Asara/sudoscientist-go-backend
Archived
1
0
Fork 0
Code Issues Pull requests Releases 2 Wiki Activity

Why do double the work eh?

Browse source
This commit is contained in:
Amarpreet Minhas 2019-04-13 23:38:51 -04:00
parent 3e7d43e068
commit 4f0834c3a0
11 changed files with 213 additions and 33 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

74
README.md
View file

@ -1,6 +1,74 @@
# sudoscientist # sudoscientist
Sudo Scientist blog ## sudoscientist blog
API_PORT=8080 DBHOST="postgres.localhost" DBPORT="5432" DBUSER="asara" DBPW="PW" DBNAME="sudoscientist" \ ### Setup
go run main.go
Install steps are for Debian 9 (stretch)
1. Install docker-ce
```
# stolen from https://docs.docker.com/install/linux/docker-ce/debian/
sudo apt-get remove docker docker-engine docker.io containerd runc
sudo apt-get update
sudo apt-get install apt-transport-https ca-certificates curl gnupg2 software-properties-common
curl -fsSL https://download.docker.com/linux/debian/gpg | sudo apt-key add -
# verify the key's fingerprint
# ----------
sudo apt-key fingerprint 0EBFCD88
pub 4096R/0EBFCD88 2017-02-22
Key fingerprint = 9DC8 5822 9FC7 DD38 854A E2D8 8D81 803C 0EBF CD88
Docker Release (CE deb) <docker@docker.com>
sub 4096R/F273FCD8 2017-02-22
# ----------
sudo add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/debian $(lsb_release -cs) stable"
sudo apt-get update
sudo apt-get install docker-ce docker-ce-cli containerd.io
```
2. Install golang 1.11
```
# stretch doesn't have the latest golang so we install backports
sudo add-apt-repository "deb http://deb.debian.org/debian stretch-backports main"
sudo apt-get update
sudo apt-get -t stretch-backports install golang
# set the gopath manually for the rest of the setup
export GOPATH=${HOME}/go
```
3. Clone repo and configure the settings
```
mkdir -p ${GOPATH}/src/git.minhas.io/asara
cd ${GOPATH}/src/git.minhas.io/asara
git clone https://git.minhas.io/asara/sudoscientist
# iterate through the environment files in the settings directory and set them appropriately
# make sure the extension is .env (db.env, secrets.env, website.env... etc.)
```
4. Configure docker postgres for testing
```
# make sure your user is in the docker group
sudo usermod -aG docker $(whoami)
# make sure you have some postgres client installed
sudo apt-get install postgres-client
docker pull postgres
docker run --name sudosci-db -e POSTGRES_PASWORD=${DB_ADMIN_PW} -d postgres # please set the db admin pw manually
# Initalize the postgres DB
cd ${GOPATH}/src/git.minhas.io/asara/sudoscientist
for i in settings/*; do source $i; done
export DB_HOST=$(docker inspect -f "{{ .NetworkSettings.IPAddress }}" sudosci-db)
psql -d postgres -U postgres -h ${DB_HOST} << EOF
CREATE DATABASE ${DB_NAME};
CREATE USER ${DB_USER} WITH ENCRYPTED PASSWORD '${DB_PW}';
GRANT ALL PRIVILEGES ON DATABASE ${DB_NAME} TO ${DB_USER};
EOF
```
5. Run the application!
```
cd ${GOPATH}/src/git.minhas.io/asara/sudoscientist
for i in settings/*; do source $i; done
export DB_HOST=$(docker inspect -f "{{ .NetworkSettings.IPAddress }}" sudosci-db)
go get
go run main.go
```

