From 4aa812581fc63bd83c4ecfacaac8931d0441e93b Mon Sep 17 00:00:00 2001 From: Asara Date: Sat, 18 Jan 2020 20:45:45 -0500 Subject: [PATCH 01/19] Update gitignore --- .gitignore | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.gitignore b/.gitignore index d3beee5..1f90e21 100644 --- a/.gitignore +++ b/.gitignore @@ -24,3 +24,5 @@ _testmain.go *.test *.prof +# Settings +settings/*.env From cc2411f1c68f640c1287ae40aa0ccb43d8f3e647 Mon Sep 17 00:00:00 2001 From: Asara Date: Sat, 18 Jan 2020 20:47:59 -0500 Subject: [PATCH 02/19] remove unneeded files, update secrets to add postal env var --- settings/db.env | 4 ---- settings/secrets.env | 1 - settings/secrets.env-sample | 1 + settings/website.env | 2 -- 4 files changed, 1 insertion(+), 7 deletions(-) delete mode 100644 settings/db.env delete mode 100644 settings/secrets.env delete mode 100644 settings/website.env diff --git a/settings/db.env b/settings/db.env deleted file mode 100644 index ef6bef0..0000000 --- a/settings/db.env +++ /dev/null @@ -1,4 +0,0 @@ -export DB_PORT="5432" -export DB_USER="sudosci" -export DB_NAME="sudosci" -export DB_SSL="disable" diff --git a/settings/secrets.env b/settings/secrets.env deleted file mode 100644 index 6b6346f..0000000 --- a/settings/secrets.env +++ /dev/null @@ -1 +0,0 @@ -export DB_PW="CHANGEME" diff --git a/settings/secrets.env-sample b/settings/secrets.env-sample index 6b6346f..e21400a 100644 --- a/settings/secrets.env-sample +++ b/settings/secrets.env-sample @@ -1 +1,2 @@ export DB_PW="CHANGEME" +export POSTAL_API="POSTAL_API_KEY" diff --git a/settings/website.env b/settings/website.env deleted file mode 100644 index 26a28d8..0000000 --- a/settings/website.env +++ /dev/null @@ -1,2 +0,0 @@ -export API_PORT="8080" -export JWT_SECRET="CHANGEMEALSO" From f0799e0adbe2a360df98d1827854a05da9a411da Mon Sep 17 00:00:00 2001 From: Asara Date: Sat, 18 Jan 2020 21:03:45 -0500 Subject: [PATCH 03/19] spacing --- main.go | 1 + 1 file changed, 1 insertion(+) diff --git a/main.go b/main.go index f990e93..6b89624 100644 --- a/main.go +++ b/main.go @@ -30,6 +30,7 @@ func main() { auth.TokenAuth = jwtauth.New("HS256", []byte(os.Getenv("JWT_SECRET")), nil) users.TokenAuth = auth.TokenAuth blog.TokenAuth = auth.TokenAuth + // initiate the routes router := Routes() From 198fd10bf0e2e47dcf3edcdd6b0117d28356ff5d Mon Sep 17 00:00:00 2001 From: Asara Date: Sat, 18 Jan 2020 21:46:46 -0500 Subject: [PATCH 04/19] go fmt, add some basic tests for postal api info --- main.go | 3 +++ packages/auth/auth.go | 18 ++++++++++++++++-- packages/blog/blog.go | 1 - settings/secrets.env-sample | 2 +- settings/website.env-sample | 1 + 5 files changed, 21 insertions(+), 4 deletions(-) diff --git a/main.go b/main.go index 6b89624..5feb79e 100644 --- a/main.go +++ b/main.go @@ -31,6 +31,9 @@ func main() { users.TokenAuth = auth.TokenAuth blog.TokenAuth = auth.TokenAuth + // initilize auth + auth.Init() + // initiate the routes router := Routes() diff --git a/packages/auth/auth.go b/packages/auth/auth.go index fe02414..8ea5a20 100644 --- a/packages/auth/auth.go +++ b/packages/auth/auth.go @@ -13,15 +13,29 @@ import ( "github.com/go-chi/render" "golang.org/x/crypto/bcrypt" "net/http" + "os" "strings" "time" ) var ( - DB *sql.DB - TokenAuth *jwtauth.JWTAuth + DB *sql.DB + TokenAuth *jwtauth.JWTAuth + PostalEnabled bool + PostalKey string + PostalAPI string ) +func Init() { + if postal_key, ok := os.LookupEnv("POSTAL_KEY"); ok { + PostalKey = postal_key + if postal_api, ok := os.LookupEnv("POSTAL_API"); ok { + PostalAPI = postal_api + PostalEnabled = true + } + } +} + type ReturnError struct { Message string `json:"error"` } diff --git a/packages/blog/blog.go b/packages/blog/blog.go index 2c1d630..88c4f72 100644 --- a/packages/blog/blog.go +++ b/packages/blog/blog.go @@ -57,7 +57,6 @@ type ReferenceID struct { LastID int `json:"last_id"` } - func Routes() *chi.Mux { r := chi.NewRouter() r.Group(func(r chi.Router) { diff --git a/settings/secrets.env-sample b/settings/secrets.env-sample index e21400a..a2f66a9 100644 --- a/settings/secrets.env-sample +++ b/settings/secrets.env-sample @@ -1,2 +1,2 @@ export DB_PW="CHANGEME" -export POSTAL_API="POSTAL_API_KEY" +export POSTAL_KEY="POSTAL_API_KEY" diff --git a/settings/website.env-sample b/settings/website.env-sample index 26a28d8..c638859 100644 --- a/settings/website.env-sample +++ b/settings/website.env-sample @@ -1,2 +1,3 @@ export API_PORT="8080" export JWT_SECRET="CHANGEMEALSO" +export POSTAL_API="https://POSTAL_URL" From 370b386bb45ad71d0ecc672b6b5f0b89c9eced18 Mon Sep 17 00:00:00 2001 From: Asara Date: Sat, 18 Jan 2020 21:51:33 -0500 Subject: [PATCH 05/19] Update readme --- README.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/README.md b/README.md index fe264bd..07e59a1 100644 --- a/README.md +++ b/README.md @@ -76,6 +76,9 @@ Install steps are for Debian 9 (stretch) 6. Run the application! ``` cd ${GOPATH}/src/git.minhas.io/asara/sudoscientist-go-backend + PLEASE NOTE, THERE ARE DEFAULT TEST VALUES FOR A POSTAL SERVER + PLEASE REMOVE THESE IF YOU DONT HAVE A POSTAL BACKEND TO TEST FROM! + [For more information on Postal](https://github.com/postalhq/postal) for i in settings/*; do source $i; done export DB_HOST=$(docker inspect -f "{{ .NetworkSettings.IPAddress }}" sudosci-db) PSQL_QUERY_STRING="postgres://${DB_USER}:${DB_PW}@${DB_HOST}:${DB_PORT}/${DB_NAME}?sslmode=${DB_SSL}" From ddf5d2d7673818373764a5e66750870602bdb901 Mon Sep 17 00:00:00 2001 From: Asara Date: Sat, 18 Jan 2020 21:52:22 -0500 Subject: [PATCH 06/19] Clean up readme --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 07e59a1..b2bf862 100644 --- a/README.md +++ b/README.md @@ -74,11 +74,11 @@ Install steps are for Debian 9 (stretch) ``` 6. Run the application! - ``` - cd ${GOPATH}/src/git.minhas.io/asara/sudoscientist-go-backend PLEASE NOTE, THERE ARE DEFAULT TEST VALUES FOR A POSTAL SERVER PLEASE REMOVE THESE IF YOU DONT HAVE A POSTAL BACKEND TO TEST FROM! [For more information on Postal](https://github.com/postalhq/postal) + ``` + cd ${GOPATH}/src/git.minhas.io/asara/sudoscientist-go-backend for i in settings/*; do source $i; done export DB_HOST=$(docker inspect -f "{{ .NetworkSettings.IPAddress }}" sudosci-db) PSQL_QUERY_STRING="postgres://${DB_USER}:${DB_PW}@${DB_HOST}:${DB_PORT}/${DB_NAME}?sslmode=${DB_SSL}" From f8cd0cdcf6449b3f256ff3bf0ca456d945708bf2 Mon Sep 17 00:00:00 2001 From: Asara Date: Sat, 18 Jan 2020 21:52:56 -0500 Subject: [PATCH 07/19] More readme cleaning --- README.