diff --git a/src/api/auth.go b/src/api/auth.go index 4dbb289..049606d 100644 --- a/src/api/auth.go +++ b/src/api/auth.go @@ -71,19 +71,21 @@ func (a *Auth) checkPassword(username, password string) error { var user User result := a.db.Where(&User{Username: username}).Take(&user) if result.Error != nil { - // TODO + log.Printf("Error reading user from database: %s", result.Error) return result.Error } decodedHashPw, err := base64.StdEncoding.DecodeString(user.Password) if err != nil { - // TODO + log.Printf("Error decoding base64 password: %s", err) return err } err = bcrypt.CompareHashAndPassword(decodedHashPw, []byte(password)) if err != nil { - // TODO + if err != bcrypt.ErrMismatchedHashAndPassword { + log.Printf("Unexpected error comparing hash and pw: %s", err) + } return err } @@ -94,7 +96,7 @@ func (a *Auth) checkPassword(username, password string) error { func (a *Auth) deleteUser(username string) error { result := a.db.Model(&User{}).Where(&User{Username: username}).Delete(&User{}) if result.Error != nil { - // TODO + log.Printf("Error deleting user from database: %s", result.Error) return result.Error } return nil @@ -104,7 +106,7 @@ func (a *Auth) hasUser(username string) (bool, error) { var count int64 result := a.db.Model(&User{}).Where(&User{Username: username}).Count(&count) if result.Error != nil { - // TODO + log.Printf("Error cheking user exisits in database: %s", result.Error) return false, result.Error } return count == 1, nil @@ -114,7 +116,7 @@ func (a *Auth) getUser(username string) (User, error) { var user User result := a.db.Model(&User{}).Where(&User{Username: username}).Take(&user) if result.Error != nil { - // TODO + log.Printf("Error reading user from database: %s", result.Error) return User{}, result.Error } @@ -125,7 +127,7 @@ func (a *Auth) listUsers() ([]User, error) { var users []User result := a.db.Find(&users) if result.Error != nil { - // TODO + log.Printf("Error listing all users in database: %s", result.Error) return nil, result.Error } return users, nil @@ -135,7 +137,7 @@ func (a *Auth) addUser(user User) error { // encrypt password pwHash, err := bcrypt.GenerateFromPassword([]byte(user.Password), bcrypt.DefaultCost) if err != nil { - // TODO + log.Printf("Error generating bcrypt hash from password: %s", err) return err } @@ -144,7 +146,7 @@ func (a *Auth) addUser(user User) error { // add user to db result := a.db.Create(&user) if result.Error != nil { - // TODO + log.Printf("Error creating user in database: %s", result.Error) return result.Error } @@ -155,32 +157,24 @@ func (a *Auth) addUserWithHash(user User) error { // add user to db result := a.db.Create(&user) if result.Error != nil { - // TODO + log.Printf("Error creating user in database: %s", result.Error) return result.Error } return nil } -func (a *Auth) removeUser(username string) error { - result := a.db.Model(&User{}).Where(&User{Username: username}).Delete(&User{}) - if result.Error != nil { - // TODO - return result.Error - } - return nil -} - func (a *Auth) changePassword(username, password string) error { var user User result := a.db.Model(&User{}).Where(&User{Username: username}).Take(&user) if result.Error != nil { + log.Printf("Error reading user from database: %s", result.Error) return result.Error } hashPW, err := bcrypt.GenerateFromPassword([]byte(password), bcrypt.DefaultCost) if err != nil { - // TODO + log.Printf("Error generatig bcrypt hash from new password: %s", err) return err } @@ -188,6 +182,7 @@ func (a *Auth) changePassword(username, password string) error { result = a.db.Save(&user) if result.Error != nil { + log.Printf("Error resaving user in database: %s", result.Error) return result.Error } diff --git a/src/api/handlers.go b/src/api/handlers.go index f5a4a9c..1e3342c 100644 --- a/src/api/handlers.go +++ b/src/api/handlers.go @@ -4,6 +4,7 @@ import ( "encoding/json" "errors" "fmt" + "github.com/gorilla/sessions" "github.com/mroote/factorio-server-manager/bootstrap" "github.com/mroote/factorio-server-manager/factorio" "io" @@ -52,6 +53,26 @@ func ReadRequestBody(w http.ResponseWriter, r *http.Request, resp *interface{}) return } +func