16
db_reset.sh Executable file
View file

@ -0,0 +1,16 @@
#!/bin/bash
docker stop sudosci-db
docker rm sudosci-db
export DB_ADMIN_PW=test
docker run --name sudosci-db -e POSTGRES_PASWORD=${DB_ADMIN_PW} -d postgres
cd ${GOPATH}/src/git.minhas.io/asara/sudoscientist
for i in settings/*; do source $i; done
export DB_HOST=$(docker inspect -f "{{ .NetworkSettings.IPAddress }}" sudosci-db)
# instance takes a while to setup and configure postgis
sleep 10
psql -d postgres -U postgres -h ${DB_HOST} << EOF
CREATE DATABASE ${DB_NAME};
CREATE USER ${DB_USER} WITH ENCRYPTED PASSWORD '${DB_PW}';
GRANT ALL PRIVILEGES ON DATABASE ${DB_NAME} TO ${DB_USER};
EOF
echo Done

97
packages/auth/auth.go
View file

@ -1,16 +1,18 @@
package auth package auth
import ( import (
"fmt"
"database/sql" "database/sql"
"encoding/json" "encoding/json"
"fmt"
"git.minhas.io/asara/sudoscientist/packages/users" "git.minhas.io/asara/sudoscientist/packages/users"
"github.com/badoux/checkmail"
"github.com/dgrijalva/jwt-go" "github.com/dgrijalva/jwt-go"
"github.com/go-chi/chi" "github.com/go-chi/chi"
"github.com/go-chi/jwtauth" "github.com/go-chi/jwtauth"
"github.com/go-chi/render" "github.com/go-chi/render"
"golang.org/x/crypto/bcrypt" "golang.org/x/crypto/bcrypt"
"net/http" "net/http"
"time"
) )
var ( var (
@ -18,13 +20,32 @@ var (
TokenAuth *jwtauth.JWTAuth TokenAuth *jwtauth.JWTAuth
) )
type Credentials struct { type RegistrationError struct {
Message string `json:"error"`
}
type SignUpCredentials struct {
Username string `json:"username", db:"username"`
Email string `json:"email", db:"email"`
Password string `json:"password", db:"password"`
}
type SignInCredentials struct {
Username string `json:"username", db:"username"` Username string `json:"username", db:"username"`
Password string `json:"password", db:"password"` Password string `json:"password", db:"password"`
} }
type Claims struct {
Username string `json:"username"`
jwt.StandardClaims
}
type ReturnToken struct {
JWT string `json:"jwt"`
}
func Init() { func Init() {
DB.Exec("CREATE TABLE IF NOT EXISTS users (username text primary key, password text, admin boolean);" ) DB.Exec("CREATE TABLE IF NOT EXISTS users (username text primary key, email text, password text, admin boolean);")
} }
func Routes() *chi.Mux { func Routes() *chi.Mux {
@ -35,26 +56,66 @@ func Routes() *chi.Mux {
} }
func signup(w http.ResponseWriter, r *http.Request) { func signup(w http.ResponseWriter, r *http.Request) {
creds := &Credentials{} returnError := RegistrationError{}
creds := &SignUpCredentials{}
err := json.NewDecoder(r.Body).Decode(creds) err := json.NewDecoder(r.Body).Decode(creds)
if err != nil { if err != nil {
w.WriteHeader(http.StatusBadRequest) w.WriteHeader(http.StatusBadRequest)
fmt.Println(err)
return return
} }
if creds.Username == "" {
returnError.Message = "username is required"
w.WriteHeader(http.StatusBadRequest)
render.JSON(w, r, returnError)
return
}
if creds.Password == "" {
returnError.Message = "password is required"
w.WriteHeader(http.StatusBadRequest)
