diff --git a/server/api/api.go b/server/api/api.go index c53d451..24a5683 100644 --- a/server/api/api.go +++ b/server/api/api.go @@ -21,5 +21,13 @@ func Start() { r.Get("/", Whoami) }) + r.Route("/users", func(r chi.Router) { + r.Get("/", ListUsers) + }) + + r.Route("/register", func(r chi.Router) { + r.Post("/", NewUser) + }) + http.ListenAndServe(":3000", r) } diff --git a/server/api/auth.go b/server/api/auth.go new file mode 100644 index 0000000..bf10da3 --- /dev/null +++ b/server/api/auth.go @@ -0,0 +1,13 @@ +package api + +import "golang.org/x/crypto/bcrypt" + +func hashPassword(password string) (string, error) { + hashedPassword, err := bcrypt.GenerateFromPassword([]byte(password), + bcrypt.DefaultCost) + return string(hashedPassword), err +} + +func validatePassword(hashedPassword, password string) error { + return bcrypt.CompareHashAndPassword([]byte(hashedPassword), []byte(password)) +} diff --git a/server/api/db.go b/server/api/db.go new file mode 100644 index 0000000..50c8069 --- /dev/null +++ b/server/api/db.go @@ -0,0 +1,88 @@ +package api + +import ( + "errors" + "fmt" + "log/slog" + + "git.dubyatp.xyz/dubyatp/scannerbot/server/db" + "github.com/gocql/gocql" +) + +func dbGetUser(id string) (*User, error) { + query := `SELECT id, name, password FROM users WHERE id = ?` + var user User + var gid gocql.UUID + err := db.Session.Query(query, id).Scan(&gid, &user.Name, &user.Password) + user.ID = [16]byte(gid) + + if err == gocql.ErrNotFound { + slog.Debug("db: user not found", "userid", id) + return nil, errors.New("User not found") + } else if err != nil { + slog.Error("db: failed to query user", "error", err) + return nil, fmt.Errorf("failed to query user") + } + + slog.Debug("db: user found", "userid", user.ID, "username", user.Name) + return &user, nil +} + +func dbGetUserByName(username string) (*User, error) { + query := `SELECT id, name, password FROM users WHERE name = ?` + var user User + var gid gocql.UUID + err := db.Session.Query(query, username).Scan(&gid, &user.Name, &user.Password) + user.ID = [16]byte(gid) + + if err == gocql.ErrNotFound { + slog.Debug("db: user not found", "username", username) + return nil, errors.New("User not found") + } else if err != nil { + slog.Error("db: failed to query user", "error", err) + return nil, fmt.Errorf("failed to query user") + } + + slog.Debug("db: user found", "userid", user.ID, "username", user.Name) + return &user, nil +} + +func dbGetAllUsers() ([]*User, error) { + query := `SELECT id, name, password FROM users` + iter := db.Session.Query(query).Iter() + defer iter.Close() + + var users []*User + for { + user := &User{} + var gid gocql.UUID + if !iter.Scan(&gid, &user.Name, &user.Password) { + break + } + user.ID = [16]byte(gid) + users = append(users, user) + } + if err := iter.Close(); err != nil { + slog.Error("db: failed to iterate users", "error", err) + return nil, fmt.Errorf("failed to iterate users") + } + if len(users) == 0 { + slog.Debug("db: no users found") + return nil, errors.New("no users found") + } + + slog.Debug("db: user list returned") + return users, nil +} + +func dbAddUser(user *User) error { + query := `INSERT INTO users (id, name, password) VALUES (?, ?, ?)