x/web-app-template
Archived
Template
2
0
Fork 0
Code Issues 13 Pull Requests 4 Actions Packages Activity

fix(quality): extract logic from database layer
All checks were successful
Build Docker Image / Build-Docker-Image (push) Successful in 42s
Details
Build and Push Docker Image / Build-And-Push-Docker-Image (push) Successful in 47s
Details

Browse Source
This commit was merged in pull request #288.
This commit is contained in:
Tim Wundenberg
2024-12-03 22:28:46 +01:00
parent 0accb49871
commit 1f8c4a39b4
4 changed files with 165 additions and 129 deletions
Download Patch File Download Diff File Expand all files Collapse all files

157
db/auth.go
View File

@@ -1,6 +1,7 @@
package db package db
import ( import (
"log/slog"
"me-fit/types" "me-fit/types"
"me-fit/utils" "me-fit/utils"
@@ -63,6 +64,11 @@ type Token struct {
ExpiresAt time.Time ExpiresAt time.Time
} }
var (
TokenTypeEmailVerify = "email_verify"
TokenTypePasswordReset = "password_reset"
)
func NewToken(userId uuid.UUID, token string, tokenType string, createdAt time.Time, expiresAt time.Time) *Token { func NewToken(userId uuid.UUID, token string, tokenType string, createdAt time.Time, expiresAt time.Time) *Token {
return &Token{ return &Token{
UserId: userId, UserId: userId,
@@ -76,18 +82,15 @@ func NewToken(userId uuid.UUID, token string, tokenType string, createdAt time.T
type AuthDb interface { type AuthDb interface {
InsertUser(user *User) error InsertUser(user *User) error
UpdateUser(user *User) error UpdateUser(user *User) error
GetUser(email string) (*User, error) GetUserByEmail(email string) (*User, error)
GetUserById(userId uuid.UUID) (*User, error) GetUser(userId uuid.UUID) (*User, error)
DeleteUser(userId uuid.UUID) error DeleteUser(userId uuid.UUID) error
InsertEmailVerificationToken(userId uuid.UUID, token string) error InsertToken(token *Token) error
InsertForgotPasswordToken(email string, token string) error
GetEmailVerificationToken(userId uuid.UUID) (string, error)
GetToken(token string) (*Token, error) GetToken(token string) (*Token, error)
GetTokensByUserIdAndType(userId uuid.UUID, tokenType string) ([]*Token, error)
DeleteToken(token string) error DeleteToken(token string) error
VerifyEmail(token string) error
InsertSession(session *Session) error InsertSession(session *Session) error
GetSession(sessionId string) (*Session, error) GetSession(sessionId string) (*Session, error)
DeleteSession(sessionId string) error DeleteSession(sessionId string) error
@@ -135,7 +138,7 @@ func (db AuthDbSqlite) UpdateUser(user *User) error {
return nil return nil
} }
func (db AuthDbSqlite) GetUser(email string) (*User, error) { func (db AuthDbSqlite) GetUserByEmail(email string) (*User, error) {
var ( var (
userId uuid.UUID userId uuid.UUID
emailVerified bool emailVerified bool
@@ -162,7 +165,7 @@ func (db AuthDbSqlite) GetUser(email string) (*User, error) {
return NewUser(userId, email, emailVerified, emailVerifiedAt, isAdmin, password, salt, createdAt), nil return NewUser(userId, email, emailVerified, emailVerifiedAt, isAdmin, password, salt, createdAt), nil
} }
func (db AuthDbSqlite) GetUserById(userId uuid.UUID) (*User, error) { func (db AuthDbSqlite) GetUser(userId uuid.UUID) (*User, error) {
var ( var (
email string email string
emailVerified bool emailVerified bool
@@ -234,10 +237,10 @@ func (db AuthDbSqlite) DeleteUser(userId uuid.UUID) error {
return nil return nil
} }
func (db AuthDbSqlite) InsertEmailVerificationToken(userId uuid.UUID, token string) error { func (db AuthDbSqlite) InsertToken(token *Token) error {
_, err := db.db.Exec(` _, err := db.db.Exec(`
INSERT INTO user_token (user_uuid, type, token, created_at) INSERT INTO user_token (user_uuid, type, token, created_at, expires_at)
VALUES (?, 'email_verify', ?, datetime())`, userId, token) VALUES (?, ?, ?, ?, ?)`, token.UserId, token.Type, token.Token, token.CreatedAt, token.ExpiresAt)
if err != nil { if err != nil {
utils.LogError("Could not insert token", err) utils.LogError("Could not insert token", err)
@@ -247,23 +250,6 @@ func (db AuthDbSqlite) InsertEmailVerificationToken(userId uuid.UUID, token stri
return nil return nil
} }
func (db AuthDbSqlite) GetEmailVerificationToken(userId uuid.UUID) (string, error) {
var token string
err := db.db.QueryRow(`
SELECT token
FROM user_token
WHERE user_uuid = ?
