add basic user authentication
This commit is contained in:
@@ -6,7 +6,12 @@ type bookPostCreate struct {
|
||||
Rating int `json:"rating" binding:"min=0,max=10"`
|
||||
}
|
||||
|
||||
type userPostCreate struct {
|
||||
type userSignup struct {
|
||||
Username string `json:"username" binding:"required,min=2,max=20"`
|
||||
Password string `json:"password" binding:"required,min=6,max=100"`
|
||||
}
|
||||
|
||||
type userLogin struct {
|
||||
Username string `json:"username" binding:"required,min=2,max=20"`
|
||||
Password string `json:"password" binding:"required,min=6,max=100"`
|
||||
}
|
||||
|
||||
@@ -13,7 +13,7 @@ func (b bookPostCreate) toBook() model.Book {
|
||||
}
|
||||
}
|
||||
|
||||
func (u userPostCreate) toUser() (model.User, error) {
|
||||
func (u userSignup) toUser() (model.User, error) {
|
||||
user := model.User{
|
||||
Name: u.Username,
|
||||
Password: "",
|
||||
|
||||
@@ -2,11 +2,14 @@ package api
|
||||
|
||||
import (
|
||||
"errors"
|
||||
"fmt"
|
||||
"net/http"
|
||||
|
||||
"git.artlef.fr/PersonalLibraryManager/internal/jwtauth"
|
||||
"git.artlef.fr/PersonalLibraryManager/internal/model"
|
||||
"github.com/gin-gonic/gin"
|
||||
"github.com/go-playground/validator/v10"
|
||||
"golang.org/x/crypto/bcrypt"
|
||||
"gorm.io/gorm"
|
||||
)
|
||||
|
||||
@@ -32,8 +35,8 @@ func PostBookHandler(c *gin.Context, db *gorm.DB) {
|
||||
c.String(200, "Success")
|
||||
}
|
||||
|
||||
func PostUserHandler(c *gin.Context, db *gorm.DB) {
|
||||
var user userPostCreate
|
||||
func PostSignupHandler(c *gin.Context, db *gorm.DB) {
|
||||
var user userSignup
|
||||
err := c.ShouldBindJSON(&user)
|
||||
if err != nil {
|
||||
manageBindingError(c, err)
|
||||
@@ -52,6 +55,37 @@ func PostUserHandler(c *gin.Context, db *gorm.DB) {
|
||||
c.String(200, "Success")
|
||||
}
|
||||
|
||||
func PostLoginHandler(c *gin.Context, db *gorm.DB) {
|
||||
var user userLogin
|
||||
err := c.ShouldBindJSON(&user)
|
||||
if err != nil {
|
||||
manageBindingError(c, err)
|
||||
return
|
||||
}
|
||||
|
||||
if !isUserAndPasswordOk(db, user.Username, user.Password) {
|
||||
c.JSON(http.StatusInternalServerError,
|
||||
gin.H{"error": "Invalid credentials."})
|
||||
return
|
||||
}
|
||||
|
||||
var jwtToken string
|
||||
jwtToken, err = jwtauth.GenerateJwtToken(user.Username)
|
||||
if err != nil {
|
||||
c.JSON(http.StatusUnauthorized,
|
||||
gin.H{"error": fmt.Errorf("Error when generating JWT token: %w", err)})
|
||||
return
|
||||
}
|
||||
c.JSON(200, gin.H{"message": "Authentication was a success.", "token": jwtToken})
|
||||
}
|
||||
|
||||
func isUserAndPasswordOk(db *gorm.DB, username string, password string) bool {
|
||||
var user model.User
|
||||
db.Where("name = ?", username).First(&user)
|
||||
err := bcrypt.CompareHashAndPassword([]byte(user.Password), []byte(password))
|
||||
return err == nil
|
||||
}
|
||||
|
||||
func manageBindingError(c *gin.Context, err error) {
|
||||
var ve validator.ValidationErrors
|
||||
if errors.As(err, &ve) {
|
||||
|
||||
Reference in New Issue
Block a user