password encrypting

gbbocchini · gbbocchini · commit 08d257eb6149 · 2022-06-26T15:21:19.000-03:00
diff --git a/controllers/book.go b/controllers/book.go
@@ -32,7 +32,7 @@ func (c BookController) GetBook() http.HandlerFunc {
 		id, err := strconv.ParseInt(params["id"], 10, 0)
 
 		if err != nil {
-			utils.SendError(w, http.StatusNotFound, models.Error{Message: "id must be int convertible"})
+			utils.SendError(w, http.StatusBadRequest, models.Error{Message: "id must be int convertible"})
 			return
 		}
 
@@ -50,15 +50,27 @@ func (c BookController) GetBook() http.HandlerFunc {
 
 func (c BookController) AddBook() http.HandlerFunc {
 	return func(w http.ResponseWriter, r *http.Request) {
-		w.Header().Set("Content-Type", "application/json")
 		var newBookMap map[string]string
 		err := json.NewDecoder(r.Body).Decode(&newBookMap)
 
 		if err != nil {
-			utils.SendError(w, http.StatusNotFound, models.Error{Message: "all values must be strings"})
+			utils.SendError(w, http.StatusBadRequest, models.Error{Message: "all values must be strings"})
 			return
 		}
 
+		if newBookMap["title"] == "" || len(newBookMap["title"]) < 3 {
+			utils.SendError(w, http.StatusBadRequest, models.Error{Message: "title is mandatory"})
+		}
+
+		if newBookMap["author"] == "" || len(newBookMap["author"]) < 3 {
+			utils.SendError(w, http.StatusBadRequest, models.Error{Message: "author is mandatory"})
+		}
+
+		if newBookMap["utils"] == "" || len(newBookMap["year"]) < 4 {
+			utils.SendError(w, http.StatusBadRequest, models.Error{Message: "year is mandatory"})
+
+		}
+
 		newBookYear, _ := strconv.ParseInt(newBookMap["year"], 10, 0)
 		newBook := models.Book{
 			Title:  newBookMap["title"],
@@ -79,7 +91,6 @@ func (c BookController) AddBook() http.HandlerFunc {
 
 func (c BookController) UpdateBook() http.HandlerFunc {
 	return func(w http.ResponseWriter, r *http.Request) {
-		w.Header().Set("Content-Type", "application/json")
 		var updateData map[string]string
 		err := json.NewDecoder(r.Body).Decode(&updateData)
 
@@ -89,26 +100,38 @@ func (c BookController) UpdateBook() http.HandlerFunc {
 		}
 
 		bookId, errr := strconv.ParseInt(mux.Vars(r)["id"], 10, 0)
-		bookToUpdate := models.Book{ID: bookId}
 
 		if errr != nil {
 			utils.SendError(w, http.StatusBadRequest, models.Error{Message: "impossible to parse id"})
 		}
 
-		if updateData["title"] != "" {
+		bookToUpdate := models.Book{ID: bookId}
+
+		if len(updateData["title"]) > 3 {
 			bookToUpdate.Title = updateData["title"]
+		} else {
+			utils.SendError(w, http.StatusBadRequest, models.Error{Message: "title minimum length is 4"})
+			return
 		}
 
-		if updateData["author"] != "" {
+		if len(updateData["author"]) > 3 {
 			bookToUpdate.Author = updateData["author"]
+		} else {
+			utils.SendError(w, http.StatusBadRequest, models.Error{Message: "author minimum length is 4"})
+			return
 		}
 
-		if updateData["year"] != "" {
+		if len(updateData["year"]) > 4 {
 			newBookYear, err := strconv.ParseInt(updateData["year"], 10, 0)
+
 			if err != nil {
 				utils.SendError(w, http.StatusBadRequest, models.Error{Message: "impossible to parse year"})
 			}
+
 			bookToUpdate.Year = newBookYear
+		} else {
+			utils.SendError(w, http.StatusBadRequest, models.Error{Message: "year minimum length is 4"})
+			return
 		}
 
 		booksDao := daos.BookDAO{}
@@ -128,7 +151,7 @@ func (c BookController) RemoveBook() http.HandlerFunc {
 		idToRemove, err := strconv.ParseInt(mux.Vars(r)["id"], 10, 0)
 
 		if err != nil {
-			utils.SendError(w, 400, models.Error{Message: "impossible to parse id"})
+			utils.SendError(w, http.StatusBadRequest, models.Error{Message: "impossible to parse id"})
 			return
 		}
 
diff --git a/controllers/user.go b/controllers/user.go
@@ -17,42 +17,49 @@ type ResponseOutput struct {
 
 func (u UserController) SignupUser() http.HandlerFunc {
 	return func(w http.ResponseWriter, r *http.Request) {
-		User := models.User{}
-		json.NewDecoder(r.Body).Decode(&User)
+		user := models.User{}
+		json.NewDecoder(r.Body).Decode(&user)
 