AND type = 'email_verify'`, userId).Scan(&token)
if err != nil && err != sql.ErrNoRows {
utils.LogError("Could not get token", err)
return "", types.ErrInternal
}
return token, nil
}
func (db AuthDbSqlite) GetToken(token string) (*Token, error) { func (db AuthDbSqlite) GetToken(token string) (*Token, error) {
var ( var (
userId uuid.UUID userId uuid.UUID
@@ -280,10 +266,15 @@ func (db AuthDbSqlite) GetToken(token string) (*Token, error) {
WHERE token = ? WHERE token = ?
AND type = 'email_verify'`, token).Scan(&userId, &tokenType, &createdAtStr, &expiresAtStr) AND type = 'email_verify'`, token).Scan(&userId, &tokenType, &createdAtStr, &expiresAtStr)
if err != nil && err != sql.ErrNoRows { if err != nil {
if err == sql.ErrNoRows {
slog.Info("Token '" + token + "' not found")
return nil, ErrNotFound
} else {
utils.LogError("Could not get token", err) utils.LogError("Could not get token", err)
return nil, types.ErrInternal return nil, types.ErrInternal
} }
}
createdAt, err = time.Parse(time.RFC3339, createdAtStr) createdAt, err = time.Parse(time.RFC3339, createdAtStr)
if err != nil { if err != nil {
@@ -300,6 +291,54 @@ func (db AuthDbSqlite) GetToken(token string) (*Token, error) {
return NewToken(userId, token, tokenType, createdAt, expiresAt), nil return NewToken(userId, token, tokenType, createdAt, expiresAt), nil
} }
func (db AuthDbSqlite) GetTokensByUserIdAndType(userId uuid.UUID, tokenType string) ([]*Token, error) {
query, err := db.db.Query(`
SELECT token, created_at, expires_at
FROM user_token
WHERE user_uuid = ?
AND type = ?`, userId, tokenType)
if err != nil {
utils.LogError("Could not get token", err)
return nil, types.ErrInternal
}
var tokens []*Token
for query.Next() {
var (
token string
createdAtStr string
expiresAtStr string
createdAt time.Time
expiresAt time.Time
)
err := query.Scan(&token, &createdAtStr, &expiresAtStr)
if err != nil {
utils.LogError("Could not scan token", err)
return nil, types.ErrInternal
}
createdAt, err = time.Parse(time.RFC3339, createdAtStr)
if err != nil {
utils.LogError("Could not parse token.created_at", err)
return nil, types.ErrInternal
}
expiresAt, err = time.Parse(time.RFC3339, expiresAtStr)
if err != nil {
utils.LogError("Could not parse token.expires_at", err)
return nil, types.ErrInternal
}
tokens = append(tokens, NewToken(userId, token, tokenType, createdAt, expiresAt))
}
return tokens, nil
}
func (db AuthDbSqlite) DeleteToken(token string) error { func (db AuthDbSqlite) DeleteToken(token string) error {
_, err := db.db.Exec("DELETE FROM user_token WHERE token = ?", token) _, err := db.db.Exec("DELETE FROM user_token WHERE token = ?", token)
if err != nil { if err != nil {
@@ -365,61 +404,3 @@ func (db AuthDbSqlite) DeleteSession(sessionId string) error {
return nil return nil
} }
func (db AuthDbSqlite) VerifyEmail(token string) error {
result, err := db.db.Exec(`
UPDATE user
SET email_verified = true, email_verified_at = datetime()
WHERE user_uuid = (
SELECT user_uuid
FROM user_token
WHERE type = "email_verify"
AND token = ?
