mockClock, mockMail, &types.ServerSettings{})
underTest := NewAuthServiceImpl(mockAuthDb, mockRandom, mockClock, mockMail, &types.ServerSettings{})
weakPasswords := []string{
"123!ab", // too short
@@ -153,9 +154,9 @@ func TestSignUp(t *testing.T) {
t.Run("should signup correctly", func(t *testing.T) {
t.Parallel()
mockDbAuth := mocks.NewMockDbAuth(t)
mockRandom := mocks.NewMockRandomGenerator(t)
mockClock := mocks.NewMockClock(t)
mockAuthDb := mocks.NewMockAuthDb(t)
mockRandom := mocks.NewMockRandomService(t)
mockClock := mocks.NewMockClockService(t)
mockMail := mocks.NewMockMailService(t)
expected := User{
@@ -164,7 +165,7 @@ func TestSignUp(t *testing.T) {
EmailVerified: false,
}
random := NewRandomGeneratorImpl()
random := NewRandomServiceImpl()
salt, err := random.Bytes(16)
assert.Nil(t, err)
password := "SomeStrongPassword123!"
@@ -176,9 +177,9 @@ func TestSignUp(t *testing.T) {
mockClock.EXPECT().Now().Return(createTime)
mockDbAuth.EXPECT().InsertUser(db.NewUser(expected.Id, expected.Email, false, nil, false, GetHashPassword(password, salt), salt, createTime)).Return(nil)
mockAuthDb.EXPECT().InsertUser(db.NewUser(expected.Id, expected.Email, false, nil, false, GetHashPassword(password, salt), salt, createTime)).Return(nil)
underTest := NewServiceAuthImpl(mockDbAuth, mockRandom, mockClock, mockMail, &types.ServerSettings{})
underTest := NewAuthServiceImpl(mockAuthDb, mockRandom, mockClock, mockMail, &types.ServerSettings{})
actual, err := underTest.SignUp(expected.Email, password)
@@ -189,9 +190,9 @@ func TestSignUp(t *testing.T) {
t.Run("should return ErrAccountExists", func(t *testing.T) {
t.Parallel()
mockDbAuth := mocks.NewMockDbAuth(t)
mockRandom := mocks.NewMockRandomGenerator(t)
mockClock := mocks.NewMockClock(t)
mockAuthDb := mocks.NewMockAuthDb(t)
mockRandom := mocks.NewMockRandomService(t)
mockClock := mocks.NewMockClockService(t)
mockMail := mocks.NewMockMailService(t)
user := User{
@@ -199,7 +200,7 @@ func TestSignUp(t *testing.T) {
Email: "some@valid.email",
}
random := NewRandomGeneratorImpl()
random := NewRandomServiceImpl()
salt, err := random.Bytes(16)
assert.Nil(t, err)
password := "SomeStrongPassword123!"
@@ -211,9 +212,9 @@ func TestSignUp(t *testing.T) {
mockClock.EXPECT().Now().Return(createTime)
mockDbAuth.EXPECT().InsertUser(db.NewUser(user.Id, user.Email, false, nil, false, GetHashPassword(password, salt), salt, createTime)).Return(db.ErrUserExists)
mockAuthDb.EXPECT().InsertUser(db.NewUser(user.Id, user.Email, false, nil, false, GetHashPassword(password, salt), salt, createTime)).Return(db.ErrUserExists)
underTest := NewServiceAuthImpl(mockDbAuth, mockRandom, mockClock, mockMail, &types.ServerSettings{})
underTest := NewAuthServiceImpl(mockAuthDb, mockRandom, mockClock, mockMail, &types.ServerSettings{})
_, err = underTest.SignUp(user.Email, password)
assert.Equal(t, ErrAccountExists, err)
@@ -230,16 +231,16 @@ func TestSendVerificationMail(t *testing.T) {
email := "some@email.de"
userId := uuid.New()
mockDbAuth := mocks.NewMockDbAuth(t)
mockRandom := mocks.NewMockRandomGenerator(t)
mockClock := mocks.NewMockClock(t)
mockAuthDb := mocks.NewMockAuthDb(t)
mockRandom := mocks.NewMockRandomService(t)
mockClock := mocks.NewMockClockService(t)
mockMail := mocks.NewMockMailService(t)
mockDbAuth.EXPECT().GetEmailVerificationToken(userId).Return(token, nil)
mockAuthDb.EXPECT().GetEmailVerificationToken(userId).Return(token, nil)
mockMail.EXPECT().SendMail(email, "Welcome to ME-FIT", mock.MatchedBy(func(message string) bool { return strings.Contains(message, token) })).Return(nil)
underTest := NewServiceAuthImpl(mockDbAuth, mockRandom, mockClock, mockMail, &types.ServerSettings{})
underTest := NewAuthServiceImpl(mockAuthDb, mockRandom, mockClock, mockMail, &types.ServerSettings{})
underTest.SendVerificationMail(userId, email)
})