-		if len(User.Name) < 3 {
+		if len(user.Name) < 3 {
 			utils.SendError(w, http.StatusBadRequest, models.Error{Message: "Name should be at least 3 characters long!"})
 			return
 		}
 
-		if len(User.Username) < 3 {
+		if len(user.Username) < 3 {
 			utils.SendError(w, http.StatusBadRequest, models.Error{Message: "Username should be at least 3 characters long!"})
 			return
 		}
 
-		if len(User.Email) < 3 {
+		if len(user.Email) < 3 {
 			utils.SendError(w, http.StatusBadRequest, models.Error{Message: "Email should be at least 3 characters long!"})
 			return
 		}
 
-		if len(User.Password) < 3 {
+		if len(user.Password) < 3 {
 			utils.SendError(w, http.StatusBadRequest, models.Error{Message: "Password should be at least 3 characters long!"})
 			return
 		}
 
-		userDao := daos.UsersDao{}
+		hashedPass, err := utils.HashPassword(user.Password)
+
+		if err != nil {
+			utils.SendError(w, http.StatusInternalServerError, models.Error{Message: "Couldn't hash password."})
+			return
+		}
 
-		_, err := userDao.CreateUser(User)
+		user.Password = hashedPass
+		userDao := daos.UsersDao{}
+		_, err = userDao.CreateUser(user)
 
 		if err != nil {
-			utils.SendError(w, http.StatusInternalServerError, models.Error{Message: "Failed To Add new User in database!"})
+			utils.SendError(w, http.StatusInternalServerError, models.Error{Message: "Failed To Add new user in database!"})
 			return
 		}
 
 		payload := utils.Payload{
-			Username: User.Username,
-			Email:    User.Email,
-			Id:       User.ID,
+			Username: user.Username,
+			Email:    user.Email,
+			Id:       user.ID,
 		}
 
 		token, err := utils.GenerateJwtToken(payload)
@@ -63,7 +70,7 @@ func (u UserController) SignupUser() http.HandlerFunc {
 
 		utils.SendSuccess(w, ResponseOutput{
 			Token: token,
-			User:  User,
+			User:  user,
 		})
 	}
 }
@@ -82,15 +89,19 @@ func (u UserController) LoginUser() http.HandlerFunc {
 			utils.SendError(w, http.StatusBadRequest, models.Error{Message: "Invalid Password!"})
 			return
 		}
+
 		userDao := daos.UsersDao{}
 		user, err := userDao.GetUser(credentials)
+
 		if err != nil {
 			utils.SendError(w, http.StatusBadRequest, models.Error{Message: "Invalid Username/Email, Please Signup!"})
 			return
 		}
 
-		if user.Password != credentials["password"] {
-			utils.SendError(w, http.StatusNotFound, models.Error{Message: "Invalid Credentials!"})
+		isCorrectPass := utils.CheckPasswordHash(credentials["password"], user.Password)
+
+		if !isCorrectPass {
+			utils.SendError(w, http.StatusBadRequest, models.Error{Message: "Invalid Credentials!"})
 			return
 		}
 
@@ -101,11 +112,14 @@ func (u UserController) LoginUser() http.HandlerFunc {
 		}
 
 		token, err := utils.GenerateJwtToken(payload)
+
 		if err != nil {
 			utils.SendError(w, http.StatusInternalServerError, models.Error{Message: "Failed To Generate New JWT Token!"})
 			return
 		}
 
+		user.Password = ""
+
 		utils.SendSuccess(w, ResponseOutput{
 			Token: token,
 			User:  user,
diff --git a/database/db.go b/database/db.go
@@ -31,10 +31,19 @@ func CreateTablesAndPrePopulate() {
 	}
 
 	books := []models.Book{
-		{Title: "Book1", Author: "Author1", Year: 1990},
-		{Title: "Book2", Author: "Author2", Year: 2022},
+		{Title: "Book1", Author: "Author1", Year: 1983},
+		{Title: "Book2", Author: "Author2", Year: 1990},
+		{Title: "Book3", Author: "Author3", Year: 2000},
+		{Title: "Book4", Author: "Author4", Year: 2010},
+		{Title: "Book5", Author: "Author5", Year: 2020},
+		{Title: "Book6", Author: "Author6", Year: 2022},
 	}
 
-	Db.NewInsert().Model(&books).Exec(DbContext)
+	_, err = Db.NewInsert().Model(&books).Exec(DbContext)
+
+	if err != nil {
+		fmt.Println("Could not create sample books on database table 'books', please check...")
+		return
+	}
 
