Compare commits

...

2 Commits

Author SHA1 Message Date
6c6a6dd329 feat(api): first user is admin
All checks were successful
continuous-integration/drone/push Build is passing
2024-02-25 19:40:36 -05:00
c4602c8c3b chore(db): update sqlc 2024-02-25 19:01:34 -05:00
6 changed files with 83 additions and 55 deletions

View File

@ -205,7 +205,7 @@ func (api *API) appAuthRegister(c *gin.Context) {
return return
} }
// Generate Auth Hash // Generate auth hash
rawAuthHash, err := utils.GenerateToken(64) rawAuthHash, err := utils.GenerateToken(64)
if err != nil { if err != nil {
log.Error("Failed to generate user token: ", err) log.Error("Failed to generate user token: ", err)
@ -214,31 +214,41 @@ func (api *API) appAuthRegister(c *gin.Context) {
return return
} }
// Create User in DB // Get current users
authHash := fmt.Sprintf("%x", rawAuthHash) currentUsers, err := api.db.Queries.GetUsers(api.db.Ctx)
rows, err := api.db.Queries.CreateUser(api.db.Ctx, database.CreateUserParams{
ID: username,
Pass: &hashedPassword,
AuthHash: &authHash,
})
// SQL Error
if err != nil { if err != nil {
log.Error("CreateUser DB Error:", err) log.Error("Failed to check all users: ", err)
templateVars["Error"] = "Registration Disabled or User Already Exists" templateVars["Error"] = "Failed to Create User"
c.HTML(http.StatusBadRequest, "page/login", templateVars) c.HTML(http.StatusBadRequest, "page/login", templateVars)
return return
} }
// User Already Exists // Determine if we should be admin
if rows == 0 { isAdmin := false
if len(currentUsers) == 0 {
isAdmin = true
}
// Create user in DB
authHash := fmt.Sprintf("%x", rawAuthHash)
if rows, err := api.db.Queries.CreateUser(api.db.Ctx, database.CreateUserParams{
ID: username,
Pass: &hashedPassword,
AuthHash: &authHash,
Admin: isAdmin,
}); err != nil {
log.Error("CreateUser DB Error:", err)
templateVars["Error"] = "Registration Disabled or User Already Exists"
c.HTML(http.StatusBadRequest, "page/login", templateVars)
return
} else if rows == 0 {
log.Warn("User Already Exists:", username) log.Warn("User Already Exists:", username)
templateVars["Error"] = "Registration Disabled or User Already Exists" templateVars["Error"] = "Registration Disabled or User Already Exists"
c.HTML(http.StatusBadRequest, "page/login", templateVars) c.HTML(http.StatusBadRequest, "page/login", templateVars)
return return
} }
// Get User // Get user
user, err := api.db.Queries.GetUser(api.db.Ctx, username) user, err := api.db.Queries.GetUser(api.db.Ctx, username)
if err != nil { if err != nil {
log.Error("GetUser DB Error:", err) log.Error("GetUser DB Error:", err)
@ -247,7 +257,7 @@ func (api *API) appAuthRegister(c *gin.Context) {
return return
} }
// Set Session // Set session
auth := authData{ auth := authData{
UserName: user.ID, UserName: user.ID,
IsAdmin: user.Admin, IsAdmin: user.Admin,
@ -289,6 +299,7 @@ func (api *API) koAuthRegister(c *gin.Context) {
return return
} }
// Generate password hash
hashedPassword, err := argon2.CreateHash(rUser.Password, argon2.DefaultParams) hashedPassword, err := argon2.CreateHash(rUser.Password, argon2.DefaultParams)
if err != nil { if err != nil {
log.Error("Argon2 Hash Failure:", err) log.Error("Argon2 Hash Failure:", err)
@ -296,7 +307,7 @@ func (api *API) koAuthRegister(c *gin.Context) {
return return
} }
// Generate Auth Hash // Generate auth hash
rawAuthHash, err := utils.GenerateToken(64) rawAuthHash, err := utils.GenerateToken(64)
if err != nil { if err != nil {
log.Error("Failed to generate user token: ", err) log.Error("Failed to generate user token: ", err)
@ -304,20 +315,32 @@ func (api *API) koAuthRegister(c *gin.Context) {
return return
} }
authHash := fmt.Sprintf("%x", rawAuthHash) // Get current users
rows, err := api.db.Queries.CreateUser(api.db.Ctx, database.CreateUserParams{ currentUsers, err := api.db.Queries.GetUsers(api.db.Ctx)
ID: rUser.Username,
Pass: &hashedPassword,
AuthHash: &authHash,
})
if err != nil { if err != nil {
log.Error("CreateUser DB Error:", err) log.Error("Failed to check all users: ", err)
apiErrorPage(c, http.StatusBadRequest, "Invalid User Data") apiErrorPage(c, http.StatusBadRequest, "Failed to Create User")
return return
} }
// User Exists // Determine if we should be admin
if rows == 0 { isAdmin := false
if len(currentUsers) == 0 {
isAdmin = true
}
// Create user
authHash := fmt.Sprintf("%x", rawAuthHash)
if rows, err := api.db.Queries.CreateUser(api.db.Ctx, database.CreateUserParams{
ID: rUser.Username,
Pass: &hashedPassword,
AuthHash: &authHash,
Admin: isAdmin,
}); err != nil {
log.Error("CreateUser DB Error:", err)
apiErrorPage(c, http.StatusBadRequest, "Invalid User Data")
return
} else if rows == 0 {
log.Error("User Already Exists:", rUser.Username) log.Error("User Already Exists:", rUser.Username)
apiErrorPage(c, http.StatusBadRequest, "User Already Exists") apiErrorPage(c, http.StatusBadRequest, "User Already Exists")
return return