ReadSessionStore(w http.ResponseWriter, r *http.Request, resp *interface{}, name string) (session *sessions.Session, err error) { + session, err = sessionStore.Get(r, name) + if err != nil { + *resp = fmt.Sprintf("Error reading session cookie [%s]: %s", name, err) + log.Println(*resp) + w.WriteHeader(http.StatusInternalServerError) + } + return +} + +func SaveSession(w http.ResponseWriter, r *http.Request, resp *interface{}, session *sessions.Session) (err error) { + err = session.Save(r, w) + if err != nil { + *resp = fmt.Sprintf("Error saving session cookie: %s", err) + log.Println(*resp) + w.WriteHeader(http.StatusInternalServerError) + } + return +} + // Lists all save files in the factorio/saves directory func ListSaves(w http.ResponseWriter, r *http.Request) { var resp interface{} @@ -430,13 +451,11 @@ func LoginUser(w http.ResponseWriter, r *http.Request) { body, err := ReadRequestBody(w, r, &resp) if err != nil { - w.WriteHeader(http.StatusBadRequest) return } user, err := UnmarshallUserJson(body, &resp, w) if err != nil { - w.WriteHeader(http.StatusBadRequest) return } @@ -444,17 +463,21 @@ func LoginUser(w http.ResponseWriter, r *http.Request) { err = auth.checkPassword(user.Username, user.Password) if err != nil { - // TODO + resp = fmt.Sprintf("Password for use %s wrong", user.Username) + log.Println(resp) w.WriteHeader(http.StatusUnauthorized) return } - session, _ := sessionStore.Get(r, "authentication") - session.Values["username"] = user.Username - err = session.Save(r, w) + session, err := ReadSessionStore(w, r, &resp, "authentication") + if err != nil { + return + } + + session.Values["username"] = user.Username + + err = SaveSession(w, r, &resp, session) if err != nil { - // TODO - w.WriteHeader(http.StatusInternalServerError) return } @@ -474,16 +497,15 @@ func LogoutUser(w http.ResponseWriter, r *http.Request) { w.Header().Set("Content-Type", "application/json;charset=UTF-8") - session, err := sessionStore.Get(r, "authentication") + session, err := ReadSessionStore(w, r, &resp, "authentication") if err != nil { - // TODO return } delete(session.Values, "username") - err = session.Save(r, w) + + err = SaveSession(w, r, &resp, session) if err != nil { - // TODO return } @@ -501,16 +523,18 @@ func GetCurrentLogin(w http.ResponseWriter, r *http.Request) { w.Header().Set("Content-Type", "application/json;charset=UTF-8") - session, err := sessionStore.Get(r, "authentication") + session, err := ReadSessionStore(w, r, &resp, "authentication") if err != nil { - // TODO return } username := session.Values["username"].(string) + user, err := auth.getUser(username) if err != nil { - // TODO + resp = fmt.Sprintf("Error getting user: %s", err) + log.Println(resp) + w.WriteHeader(http.StatusInternalServerError) return } @@ -587,7 +611,7 @@ func RemoveUser(w http.ResponseWriter, r *http.Request) { return } - err = auth.removeUser(user.Username) + err = auth.deleteUser(user.Username) if err != nil { resp = fmt.Sprintf("Error in removing user {%s}, error: %s", user.Username, err) log.Println(resp) @@ -626,9 +650,8 @@ func ChangePassword(w http.ResponseWriter, r *http.Request) { // only allow to change its own password // get username from session cookie - session, err := sessionStore.Get(r, "authentication") + session, err := ReadSessionStore(w, r, &resp, "authentication") if err != nil { - // TODO return } @@ -637,21 +660,24 @@ func ChangePassword(w http.ResponseWriter, r *http.Request) { // check if password for user is correct err = auth.checkPassword(username, user.OldPassword) if err != nil { - // TODO + resp = fmt.Sprintf("Password for use %s wrong", username) + log.Println(resp) w.WriteHeader(http.StatusUnauthorized) return } // only run, when confirmation correct if user.NewPassword != user.NewPasswordConfirm { - // TODO + resp = fmt.Sprintf("Password confirmation incorrect") + log.Println(resp) w.WriteHeader(http.StatusBadRequest) return } err = auth.changePassword(username, user.NewPassword) if err != nil { - // TODO + resp = fmt.Sprintf("Error changing password: %s", err) + log.Println(resp) w.WriteHeader(http.StatusInternalServerError) return }