2020-12-29 13:46:58 +01:00
|
|
|
package handlers
|
|
|
|
|
|
|
|
import (
|
2021-01-02 11:56:24 +01:00
|
|
|
"strings"
|
|
|
|
|
2020-12-29 13:46:58 +01:00
|
|
|
"github.com/gofiber/fiber/v2"
|
|
|
|
"github.com/google/uuid"
|
2021-01-02 11:56:24 +01:00
|
|
|
"gitlab.larvit.se/power-plan/auth/src/db"
|
|
|
|
"gitlab.larvit.se/power-plan/auth/src/utils"
|
2020-12-29 13:46:58 +01:00
|
|
|
)
|
|
|
|
|
2021-06-22 22:52:48 +02:00
|
|
|
// AccountCreate godoc
|
|
|
|
// @Summary Create an account
|
|
|
|
// @Description Create an account
|
|
|
|
// @ID account-create
|
|
|
|
// @Accept json
|
|
|
|
// @Produce json
|
|
|
|
// @Success 200 {object} db.CreatedAccount
|
|
|
|
// @Failure 401 {object} ResJSONError
|
|
|
|
// @Failure 403 {object} ResJSONError
|
|
|
|
// @Failure 415 {object} ResJSONError
|
|
|
|
// @Failure 500 {object} ResJSONError
|
|
|
|
// @Router /account [post]
|
2021-01-02 11:56:24 +01:00
|
|
|
func (h Handlers) AccountCreate(c *fiber.Ctx) error {
|
2021-01-03 18:21:42 +01:00
|
|
|
authErr := h.RequireAdminRole(c)
|
|
|
|
if authErr != nil {
|
|
|
|
return c.Status(403).JSON([]ResJSONError{{Error: authErr.Error()}})
|
|
|
|
}
|
|
|
|
|
2021-01-02 11:56:24 +01:00
|
|
|
type AccountInput struct {
|
2021-01-03 18:21:42 +01:00
|
|
|
Name string `json:"name"`
|
|
|
|
Password string `json:"password"`
|
|
|
|
Fields []db.AccountCreateInputFields `json:"fields"`
|
2020-12-29 13:46:58 +01:00
|
|
|
}
|
|
|
|
|
2021-01-02 11:56:24 +01:00
|
|
|
accountInput := new(AccountInput)
|
2020-12-29 13:46:58 +01:00
|
|
|
|
2021-01-02 11:56:24 +01:00
|
|
|
if err := c.BodyParser(accountInput); err != nil {
|
2020-12-29 13:46:58 +01:00
|
|
|
return c.Status(400).JSON([]ResJSONError{
|
|
|
|
{Error: err.Error()},
|
|
|
|
})
|
|
|
|
}
|
|
|
|
|
|
|
|
var errors []ResJSONError
|
|
|
|
|
2021-01-03 18:21:42 +01:00
|
|
|
if accountInput.Name == "" {
|
|
|
|
errors = append(errors, ResJSONError{Error: "Can not be empty", Field: "name"})
|
2020-12-29 13:46:58 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
if len(errors) != 0 {
|
|
|
|
return c.Status(400).JSON(errors)
|
|
|
|
}
|
|
|
|
|
2021-01-02 11:56:24 +01:00
|
|
|
newAccountID, uuidErr := uuid.NewRandom()
|
|
|
|
if uuidErr != nil {
|
2021-06-22 22:52:48 +02:00
|
|
|
h.Log.Fatal("Could not create new Uuid", "err", uuidErr.Error())
|
2021-01-02 11:56:24 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
hashedPwd, pwdErr := utils.HashPassword(accountInput.Password)
|
|
|
|
if pwdErr != nil {
|
2021-06-22 22:52:48 +02:00
|
|
|
h.Log.Fatal("Could not hash password", "err", pwdErr.Error())
|
2020-12-29 13:46:58 +01:00
|
|
|
}
|
|
|
|
|
2021-01-02 11:56:24 +01:00
|
|
|
createdAccount, err := h.Db.AccountCreate(db.AccountCreateInput{
|
2021-01-03 18:21:42 +01:00
|
|
|
ID: newAccountID,
|
|
|
|
Name: accountInput.Name,
|
|
|
|
APIKey: utils.RandString(60),
|
|
|
|
Fields: accountInput.Fields,
|
|
|
|
Password: hashedPwd,
|
2021-01-02 11:56:24 +01:00
|
|
|
})
|
|
|
|
|
|
|
|
if err != nil {
|
|
|
|
if strings.HasPrefix(err.Error(), "ERROR: duplicate key") {
|
|
|
|
return c.Status(409).JSON([]ResJSONError{{Error: "accountName is already taken"}})
|
|
|
|
}
|
|
|
|
return c.Status(500).JSON([]ResJSONError{{Error: err.Error()}})
|
|
|
|
}
|
|
|
|
|
|
|
|
return c.Status(201).JSON(createdAccount)
|
|
|
|
}
|
|
|
|
|
2021-06-22 22:52:48 +02:00
|
|
|
// AccountAuthAPIKey godoc
|
|
|
|