render.JSON(w, r, returnError)
return
}
if creds.Email == "" {
returnError.Message = "email is required"
w.WriteHeader(http.StatusBadRequest)
render.JSON(w, r, returnError)
return
}
err = checkmail.ValidateFormat(creds.Email)
if err != nil {
returnError.Message = "email not valid"
w.WriteHeader(http.StatusBadRequest)
render.JSON(w, r, returnError)
return
}
hashedPassword, err := bcrypt.GenerateFromPassword([]byte(creds.Password), 10) hashedPassword, err := bcrypt.GenerateFromPassword([]byte(creds.Password), 10)
s := `INSERT INTO users (username, password, admin) s := `INSERT INTO users (username, email, password, admin)
VALUES ($1, $2, $3)` VALUES ($1, $2, $3, $4)`
if _, err = DB.Exec(s, creds.Username, string(hashedPassword), false); err != nil { if _, err = DB.Exec(s, creds.Username, creds.Email, string(hashedPassword), false); err != nil {
w.WriteHeader(http.StatusInternalServerError) w.WriteHeader(http.StatusInternalServerError)
fmt.Println(err) fmt.Println(err)
return return
} }
users.CreateProfile(creds.Username) users.CreateProfile(creds.Username, creds.Email)
w.WriteHeader(http.StatusCreated) w.WriteHeader(http.StatusCreated)
expirationTime := time.Now().Add(6 * time.Hour)
claims := &Claims{
Username: creds.Username,
StandardClaims: jwt.StandardClaims{
ExpiresAt: expirationTime.Unix(),
},
}
_, tokenString, _ := TokenAuth.Encode(claims)
token := ReturnToken{
JWT: tokenString,
}
render.JSON(w, r, token)
} }
func signin(w http.ResponseWriter, r *http.Request) { func signin(w http.ResponseWriter, r *http.Request) {
creds := &Credentials{} creds := &SignInCredentials{}
err := json.NewDecoder(r.Body).Decode(creds) err := json.NewDecoder(r.Body).Decode(creds)
if err != nil { if err != nil {
w.WriteHeader(http.StatusBadRequest) w.WriteHeader(http.StatusBadRequest)
@ -65,7 +126,7 @@ func signin(w http.ResponseWriter, r *http.Request) {
w.WriteHeader(http.StatusInternalServerError) w.WriteHeader(http.StatusInternalServerError)
return return
} }
storedCreds := &Credentials{} storedCreds := &SignInCredentials{}
err = result.Scan(&storedCreds.Password) err = result.Scan(&storedCreds.Password)
if err != nil { if err != nil {
if err == sql.ErrNoRows { if err == sql.ErrNoRows {
@ -78,9 +139,17 @@ func signin(w http.ResponseWriter, r *http.Request) {
if err = bcrypt.CompareHashAndPassword([]byte(storedCreds.Password), []byte(creds.Password)); err != nil { if err = bcrypt.CompareHashAndPassword([]byte(storedCreds.Password), []byte(creds.Password)); err != nil {
w.WriteHeader(http.StatusUnauthorized) w.WriteHeader(http.StatusUnauthorized)
} }
_, tokenString, _ := TokenAuth.Encode(jwt.MapClaims{
"username": creds.Username,
})
w.WriteHeader(http.StatusOK) w.WriteHeader(http.StatusOK)
render.JSON(w, r, tokenString) expirationTime := time.Now().Add(5 * time.Hour)
claims := &Claims{
Username: creds.Username,
StandardClaims: jwt.StandardClaims{
ExpiresAt: expirationTime.Unix(),
},
}
_, tokenString, _ := TokenAuth.Encode(claims)
token := ReturnToken{
JWT: tokenString,
}
render.JSON(w, r, token)
} }