` + err := db.Session.Query(query, gocql.UUID(user.ID), user.Name, user.Password).Exec() + if err != nil { + slog.Error("db: failed to add user", "error", err, "userid", user.ID, "username", user.Name) + return fmt.Errorf("failed to add user") + } + + slog.Debug("db: user added", "userid", user.ID, "username", user.Name) + return nil +} diff --git a/server/api/error.go b/server/api/error.go new file mode 100644 index 0000000..44379b2 --- /dev/null +++ b/server/api/error.go @@ -0,0 +1,41 @@ +package api + +import ( + "net/http" + + "github.com/go-chi/render" +) + +type ErrResponse struct { + Err error `json:"-"` + HTTPStatusCode int `json:"-"` + + StatusText string `json:"status"` + AppCode int64 `json:"code,omitempty"` + ErrorText string `json:"error,omitempty"` +} + +func (e *ErrResponse) Render(w http.ResponseWriter, r *http.Request) error { + render.Status(r, e.HTTPStatusCode) + return nil +} + +func ErrInvalidRequest(err error) render.Renderer { + return &ErrResponse{ + Err: err, + HTTPStatusCode: 400, + StatusText: "Invalid request.", + ErrorText: err.Error(), + } +} + +func ErrRender(err error) render.Renderer { + return &ErrResponse{ + Err: err, + HTTPStatusCode: 422, + StatusText: "Error rendering response.", + ErrorText: err.Error(), + } +} + +var ErrNotFound = &ErrResponse{HTTPStatusCode: 404, StatusText: "Resource not found."} diff --git a/server/api/response.go b/server/api/response.go new file mode 100644 index 0000000..b7b04e2 --- /dev/null +++ b/server/api/response.go @@ -0,0 +1,23 @@ +package api + +import ( + "net/http" + + "github.com/go-chi/render" +) + +func NewUserPayloadResponse(user *User) *UserPayload { + return &UserPayload{User: user} +} + +func NewUserListResponse(users []*User) []render.Renderer { + list := []render.Renderer{} + for _, user := range users { + list = append(list, NewUserPayloadResponse(user)) + } + return list +} + +func (u *UserPayload) Render(w http.ResponseWriter, r *http.Request) error { + return nil +} diff --git a/server/api/user.go b/server/api/user.go index bcf0220..8e0e55b 100644 --- a/server/api/user.go +++ b/server/api/user.go @@ -4,6 +4,7 @@ import ( "log/slog" "net/http" + "github.com/go-chi/render" "github.com/google/uuid" ) @@ -17,6 +18,70 @@ func Whoami(w http.ResponseWriter, r *http.Request) { } } +func ListUsers(w http.ResponseWriter, r *http.Request) { + slog.Debug("user: entering ListUsers handler") + dbUsers, err := dbGetAllUsers() + if err != nil { + slog.Error("user: failed to fetch users", "error", err) + render.Render(w, r, ErrRender(err)) + return + } + + slog.Debug("user: successfully fetched users", "count", len(dbUsers)) + if err := render.RenderList(w, r, NewUserListResponse(dbUsers)); err != nil { + slog.Error("user: failed to render user list response", "error", err) + render.Render(w, r, ErrRender(err)) + return + } +} + +func newUserID() uuid.UUID { + return uuid.New() +} + +func NewUser(w http.ResponseWriter, r *http.Request) { + slog.Debug("user: entering NewUser handler") + err := r.ParseMultipartForm(64 << 10) + if err != nil { + slog.Error("user: failed to parse multipartform", "error", err) + http.Error(w, "Unable to parse form", http.StatusBadRequest) + return + } + + newUserName := r.FormValue("name") + password := r.FormValue("password") + if newUserName == "" || password == "" { + slog.Error("user: username or password is