);
`, token)
if err != nil {
utils.LogError("Could not update user on verify response", err)
return types.ErrInternal
}
i, err := result.RowsAffected()
if err != nil {
utils.LogError("Could not get rows affected on verify response", err)
return types.ErrInternal
}
if i == 0 {
return types.ErrInternal
}
return nil
}
func (db AuthDbSqlite) InsertForgotPasswordToken(email string, token string) error {
res, err := db.db.Exec(`
INSERT INTO user_token (user_uuid, type, token, created_at, expires_at)
SELECT user_uuid, 'password_reset', ?, datetime(), datetime('now', '+15 minute')
FROM user
WHERE email = ?
`, token, email)
if err != nil {
utils.LogError("Could not insert token", err)
return types.ErrInternal
}
i, err := res.RowsAffected()
if err != nil {
utils.LogError("Could not get rows affected", err)
return types.ErrInternal
}
if i == 0 {
return ErrNotFound
}
return nil
}

23
db/auth_test.go
View File

@@ -37,7 +37,7 @@ func TestUser(t *testing.T) {
underTest := AuthDbSqlite{db: db} underTest := AuthDbSqlite{db: db}
_, err := underTest.GetUser("someNonExistentEmail") _, err := underTest.GetUserByEmail("someNonExistentEmail")
assert.Equal(t, ErrNotFound, err) assert.Equal(t, ErrNotFound, err)
}) })
@@ -54,7 +54,7 @@ func TestUser(t *testing.T) {
err := underTest.InsertUser(expected) err := underTest.InsertUser(expected)
assert.Nil(t, err) assert.Nil(t, err)
actual, err := underTest.GetUser(expected.Email) actual, err := underTest.GetUserByEmail(expected.Email)
assert.Nil(t, err) assert.Nil(t, err)
assert.Equal(t, expected, actual) assert.Equal(t, expected, actual)
@@ -81,32 +81,35 @@ func TestUser(t *testing.T) {
func TestEmailVerification(t *testing.T) { func TestEmailVerification(t *testing.T) {
t.Parallel() t.Parallel()
t.Run("should return empty string if no token is safed", func(t *testing.T) { t.Run("should return NotFound", func(t *testing.T) {
t.Parallel() t.Parallel()
db := setupDb(t) db := setupDb(t)
underTest := AuthDbSqlite{db: db} underTest := AuthDbSqlite{db: db}
token, err := underTest.GetEmailVerificationToken(uuid.New()) token, err := underTest.GetToken("someNonExistentToken")
assert.Nil(t, err) assert.Equal(t, ErrNotFound, err)
assert.Equal(t, "", token) assert.Nil(t, token)
}) })
t.Run("should insert and return token", func(t *testing.T) { t.Run("should insert and return token", func(t *testing.T) {
t.Parallel() t.Parallel()
db := setupDb(t) db := setupDb(t)
underTest := AuthDbSqlite{db: db} underTest := AuthDbSqlite{db: db}
tokenStr := "some secure token"
createdAt := time.Date(2020, 1, 5, 13, 0, 0, 0, time.UTC)
userId := uuid.New() expectedToken := NewToken(uuid.New(), tokenStr, TokenTypeEmailVerify, createdAt, createdAt.Add(24*time.Hour))
expectedToken := "someToken"
err := underTest.InsertEmailVerificationToken(userId, expectedToken) err := underTest.InsertToken(expectedToken)
assert.Nil(t, err) assert.Nil(t, err)
actualToken, err := underTest.GetEmailVerificationToken(userId) actualToken, err := underTest.GetToken(tokenStr)
assert.Nil(t, err) assert.Nil(t, err)
t.Logf("expectedToken: %v", expectedToken)
t.Logf("actualToken: %v", actualToken)
assert.Equal(t, expectedToken, actualToken) assert.Equal(t, expectedToken, actualToken)
}) })
} }

