fix(quality): extract logic from database layer
This commit was merged in pull request #288.
This commit is contained in:
161
db/auth.go
161
db/auth.go
@@ -1,6 +1,7 @@
|
||||
package db
|
||||
|
||||
import (
|
||||
"log/slog"
|
||||
"me-fit/types"
|
||||
"me-fit/utils"
|
||||
|
||||
@@ -63,6 +64,11 @@ type Token struct {
|
||||
ExpiresAt time.Time
|
||||
}
|
||||
|
||||
var (
|
||||
TokenTypeEmailVerify = "email_verify"
|
||||
TokenTypePasswordReset = "password_reset"
|
||||
)
|
||||
|
||||
func NewToken(userId uuid.UUID, token string, tokenType string, createdAt time.Time, expiresAt time.Time) *Token {
|
||||
return &Token{
|
||||
UserId: userId,
|
||||
@@ -76,18 +82,15 @@ func NewToken(userId uuid.UUID, token string, tokenType string, createdAt time.T
|
||||
type AuthDb interface {
|
||||
InsertUser(user *User) error
|
||||
UpdateUser(user *User) error
|
||||
GetUser(email string) (*User, error)
|
||||
GetUserById(userId uuid.UUID) (*User, error)
|
||||
GetUserByEmail(email string) (*User, error)
|
||||
GetUser(userId uuid.UUID) (*User, error)
|
||||
DeleteUser(userId uuid.UUID) error
|
||||
|
||||
InsertEmailVerificationToken(userId uuid.UUID, token string) error
|
||||
InsertForgotPasswordToken(email string, token string) error
|
||||
GetEmailVerificationToken(userId uuid.UUID) (string, error)
|
||||
InsertToken(token *Token) error
|
||||
GetToken(token string) (*Token, error)
|
||||
GetTokensByUserIdAndType(userId uuid.UUID, tokenType string) ([]*Token, error)
|
||||
DeleteToken(token string) error
|
||||
|
||||
VerifyEmail(token string) error
|
||||
|
||||
InsertSession(session *Session) error
|
||||
GetSession(sessionId string) (*Session, error)
|
||||
DeleteSession(sessionId string) error
|
||||
@@ -135,7 +138,7 @@ func (db AuthDbSqlite) UpdateUser(user *User) error {
|
||||
return nil
|
||||
}
|
||||
|
||||
func (db AuthDbSqlite) GetUser(email string) (*User, error) {
|
||||
func (db AuthDbSqlite) GetUserByEmail(email string) (*User, error) {
|
||||
var (
|
||||
userId uuid.UUID
|
||||
emailVerified bool
|
||||
@@ -162,7 +165,7 @@ func (db AuthDbSqlite) GetUser(email string) (*User, error) {
|
||||
return NewUser(userId, email, emailVerified, emailVerifiedAt, isAdmin, password, salt, createdAt), nil
|
||||
}
|
||||
|
||||
func (db AuthDbSqlite) GetUserById(userId uuid.UUID) (*User, error) {
|
||||
func (db AuthDbSqlite) GetUser(userId uuid.UUID) (*User, error) {
|
||||
var (
|
||||
email string
|
||||
emailVerified bool
|
||||
@@ -234,10 +237,10 @@ func (db AuthDbSqlite) DeleteUser(userId uuid.UUID) error {
|
||||
return nil
|
||||
}
|
||||
|
||||
func (db AuthDbSqlite) InsertEmailVerificationToken(userId uuid.UUID, token string) error {
|
||||
func (db AuthDbSqlite) InsertToken(token *Token) error {
|
||||
_, err := db.db.Exec(`
|
||||
INSERT INTO user_token (user_uuid, type, token, created_at)
|
||||
VALUES (?, 'email_verify', ?, datetime())`, userId, token)
|
||||
INSERT INTO user_token (user_uuid, type, token, created_at, expires_at)
|
||||
VALUES (?, ?, ?, ?, ?)`, token.UserId, token.Type, token.Token, token.CreatedAt, token.ExpiresAt)
|
||||
|
||||
if err != nil {
|
||||
utils.LogError("Could not insert token", err)
|
||||
@@ -247,23 +250,6 @@ func (db AuthDbSqlite) InsertEmailVerificationToken(userId uuid.UUID, token stri
|
||||
return nil
|
||||
}
|
||||
|
||||
func (db AuthDbSqlite) GetEmailVerificationToken(userId uuid.UUID) (string, error) {
|
||||
var token string
|
||||
|
||||
err := db.db.QueryRow(`
|
||||
SELECT token
|
||||
FROM user_token
|
||||
WHERE user_uuid = ?
