diff options
Diffstat (limited to 'api/main.go')
-rw-r--r-- | api/main.go | 48 |
1 files changed, 30 insertions, 18 deletions
diff --git a/api/main.go b/api/main.go index 292a5f9..91b7929 100644 --- a/api/main.go +++ b/api/main.go | |||
@@ -10,6 +10,7 @@ import ( | |||
10 | 10 | ||
11 | "github.com/gin-gonic/gin" | 11 | "github.com/gin-gonic/gin" |
12 | _ "github.com/mattn/go-sqlite3" | 12 | _ "github.com/mattn/go-sqlite3" |
13 | "golang.org/x/crypto/bcrypt" | ||
13 | "water/api/lib" | 14 | "water/api/lib" |
14 | ) | 15 | ) |
15 | 16 | ||
@@ -29,6 +30,7 @@ func CORSMiddleware() gin.HandlerFunc { | |||
29 | } | 30 | } |
30 | } | 31 | } |
31 | 32 | ||
33 | // generatToken will g | ||
32 | func generateToken() string { | 34 | func generateToken() string { |
33 | token := make([]byte, 32) | 35 | token := make([]byte, 32) |
34 | rand.Read(token) | 36 | rand.Read(token) |
@@ -43,6 +45,7 @@ func establishDBConnection() *sql.DB { | |||
43 | return db | 45 | return db |
44 | } | 46 | } |
45 | 47 | ||
48 | |||
46 | func checkForTokenInContext(c *gin.Context) (string, error) { | 49 | func checkForTokenInContext(c *gin.Context) (string, error) { |
47 | authorizationHeader := c.GetHeader("Authorization") | 50 | authorizationHeader := c.GetHeader("Authorization") |
48 | if authorizationHeader == "" { | 51 | if authorizationHeader == "" { |
@@ -54,6 +57,7 @@ func checkForTokenInContext(c *gin.Context) (string, error) { | |||
54 | if len(parts) != 2 || parts[0] != "Bearer" { | 57 | if len(parts) != 2 || parts[0] != "Bearer" { |
55 | return "", errors.New("Invalid Authorization header format") | 58 | return "", errors.New("Invalid Authorization header format") |
56 | } | 59 | } |
60 | |||
57 | 61 | ||
58 | return parts[1], nil | 62 | return parts[1], nil |
59 | } | 63 | } |
@@ -73,15 +77,6 @@ func TokenRequired() gin.HandlerFunc { | |||
73 | } | 77 | } |
74 | } | 78 | } |
75 | 79 | ||
76 | type User struct { | ||
77 | Username string | ||
78 | Password string | ||
79 | } | ||
80 | |||
81 | var users = map[string]User{ | ||
82 | "user1": {"user1", "password1"}, | ||
83 | } | ||
84 | |||
85 | func setupRouter() *gin.Engine { | 80 | func setupRouter() *gin.Engine { |
86 | // Disable Console Color | 81 | // Disable Console Color |
87 | // gin.DisableConsoleColor() | 82 | // gin.DisableConsoleColor() |
@@ -100,16 +95,31 @@ func setupRouter() *gin.Engine { | |||
100 | return | 95 | return |
101 | } | 96 | } |
102 | 97 | ||
103 | user, exists := users[username] | 98 | db := establishDBConnection() |
99 | defer db.Close() | ||
100 | |||
101 | var user models.User | ||
102 | var preference models.Preference | ||
103 | var size models.Size | ||
104 | |||
105 | row := db.QueryRow("SELECT name, uuid, password, color, size, unit FROM Users u INNER JOIN Preferences p ON p.user_id = u.id INNER JOIN Sizes s ON p.size_id = s.id WHERE u.name = ?", username) | ||
106 | if err := row.Scan(&user.Name, &user.UUID, &user.Password, &preference.Color, &size.Size, &size.Unit); err != nil { | ||
107 | if err == sql.ErrNoRows { | ||
108 | c.AbortWithStatus(http.StatusUnauthorized) | ||
109 | return | ||
110 | } | ||
111 | } | ||
112 | |||
113 | if err := bcrypt.CompareHashAndPassword([]byte(user.Password), []byte(password)); err != nil { | ||
114 | c.AbortWithStatus(http.StatusUnauthorized) | ||
115 | return | ||
116 | } | ||
104 | 117 | ||
105 | if !exists || user.Password != password { | 118 | preference.Size = size |
106 | c.AbortWithStatus(http.StatusUnauthorized) | ||
107 | return | ||
108 | } | ||
109 | 119 | ||
110 | // Generate a simple API token | 120 | // Generate a simple API token |
111 | apiToken := generateToken() | 121 | apiToken := generateToken() |
112 | c.JSON(http.StatusOK, gin.H{"token": apiToken}) | 122 | c.JSON(http.StatusOK, gin.H{"token": apiToken, "user": user, "preferences": preference}) |
113 | }) | 123 | }) |
114 | 124 | ||
115 | stats := api.Group("stats") | 125 | stats := api.Group("stats") |
@@ -119,7 +129,7 @@ func setupRouter() *gin.Engine { | |||
119 | db := establishDBConnection() | 129 | db := establishDBConnection() |
120 | defer db.Close() | 130 | defer db.Close() |
121 | 131 | ||
122 | rows, err := db.Query("SELECT * FROM statistics"); | 132 | rows, err := db.Query("SELECT s.date, s.quantity, u.uuid, u.name FROM Statistics s INNER JOIN Users u ON u.id = s.user_id"); |
123 | if err != nil { | 133 | if err != nil { |
124 | c.JSON(500, gin.H{"error": err.Error()}) | 134 | c.JSON(500, gin.H{"error": err.Error()}) |
125 | return | 135 | return |
@@ -129,10 +139,12 @@ func setupRouter() *gin.Engine { | |||
129 | var data []models.Statistic | 139 | var data []models.Statistic |
130 | for rows.Next() { | 140 | for rows.Next() { |
131 | var stat models.Statistic | 141 | var stat models.Statistic |
132 | if err := rows.Scan(&stat.ID, &stat.Date, &stat.UserID, &stat.Quantity); err != nil { | 142 | var user models.User |
143 | if err := rows.Scan(&stat.Date, &stat.Quantity, &user.UUID, &user.Name); err != nil { | ||
133 | c.JSON(500, gin.H{"error": err.Error()}) | 144 | c.JSON(500, gin.H{"error": err.Error()}) |
134 | return | 145 | return |
135 | } | 146 | } |
147 | stat.User = user | ||
136 | data = append(data, stat) | 148 | data = append(data, stat) |
137 | } | 149 | } |
138 | 150 | ||
@@ -150,7 +162,7 @@ func setupRouter() *gin.Engine { | |||
150 | db := establishDBConnection() | 162 | db := establishDBConnection() |
151 | defer db.Close() | 163 | defer db.Close() |
152 | 164 | ||
153 | result, err := db.Exec("INSERT INTO statistics (date, user_id, quantity) values (?, ?, ?)", stat.Date, stat.UserID, stat.Quantity) | 165 | result, err := db.Exec("INSERT INTO statistics (date, user_id, quantity) values (?, ?, ?)", stat.Date, 1, stat.Quantity) |
154 | 166 | ||
155 | if err != nil { | 167 | if err != nil { |
156 | c.JSON(http.StatusBadRequest, gin.H{"error": err.Error()}) | 168 | c.JSON(http.StatusBadRequest, gin.H{"error": err.Error()}) |