5
packages/database/database.go
View file

@ -1,12 +1,13 @@
package database package database
import ( import (
"database/sql"
"fmt" "fmt"
"os" "os"
"database/sql"
) )
func NewDB() (*sql.DB, error) { func NewDB() (*sql.DB, error) {
psqlInfo := fmt.Sprintf("host=%s port=%s user=%s password=%s dbname=%s sslmode=disable", os.Getenv("DBHOST"), os.Getenv("DBPORT"), os.Getenv("DBUSER"), os.Getenv("DBPW"), os.Getenv("DBNAME")) psqlInfo := fmt.Sprintf("host=%s port=%s user=%s password=%s dbname=%s sslmode=%s", os.Getenv("DB_HOST"), os.Getenv("DB_PORT"), os.Getenv("DB_USER"), os.Getenv("DB_PW"), os.Getenv("DB_NAME"), os.Getenv("DB_SSL"))
db, err := sql.Open("postgres", psqlInfo) db, err := sql.Open("postgres", psqlInfo)
if err != nil { if err != nil {
panic(err) panic(err)

40
packages/users/users.go
View file

@ -1,8 +1,8 @@
package users package users
import ( import (
"fmt"
"database/sql" "database/sql"
"fmt"
"github.com/go-chi/chi" "github.com/go-chi/chi"
"github.com/go-chi/jwtauth" "github.com/go-chi/jwtauth"
"github.com/go-chi/render" "github.com/go-chi/render"
@ -15,9 +15,10 @@ var (
) )
type User struct { type User struct {
Username string `json:"username,string"` Username string `json:"username"`
Country string `json:"country,string"` Email string `json:"email"`
Bio string `json:"bio,string"` Country string `json:"country"`
Bio string `json:"bio"`
} }
func Init() { func Init() {
@ -25,6 +26,7 @@ func Init() {
CREATE TABLE IF NOT EXISTS user_profiles CREATE TABLE IF NOT EXISTS user_profiles
(id SERIAL PRIMARY KEY, (id SERIAL PRIMARY KEY,
username text REFERENCES users (username), username text REFERENCES users (username),
email text,
country text, country text,
bio text)` bio text)`
DB.Exec(dbCreateStatement) DB.Exec(dbCreateStatement)
@ -35,29 +37,39 @@ func Routes() *chi.Mux {
r.Group(func(r chi.Router) { r.Group(func(r chi.Router) {
r.Use(jwtauth.Verifier(TokenAuth)) r.Use(jwtauth.Verifier(TokenAuth))
r.Use(jwtauth.Authenticator) r.Use(jwtauth.Authenticator)
r.Get("/{username}", getUser) r.Put("/{username}", updateUser)
}) })
r.Post("/{username}", updateUser) r.Get("/{username}", getUser)
return r return r
} }
func getUser(w http.ResponseWriter, r *http.Request) { func getUser(w http.ResponseWriter, r *http.Request) {
username := chi.URLParam(r, "username") username := chi.URLParam(r, "username")
user := User{ result := DB.QueryRow("SELECT username, email, country, bio FROM user_profiles WHERE username=$1", username)
Username: username, user := User{}
err := result.Scan(&user.Username, &user.Email, &user.Country, &user.Bio)
fmt.Println(err)
if err != nil {
w.WriteHeader(http.StatusBadRequest)
return
} }
render.JSON(w, r, user) render.JSON(w, r, user)
} }
func updateUser(w http.ResponseWriter, r *http.Request) { func updateUser(w http.ResponseWriter, r *http.Request) {
_, claims, _ := jwtauth.FromContext(r.Context())
username := claims["username"]
searchname := chi.URLParam(r, "username")
if username != searchname {
w.WriteHeader(http.StatusUnauthorized)
return
}
return return
} }
func CreateProfile(username string) { func CreateProfile(username string, email string) {
fmt.Println("CREATING PROFILE")
blankProfileStatement := ` blankProfileStatement := `
INSERT INTO user_profiles (username, country, bio) INSERT INTO user_profiles (username, email, country, bio)
VALUES ($1, $2, $3)` VALUES ($1, $2, $3, $4)`
DB.Exec(blankProfileStatement, username, "", "") DB.Exec(blankProfileStatement, username, email, "", "")
fmt.Println("CREATED")
} }

4
settings/db.env Normal file
View file

@ -0,0 +1,4 @@
export DB_PORT="5432"
export DB_USER="sudosci"
export DB_NAME="sudosci"
export DB_SSL="disable"

4
settings/db.env-sample Normal file
View file

@ -0,0 +1,4 @@
export DB_PORT="5432"
export DB_USER="sudosci"
export DB_NAME="sudosci"
export DB_SSL="disable"

1
settings/secrets.env Normal file
View file

@ -0,0 +1 @@
export DB_PW="CHANGEME"

1
settings/secrets.env-sample Normal file
View file

@ -0,0 +1 @@
export DB_PW="CHANGEME"

2
settings/website.env Normal file
View file

@ -0,0 +1,2 @@
export API_PORT="8080"
export JWT_SECRET="CHANGEMEALSO"

2
settings/website.env-sample Normal file
View file

@ -0,0 +1,2 @@
export API_PORT="8080"
export JWT_SECRET="CHANGEMEALSO"