|
||||
AND type = 'email_verify'`, userId).Scan(&token)
|
||||
|
||||
if err != nil && err != sql.ErrNoRows {
|
||||
utils.LogError("Could not get token", err)
|
||||
return "", types.ErrInternal
|
||||
}
|
||||
|
||||
return token, nil
|
||||
}
|
||||
|
||||
func (db AuthDbSqlite) GetToken(token string) (*Token, error) {
|
||||
var (
|
||||
userId uuid.UUID
|
||||
@@ -280,9 +266,14 @@ func (db AuthDbSqlite) GetToken(token string) (*Token, error) {
|
||||
WHERE token = ?
|
||||
AND type = 'email_verify'`, token).Scan(&userId, &tokenType, &createdAtStr, &expiresAtStr)
|
||||
|
||||
if err != nil && err != sql.ErrNoRows {
|
||||
utils.LogError("Could not get token", err)
|
||||
return nil, types.ErrInternal
|
||||
if err != nil {
|
||||
if err == sql.ErrNoRows {
|
||||
slog.Info("Token '" + token + "' not found")
|
||||
return nil, ErrNotFound
|
||||
} else {
|
||||
utils.LogError("Could not get token", err)
|
||||
return nil, types.ErrInternal
|
||||
}
|
||||
}
|
||||
|
||||
createdAt, err = time.Parse(time.RFC3339, createdAtStr)
|
||||
@@ -300,6 +291,54 @@ func (db AuthDbSqlite) GetToken(token string) (*Token, error) {
|
||||
return NewToken(userId, token, tokenType, createdAt, expiresAt), nil
|
||||
}
|
||||
|
||||
func (db AuthDbSqlite) GetTokensByUserIdAndType(userId uuid.UUID, tokenType string) ([]*Token, error) {
|
||||
|
||||
query, err := db.db.Query(`
|
||||
SELECT token, created_at, expires_at
|
||||
FROM user_token
|
||||
WHERE user_uuid = ?
|
||||
AND type = ?`, userId, tokenType)
|
||||
|
||||
if err != nil {
|
||||
utils.LogError("Could not get token", err)
|
||||
return nil, types.ErrInternal
|
||||
}
|
||||
|
||||
var tokens []*Token
|
||||
|
||||
for query.Next() {
|
||||
var (
|
||||
token string
|
||||
createdAtStr string
|
||||
expiresAtStr string
|
||||
createdAt time.Time
|
||||
expiresAt time.Time
|
||||
)
|
||||
|
||||
err := query.Scan(&token, &createdAtStr, &expiresAtStr)
|
||||
if err != nil {
|
||||
utils.LogError("Could not scan token", err)
|
||||
return nil, types.ErrInternal
|
||||
}
|
||||
|
||||
createdAt, err = time.Parse(time.RFC3339, createdAtStr)
|
||||
if err != nil {
|
||||
utils.LogError("Could not parse token.created_at", err)
|
||||
return nil, types.ErrInternal
|
||||
}
|
||||
|
||||
expiresAt, err = time.Parse(time.RFC3339, expiresAtStr)
|
||||
if err != nil {
|
||||
utils.LogError("Could not parse token.expires_at", err)
|
||||
return nil, types.ErrInternal
|
||||
}
|
||||
|
||||
tokens = append(tokens, NewToken(userId, token, tokenType, createdAt, expiresAt))
|
||||
}
|
||||
|
||||
return tokens, nil
|
||||
}
|
||||
|
||||
func (db AuthDbSqlite) DeleteToken(token string) error {
|
||||
_, err := db.db.Exec("DELETE FROM user_token WHERE token = ?", token)
|
||||
if err != nil {
|
||||
@@ -365,61 +404,3 @@ func (db AuthDbSqlite) DeleteSession(sessionId string) error {
|
||||
|
||||
return nil
|
||||
}
|
||||
|
||||
func (db AuthDbSqlite) VerifyEmail(token string) error {
|
||||
|
||||
result, err := db.db.Exec(`
|
||||
UPDATE user
|
||||
SET email_verified = true, email_verified_at = datetime()
|
||||
WHERE user_uuid = (
|
||||
SELECT user_uuid
|
||||
FROM user_token
|
||||
WHERE type = "email_verify"
|
||||
AND token = ?