10
service/clock.go
View File

@@ -2,16 +2,16 @@ package service
import "time"
type Clock interface {
type ClockService interface {
Now() time.Time
}
type ClockImpl struct{}
type ClockServiceImpl struct{}
func NewClockImpl() Clock {
return &ClockImpl{}
func NewClockServiceImpl() ClockService {
return &ClockServiceImpl{}
}
func (c *ClockImpl) Now() time.Time {
func (c *ClockServiceImpl) Now() time.Time {
return time.Now()
}

33
service/index_and_404.go
View File

@@ -1,33 +0,0 @@
package service
import (
"database/sql"
"me-fit/template"
"me-fit/types"
"me-fit/utils"
"net/http"
"github.com/a-h/templ"
)
func HandleIndexAnd404(db *sql.DB, serverSettings *types.ServerSettings) http.HandlerFunc {
return func(w http.ResponseWriter, r *http.Request) {
user := utils.GetUserFromSession(db, r)
var comp templ.Component = nil
userComp := UserInfoComp(user)
if r.URL.Path != "/" {
comp = template.Layout(template.NotFound(), userComp, serverSettings.Environment)
w.WriteHeader(http.StatusNotFound)
} else {
comp = template.Layout(template.Index(), userComp, serverSettings.Environment)
}
err := comp.Render(r.Context(), w)
if err != nil {
utils.LogError("Failed to render index", err)
http.Error(w, "Failed to render index", http.StatusInternalServerError)
}
}
}

14
service/random_generator.go
View File

@@ -10,20 +10,20 @@ import (
"github.com/google/uuid"
)
type RandomGenerator interface {
type RandomService interface {
Bytes(size int) ([]byte, error)
String(size int) (string, error)
UUID() (uuid.UUID, error)
}
type RandomGeneratorImpl struct {
type RandomServiceImpl struct {
}
func NewRandomGeneratorImpl() *RandomGeneratorImpl {
return &RandomGeneratorImpl{}
func NewRandomServiceImpl() *RandomServiceImpl {
return &RandomServiceImpl{}
}
func (r *RandomGeneratorImpl) Bytes(size int) ([]byte, error) {
func (r *RandomServiceImpl) Bytes(size int) ([]byte, error) {
b := make([]byte, 32)
_, err := rand.Read(b)
if err != nil {
@@ -34,7 +34,7 @@ func (r *RandomGeneratorImpl) Bytes(size int) ([]byte, error) {
return b, nil
}
func (r *RandomGeneratorImpl) String(size int) (string, error) {
func (r *RandomServiceImpl) String(size int) (string, error) {
bytes, err := r.Bytes(size)
if err != nil {
return "", types.ErrInternal
@@ -43,6 +43,6 @@ func (r *RandomGeneratorImpl) String(size int) (string, error) {
return base64.StdEncoding.EncodeToString(bytes), nil
}
func (r *RandomGeneratorImpl) UUID() (uuid.UUID, error) {
func (r *RandomServiceImpl) UUID() (uuid.UUID, error) {
return uuid.NewRandom()
}