84
service/auth.go
View File

@@ -88,7 +88,7 @@ func NewAuthServiceImpl(dbAuth db.AuthDb, randomGenerator RandomService, clock C
} }
func (service AuthServiceImpl) SignIn(email string, password string) (*Session, error) { func (service AuthServiceImpl) SignIn(email string, password string) (*Session, error) {
user, err := service.dbAuth.GetUser(email) user, err := service.dbAuth.GetUserByEmail(email)
if err != nil { if err != nil {
if errors.Is(err, db.ErrNotFound) { if errors.Is(err, db.ErrNotFound) {
return nil, ErrInvaidCredentials return nil, ErrInvaidCredentials
@@ -170,27 +170,34 @@ func (service AuthServiceImpl) SignUp(email string, password string) (*User, err
} }
func (service AuthServiceImpl) SendVerificationMail(userId uuid.UUID, email string) { func (service AuthServiceImpl) SendVerificationMail(userId uuid.UUID, email string) {
var token string
token, err := service.dbAuth.GetEmailVerificationToken(userId) tokens, err := service.dbAuth.GetTokensByUserIdAndType(userId, db.TokenTypeEmailVerify)
if err != nil { if err != nil {
return return
} }
if token == "" { var token *db.Token
token, err := service.randomGenerator.String(32)
if len(tokens) > 0 {
token = tokens[0]
}
if token == nil {
newTokenStr, err := service.randomGenerator.String(32)
if err != nil { if err != nil {
return return
} }
err = service.dbAuth.InsertEmailVerificationToken(userId, token) token = db.NewToken(userId, newTokenStr, db.TokenTypeEmailVerify, service.clock.Now(), service.clock.Now().Add(24*time.Hour))
err = service.dbAuth.InsertToken(token)
if err != nil { if err != nil {
return return
} }
} }
var w strings.Builder var w strings.Builder
err = mailTemplate.Register(service.serverSettings.BaseUrl, token).Render(context.Background(), &w) err = mailTemplate.Register(service.serverSettings.BaseUrl, token.Token).Render(context.Background(), &w)
if err != nil { if err != nil {
utils.LogError("Could not render welcome email", err) utils.LogError("Could not render welcome email", err)
return return
@@ -199,13 +206,42 @@ func (service AuthServiceImpl) SendVerificationMail(userId uuid.UUID, email stri
service.mailService.SendMail(email, "Welcome to ME-FIT", w.String()) service.mailService.SendMail(email, "Welcome to ME-FIT", w.String())
} }
func (service AuthServiceImpl) VerifyUserEmail(token string) error { func (service AuthServiceImpl) VerifyUserEmail(tokenStr string) error {
if token == "" { if tokenStr == "" {
return types.ErrInternal return types.ErrInternal
} }
return service.dbAuth.VerifyEmail(token) token, err := service.dbAuth.GetToken(tokenStr)
if err != nil {
return types.ErrInternal
}
user, err := service.dbAuth.GetUser(token.UserId)
if err != nil {
return types.ErrInternal
}
if token.Type != db.TokenTypeEmailVerify {
return types.ErrInternal
}
now := service.clock.Now()
if token.ExpiresAt.Before(now) {
return types.ErrInternal
}
user.EmailVerified = true
user.EmailVerifiedAt = &now
err = service.dbAuth.UpdateUser(user)
if err != nil {
return types.ErrInternal
}
_ = service.dbAuth.DeleteToken(token.Token)
return nil
} }
func (service AuthServiceImpl) SignOut(sessionId string) error { func (service AuthServiceImpl) SignOut(sessionId string) error {