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/README.md b/README.md index b2bf862..b465e0c 100644 --- a/README.md +++ b/README.md @@ -74,8 +74,10 @@ Install steps are for Debian 9 (stretch) ``` 6. Run the application! + ``` PLEASE NOTE, THERE ARE DEFAULT TEST VALUES FOR A POSTAL SERVER PLEASE REMOVE THESE IF YOU DONT HAVE A POSTAL BACKEND TO TEST FROM! + ``` [For more information on Postal](https://github.com/postalhq/postal) ``` cd ${GOPATH}/src/git.minhas.io/asara/sudoscientist-go-backend From e082f55ebeb155adee168909cb1221191c9bcdd0 Mon Sep 17 00:00:00 2001 From: Asara Date: Sun, 19 Jan 2020 00:09:58 -0500 Subject: [PATCH 08/19] Basic migrations, started breaking out postal stuff --- main.go | 2 +- migrations/1579409382_verification.down.sql | 4 ++ migrations/1579409382_verification.up.sql | 4 ++ packages/auth/auth.go | 45 +++++++++++++++------ settings/website.env-sample | 1 + 5 files changed, 43 insertions(+), 13 deletions(-) create mode 100644 migrations/1579409382_verification.down.sql create mode 100644 migrations/1579409382_verification.up.sql diff --git a/main.go b/main.go index 5feb79e..9f6d7b8 100644 --- a/main.go +++ b/main.go @@ -31,7 +31,7 @@ func main() { users.TokenAuth = auth.TokenAuth blog.TokenAuth = auth.TokenAuth - // initilize auth + // initilize auth for email verification auth.Init() // initiate the routes diff --git a/migrations/1579409382_verification.down.sql b/migrations/1579409382_verification.down.sql new file mode 100644 index 0000000..42ef445 --- /dev/null +++ b/migrations/1579409382_verification.down.sql @@ -0,0 +1,4 @@ +BEGIN; +ALTER TABLE users +DROP COLUMN verified IF EXISTS; +COMMIT; diff --git a/migrations/1579409382_verification.up.sql b/migrations/1579409382_verification.up.sql new file mode 100644 index 0000000..ce08762 --- /dev/null +++ b/migrations/1579409382_verification.up.sql @@ -0,0 +1,4 @@ +BEGIN; +ALTER TABLE users +ADD COLUMN verified boolean NOT NULL DEFAULT false; +COMMIT; diff --git a/packages/auth/auth.go b/packages/auth/auth.go index 8ea5a20..c625e66 100644 --- a/packages/auth/auth.go +++ b/packages/auth/auth.go @@ -21,6 +21,7 @@ import ( var ( DB *sql.DB TokenAuth *jwtauth.JWTAuth + EmailAuth *jwtauth.JWTAuth PostalEnabled bool PostalKey string PostalAPI string @@ -28,10 +29,13 @@ var ( func Init() { if postal_key, ok := os.LookupEnv("POSTAL_KEY"); ok { - PostalKey = postal_key if postal_api, ok := os.LookupEnv("POSTAL_API"); ok { - PostalAPI = postal_api - PostalEnabled = true + if email_auth, ok := os.LookupEnv("EMAIL_SECRET"); ok { + EmailAuth = jwtauth.New("HS256", []byte(os.Getenv(email_auth)), nil) + PostalKey = postal_key + PostalAPI = postal_api + PostalEnabled = true + } } } } @@ -40,6 +44,10 @@ type ReturnError struct { Message string `json:"error"` } +type ReturnSuccess struct { + Message string `json:"msg"` +} + type SignUpCredentials struct { Username string `json:"username", db:"username"` Email string `json:"email", db:"email"` @@ -74,6 +82,7 @@ func Routes() *chi.Mux { func register(w http.ResponseWriter, r *http.Request) { returnError := ReturnError{} + returnSuccess := ReturnSuccess{} creds := &SignUpCredentials{} err := json.NewDecoder(r.Body).Decode(creds) if err != nil { @@ -108,26 +117,38 @@ func register(w http.ResponseWriter, r *http.Request) { } hashedPassword, err := bcrypt.GenerateFromPassword([]byte(creds.Password), 10) - s := `INSERT INTO users (username, email, password, admin) - VALUES ($1, $2, $3, $4)` - if _, err = DB.Exec(s, creds.Username, creds.Email, string(hashedPassword), false); err != nil { + s := `INSERT INTO users (username, email, password, admin, verified) + VALUES ($1, $2, $3, $4, $5)` + if _, err = DB.Exec(s, creds.Username, creds.Email, string(hashedPassword), false, false); err != nil { + returnError.Message = "unexpected error. please contact the administrator" w.WriteHeader(http.StatusInternalServerError) + render.JSON(w, r, returnError) fmt.Println(err) return } users.CreateProfile(creds.Username, creds.Email) - w.WriteHeader(http.StatusCreated) - expirationTime := time.Now().Add(6 * time.Hour) + expirationTime := time.Now().Add(24 * time.Hour) claims := &Claims{ Username: creds.Username, StandardClaims: jwt.StandardClaims{ ExpiresAt: expirationTime.Unix(), }, } + if PostalEnabled { + _, emailToken, _ := EmailAuth.Encode(claims) + fmt.Println(emailToken) + w.WriteHeader(http.StatusCreated) + //returnSuccess.Message = "User added. Please check your email for a verification link" + returnSuccess.Message = emailToken + render.JSON(w, r, returnSuccess) + return + } _, tokenString, _ := TokenAuth.Encode(claims) - token := setCookies(w, tokenString, expirationTime) - w.WriteHeader(http.StatusOK) - render.JSON(w, r, token) + setCookies(w, tokenString, expirationTime) + w.WriteHeader(http.StatusCreated) + returnSuccess.Message = "User created! Welcome to the site!" + render.JSON(w, r, returnSuccess) + return } func signin(w http.ResponseWriter, r *http.Request) { @@ -151,7 +172,7 @@ func signin(w http.ResponseWriter, r *http.Request) { if err = bcrypt.CompareHashAndPassword([]byte(storedCreds.Password), []byte(creds.Password)); err != nil { w.WriteHeader(http.StatusUnauthorized) } - expirationTime := time.Now().Add(5 * time.Hour) + expirationTime := time.Now().Add(24 * time.Hour) claims := &Claims{ Username: creds.Username, StandardClaims: jwt.StandardClaims{ diff --git a/settings/website.env-sample b/settings/website.env-sample index c638859..0f4ab07 100644 --- a/settings/website.env-sample +++ b/settings/website.env-sample @@ -1,3 +1,4 @@ export API_PORT="8080" +export EMAIL_SECRET="CHANGEMEALSOPLS" export JWT_SECRET="CHANGEMEALSO" export POSTAL_API="https://POSTAL_URL" From 5a7281f1ae603f85e931f5c19630626a2c400323 Mon Sep 17 00:00:00 2001 From: Asara Date: Sun, 19 Jan 2020 00:31:21 -0500 Subject: [PATCH 09/19] Clean up some error handling, remove debug logging --- packages/auth/auth.go | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/packages/auth/auth.go b/packages/auth/auth.go index c625e66..507bf74 100644 --- a/packages/auth/auth.go +++ b/packages/auth/auth.go @@ -86,8 +86,10 @@ func register(w http.ResponseWriter, r *http.Request) { creds := &SignUpCredentials{} err := json.NewDecoder(r.Body).Decode(creds) if err != nil { - w.WriteHeader(http.StatusBadRequest) fmt.Println(err) + w.WriteHeader(http.StatusInternalServerError) + returnError.Message = "unexpected error. please contact the administrator" + render.JSON(w, r, returnError) return } if creds.Username == "" { @@ -120,10 +122,10 @@ func register(w http.ResponseWriter, r *http.Request) { s := `INSERT INTO users (username, email, password, admin, verified) VALUES ($1, $2, $3, $4, $5)` if _, err = DB.Exec(s, creds.Username, creds.Email, string(hashedPassword), false, false); err != nil { + fmt.Println(err) returnError.Message = "unexpected error. please contact the administrator" w.WriteHeader(http.StatusInternalServerError) render.JSON(w, r, returnError) - fmt.Println(err) return } users.CreateProfile(creds.Username, creds.Email) @@ -136,7 +138,6 @@ func register(w http.ResponseWriter, r *http.Request) { } if PostalEnabled { _, emailToken, _ := EmailAuth.Encode(claims) - fmt.Println(emailToken) w.WriteHeader(http.StatusCreated) //returnSuccess.Message = "User added. Please check your email for a verification link" returnSuccess.Message = emailToken From cba9967af0a0b266e13f253e9ae030efef2f8499 Mon