219
service/workout.go
View File

@@ -1,183 +1,128 @@
package service
import (
"log/slog"
"me-fit/template"
"me-fit/template/workout"
"me-fit/db"
"me-fit/types"
"me-fit/utils"
"database/sql"
"net/http"
"errors"
"strconv"
"time"
)
func HandleWorkoutPage(db *sql.DB, serverSettings *types.ServerSettings) http.HandlerFunc {
return func(w http.ResponseWriter, r *http.Request) {
user := utils.GetUser(r)
if user == nil {
utils.DoRedirect(w, r, "/auth/signin")
return
}
type WorkoutService interface {
AddWorkout(user *User, workoutDto *WorkoutDto) (*WorkoutDto, error)
DeleteWorkout(user *User, rowId int) error
GetWorkouts(user *User) ([]*WorkoutDto, error)
}
currentDate := time.Now().Format("2006-01-02")
inner := workout.WorkoutComp(currentDate)
userComp := UserInfoComp(user)
err := template.Layout(inner, userComp, serverSettings.Environment).Render(r.Context(), w)
if err != nil {
utils.LogError("Failed to render workout page", err)
http.Error(w, "Internal Server Error", http.StatusInternalServerError)
}
type WorkoutServiceImpl struct {
dbWorkout db.WorkoutDb
randomGenerator RandomService
clock ClockService
mailService MailService
serverSettings *types.ServerSettings
}
func NewWorkoutServiceImpl(dbWorkout db.WorkoutDb, randomGenerator RandomService, clock ClockService, mailService MailService, serverSettings *types.ServerSettings) WorkoutService {
return WorkoutServiceImpl{
dbWorkout: dbWorkout,
randomGenerator: randomGenerator,
clock: clock,
mailService: mailService,
serverSettings: serverSettings,
}
}
func HandleWorkoutNewComp(db *sql.DB) http.HandlerFunc {
return func(w http.ResponseWriter, r *http.Request) {
user := utils.GetUser(r)
if user == nil {
utils.DoRedirect(w, r, "/auth/signin")
return
}
type WorkoutDto struct {
RowId string
Date string
Type string
Sets string
Reps string
}
var dateStr = r.FormValue("date")
var typeStr = r.FormValue("type")
var setsStr = r.FormValue("sets")
var repsStr = r.FormValue("reps")
if dateStr == "" || typeStr == "" || setsStr == "" || repsStr == "" {
utils.TriggerToast(w, r, "error", "Missing required fields")
http.Error(w, "Missing required fields", http.StatusBadRequest)
return
}
date, err := time.Parse("2006-01-02", dateStr)
if err != nil {
utils.TriggerToast(w, r, "error", "Invalid date")
http.Error(w, err.Error(), http.StatusBadRequest)
return
}
sets, err := strconv.Atoi(setsStr)
if err != nil {
utils.TriggerToast(w, r, "error", "Invalid number")
http.Error(w, err.Error(), http.StatusBadRequest)
return
}
reps, err := strconv.Atoi(repsStr)
if err != nil {
utils.TriggerToast(w, r, "error", "Invalid number")
http.Error(w, err.Error(), http.StatusBadRequest)
return
}
var rowId int
err = db.QueryRow("INSERT INTO workout (user_id, date, type, sets, reps) VALUES (?, ?, ?, ?, ?) RETURNING rowid", user.Id, date, typeStr, sets, reps).Scan(&rowId)
if err != nil {
utils.LogError("Could not insert workout", err)
utils.TriggerToast(w, r, "error", "Internal Server Error")
http.Error(w, err.Error(), http.StatusInternalServerError)
return
}
wo := workout.Workout{
Id: strconv.Itoa(rowId),
Date: renderDate(date),
Type: r.FormValue("type"),
Sets: r.FormValue("sets"),
Reps: r.FormValue("reps"),
}
err = workout.WorkoutItemComp(wo, true).Render(r.Context(), w)
if err != nil {
utils.LogError("Could not render workoutitem", err)
utils.TriggerToast(w, r, "error", "Internal Server Error")
http.Error(w, err.Error(), http.StatusInternalServerError)
func NewWorkoutDtoFromDb(workout *db.Workout) *WorkoutDto {
return &WorkoutDto{
RowId: strconv.Itoa(workout.RowId),
Date: renderDate(workout.Date),
Type: workout.Type,
Sets: strconv.Itoa(workout.Sets),
Reps: strconv.Itoa(workout.Reps),
}
}
func NewWorkoutDto(rowId string, date string, workoutType string, sets string, reps string) *WorkoutDto {
return &WorkoutDto{
RowId: rowId,