View File

@ -1,6 +1,6 @@
// Code generated by sqlc. DO NOT EDIT. // Code generated by sqlc. DO NOT EDIT.
// versions: // versions:
// sqlc v1.21.0 // sqlc v1.25.0
package database package database

View File

@ -1,12 +1,10 @@
// Code generated by sqlc. DO NOT EDIT. // Code generated by sqlc. DO NOT EDIT.
// versions: // versions:
// sqlc v1.21.0 // sqlc v1.25.0
package database package database
import ( import ()
"database/sql"
)
type Activity struct { type Activity struct {
ID int64 `json:"id"` ID int64 `json:"id"`
@ -125,17 +123,17 @@ type ViewDocumentUserStatistic struct {
UserID string `json:"user_id"` UserID string `json:"user_id"`
Percentage float64 `json:"percentage"` Percentage float64 `json:"percentage"`
LastRead interface{} `json:"last_read"` LastRead interface{} `json:"last_read"`
ReadPercentage sql.NullFloat64 `json:"read_percentage"` ReadPercentage *float64 `json:"read_percentage"`
TotalTimeSeconds sql.NullFloat64 `json:"total_time_seconds"` TotalTimeSeconds *float64 `json:"total_time_seconds"`
TotalWordsRead interface{} `json:"total_words_read"` TotalWordsRead interface{} `json:"total_words_read"`
TotalWpm int64 `json:"total_wpm"` TotalWpm int64 `json:"total_wpm"`
YearlyTimeSeconds sql.NullFloat64 `json:"yearly_time_seconds"` YearlyTimeSeconds *float64 `json:"yearly_time_seconds"`
YearlyWordsRead interface{} `json:"yearly_words_read"` YearlyWordsRead interface{} `json:"yearly_words_read"`
YearlyWpm interface{} `json:"yearly_wpm"` YearlyWpm interface{} `json:"yearly_wpm"`
MonthlyTimeSeconds sql.NullFloat64 `json:"monthly_time_seconds"` MonthlyTimeSeconds *float64 `json:"monthly_time_seconds"`
MonthlyWordsRead interface{} `json:"monthly_words_read"` MonthlyWordsRead interface{} `json:"monthly_words_read"`
MonthlyWpm interface{} `json:"monthly_wpm"` MonthlyWpm interface{} `json:"monthly_wpm"`
WeeklyTimeSeconds sql.NullFloat64 `json:"weekly_time_seconds"` WeeklyTimeSeconds *float64 `json:"weekly_time_seconds"`
WeeklyWordsRead interface{} `json:"weekly_words_read"` WeeklyWordsRead interface{} `json:"weekly_words_read"`
WeeklyWpm interface{} `json:"weekly_wpm"` WeeklyWpm interface{} `json:"weekly_wpm"`
} }

View File

@ -26,8 +26,8 @@ VALUES (?, ?, ?, ?, ?, ?, ?, ?)
RETURNING *; RETURNING *;
-- name: CreateUser :execrows -- name: CreateUser :execrows
INSERT INTO users (id, pass, auth_hash) INSERT INTO users (id, pass, auth_hash, admin)
VALUES (?, ?, ?) VALUES (?, ?, ?, ?)
ON CONFLICT DO NOTHING; ON CONFLICT DO NOTHING;
-- name: DeleteDocument :execrows -- name: DeleteDocument :execrows

View File

@ -1,6 +1,6 @@
// Code generated by sqlc. DO NOT EDIT. // Code generated by sqlc. DO NOT EDIT.
// versions: // versions:
// sqlc v1.21.0 // sqlc v1.25.0
// source: query.sql // source: query.sql
package database package database
@ -113,8 +113,8 @@ func (q *Queries) AddMetadata(ctx context.Context, arg AddMetadataParams) (Metad
} }
const createUser = `-- name: CreateUser :execrows const createUser = `-- name: CreateUser :execrows
INSERT INTO users (id, pass, auth_hash) INSERT INTO users (id, pass, auth_hash, admin)
VALUES (?, ?, ?) VALUES (?, ?, ?, ?)
ON CONFLICT DO NOTHING ON CONFLICT DO NOTHING
` `
@ -122,10 +122,16 @@ type CreateUserParams struct {
ID string `json:"id"` ID string `json:"id"`
Pass *string `json:"-"` Pass *string `json:"-"`
AuthHash *string `json:"auth_hash"` AuthHash *string `json:"auth_hash"`
Admin bool `json:"-"`
} }
func (q *Queries) CreateUser(ctx context.Context, arg CreateUserParams) (int64, error) { func (q *Queries) CreateUser(ctx context.Context, arg CreateUserParams) (int64, error) {
result, err := q.db.ExecContext(ctx, createUser, arg.ID, arg.Pass, arg.AuthHash) result, err := q.db.ExecContext(ctx, createUser,
arg.ID,
arg.Pass,
arg.AuthHash,
arg.Admin,
)
if err != nil { if err != nil {
return 0, err return 0, err
} }

View File

@ -8,6 +8,7 @@ sql:
package: "database" package: "database"
out: "database" out: "database"
emit_json_tags: true emit_json_tags: true
emit_pointers_for_null_types: true
overrides: overrides:
# Documents # Documents
- column: "documents.md5" - column: "documents.md5"