Sep 17 00:00:00 2001 From: Asara Date: Mon, 20 Jan 2020 13:40:05 -0500 Subject: [PATCH 10/19] Add postal backend integration --- packages/auth/auth.go | 113 +++++++++++++++++++++++++++--------- settings/website.env-sample | 2 + 2 files changed, 86 insertions(+), 29 deletions(-) diff --git a/packages/auth/auth.go b/packages/auth/auth.go index 507bf74..58ad64e 100644 --- a/packages/auth/auth.go +++ b/packages/auth/auth.go @@ -1,6 +1,7 @@ package auth import ( + "bytes" "database/sql" "encoding/json" "fmt" @@ -12,6 +13,7 @@ import ( "github.com/go-chi/jwtauth" "github.com/go-chi/render" "golang.org/x/crypto/bcrypt" + "io/ioutil" "net/http" "os" "strings" @@ -25,26 +27,27 @@ var ( PostalEnabled bool PostalKey string PostalAPI string + PostalEmail string ) func Init() { if postal_key, ok := os.LookupEnv("POSTAL_KEY"); ok { if postal_api, ok := os.LookupEnv("POSTAL_API"); ok { - if email_auth, ok := os.LookupEnv("EMAIL_SECRET"); ok { - EmailAuth = jwtauth.New("HS256", []byte(os.Getenv(email_auth)), nil) - PostalKey = postal_key - PostalAPI = postal_api - PostalEnabled = true + if email_src, ok := os.LookupEnv("POSTAL_SRC_EMAIL"); ok { + if email_auth, ok := os.LookupEnv("EMAIL_SECRET"); ok { + EmailAuth = jwtauth.New("HS256", []byte(os.Getenv(email_auth)), nil) + PostalKey = postal_key + PostalAPI = postal_api + PostalEmail = email_src + PostalEnabled = true + fmt.Println("Postal Enabled") + } } } } } -type ReturnError struct { - Message string `json:"error"` -} - -type ReturnSuccess struct { +type ReturnMessage struct { Message string `json:"msg"` } @@ -68,6 +71,13 @@ type JWT struct { JWT string `json:"jwt"` } +type ComposedEmail struct { + To [1]string `json:"to"` + From string `json:"from"` + Subject string `json:"subject"` + Plain_body string `json:"plain_body"` +} + func Routes() *chi.Mux { r := chi.NewRouter() r.Post("/signin", signin) @@ -81,40 +91,39 @@ func Routes() *chi.Mux { } func register(w http.ResponseWriter, r *http.Request) { - returnError := ReturnError{} - returnSuccess := ReturnSuccess{} + returnMessage := ReturnMessage{} creds := &SignUpCredentials{} err := json.NewDecoder(r.Body).Decode(creds) if err != nil { fmt.Println(err) w.WriteHeader(http.StatusInternalServerError) - returnError.Message = "unexpected error. please contact the administrator" - render.JSON(w, r, returnError) + returnMessage.Message = "unexpected error. please contact the administrator" + render.JSON(w, r, returnMessage) return } if creds.Username == "" { - returnError.Message = "username is required" + returnMessage.Message = "username is required" w.WriteHeader(http.StatusBadRequest) - render.JSON(w, r, returnError) + render.JSON(w, r, returnMessage) return } if creds.Password == "" { - returnError.Message = "password is required" + returnMessage.Message = "password is required" w.WriteHeader(http.StatusBadRequest) - render.JSON(w, r, returnError) + render.JSON(w, r, returnMessage) return } if creds.Email == "" { - returnError.Message = "email is required" + returnMessage.Message = "email is required" w.WriteHeader(http.StatusBadRequest) - render.JSON(w, r, returnError) + render.JSON(w, r, returnMessage) return } err = checkmail.ValidateFormat(creds.Email) if err != nil { - returnError.Message = "email not valid" + returnMessage.Message = "email not valid" w.WriteHeader(http.StatusBadRequest) - render.JSON(w, r, returnError) + render.JSON(w, r, returnMessage) return } @@ -123,9 +132,9 @@ func register(w http.ResponseWriter, r *http.Request) { VALUES ($1, $2, $3, $4, $5)` if _, err = DB.Exec(s, creds.Username, creds.Email, string(hashedPassword), false, false); err != nil { fmt.Println(err) - returnError.Message = "unexpected error. please contact the administrator" + returnMessage.Message = "unexpected error. please contact the administrator" w.WriteHeader(http.StatusInternalServerError) - render.JSON(w, r, returnError) + render.JSON(w, r, returnMessage) return } users.CreateProfile(creds.Username, creds.Email) @@ -138,17 +147,21 @@ func register(w http.ResponseWriter, r *http.Request) { } if PostalEnabled { _, emailToken, _ := EmailAuth.Encode(claims) + returnMessage, ok := sendEmailToken(w, emailToken, creds.Username, creds.Email) + if !ok { + w.WriteHeader(http.StatusInternalServerError) + render.JSON(w, r, returnMessage) + return + } w.WriteHeader(http.StatusCreated) - //returnSuccess.Message = "User added. Please check your email for a verification link" - returnSuccess.Message = emailToken - render.JSON(w, r, returnSuccess) + render.JSON(w, r, returnMessage) return } _, tokenString, _ := TokenAuth.Encode(claims) setCookies(w, tokenString, expirationTime) w.WriteHeader(http.StatusCreated) - returnSuccess.Message = "User created! Welcome to the site!" - render.JSON(w, r, returnSuccess) + returnMessage.Message = "User created! Welcome to the site!" + render.JSON(w, r, returnMessage) return } @@ -210,3 +223,45 @@ func setCookies(w http.ResponseWriter, jwt string, expiration time.Time) string http.SetCookie(w, &signatureCookie) return strings.Join(splitToken[:2], ".") } + +func sendEmailToken(w http.ResponseWriter, token string, name string, email string) (returnMessage ReturnMessage, ok bool) { + header := "Thanks for joining sudoscientist, " + name + "!" + body := "\n\nPlease click the following link to verify your email: " + link := os.Getenv("WEB_ADDR") + "/v1/api/auth/verify/" + token + email_array := [1]string{email} + composed_email := ComposedEmail{ + To: email_array, + From: PostalEmail, + Subject: "sudoscientist: Please confirm your e-mail address", + Plain_body: header + body + link, + } + postal_req, err := json.Marshal(&composed_email) + if err != nil { + fmt.Println(err) + returnMessage.Message = "unexpected error. your account may be in limbo. please contact the administrator" + ok = false + return returnMessage, ok + } + req, err := http.NewRequest("POST", fmt.Sprintf("%s/api/v1/send/message", PostalAPI), bytes.NewBuffer(postal_req)) + req.Header.Set("Content-Type", "application/json") + req.Header.Set("X-Server-API-Key", PostalKey) + if err != nil { + fmt.Println(err) + returnMessage.Message = "unexpected error. your account may be in limbo. please contact the administrator" + ok = false + return returnMessage, ok + } + client := &http.Client{} + resp, err := client.Do(req) + if err != nil { + fmt.Println(err) + returnMessage.Message = "unexpected error. your account may be in limbo. please contact the administrator" + ok = false + return returnMessage, ok + } + defer resp.Body.Close() + respbody, _ := ioutil.ReadAll(resp.Body) + returnMessage.Message = "verification email sent" + ok = true + return returnMessage, ok +} diff --git a/settings/website.env-sample b/settings/website.env-sample index 0f4ab07..e29667e 100644 --- a/settings/website.env-sample +++ b/settings/website.env-sample @@ -2,3 +2,5 @@ export API_PORT="8080" export EMAIL_SECRET="CHANGEMEALSOPLS" export JWT_SECRET="CHANGEMEALSO" export