empty") + http.Error(w, "Username and password cannot be empty", http.StatusBadRequest) + return + } + + slog.Debug("user: hashing password for new user", "userName", newUserName) + hashedPassword, err := hashPassword(password) + if err != nil { + slog.Error("user: failed to hash password", "error", err) + http.Error(w, "Unable to hash password", http.StatusInternalServerError) + return + } + + newUser := User{ + ID: newUserID(), + Name: newUserName, + Password: hashedPassword, + } + + slog.Debug("user: adding new user to database", "userID", newUser.ID, "userName", newUser.Name) + err = dbAddUser(&newUser) + if err != nil { + slog.Error("user: failed to add new user", "userID", newUser.ID, "userName", newUser.Name, "error", err) + render.Render(w, r, ErrRender(err)) + return + } + + slog.Debug("user: successfully added new user", "userID", newUser.ID, "userName", newUser.Name) + render.Render(w, r, NewUserPayloadResponse(&newUser)) +} + type User struct { ID uuid.UUID `json:"id"` Name string `json:"name"` diff --git a/server/go.mod b/server/go.mod index 1175eff..86a7b50 100644 --- a/server/go.mod +++ b/server/go.mod @@ -3,11 +3,14 @@ module git.dubyatp.xyz/dubyatp/scannerbot/server go 1.26.3 require ( + github.com/ajg/form v1.5.1 // indirect github.com/go-chi/chi/v5 v5.2.5 // indirect + github.com/go-chi/render v1.0.3 // indirect github.com/gocql/gocql v1.7.0 // indirect github.com/golang/snappy v0.0.3 // indirect github.com/google/uuid v1.6.0 // indirect github.com/hailocab/go-hostpool v0.0.0-20160125115350-e80d13ce29ed // indirect github.com/joho/godotenv v1.5.1 // indirect + golang.org/x/crypto v0.51.0 // indirect gopkg.in/inf.v0 v0.9.1 // indirect ) diff --git a/server/go.sum b/server/go.sum index c6b5ddf..8473323 100644 --- a/server/go.sum +++ b/server/go.sum @@ -1,8 +1,12 @@ +github.com/ajg/form v1.5.1 h1:t9c7v8JUKu/XxOGBU0yjNpaMloxGEJhUkqFRq0ibGeU= +github.com/ajg/form v1.5.1/go.mod h1:uL1WgH+h2mgNtvBq0339dVnzXdBETtL2LeUXaIv25UY= github.com/bitly/go-hostpool v0.0.0-20171023180738-a3a6125de932/go.mod h1:NOuUCSz6Q9T7+igc/hlvDOUdtWKryOrtFyIVABv/p7k= github.com/bmizerany/assert v0.0.0-20160611221934-b7ed37b82869/go.mod h1:Ekp36dRnpXw/yCqJaO+ZrUyxD+3VXMFFr56k5XYrpB4= github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/go-chi/chi/v5 v5.2.5 h1:Eg4myHZBjyvJmAFjFvWgrqDTXFyOzjj7YIm3L3mu6Ug= github.com/go-chi/chi/v5 v5.2.5/go.mod h1:X7Gx4mteadT3eDOMTsXzmI4/rwUpOwBHLpAfupzFJP0= +github.com/go-chi/render v1.0.3 h1:AsXqd2a1/INaIfUSKq3G5uA8weYx20FOsM7uSoCyyt4= +github.com/go-chi/render v1.0.3/go.mod h1:/gr3hVkmYR0YlEy3LxCuVRFzEu9Ruok+gFqbIofjao0= github.com/gocql/gocql v1.7.0 h1:O+7U7/1gSN7QTEAaMEsJc1Oq2QHXvCWoF3DFK9HDHus= github.com/gocql/gocql v1.7.0/go.mod h1:vnlvXyFZeLBF0Wy+RS8hrOdbn0UWsWtdg07XJnFxZ+4= github.com/golang/snappy v0.0.3 h1:fHPg5GQYlCeLIPB9BZqMVR5nR9A+IM5zcgeTdjMYmLA= @@ -19,5 +23,7 @@ github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI= github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI= +golang.org/x/crypto v0.51.0 h1:IBPXwPfKxY7cWQZ38ZCIRPI50YLeevDLlLnyC5wRGTI= +golang.org/x/crypto v0.51.0/go.mod h1:8AdwkbraGNABw2kOX6YFPs3WM22XqI4EXEd8g+x7Oc8= gopkg.in/inf.v0 v0.9.1 h1:73M5CoZyi3ZLMOyDlQh031Cx6N9NDJ2Vvfl76EDAgDc= gopkg.in/inf.v0 v0.9.1/go.mod h1:cWUDdTG/fYaXco+Dcufb5Vnc6Gp2YChqWtbxRZE0mXw=