@@ -223,7 +259,7 @@ func (service AuthServiceImpl) GetUserFromSessionId(sessionId string) (*User, er
return nil, types.ErrInternal return nil, types.ErrInternal
} }
user, err := service.dbAuth.GetUserById(session.UserId) user, err := service.dbAuth.GetUser(session.UserId)
if err != nil { if err != nil {
return nil, types.ErrInternal return nil, types.ErrInternal
} }
@@ -273,7 +309,7 @@ func (service AuthServiceImpl) ChangePassword(user *User, currPass, newPass stri
return err return err
} }
userDb, err := service.dbAuth.GetUserById(user.Id) userDb, err := service.dbAuth.GetUser(user.Id)
if err != nil { if err != nil {
return err return err
} }
@@ -292,22 +328,34 @@ func (service AuthServiceImpl) ChangePassword(user *User, currPass, newPass stri
func (service AuthServiceImpl) ForgotPassword(email string) error { func (service AuthServiceImpl) ForgotPassword(email string) error {
token, err := service.randomGenerator.String(32) tokenStr, err := service.randomGenerator.String(32)
if err != nil { if err != nil {
return err return err
} }
err = service.dbAuth.InsertForgotPasswordToken(email, token) user, err := service.dbAuth.GetUserByEmail(email)
if err != nil {
if err == db.ErrNotFound {
return nil
} else {
return types.ErrInternal
}
}
token := db.NewToken(user.Id, tokenStr, db.TokenTypePasswordReset, service.clock.Now(), service.clock.Now().Add(15*time.Minute))
err = service.dbAuth.InsertToken(token)
if err != nil {
return types.ErrInternal
}
if err != db.ErrNotFound {
var mail strings.Builder var mail strings.Builder
err = mailTemplate.ResetPassword(service.serverSettings.BaseUrl, token).Render(context.Background(), &mail) err = mailTemplate.ResetPassword(service.serverSettings.BaseUrl, token.Token).Render(context.Background(), &mail)
if err != nil { if err != nil {
utils.LogError("Could not render reset password email", err) utils.LogError("Could not render reset password email", err)
return types.ErrInternal return types.ErrInternal
} }
go service.mailService.SendMail(email, "Reset Password", mail.String()) go service.mailService.SendMail(email, "Reset Password", mail.String())
}
return nil return nil
} }
@@ -328,7 +376,7 @@ func (service AuthServiceImpl) ForgotPasswordResponse(tokenStr string, newPass s
return err return err
} }
user, err := service.dbAuth.GetUserById(token.UserId) user, err := service.dbAuth.GetUser(token.UserId)
if err != nil { if err != nil {
utils.LogError("Could not get user from token", err) utils.LogError("Could not get user from token", err)
return types.ErrInternal return types.ErrInternal

18
service/auth_test.go
View File

@@ -36,7 +36,7 @@ func TestSignIn(t *testing.T) {
dbSession := db.NewSession("sessionId", user.Id, time.Date(2020, 1, 1, 0, 0, 0, 0, time.UTC)) dbSession := db.NewSession("sessionId", user.Id, time.Date(2020, 1, 1, 0, 0, 0, 0, time.UTC))
mockAuthDb := mocks.NewMockAuthDb(t) mockAuthDb := mocks.NewMockAuthDb(t)
mockAuthDb.EXPECT().GetUser("test@test.de").Return(user, nil) mockAuthDb.EXPECT().GetUserByEmail("test@test.de").Return(user, nil)
mockAuthDb.EXPECT().DeleteOldSessions(user.Id).Return(nil) mockAuthDb.EXPECT().DeleteOldSessions(user.Id).Return(nil)
mockAuthDb.EXPECT().InsertSession(dbSession).Return(nil) mockAuthDb.EXPECT().InsertSession(dbSession).Return(nil)