 }
diff --git a/main.go b/main.go
@@ -6,22 +6,12 @@ import (
 	"github.com/subosito/gotenv"
 	"log"
 	"net/http"
-	"rest/controllers"
 	"rest/database"
-	"rest/middlewares"
+	"rest/routes"
 )
 
 func main() {
-	router, userController, booksController := start()
-
-	router.HandleFunc("/auth/login", userController.LoginUser()).Methods(http.MethodPost)
-	router.HandleFunc("/auth/signup", userController.SignupUser()).Methods(http.MethodPost)
-
-	router.HandleFunc("/books", middlewares.CheckAuth(booksController.GetBooks())).Methods(http.MethodGet)
-	router.HandleFunc("/books/{id}", middlewares.CheckAuth(booksController.GetBook())).Methods(http.MethodGet)
-	router.HandleFunc("/books", middlewares.CheckAuth(booksController.AddBook())).Methods(http.MethodPost)
-	router.HandleFunc("/books/{id}", middlewares.CheckAuth(booksController.UpdateBook())).Methods(http.MethodPut)
-	router.HandleFunc("/books/{id}", middlewares.CheckAuth(booksController.RemoveBook())).Methods(http.MethodDelete)
+	router := initialSetupAndGetRouter()
 
 	log.Println("Server started at port 8000...")
 	log.Fatal(http.ListenAndServe(":8000", handlers.CORS(
@@ -30,17 +20,15 @@ func main() {
 		handlers.AllowedOrigins([]string{"*"}))(router)))
 }
 
-func start() (*mux.Router, controllers.UserController, controllers.BookController) {
+func initialSetupAndGetRouter() *mux.Router {
 	err := gotenv.Load()
 
 	if err != nil {
-		panic("Could not load env vars, exiting.")
+		log.Fatal("Could not load env vars, exiting.")
 	}
 
 	database.CreateTablesAndPrePopulate()
-	router := mux.NewRouter()
-	booksController := controllers.BookController{}
-	userController := controllers.UserController{}
+	router := routes.GetRouter()
 
-	return router, userController, booksController
+	return router
 }
diff --git a/routes/routes.go b/routes/routes.go
@@ -0,0 +1,25 @@
+package routes
+
+import (
+	"github.com/gorilla/mux"
+	"net/http"
+	"rest/controllers"
+	"rest/middlewares"
+)
+
+func GetRouter() *mux.Router {
+	booksController := controllers.BookController{}
+	userController := controllers.UserController{}
+	router := mux.NewRouter()
+
+	router.HandleFunc("/auth/login", userController.LoginUser()).Methods(http.MethodPost)
+	router.HandleFunc("/auth/signup", userController.SignupUser()).Methods(http.MethodPost)
+
+	router.HandleFunc("/books", middlewares.CheckAuth(booksController.GetBooks())).Methods(http.MethodGet)
+	router.HandleFunc("/books/{id}", middlewares.CheckAuth(booksController.GetBook())).Methods(http.MethodGet)
+	router.HandleFunc("/books", middlewares.CheckAuth(booksController.AddBook())).Methods(http.MethodPost)
+	router.HandleFunc("/books/{id}", middlewares.CheckAuth(booksController.UpdateBook())).Methods(http.MethodPut)
+	router.HandleFunc("/books/{id}", middlewares.CheckAuth(booksController.RemoveBook())).Methods(http.MethodDelete)
+
+	return router
+}
diff --git a/utils/jwt.go b/utils/jwt.go
@@ -26,7 +26,7 @@ var JWT_SECRET string
 
 func GenerateJwtToken(payload Payload) (string, error) {
 	if JWT_SECRET = os.Getenv("JWT_SECRET"); JWT_SECRET == "" {
-		log.Fatal("[ ERROR ] JWT_SECRET environment variable not provided!\n")
+		log.Fatal("JWT_SECRET environment variable not provided")
 	}
 
 	key := []byte(JWT_SECRET)
diff --git a/utils/passwords.go b/utils/passwords.go
@@ -0,0 +1,15 @@
+package utils
+
+import (
+	"golang.org/x/crypto/bcrypt"
+)
+
+func HashPassword(password string) (string, error) {
+	bytes, err := bcrypt.GenerateFromPassword([]byte(password), 14)
+	return string(bytes), err
+}
+
+func CheckPasswordHash(password, hash string) bool {
+	err := bcrypt.CompareHashAndPassword([]byte(hash), []byte(password))
+	return err == nil
+}
diff --git a/utils/responses.go b/utils/responses.go

Original file line number	Diff line number	Diff line change
`@@ -26,7 +26,7 @@ var JWT_SECRET string`
`26`	`26`
`27`	`27`	`func GenerateJwtToken(payload Payload) (string, error) {`
`28`	`28`	`if JWT_SECRET = os.Getenv("JWT_SECRET"); JWT_SECRET == "" {`
`29`		`- log.Fatal("[ ERROR ] JWT_SECRET environment variable not provided!\n")`
	`29`	`+ log.Fatal("JWT_SECRET environment variable not provided")`
`30`	`30`	`}`
`31`	`31`
`32`	`32`	`key := []byte(JWT_SECRET)`