POSTAL_API="https://POSTAL_URL" +export POSTAL_SRC_EMAIL="postal-source@domain.com" +export WEB_ADDR="https://domain.tld" From 172dc2dc347a55deec1ed0db763766e7c7b752e6 Mon Sep 17 00:00:00 2001 From: Asara Date: Mon, 20 Jan 2020 15:21:56 -0500 Subject: [PATCH 11/19] Fix up uneeded return --- packages/auth/auth.go | 2 -- 1 file changed, 2 deletions(-) diff --git a/packages/auth/auth.go b/packages/auth/auth.go index 58ad64e..e832a61 100644 --- a/packages/auth/auth.go +++ b/packages/auth/auth.go @@ -13,7 +13,6 @@ import ( "github.com/go-chi/jwtauth" "github.com/go-chi/render" "golang.org/x/crypto/bcrypt" - "io/ioutil" "net/http" "os" "strings" @@ -260,7 +259,6 @@ func sendEmailToken(w http.ResponseWriter, token string, name string, email stri return returnMessage, ok } defer resp.Body.Close() - respbody, _ := ioutil.ReadAll(resp.Body) returnMessage.Message = "verification email sent" ok = true return returnMessage, ok From d9153ea9bf8cfc0b6eee8dbb07e58e489cc253ea Mon Sep 17 00:00:00 2001 From: Asara Date: Mon, 20 Jan 2020 18:55:12 -0500 Subject: [PATCH 12/19] Split out checking password, update claims to include admin+verified, some more cleanup --- packages/auth/auth.go | 69 ++++++++++++++++++++++++++++++++----------- 1 file changed, 52 insertions(+), 17 deletions(-) diff --git a/packages/auth/auth.go b/packages/auth/auth.go index e832a61..6955f08 100644 --- a/packages/auth/auth.go +++ b/packages/auth/auth.go @@ -56,13 +56,15 @@ type SignUpCredentials struct { Password string `json:"password", db:"password"` } -type SignInCredentials struct { +type UserCredentials struct { Username string `json:"username", db:"username"` Password string `json:"password", db:"password"` } type Claims struct { - Username string `json:"username"` + Username string `json:"username", db:"username"` + Admin string `json:"admin", db:"admin"` + Verified string `json:"verified", db:"verified"` jwt.StandardClaims } @@ -165,29 +167,25 @@ func register(w http.ResponseWriter, r *http.Request) { } func signin(w http.ResponseWriter, r *http.Request) { - creds := &SignInCredentials{} + creds := &UserCredentials{} err := json.NewDecoder(r.Body).Decode(creds) if err != nil { w.WriteHeader(http.StatusBadRequest) return } - result := DB.QueryRow("SELECT password FROM users WHERE username=$1", creds.Username) - storedCreds := &SignInCredentials{} - err = result.Scan(&storedCreds.Password) - if err != nil { - if err == sql.ErrNoRows { - w.WriteHeader(http.StatusUnauthorized) - return - } - w.WriteHeader(http.StatusInternalServerError) + verified, ok := checkPassword(w, *creds) + if !ok { + render.JSON(w, r, verified) return } - if err = bcrypt.CompareHashAndPassword([]byte(storedCreds.Password), []byte(creds.Password)); err != nil { - w.WriteHeader(http.StatusUnauthorized) - } expirationTime := time.Now().Add(24 * time.Hour) + user_claims := &Claims{} + user_claims_query := DB.QueryRow("SELECT username, admin, verified FROM users WHERE username=$1", creds.Username) + err = user_claims_query.Scan(&user_claims.Username, &user_claims.Admin, &user_claims.Verified) claims := &Claims{ - Username: creds.Username, + Username: user_claims.Username, + Admin: user_claims.Admin, + Verified: user_claims.Verified, StandardClaims: jwt.StandardClaims{ ExpiresAt: expirationTime.Unix(), }, @@ -199,11 +197,24 @@ func signin(w http.ResponseWriter, r *http.Request) { } func refresh(w http.ResponseWriter, r *http.Request) { + returnMessage := ReturnMessage{} _, claims, _ := jwtauth.FromContext(r.Context()) w.WriteHeader(http.StatusOK) expirationTime := time.Now().Add(5 * time.Hour) + user_claims := &Claims{} + user_claims_query := DB.QueryRow("SELECT username, admin, verified FROM users WHERE username=$1", claims["username"].(string)) + err := user_claims_query.Scan(&user_claims.Username, &user_claims.Admin, &user_claims.Verified) + if err != nil { + fmt.Println(err) + returnMessage.Message = "unexpected error refreshing your token, please try again later" + w.WriteHeader(http.StatusInternalServerError) + render.JSON(w, r, returnMessage) + return + } newClaims := &Claims{ - Username: claims["username"].(string), + Username: user_claims.Username, + Admin: user_claims.Admin, + Verified: user_claims.Verified, StandardClaims: jwt.StandardClaims{ ExpiresAt: expirationTime.Unix(), }, @@ -263,3 +274,27 @@ func sendEmailToken(w http.ResponseWriter, token string, name string, email stri ok = true return returnMessage, ok } + +func checkPassword(w http.ResponseWriter, creds UserCredentials) (string, bool) { + returnMessage := "" + result := DB.QueryRow("SELECT password FROM users WHERE username=$1", creds.Username) + storedCreds := &UserCredentials{} + err := result.Scan(&storedCreds.Password) + if err != nil { + if err == sql.ErrNoRows { + w.WriteHeader(http.StatusUnauthorized) + returnMessage = "username or password incorrect" + return returnMessage, false + } + w.WriteHeader(http.StatusInternalServerError) + returnMessage = "something is broken, please contact the administrator" + return returnMessage, false + } + if err = bcrypt.CompareHashAndPassword([]byte(storedCreds.Password), []byte(creds.Password)); err != nil { + w.WriteHeader(http.StatusUnauthorized) + returnMessage = "username or password incorrect" + return returnMessage, false + } + returnMessage = "user logged in" + return returnMessage, true +} From cc7225527e66a4fe45905f247bd56c265c61d5cf Mon Sep 17 00:00:00 2001 From: Asara Date: Mon, 20 Jan 2020 19:04:23 -0500 Subject: [PATCH 13/19] Change WEB_ADDR to the api address, not ui --- settings/website.env-sample | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/settings/website.env-sample b/settings/website.env-sample index e29667e..207f180 100644 --- a/settings/website.env-sample +++ b/settings/website.env-sample @@ -3,4 +3,4 @@ export EMAIL_SECRET="CHANGEMEALSOPLS" export JWT_SECRET="CHANGEMEALSO" export POSTAL_API="https://POSTAL_URL" export POSTAL_SRC_EMAIL="postal-source@domain.com" -export WEB_ADDR="https://domain.tld" +export WEB_ADDR="https://apidomain.tld" From d27a499c07e99a0baf66acb22884a6b7dbf794c6 Mon Sep 17 00:00:00 2001 From: Asara Date: Mon, 20 Jan 2020 20:06:32 -0500 Subject: [PATCH 14/19] Split out url auth with email token --- README.md | 2 +- packages/auth/auth.go | 20 ++++++++++++++++---- packages/middleware/auth_middleware.go | 6 ++++++ 3 files changed, 23 insertions(+), 5 deletions(-) diff --git a/README.md b/README.md index b465e0c..f57882f 100644 --- a/README.md +++ b/README.md @@ -81,7 +81,7 @@ Install steps are for Debian 9 (stretch) [For more information on Postal](https://github.com/postalhq/postal) ``` cd ${GOPATH}/src/git.minhas.io/asara/sudoscientist-go-backend - for i in settings/*; do source $i; done + for i in settings/*.env; do source $i; done export DB_HOST=$(docker inspect -f "{{ .NetworkSettings.IPAddress }}" sudosci-db) PSQL_QUERY_STRING="postgres://${DB_USER}:${DB_PW}@${DB_HOST}:${DB_PORT}/${DB_NAME}?sslmode=${DB_SSL}" migrate -path migrations/ -database ${PSQL_QUERY_STRING} up diff --git a/packages/auth/auth.go b/packages/auth/auth.go index 6955f08..362494a 100644 --- a/packages/auth/auth.go +++ b/packages/auth/auth.go @@ -34,7 +34,7 @@ func Init() { if postal_api, ok := os.LookupEnv("POSTAL_API"); ok { if email_src, ok := os.LookupEnv("POSTAL_SRC_EMAIL"); ok { if email_auth, ok := os.LookupEnv("EMAIL_SECRET"); ok { - EmailAuth = jwtauth.New("HS256", []byte(os.Getenv(email_auth)), nil) + EmailAuth = jwtauth.New("HS256", []byte(email_auth), nil) PostalKey = postal_key PostalAPI = postal_api PostalEmail = email_src @@ -63,8 +63,8 @@ type UserCredentials struct { type Claims struct { Username string `json:"username", db:"username"` - Admin string `json:"admin", db:"admin"` - Verified string `json:"verified", db:"verified"` + Admin bool `json:"admin", db:"admin"` + Verified bool `json:"verified", db:"verified"` jwt.StandardClaims } @@ -81,6 +81,11 @@ type ComposedEmail struct { func Routes() *chi.Mux { r := chi.NewRouter() + r.Group(func(r chi.Router) { + r.Use(jwtauth.Verify(EmailAuth, auth_middleware.TokenFromUrl)) + r.Use(jwtauth.Authenticator) + r.Get("/verify/{token}", verify) + }) r.Post("/signin", signin) r.Post("/register", register) r.Group(func(r chi.Router) { @@ -91,6 +96,11 @@ func Routes() *chi.Mux { return r } +func verify(w http.ResponseWriter, r *http.Request) { + token := chi.URLParam(r, "token") + fmt.Println(token) +} + func register(w http.ResponseWriter, r *http.Request) { returnMessage := ReturnMessage{} creds := &SignUpCredentials{} @@ -142,6 +152,8 @@ func register(w http.ResponseWriter, r *http.Request) { expirationTime := time.Now().Add(24 * time.Hour) claims := &Claims{ Username: creds.Username, + Admin: false, + Verified: false, StandardClaims: jwt.StandardClaims{ ExpiresAt: expirationTime.Unix(), }, @@ -200,7 +212,7 @@ func refresh(w http.ResponseWriter, r *http.Request) { returnMessage := ReturnMessage{} _, claims, _ := jwtauth.FromContext(r.Context()) w.WriteHeader(http.StatusOK) - expirationTime := time.Now().Add(5 * time.Hour) + expirationTime := time.Now().Add(24 * time.Hour) user_claims := &Claims{} user_claims_query := DB.QueryRow("SELECT username, admin, verified FROM users WHERE username=$1", claims["username"].(string)) err := user_claims_query.Scan(&user_claims.Username, &user_claims.Admin, &user_claims.Verified) diff --git a/packages/middleware/auth_middleware.go b/packages/middleware/auth_middleware.go index 8cdfa02..fa601da 100644 --- a/packages/middleware/auth_middleware.go +++ b/packages/middleware/auth_middleware.go @@ -2,6 +2,7 @@ package auth_middleware import ( "net/http" + "path" ) func TokenFromSplitCookie(r *http.Request) string { @@ -16,3 +17,8 @@ func TokenFromSplitCookie(r *http.Request) string { cookie := dataCookie.Value + "." + signatureCookie.Value return cookie } + +func TokenFromUrl(r *http.Request) string { + _, token := path.Split(r.URL.Path) + return token +} From aa2731e78920a17d265e633db1c2d12c27e77097 Mon Sep 17 00:00:00 2001 From: Asara Date: Tue, 21 Jan 2020 22:06:03 -0500 Subject: [PATCH 15/19] Add backend hook to register users --- packages/auth/auth.go | 19 +++++++++++++++++-- 1 file changed, 17 insertions(+), 2 deletions(-) diff --git a/packages/auth/auth.go b/packages/auth/auth.go index 362494a..4550204 100644 --- a/packages/auth/auth.go +++ b/packages/auth/auth.go @@ -97,8 +97,23 @@ func Routes() *chi.Mux { } func verify(w http.ResponseWriter, r *http.Request) { - token := chi.URLParam(r, "token") - fmt.Println(token) + returnMessage := ReturnMessage{} + _, claims, _ := jwtauth.FromContext(r.Context()) + sqlStatement := ` + UPDATE users + SET verified = $1 + WHERE username = $2;` + _, err := DB.Exec(sqlStatement, true, claims["username"]) + if err != nil { + w.WriteHeader(http.StatusInternalServerError) + returnMessage.Message = "unexpected error verifying account. please contact the administrator" + render.JSON(w, r, returnMessage) + return + } + w.WriteHeader(http.StatusOK) + returnMessage.Message = "your email has been verified!" + render.JSON(w, r, returnMessage) + return } func register(w http.ResponseWriter, r *http.Request) { From 4457885685ce8f79322785e162c8f68b8b8a6cd8 Mon Sep 17 00:00:00 2001 From: Asara Date: Tue, 21 Jan 2020 22:19:35 -0500 Subject: [PATCH 16/19] Block non-admin users from posting --- packages/blog/blog.go | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/packages/blog/blog.go b/packages/blog/blog.go index 88c4f72..151a277 100644 --- a/packages/blog/blog.go +++ b/packages/blog/blog.go @@ -78,6 +78,14 @@ func createBlogPost(w http.ResponseWriter, r *http.Request) { newBlogPost := &NewBlogPost{} // basic checks _, claims, _ := jwtauth.FromContext(r.Context()) + is_admin := claims["admin"].(bool) + if !is_admin { + returnError.Message = "sorry only admins are allowed to create blog posts" + w.WriteHeader(http.StatusUnauthorized) + render.JSON(w, r, returnError) + return + } + username := claims["username"].(string) err := json.NewDecoder(r.Body).Decode(newBlogPost) if err != nil { From 38bd348737008ed5472d6c4a481840453aceb96f Mon Sep 17 00:00:00 2001 From: Asara Date: Tue, 21 Jan 2020 23:49:07 -0500 Subject: [PATCH 17/19] Update auth to return better errors, remove returning the token data as a blob --- packages/auth/auth.go | 28 +++++++++++++++++----------- 1 file changed, 17 insertions(+), 11 deletions(-) diff --git a/packages/auth/auth.go b/packages/auth/auth.go index 4550204..cf7763f 100644 --- a/packages/auth/auth.go +++ b/packages/auth/auth.go @@ -122,8 +122,8 @@ func register(w http.ResponseWriter, r *http.Request) { err := json.NewDecoder(r.Body).Decode(creds) if err != nil { fmt.Println(err) - w.WriteHeader(http.StatusInternalServerError) - returnMessage.Message = "unexpected error. please contact the administrator" + w.WriteHeader(http.StatusBadRequest) + returnMessage.Message = "bad data provided" render.JSON(w, r, returnMessage) return } @@ -194,15 +194,20 @@ func register(w http.ResponseWriter, r *http.Request) { } func signin(w http.ResponseWriter, r *http.Request) { + returnMessage := ReturnMessage{} creds := &UserCredentials{} err := json.NewDecoder(r.Body).Decode(creds) if err != nil { w.WriteHeader(http.StatusBadRequest) + returnMessage.Message = "bad data provided" + render.JSON(w, r, returnMessage) return } - verified, ok := checkPassword(w, *creds) + verify_pw, ok := checkPassword(w, *creds) if !ok { - render.JSON(w, r, verified) + w.WriteHeader(http.StatusBadRequest) + returnMessage.Message = verify_pw + render.JSON(w, r, returnMessage) return } expirationTime := time.Now().Add(24 * time.Hour) @@ -218,9 +223,9 @@ func signin(w http.ResponseWriter, r *http.Request) { }, } _, tokenString, _ := TokenAuth.Encode(claims) - token := setCookies(w, tokenString, expirationTime) + setCookies(w, tokenString, expirationTime) w.WriteHeader(http.StatusOK) - render.JSON(w, r, token) + render.JSON(w, r, returnMessage) } func refresh(w