From 31c71bda74a08f40d896d1d7d6c1194e22540ac4 Mon Sep 17 00:00:00 2001 From: Evan Reichard Date: Sun, 28 Jan 2024 22:17:58 -0500 Subject: [PATCH] fix(settings): auth hash accidentally overridden --- api/auth.go | 20 ++++++++++++-------- database/models.go | 2 +- database/query.sql.go | 4 ++-- sqlc.yaml | 4 ++++ 4 files changed, 19 insertions(+), 11 deletions(-) diff --git a/api/auth.go b/api/auth.go index 5b54d3a..c479a65 100644 --- a/api/auth.go +++ b/api/auth.go @@ -44,12 +44,12 @@ func (api *API) authorizeCredentials(username string, password string) (auth *au } // Update Auth Cache - api.userAuthCache[user.ID] = user.AuthHash + api.userAuthCache[user.ID] = *user.AuthHash return &authData{ UserName: user.ID, IsAdmin: user.Admin, - AuthHash: user.AuthHash, + AuthHash: *user.AuthHash, } } @@ -215,10 +215,11 @@ func (api *API) appAuthRegister(c *gin.Context) { } // Create User in DB + authHash := fmt.Sprintf("%x", rawAuthHash) rows, err := api.db.Queries.CreateUser(api.db.Ctx, database.CreateUserParams{ ID: username, Pass: &hashedPassword, - AuthHash: fmt.Sprintf("%x", rawAuthHash), + AuthHash: &authHash, }) // SQL Error @@ -250,7 +251,7 @@ func (api *API) appAuthRegister(c *gin.Context) { auth := authData{ UserName: user.ID, IsAdmin: user.Admin, - AuthHash: user.AuthHash, + AuthHash: *user.AuthHash, } session := sessions.Default(c) if err := api.setSession(session, auth); err != nil { @@ -303,10 +304,11 @@ func (api *API) koAuthRegister(c *gin.Context) { return } + authHash := fmt.Sprintf("%x", rawAuthHash) rows, err := api.db.Queries.CreateUser(api.db.Ctx, database.CreateUserParams{ ID: rUser.Username, Pass: &hashedPassword, - AuthHash: fmt.Sprintf("%x", rawAuthHash), + AuthHash: &authHash, }) if err != nil { log.Error("CreateUser DB Error:", err) @@ -383,7 +385,7 @@ func (api *API) getUserAuthHash(username string) (string, error) { } // Update Cache - api.userAuthCache[username] = user.AuthHash + api.userAuthCache[username] = *user.AuthHash return api.userAuthCache[username], nil } @@ -397,9 +399,10 @@ func (api *API) rotateUserAuthHash(username string) error { } // Update User + authHash := fmt.Sprintf("%x", rawAuthHash) if _, err = api.db.Queries.UpdateUser(api.db.Ctx, database.UpdateUserParams{ UserID: username, - AuthHash: fmt.Sprintf("%x", rawAuthHash), + AuthHash: &authHash, }); err != nil { log.Error("UpdateUser DB Error: ", err) return err @@ -437,9 +440,10 @@ func (api *API) rotateAllAuthHashes() error { } // Update User + authHash := fmt.Sprintf("%x", rawAuthHash) if _, err = qtx.UpdateUser(api.db.Ctx, database.UpdateUserParams{ UserID: user.ID, - AuthHash: fmt.Sprintf("%x", rawAuthHash), + AuthHash: &authHash, }); err != nil { return err } diff --git a/database/models.go b/database/models.go index 6cb7d15..25dd50e 100644 --- a/database/models.go +++ b/database/models.go @@ -96,7 +96,7 @@ type Metadatum struct { type User struct { ID string `json:"id"` Pass *string `json:"-"` - AuthHash string `json:"auth_hash"` + AuthHash *string `json:"auth_hash"` Admin bool `json:"-"` TimeOffset *string `json:"time_offset"` CreatedAt string `json:"created_at"` diff --git a/database/query.sql.go b/database/query.sql.go index edeb6fc..37f4cb4 100644 --- a/database/query.sql.go +++ b/database/query.sql.go @@ -121,7 +121,7 @@ ON CONFLICT DO NOTHING type CreateUserParams struct { ID string `json:"id"` Pass *string `json:"-"` - AuthHash string `json:"auth_hash"` + AuthHash *string `json:"auth_hash"` } func (q *Queries) CreateUser(ctx context.Context, arg CreateUserParams) (int64, error) { @@ -1225,7 +1225,7 @@ RETURNING id, pass, auth_hash, admin, time_offset, created_at type UpdateUserParams struct { Password *string `json:"-"` - AuthHash string `json:"auth_hash"` + AuthHash *string `json:"auth_hash"` TimeOffset *string `json:"time_offset"` UserID string `json:"user_id"` } diff --git a/sqlc.yaml b/sqlc.yaml index 82de80c..b98198e 100644 --- a/sqlc.yaml +++ b/sqlc.yaml @@ -123,6 +123,10 @@ sql: go_type: type: "string" pointer: true + - column: "users.auth_hash" + go_type: + type: "string" + pointer: true # Override Time - db_type: "DATETIME"