Date: date,
Type: workoutType,
Sets: sets,
Reps: reps,
}
}
func HandleWorkoutGetComp(db *sql.DB) http.HandlerFunc {
return func(w http.ResponseWriter, r *http.Request) {
user := utils.GetUser(r)
if user == nil {
utils.DoRedirect(w, r, "/auth/signin")
return
var (
ErrInputValues = errors.New("Invalid input values")
)
func (service WorkoutServiceImpl) AddWorkout(user *User, workoutDto *WorkoutDto) (*WorkoutDto, error) {
if workoutDto.Date == "" || workoutDto.Type == "" || workoutDto.Sets == "" || workoutDto.Reps == "" {
return nil, ErrInputValues
}
rows, err := db.Query("SELECT rowid, date, type, sets, reps FROM workout WHERE user_id = ? ORDER BY date desc", user.Id)
date, err := time.Parse("2006-01-02", workoutDto.Date)
if err != nil {
utils.LogError("Could not get workouts", err)
utils.TriggerToast(w, r, "error", "Internal Server Error")
http.Error(w, err.Error(), http.StatusInternalServerError)
return
return nil, ErrInputValues
}
var workouts = make([]workout.Workout, 0)
for rows.Next() {
var workout workout.Workout
err = rows.Scan(&workout.Id, &workout.Date, &workout.Type, &workout.Sets, &workout.Reps)
sets, err := strconv.Atoi(workoutDto.Sets)
if err != nil {
utils.LogError("Could not scan workout", err)
utils.TriggerToast(w, r, "error", "Internal Server Error")
http.Error(w, err.Error(), http.StatusInternalServerError)
return
return nil, ErrInputValues
}
workout.Date, err = renderDateStr(workout.Date)
reps, err := strconv.Atoi(workoutDto.Reps)
if err != nil {
utils.LogError("Could not render date", err)
utils.TriggerToast(w, r, "error", "Internal Server Error")
http.Error(w, err.Error(), http.StatusInternalServerError)
return
return nil, ErrInputValues
}
workouts = append(workouts, workout)
workoutInsert := db.NewWorkoutInsert(date, workoutDto.Type, sets, reps)
workout, err := service.dbWorkout.InsertWorkout(user.Id, workoutInsert)
if err != nil {
return nil, err
}
workout.WorkoutListComp(workouts).Render(r.Context(), w)
}
return NewWorkoutDtoFromDb(workout), nil
}
func HandleWorkoutDeleteComp(db *sql.DB) http.HandlerFunc {
return func(w http.ResponseWriter, r *http.Request) {
user := utils.GetUser(r)
func (service WorkoutServiceImpl) DeleteWorkout(user *User, rowId int) error {
if user == nil {
utils.DoRedirect(w, r, "/auth/signin")
return
return types.ErrInternal
}
rowId := r.PathValue("id")
if rowId == "" {
http.Error(w, "Missing required fields", http.StatusBadRequest)
slog.Warn("Missing required fields for workout delete")
utils.TriggerToast(w, r, "error", "Missing ID field")
return
return service.dbWorkout.DeleteWorkout(user.Id, rowId)
}
func (service WorkoutServiceImpl) GetWorkouts(user *User) ([]*WorkoutDto, error) {
if user == nil {
return nil, types.ErrInternal
}
res, err := db.Exec("DELETE FROM workout WHERE user_id = ? AND rowid = ?", user.Id, rowId)
workouts, err := service.dbWorkout.GetWorkouts(user.Id)
if err != nil {
http.Error(w, err.Error(), http.StatusInternalServerError)
utils.LogError("Could not delete workout", err)
utils.TriggerToast(w, r, "error", "Internal Server Error")
return
return nil, err
}
rows, err := res.RowsAffected()
if err != nil {
http.Error(w, err.Error(), http.StatusInternalServerError)
utils.LogError("Could not get rows affected", err)
utils.TriggerToast(w, r, "error", "Internal Server Error")
return
// for _, workout := range workouts {
// workout.Date = renderDate(workout.Date)
// }
workoutsDto := make([]*WorkoutDto, len(workouts))
for i, workout := range workouts {
workoutsDto[i] = NewWorkoutDtoFromDb(&workout)
}
if rows == 0 {
http.Error(w, "Not found", http.StatusNotFound)
slog.Warn("Could not find workout to delete")
utils.TriggerToast(w, r, "error", "Not found. Refresh the page.")
return
}
}
return workoutsDto, nil
}
func renderDateStr(date string) (string, error) {