http.ResponseWriter, r *http.Request) { @@ -233,8 +238,8 @@ func refresh(w http.ResponseWriter, r *http.Request) { err := user_claims_query.Scan(&user_claims.Username, &user_claims.Admin, &user_claims.Verified) if err != nil { fmt.Println(err) - returnMessage.Message = "unexpected error refreshing your token, please try again later" w.WriteHeader(http.StatusInternalServerError) + returnMessage.Message = "unexpected error refreshing your token, please try again later" render.JSON(w, r, returnMessage) return } @@ -247,18 +252,19 @@ func refresh(w http.ResponseWriter, r *http.Request) { }, } _, tokenString, _ := TokenAuth.Encode(newClaims) - token := setCookies(w, tokenString, expirationTime) + setCookies(w, tokenString, expirationTime) w.WriteHeader(http.StatusOK) - render.JSON(w, r, token) + returnMessage.Message = "jwt refreshed" + render.JSON(w, r, returnMessage) } -func setCookies(w http.ResponseWriter, jwt string, expiration time.Time) string { +func setCookies(w http.ResponseWriter, jwt string, expiration time.Time) { splitToken := strings.Split(jwt, ".") dataCookie := http.Cookie{Name: "DataCookie", Value: strings.Join(splitToken[:2], "."), Expires: expiration, HttpOnly: false, Path: "/", Domain: ".sudoscientist.com", MaxAge: 360, Secure: true} http.SetCookie(w, &dataCookie) signatureCookie := http.Cookie{Name: "SignatureCookie", Value: splitToken[2], Expires: expiration, HttpOnly: true, Path: "/", Domain: ".sudoscientist.com", MaxAge: 360, Secure: true} http.SetCookie(w, &signatureCookie) - return strings.Join(splitToken[:2], ".") + return } func sendEmailToken(w http.ResponseWriter, token string, name string, email string) (returnMessage ReturnMessage, ok bool) { From 4208190c9a1aeb42630643277b2b2005bc34d2ec Mon Sep 17 00:00:00 2001 From: Asara Date: Wed, 22 Jan 2020 22:45:07 -0500 Subject: [PATCH 18/19] Fix up accessing ui in dev mode via env variables --- main.go | 2 +- packages/auth/auth.go | 6 +++--- settings/website.env-sample | 5 ++++- 3 files changed, 8 insertions(+), 5 deletions(-) diff --git a/main.go b/main.go index 9f6d7b8..ad3a8d9 100644 --- a/main.go +++ b/main.go @@ -54,7 +54,7 @@ func main() { func Routes() *chi.Mux { router := chi.NewRouter() cors := cors.New(cors.Options{ - AllowedOrigins: []string{"https://sudoscientist.com", "https://www.sudoscientist.com"}, + AllowedOrigins: []string{os.Getenv("UI_PROTO") + os.Getenv("UI_ADDR") + os.Getenv("UI_PORT"), os.Getenv("UI_PROTO") + "www." + os.Getenv("UI_ADDR") + os.Getenv("UI_PORT")}, AllowedMethods: []string{"GET", "POST", "PUT", "DELETE", "PATCH", "OPTIONS"}, AllowedHeaders: []string{"Accept", "Authorization", "Content-Type", "X-CSRF-Token"}, AllowCredentials: true, diff --git a/packages/auth/auth.go b/packages/auth/auth.go index cf7763f..b722d96 100644 --- a/packages/auth/auth.go +++ b/packages/auth/auth.go @@ -260,9 +260,9 @@ func refresh(w http.ResponseWriter, r *http.Request) { func setCookies(w http.ResponseWriter, jwt string, expiration time.Time) { splitToken := strings.Split(jwt, ".") - dataCookie := http.Cookie{Name: "DataCookie", Value: strings.Join(splitToken[:2], "."), Expires: expiration, HttpOnly: false, Path: "/", Domain: ".sudoscientist.com", MaxAge: 360, Secure: true} + dataCookie := http.Cookie{Name: "DataCookie", Value: strings.Join(splitToken[:2], "."), Expires: expiration, HttpOnly: false, Path: "/", Domain: os.Getenv("UI_ADDR"), MaxAge: 360} http.SetCookie(w, &dataCookie) - signatureCookie := http.Cookie{Name: "SignatureCookie", Value: splitToken[2], Expires: expiration, HttpOnly: true, Path: "/", Domain: ".sudoscientist.com", MaxAge: 360, Secure: true} + signatureCookie := http.Cookie{Name: "SignatureCookie", Value: splitToken[2], Expires: expiration, HttpOnly: true, Path: "/", Domain: os.Getenv("UI_ADDR"), MaxAge: 360} http.SetCookie(w, &signatureCookie) return } @@ -270,7 +270,7 @@ func setCookies(w http.ResponseWriter, jwt string, expiration time.Time) { func sendEmailToken(w http.ResponseWriter, token string, name string, email string) (returnMessage ReturnMessage, ok bool) { header := "Thanks for joining sudoscientist, " + name + "!" body := "\n\nPlease click the following link to verify your email: " - link := os.Getenv("WEB_ADDR") + "/v1/api/auth/verify/" + token + link := os.Getenv("API_ADDR") + "/v1/api/auth/verify/" + token email_array := [1]string{email} composed_email := ComposedEmail{ To: email_array, diff --git a/settings/website.env-sample b/settings/website.env-sample index 207f180..0f426e0 100644 --- a/settings/website.env-sample +++ b/settings/website.env-sample @@ -3,4 +3,7 @@ export EMAIL_SECRET="CHANGEMEALSOPLS" export JWT_SECRET="CHANGEMEALSO" export POSTAL_API="https://POSTAL_URL" export POSTAL_SRC_EMAIL="postal-source@domain.com" -export WEB_ADDR="https://apidomain.tld" +export API_ADDR="https://apidomain.tld" +export UI_ADDR="sudosci.ui" +export UI_PORT=":3000" +export UI_PROTO="http://" From 20ae72bc2e3dd408edeacf51dfeac33a360742a3 Mon Sep 17 00:00:00 2001 From: Asara Date: Sat, 25 Jan 2020 18:04:15 -0500 Subject: [PATCH 19/19] Extend ReturnMessage --- main.go | 2 +- packages/auth/auth.go | 15 +++++ packages/blog/blog.go | 126 ++++++++++++++++++++++++++---------------- 3 files changed, 93 insertions(+), 50 deletions(-) diff --git a/main.go b/main.go index ad3a8d9..2c0deda 100644 --- a/main.go +++ b/main.go @@ -54,7 +54,7 @@ func main() { func Routes() *chi.Mux { router := chi.NewRouter() cors := cors.New(cors.Options{ - AllowedOrigins: []string{os.Getenv("UI_PROTO") + os.Getenv("UI_ADDR") + os.Getenv("UI_PORT"), os.Getenv("UI_PROTO") + "www." + os.Getenv("UI_ADDR") + os.Getenv("UI_PORT")}, + AllowedOrigins: []string{os.Getenv("UI_PROTO") + os.Getenv("UI_ADDR") + os.Getenv("UI_PORT"), os.Getenv("UI_PROTO") + "www." + os.Getenv("UI_ADDR") + os.Getenv("UI_PORT")}, AllowedMethods: []string{"GET", "POST", "PUT", "DELETE", "PATCH", "OPTIONS"}, AllowedHeaders: []string{"Accept", "Authorization", "Content-Type", "X-CSRF-Token"}, AllowCredentials: true, diff --git a/packages/auth/auth.go b/packages/auth/auth.go index b722d96..1734276 100644 --- a/packages/auth/auth.go +++ b/packages/auth/auth.go @@ -48,6 +48,7 @@ func Init() { type ReturnMessage struct { Message string `json:"msg"` + Error bool `json:"error"` } type SignUpCredentials struct { @@ -98,6 +99,7 @@ func Routes() *chi.Mux { func verify(w http.ResponseWriter, r *http.Request) { returnMessage := ReturnMessage{} + returnMessage.Error = false _, claims, _ := jwtauth.FromContext(r.Context()) sqlStatement := ` UPDATE users @@ -107,6 +109,7 @@ func verify(w http.ResponseWriter, r *http.Request) { if err != nil { w.WriteHeader(http.StatusInternalServerError) returnMessage.Message = "unexpected error verifying account. please contact the administrator" + returnMessage.Error = true render.JSON(w, r, returnMessage) return } @@ -118,29 +121,34 @@ func verify(w http.ResponseWriter, r *http.Request) { func register(w http.ResponseWriter, r *http.Request) { returnMessage := ReturnMessage{} + returnMessage.Error = false creds := &SignUpCredentials{} err := json.NewDecoder(r.Body).Decode(creds) if err != nil { fmt.Println(err) w.WriteHeader(http.StatusBadRequest) returnMessage.Message = "bad data provided" + returnMessage.Error = true render.JSON(w, r, returnMessage) return } if creds.Username == "" { returnMessage.Message = "username is required" + returnMessage.Error = true w.WriteHeader(http.StatusBadRequest) render.JSON(w, r, returnMessage) return } if creds.Password == "" { returnMessage.Message = "password is required" + returnMessage.Error = true w.WriteHeader(http.StatusBadRequest) render.JSON(w, r, returnMessage) return } if creds.Email == "" { returnMessage.Message = "email is required" + returnMessage.Error = true w.WriteHeader(http.StatusBadRequest) render.JSON(w, r, returnMessage) return @@ -148,6 +156,7 @@ func register(w http.ResponseWriter, r *http.Request) { err = checkmail.ValidateFormat(creds.Email) if err != nil { returnMessage.Message = "email not valid" + returnMessage.Error = true w.WriteHeader(http.StatusBadRequest) render.JSON(w, r, returnMessage) return @@ -159,6 +168,7 @@ func register(w http.ResponseWriter, r *http.Request) { if _, err = DB.Exec(s, creds.Username, creds.Email, string(hashedPassword), false, false); err != nil { fmt.Println(err) returnMessage.Message = "unexpected error. please contact the administrator" + returnMessage.Error = true w.WriteHeader(http.StatusInternalServerError) render.JSON(w, r, returnMessage) return @@ -195,11 +205,13 @@ func register(w http.ResponseWriter, r *http.Request) { func signin(w http.ResponseWriter, r *http.Request) { returnMessage := ReturnMessage{} + returnMessage.Error = false creds := &UserCredentials{} err := json.NewDecoder(r.Body).Decode(creds) if err != nil { w.WriteHeader(http.StatusBadRequest) returnMessage.Message = "bad data provided" + returnMessage.Error = true render.JSON(w, r, returnMessage) return } @@ -207,6 +219,7 @@ func signin(w http.ResponseWriter, r *http.Request) { if !ok { w.WriteHeader(http.StatusBadRequest) returnMessage.Message = verify_pw + returnMessage.Error = true render.JSON(w, r, returnMessage) return } @@ -230,6 +243,7 @@ func signin(w http.ResponseWriter, r *http.Request) { func refresh(w http.ResponseWriter, r *http.Request) { returnMessage := ReturnMessage{} + returnMessage.Error = false _, claims, _ := jwtauth.FromContext(r.Context()) w.WriteHeader(http.StatusOK) expirationTime := time.Now().Add(24 * time.Hour) @@ -240,6 +254,7 @@ func refresh(w http.ResponseWriter, r *http.Request) { fmt.Println(err) w.WriteHeader(http.StatusInternalServerError) returnMessage.Message = "unexpected error refreshing your token, please try again later" + returnMessage.Error = true render.JSON(w, r, returnMessage) return } diff --git a/packages/blog/blog.go b/packages/blog/blog.go index 151a277..2c6d2bc 100644 --- a/packages/blog/blog.go +++ b/packages/blog/blog.go @@ -43,8 +43,9 @@ type NewBlogPost struct { Author string `json:"author",db:"author"` } -type ReturnError struct { - Message string `json:"error"` +type ReturnMessage struct { + Message string `json:"msg"` + Error bool `json:"error"` } type ReturnSuccess struct { @@ -74,36 +75,41 @@ func Routes() *chi.Mux { } func createBlogPost(w http.ResponseWriter, r *http.Request) { - returnError := ReturnError{} + returnMessage := ReturnMessage{} + returnMessage.Error = false newBlogPost := &NewBlogPost{} // basic checks _, claims, _ := jwtauth.FromContext(r.Context()) is_admin := claims["admin"].(bool) if !is_admin { - returnError.Message = "sorry only admins are allowed to create blog posts" + returnMessage.Message = "sorry only admins are allowed to create blog posts" + returnMessage.Error = true w.WriteHeader(http.StatusUnauthorized) - render.JSON(w, r, returnError) + render.JSON(w, r, returnMessage) return } username := claims["username"].(string) err := json.NewDecoder(r.Body).Decode(newBlogPost) if err != nil { - returnError.Message = "unknown error, try again later" + returnMessage.Message = "unknown error, try again later" + returnMessage.Error = true w.WriteHeader(http.StatusBadRequest) - render.JSON(w, r, returnError) + render.JSON(w, r, returnMessage) return } if newBlogPost.Title == "" { - returnError.Message = "title is required" + returnMessage.Message = "title is required" + returnMessage.Error = true w.WriteHeader(http.StatusBadRequest) - render.JSON(w, r, returnError) + render.JSON(w, r, returnMessage) return } if newBlogPost.Content == "" { - returnError.Message = "content is required" + returnMessage.Message = "content is required" + returnMessage.Error = true w.WriteHeader(http.StatusBadRequest) - render.JSON(w, r, returnError) + render.JSON(w, r, returnMessage) return } as := slug.Make(newBlogPost.Title) @@ -113,16 +119,18 @@ func createBlogPost(w http.ResponseWriter, r *http.Request) { scr := 0 err = slugCheck.Scan(&scr) if err == nil { - returnError.Message = "slug already exists" + returnMessage.Message = "slug already exists" + returnMessage.Error = true w.WriteHeader(http.StatusBadRequest) - render.JSON(w, r, returnError) + render.JSON(w, r, returnMessage) return } if err != nil { if err != sql.ErrNoRows { - returnError.Message = "something is super broken..." + returnMessage.Message = "something is super broken..." + returnMessage.Error = true w.WriteHeader(http.StatusInternalServerError) - render.JSON(w, r, returnError) + render.JSON(w, r, returnMessage) fmt.Println(err) return } @@ -135,15 +143,17 @@ func createBlogPost(w http.ResponseWriter, r *http.Request) { err = DB.QueryRow(s, newBlogPost.Title, as, username, newBlogPost.Content, time.Now().UTC(), false, time.Now().UTC()).Scan(&article_id) if err != nil { if err == sql.ErrNoRows { - returnError.Message = "something is super broken..." + returnMessage.Message = "something is super broken..." + returnMessage.Error = true w.WriteHeader(http.StatusInternalServerError) - render.JSON(w, r, returnError) + render.JSON(w, r, returnMessage) fmt.Println(err) return } - returnError.Message = "something is super broken..." + returnMessage.Message = "something is super broken..." + returnMessage.Error = true w.WriteHeader(http.StatusInternalServerError) - render.JSON(w, r, returnError) + render.JSON(w, r, returnMessage) fmt.Println(err) return } @@ -164,7 +174,8 @@ func createBlogPost(w http.ResponseWriter, r *http.Request) { } func updateBlogPostById(w http.ResponseWriter, r *http.Request) { - returnError := ReturnError{} + returnMessage := ReturnMessage{} + returnMessage.Error = false // Get the actual post id := chi.URLParam(r, "id") result := DB.QueryRow("SELECT id, title, slug, author, content, time_published FROM posts WHERE id=$1", id) @@ -172,15 +183,17 @@ func updateBlogPostById(w http.ResponseWriter, r *http.Request) { err := result.Scan(&post.ID, &post.Title, &post.Slug, &post.Author, &post.Content, &post.TimePublished) if err != nil { if err == sql.ErrNoRows { - returnError.Message = "blog post requested for update not found" + returnMessage.Message = "blog post requested for update not found" + returnMessage.Error = true w.WriteHeader(http.StatusInternalServerError) - render.JSON(w, r, returnError) + render.JSON(w, r, returnMessage) fmt.Println(err) return } - returnError.Message = "something is super broken..." + returnMessage.Message = "something is super broken..." + returnMessage.Error = true w.WriteHeader(http.StatusInternalServerError) - render.JSON(w, r, returnError) + render.JSON(w, r, returnMessage) fmt.Println(err) return } @@ -189,9 +202,10 @@ func updateBlogPostById(w http.ResponseWriter, r *http.Request) { _, claims, _ := jwtauth.FromContext(r.Context()) username := claims["username"].