mockRandom := mocks.NewMockRandomService(t) mockRandom := mocks.NewMockRandomService(t)
@@ -71,7 +71,7 @@ func TestSignIn(t *testing.T) {
) )
mockAuthDb := mocks.NewMockAuthDb(t) mockAuthDb := mocks.NewMockAuthDb(t)
mockAuthDb.EXPECT().GetUser(user.Email).Return(user, nil) mockAuthDb.EXPECT().GetUserByEmail(user.Email).Return(user, nil)
mockRandom := mocks.NewMockRandomService(t) mockRandom := mocks.NewMockRandomService(t)
mockClock := mocks.NewMockClockService(t) mockClock := mocks.NewMockClockService(t)
mockMail := mocks.NewMockMailService(t) mockMail := mocks.NewMockMailService(t)
@@ -86,7 +86,7 @@ func TestSignIn(t *testing.T) {
t.Parallel() t.Parallel()
mockAuthDb := mocks.NewMockAuthDb(t) mockAuthDb := mocks.NewMockAuthDb(t)
mockAuthDb.EXPECT().GetUser("test").Return(nil, db.ErrNotFound) mockAuthDb.EXPECT().GetUserByEmail("test").Return(nil, db.ErrNotFound)
mockRandom := mocks.NewMockRandomService(t) mockRandom := mocks.NewMockRandomService(t)
mockClock := mocks.NewMockClockService(t) mockClock := mocks.NewMockClockService(t)
mockMail := mocks.NewMockMailService(t) mockMail := mocks.NewMockMailService(t)
@@ -100,7 +100,7 @@ func TestSignIn(t *testing.T) {
t.Parallel() t.Parallel()
mockAuthDb := mocks.NewMockAuthDb(t) mockAuthDb := mocks.NewMockAuthDb(t)
mockAuthDb.EXPECT().GetUser("test").Return(nil, errors.New("Some undefined error")) mockAuthDb.EXPECT().GetUserByEmail("test").Return(nil, errors.New("Some undefined error"))
mockRandom := mocks.NewMockRandomService(t) mockRandom := mocks.NewMockRandomService(t)
mockClock := mocks.NewMockClockService(t) mockClock := mocks.NewMockClockService(t)
mockMail := mocks.NewMockMailService(t) mockMail := mocks.NewMockMailService(t)
@@ -227,7 +227,9 @@ func TestSendVerificationMail(t *testing.T) {
t.Run("should use stored token and send mail", func(t *testing.T) { t.Run("should use stored token and send mail", func(t *testing.T) {
t.Parallel() t.Parallel()
token := "someRandomTokenToUse" token := db.NewToken(uuid.New(), "someRandomTokenToUse", db.TokenTypeEmailVerify, time.Date(2020, 1, 1, 0, 0, 0, 0, time.UTC), time.Date(2020, 1, 2, 0, 0, 0, 0, time.UTC))
tokens := []*db.Token{token}
email := "some@email.de" email := "some@email.de"
userId := uuid.New() userId := uuid.New()
@@ -236,9 +238,11 @@ func TestSendVerificationMail(t *testing.T) {
mockClock := mocks.NewMockClockService(t) mockClock := mocks.NewMockClockService(t)
mockMail := mocks.NewMockMailService(t) mockMail := mocks.NewMockMailService(t)
mockAuthDb.EXPECT().GetEmailVerificationToken(userId).Return(token, nil) mockAuthDb.EXPECT().GetTokensByUserIdAndType(userId, db.TokenTypeEmailVerify).Return(tokens, nil)
mockMail.EXPECT().SendMail(email, "Welcome to ME-FIT", mock.MatchedBy(func(message string) bool { return strings.Contains(message, token) })).Return() mockMail.EXPECT().SendMail(email, "Welcome to ME-FIT", mock.MatchedBy(func(message string) bool {
return strings.Contains(message, token.Token)
})).Return()
underTest := NewAuthServiceImpl(mockAuthDb, mockRandom, mockClock, mockMail, &types.ServerSettings{}) underTest := NewAuthServiceImpl(mockAuthDb, mockRandom, mockClock, mockMail, &types.ServerSettings{})