aboutsummaryrefslogtreecommitdiff
path: root/api/internal/controllers/auth.go
blob: 744a88431001b3572daf120b127a2c6a80978951 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
package controllers

import (
	"encoding/base64"
	"net/http"
	"github.com/gin-gonic/gin"
	"water/api/database"
	"errors"
	"crypto/rand"
	"database/sql"
	
	"water/api/models"
	_ "github.com/mattn/go-sqlite3"
	"golang.org/x/crypto/bcrypt"
)

func AuthHandler (c *gin.Context) {
	username, password, ok := c.Request.BasicAuth()
	if !ok {
		c.Header("WWW-Authenticate", `Basic realm="Please enter your username and password."`)
		c.AbortWithStatus(http.StatusUnauthorized)
		return
	}

	db := database.EstablishDBConnection()
	defer func(db *sql.DB) {
		err := db.Close()
		if err != nil {
			c.JSON(http.StatusInternalServerError, gin.H{"error": err.Error()})
			return
		}
	}(db)

	var user models.User
	var preference models.Preference
	var size models.Size

	row := db.QueryRow("SELECT name, uuid, password, color, size, unit FROM Users u INNER JOIN Preferences p ON p.user_id = u.id INNER JOIN Sizes s ON p.size_id = s.id WHERE u.name = ?", username)
	if err := row.Scan(&user.Name, &user.UUID, &user.Password, &preference.Color, &size.Size, &size.Unit); err != nil {
		if errors.Is(err, sql.ErrNoRows) {
			c.AbortWithStatus(http.StatusUnauthorized)
			return
		}
	}

	if err := bcrypt.CompareHashAndPassword([]byte(user.Password), []byte(password)); err != nil {
		c.AbortWithStatus(http.StatusUnauthorized)
		return
	}

	preference.Size = size

	// Generate a simple API token
	apiToken := generateToken()
	c.JSON(http.StatusOK, gin.H{"token": apiToken, "user": user, "preferences": preference})
}

// generatToken will g
func generateToken() string {
	token := make([]byte, 32)
	_, err := rand.Read(token)
	if err != nil {
		return ""
	}
	return base64.StdEncoding.EncodeToString(token)
}