package auth import ( "fmt" "database/sql" "encoding/json" "git.minhas.io/asara/sudoscientist/packages/users" "github.com/dgrijalva/jwt-go" "github.com/go-chi/chi" "github.com/go-chi/jwtauth" "github.com/go-chi/render" "golang.org/x/crypto/bcrypt" "net/http" ) var ( DB *sql.DB TokenAuth *jwtauth.JWTAuth ) type Credentials struct { Username string `json:"username", db:"username"` Password string `json:"password", db:"password"` } func Init() { DB.Exec("CREATE TABLE IF NOT EXISTS users (username text primary key, password text, admin boolean);" ) } func Routes() *chi.Mux { router := chi.NewRouter() router.Post("/signin", Signin) router.Post("/signup", Signup) return router } func Signup(w http.ResponseWriter, r *http.Request) { creds := &Credentials{} err := json.NewDecoder(r.Body).Decode(creds) if err != nil { w.WriteHeader(http.StatusBadRequest) return } hashedPassword, err := bcrypt.GenerateFromPassword([]byte(creds.Password), 10) s := `INSERT INTO users (username, password, admin) VALUES ($1, $2, $3)` if _, err = DB.Exec(s, creds.Username, string(hashedPassword), false); err != nil { w.WriteHeader(http.StatusInternalServerError) fmt.Println(err) return } users.CreateProfile(creds.Username) w.WriteHeader(http.StatusCreated) } func Signin(w http.ResponseWriter, r *http.Request) { creds := &Credentials{} err := json.NewDecoder(r.Body).Decode(creds) if err != nil { w.WriteHeader(http.StatusBadRequest) return } result := DB.QueryRow("SELECT password FROM users WHERE username=$1", creds.Username) if err != nil { w.WriteHeader(http.StatusInternalServerError) return } storedCreds := &Credentials{} err = result.Scan(&storedCreds.Password) if err != nil { if err == sql.ErrNoRows { w.WriteHeader(http.StatusUnauthorized) return } w.WriteHeader(http.StatusInternalServerError) return } if err = bcrypt.CompareHashAndPassword([]byte(storedCreds.Password), []byte(creds.Password)); err != nil { w.WriteHeader(http.StatusUnauthorized) } _, tokenString, _ := TokenAuth.Encode(jwt.MapClaims{ "username": creds.Username, }) w.WriteHeader(http.StatusOK) render.JSON(w, r, tokenString) }