|
||||
);
|
||||
`, token)
|
||||
|
||||
if err != nil {
|
||||
utils.LogError("Could not update user on verify response", err)
|
||||
return types.ErrInternal
|
||||
}
|
||||
|
||||
i, err := result.RowsAffected()
|
||||
if err != nil {
|
||||
utils.LogError("Could not get rows affected on verify response", err)
|
||||
return types.ErrInternal
|
||||
}
|
||||
|
||||
if i == 0 {
|
||||
return types.ErrInternal
|
||||
}
|
||||
|
||||
return nil
|
||||
}
|
||||
|
||||
func (db AuthDbSqlite) InsertForgotPasswordToken(email string, token string) error {
|
||||
|
||||
res, err := db.db.Exec(`
|
||||
INSERT INTO user_token (user_uuid, type, token, created_at, expires_at)
|
||||
SELECT user_uuid, 'password_reset', ?, datetime(), datetime('now', '+15 minute')
|
||||
FROM user
|
||||
WHERE email = ?
|
||||
`, token, email)
|
||||
|
||||
if err != nil {
|
||||
utils.LogError("Could not insert token", err)
|
||||
return types.ErrInternal
|
||||
}
|
||||
|
||||
i, err := res.RowsAffected()
|
||||
if err != nil {
|
||||
utils.LogError("Could not get rows affected", err)
|
||||
return types.ErrInternal
|
||||
}
|
||||
|
||||
if i == 0 {
|
||||
return ErrNotFound
|
||||
}
|
||||
|
||||
return nil
|
||||
}
|
||||
|
||||
@@ -37,7 +37,7 @@ func TestUser(t *testing.T) {
|
||||
|
||||
underTest := AuthDbSqlite{db: db}
|
||||
|
||||
_, err := underTest.GetUser("someNonExistentEmail")
|
||||
_, err := underTest.GetUserByEmail("someNonExistentEmail")
|
||||
assert.Equal(t, ErrNotFound, err)
|
||||
})
|
||||
|
||||
@@ -54,7 +54,7 @@ func TestUser(t *testing.T) {
|
||||
err := underTest.InsertUser(expected)
|
||||
assert.Nil(t, err)
|
||||
|
||||
actual, err := underTest.GetUser(expected.Email)
|
||||
actual, err := underTest.GetUserByEmail(expected.Email)
|
||||
assert.Nil(t, err)
|
||||
|
||||
assert.Equal(t, expected, actual)
|
||||
@@ -81,32 +81,35 @@ func TestUser(t *testing.T) {
|
||||
func TestEmailVerification(t *testing.T) {
|
||||
t.Parallel()
|
||||
|
||||
t.Run("should return empty string if no token is safed", func(t *testing.T) {
|
||||
t.Run("should return NotFound", func(t *testing.T) {
|
||||
t.Parallel()
|
||||
db := setupDb(t)
|
||||
|
||||
underTest := AuthDbSqlite{db: db}
|
||||
|
||||
token, err := underTest.GetEmailVerificationToken(uuid.New())
|
||||
token, err := underTest.GetToken("someNonExistentToken")
|
||||
|
||||
assert.Nil(t, err)
|
||||
assert.Equal(t, "", token)
|
||||
assert.Equal(t, ErrNotFound, err)
|
||||
assert.Nil(t, token)
|
||||
})
|
||||
t.Run("should insert and return token", func(t *testing.T) {
|
||||
t.Parallel()
|
||||
db := setupDb(t)
|
||||
|
||||
underTest := AuthDbSqlite{db: db}
|
||||
tokenStr := "some secure token"
|
||||
createdAt := time.Date(2020, 1, 5, 13, 0, 0, 0, time.UTC)
|
||||
|
||||
userId := uuid.New()
|
||||
expectedToken := "someToken"
|
||||
expectedToken := NewToken(uuid.New(), tokenStr, TokenTypeEmailVerify, createdAt, createdAt.Add(24*time.Hour))
|
||||
|
||||
err := underTest.InsertEmailVerificationToken(userId, expectedToken)
|
||||
err := underTest.InsertToken(expectedToken)
|
||||
assert.Nil(t, err)
|
||||
|
||||
actualToken, err := underTest.GetEmailVerificationToken(userId)
|
||||
actualToken, err := underTest.GetToken(tokenStr)
|
||||
assert.Nil(t, err)
|
||||
|
||||
t.Logf("expectedToken: %v", expectedToken)
|
||||
t.Logf("actualToken: %v", actualToken)
|
||||
assert.Equal(t, expectedToken, actualToken)
|
||||
})
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user