22
template/workout/workout.templ
View File

@@ -9,29 +9,13 @@ templ WorkoutComp(currentDate string) {
hx-swap="outerHTML"
>
<h2 class="text-4xl mb-8">Track your workout</h2>
<input
id="date"
type="date"
class="input input-bordered"
value={ currentDate }
name="date"
/>
<input id="date" type="date" class="input input-bordered" value={ currentDate } name="date"/>
<select class="select select-bordered w-full" name="type">
<option>Push Ups</option>
<option>Pull Ups</option>
</select>
<input
type="number"
class="input input-bordered"
placeholder="Sets"
name="sets"
/>
<input
type="number"
class="input input-bordered"
placeholder="Reps"
name="reps"
/>
<input type="number" class="input input-bordered" placeholder="Sets" name="sets"/>
<input type="number" class="input input-bordered" placeholder="Reps" name="reps"/>
<button class="btn btn-primary self-end">Save</button>
</form>
<div hx-get="/api/workout" hx-trigger="load"></div>

9
types/types.go
View File

@@ -2,17 +2,8 @@ package types
import (
"errors"
"github.com/google/uuid"
)
var (
ErrInternal = errors.New("Internal server error")
)
type User struct {
Id uuid.UUID
Email string
SessionId string
EmailVerified bool
}

42
utils/http.go
View File

@@ -1,10 +1,8 @@
package utils
import (
"database/sql"
"fmt"
"log/slog"
"me-fit/types"
"net/http"
"time"
@@ -52,44 +50,6 @@ func DoRedirect(w http.ResponseWriter, r *http.Request, url string) {
}
}
func GetUser(r *http.Request) *types.User {
user := r.Context().Value(ContextKeyUser)
if user != nil {
return user.(*types.User)
} else {
return nil
}
}
func GetUserFromSession(db *sql.DB, r *http.Request) *types.User {
sessionId := getSessionID(r)
if sessionId == "" {
return nil
}
var user types.User
var createdAt time.Time
user.SessionId = sessionId
err := db.QueryRow(`
SELECT u.user_uuid, u.email, u.email_verified, s.created_at
FROM session s
INNER JOIN user u ON s.user_uuid = u.user_uuid
WHERE session_id = ?`, sessionId).Scan(&user.Id, &user.Email, &user.EmailVerified, &createdAt)
if err != nil {
slog.Warn("Could not verify session: " + err.Error())
return nil
}
if createdAt.Add(time.Duration(8 * time.Hour)).Before(time.Now()) {
return nil
} else {
return &user
}
}
func WaitMinimumTime[T interface{}](waitTime time.Duration, function func() (T, error)) (T, error) {
start := time.Now()
result, err := function()
@@ -97,7 +57,7 @@ func WaitMinimumTime[T interface{}](waitTime time.Duration, function func() (T,
return result, err
}
func getSessionID(r *http.Request) string {
func GetSessionID(r *http.Request) string {
for _, c := range r.Cookies() {
if c.Name == "id" {
return c.Value