(string) if username != post.Author { - returnError.Message = "unauthorized..." + returnMessage.Message = "unauthorized..." + returnMessage.Error = true w.WriteHeader(http.StatusUnauthorized) - render.JSON(w, r, returnError) + render.JSON(w, r, returnMessage) return } // update the post struct @@ -206,9 +220,10 @@ func updateBlogPostById(w http.ResponseWriter, r *http.Request) { // write the row update _, err = DB.Exec(s, post.Title, post.Content, true, time.Now().UTC(), post.ID) if err != nil { - returnError.Message = "something is super broken..." + returnMessage.Message = "something is super broken..." + returnMessage.Error = true w.WriteHeader(http.StatusInternalServerError) - render.JSON(w, r, returnError) + render.JSON(w, r, returnMessage) fmt.Println(err) return } @@ -220,7 +235,8 @@ func updateBlogPostById(w http.ResponseWriter, r *http.Request) { // This will search by the last id seen, descending. func getBlogPosts(w http.ResponseWriter, r *http.Request) { - returnError := ReturnError{} + returnMessage := ReturnMessage{} + returnMessage.Error = false referenceID := &ReferenceID{} err := json.NewDecoder(r.Body).Decode(referenceID) // hardcode 9001 for cool kid points @@ -241,9 +257,10 @@ func getBlogPosts(w http.ResponseWriter, r *http.Request) { ` rows, err := DB.Query(search, search_id) if err != nil { - returnError.Message = "something is super broken..." + returnMessage.Message = "something is super broken..." + returnMessage.Error = true w.WriteHeader(http.StatusInternalServerError) - render.JSON(w, r, returnError) + render.JSON(w, r, returnMessage) fmt.Println(err) return } @@ -256,9 +273,10 @@ func getBlogPosts(w http.ResponseWriter, r *http.Request) { posts = append(posts, post) } if err := rows.Err(); err != nil { - returnError.Message = "something is super broken..." + returnMessage.Message = "something is super broken..." + returnMessage.Error = true w.WriteHeader(http.StatusInternalServerError) - render.JSON(w, r, returnError) + render.JSON(w, r, returnMessage) fmt.Println(err) return } @@ -268,15 +286,17 @@ func getBlogPosts(w http.ResponseWriter, r *http.Request) { } func getBlogPostBySlug(w http.ResponseWriter, r *http.Request) { - returnError := ReturnError{} + returnMessage := ReturnMessage{} + returnMessage.Error = false slug := chi.URLParam(r, "slug") result := DB.QueryRow("SELECT id, title, slug, author, content, time_published, modified, last_modified FROM posts WHERE slug=$1", slug) post := BlogPost{} err := result.Scan(&post.ID, &post.Title, &post.Slug, &post.Author, &post.Content, &post.TimePublished, &post.Modified, &post.TimeModified) if err != nil { - returnError.Message = "post not found" + returnMessage.Message = "post not found" + returnMessage.Error = true w.WriteHeader(http.StatusBadRequest) - render.JSON(w, r, returnError) + render.JSON(w, r, returnMessage) return } w.WriteHeader(http.StatusOK) @@ -285,15 +305,17 @@ func getBlogPostBySlug(w http.ResponseWriter, r *http.Request) { } func getBlogPostById(w http.ResponseWriter, r *http.Request) { - returnError := ReturnError{} + returnMessage := ReturnMessage{} + returnMessage.Error = false id := chi.URLParam(r, "id") result := DB.QueryRow("SELECT id, title, slug, author, content, time_published, modified, last_modified FROM posts WHERE id=$1", id) post := BlogPost{} err := result.Scan(&post.ID, &post.Title, &post.Slug, &post.Author, &post.Content, &post.TimePublished, &post.Modified, &post.TimeModified) if err != nil { - returnError.Message = "post not found" + returnMessage.Message = "post not found" + returnMessage.Error = true w.WriteHeader(http.StatusBadRequest) - render.JSON(w, r, returnError) + render.JSON(w, r, returnMessage) return } w.WriteHeader(http.StatusOK) @@ -302,7 +324,8 @@ func getBlogPostById(w http.ResponseWriter, r *http.Request) { } func getBlogPostsByTag(w http.ResponseWriter, r *http.Request) { - returnError := ReturnError{} + returnMessage := ReturnMessage{} + returnMessage.Error = false referenceID := &ReferenceID{} err := json.NewDecoder(r.Body).Decode(referenceID) // hardcode 9001 for cool kid points @@ -326,9 +349,10 @@ func getBlogPostsByTag(w http.ResponseWriter, r *http.Request) { ` rows, err := DB.Query(search, search_id, tag) if err != nil { - returnError.Message = "something is super broken..." + returnMessage.Message = "something is super broken..." + returnMessage.Error = true w.WriteHeader(http.StatusInternalServerError) - render.JSON(w, r, returnError) + render.JSON(w, r, returnMessage) fmt.Println(err) return } @@ -341,9 +365,10 @@ func getBlogPostsByTag(w http.ResponseWriter, r *http.Request) { posts = append(posts, post) } if err := rows.Err(); err != nil { - returnError.Message = "something is super broken..." + returnMessage.Message = "something is super broken..." + returnMessage.Error = true w.WriteHeader(http.StatusInternalServerError) - render.JSON(w, r, returnError) + render.JSON(w, r, returnMessage) fmt.Println(err) return } @@ -353,7 +378,8 @@ func getBlogPostsByTag(w http.ResponseWriter, r *http.Request) { } func getBlogPostsByAuthor(w http.ResponseWriter, r *http.Request) { - returnError := ReturnError{} + returnMessage := ReturnMessage{} + returnMessage.Error = false referenceID := &ReferenceID{} err := json.NewDecoder(r.Body).Decode(referenceID) // hardcode 9001 for cool kid points @@ -376,9 +402,10 @@ func getBlogPostsByAuthor(w http.ResponseWriter, r *http.Request) { ` rows, err := DB.Query(search, search_id, author) if err != nil { - returnError.Message = "something is super broken..." + returnMessage.Message = "something is super broken..." + returnMessage.Error = true w.WriteHeader(http.StatusInternalServerError) - render.JSON(w, r, returnError) + render.JSON(w, r, returnMessage) fmt.Println(err) return } @@ -391,9 +418,10 @@ func getBlogPostsByAuthor(w http.ResponseWriter, r *http.Request) { posts = append(posts, post) } if err := rows.Err(); err != nil { - returnError.Message = "something is super broken..." + returnMessage.Message = "something is super broken..." + returnMessage.Error = true w.WriteHeader(http.StatusInternalServerError) - render.JSON(w, r, returnError) + render.JSON(w, r, returnMessage) fmt.Println(err) return }