// @Summary Authenticate account by API Key
|
|
|
|
// @Description Authenticate account by API Key
|
|
|
|
// @ID auth-account-by-api-key
|
|
|
|
// @Accept json
|
|
|
|
// @Produce json
|
|
|
|
// @Success 200 {object} db.Account
|
|
|
|
// @Failure 401 {object} ResJSONError
|
|
|
|
// @Failure 403 {object} ResJSONError
|
|
|
|
// @Failure 415 {object} ResJSONError
|
|
|
|
// @Failure 500 {object} ResJSONError
|
|
|
|
// @Router /auth/api-key [post]
|
2021-01-02 11:56:24 +01:00
|
|
|
func (h Handlers) AccountAuthAPIKey(c *fiber.Ctx) error {
|
2021-01-03 18:21:42 +01:00
|
|
|
inputAPIKey := string(c.Request().Body())
|
|
|
|
inputAPIKey = inputAPIKey[1 : len(inputAPIKey)-1]
|
|
|
|
|
2021-01-05 16:23:18 +01:00
|
|
|
resolvedAccount, accountErr := h.Db.AccountGet("", inputAPIKey, "")
|
2021-01-03 18:21:42 +01:00
|
|
|
if accountErr != nil {
|
|
|
|
if accountErr.Error() == "no rows in result set" {
|
|
|
|
return c.Status(403).JSON([]ResJSONError{{Error: "Invalid credentials"}})
|
|
|
|
}
|
2021-06-22 22:52:48 +02:00
|
|
|
h.Log.Error("Something went wrong when trying to fetch account", "err", accountErr.Error())
|
2021-01-03 18:21:42 +01:00
|
|
|
return c.Status(500).JSON([]ResJSONError{{Error: "Something went wrong when trying to fetch account"}})
|
|
|
|
}
|
|
|
|
|
|
|
|
return h.returnTokens(resolvedAccount, c)
|
2020-12-29 13:46:58 +01:00
|
|
|
}
|
2021-01-05 16:23:18 +01:00
|
|
|
|
2021-06-22 22:52:48 +02:00
|
|
|
// AccountAuthPassword godoc
|
|
|
|
// @Summary Authenticate account by Password
|
|
|
|
// @Description Authenticate account by Password
|
|
|
|
// @ID auth-account-by-password
|
|
|
|
// @Accept json
|
|
|
|
// @Produce json
|
|
|
|
// @Success 200 {object} db.Account
|
|
|
|
// @Failure 401 {object} ResJSONError
|
|
|
|
// @Failure 403 {object} ResJSONError
|
|
|
|
// @Failure 415 {object} ResJSONError
|
|
|
|
// @Failure 500 {object} ResJSONError
|
|
|
|
// @Router /auth/password [post]
|
2021-01-05 16:23:18 +01:00
|
|
|
func (h Handlers) AccountAuthPassword(c *fiber.Ctx) error {
|
|
|
|
type AuthInput struct {
|
|
|
|
Name string `json:"name"`
|
|
|
|
Password string `json:"password"`
|
|
|
|
}
|
|
|
|
|
|
|
|
authInput := new(AuthInput)
|
|
|
|
if err := c.BodyParser(authInput); err != nil {
|
|
|
|
return c.Status(400).JSON([]ResJSONError{{Error: err.Error()}})
|
|
|
|
}
|
|
|
|
|
|
|
|
resolvedAccount, err := h.Db.AccountGet("", "", authInput.Name)
|
|
|
|
if err != nil {
|
|
|
|
if err.Error() == "No account found" {
|
|
|
|
return c.Status(403).JSON([]ResJSONError{{Error: "Invalid name or password"}})
|
|
|
|
}
|
|
|
|
|
|
|
|
return c.Status(500).JSON([]ResJSONError{{Error: err.Error()}})
|
|
|
|
}
|
|
|
|
|
|
|
|
if utils.CheckPasswordHash(authInput.Password, resolvedAccount.Password) == false {
|
|
|
|
return c.Status(403).JSON([]ResJSONError{{Error: "Invalid name or password"}})
|
|
|
|
}
|
|
|
|
|
|
|
|
return h.returnTokens(resolvedAccount, c)
|
|
|
|
}
|
2021-01-05 16:49:50 +01:00
|
|
|
|
2021-06-22 22:52:48 +02:00
|
|
|
// RenewToken godoc
|
|
|
|
// @Summary Renew token
|
|
|
|
// @Description Renew token
|
|
|
|
// @ID renew-token
|
|
|
|
// @Accept json
|
|
|
|
// @Produce json
|
|
|
|
// @Success 200 {object} db.Account
|
|
|
|
// @Failure 401 {object} ResJSONError
|
|
|
|
// @Failure 403 {object} ResJSONError
|
|
|
|
// @Failure 415 {object} ResJSONError
|
|
|
|
// @Failure 500 {object} ResJSONError
|
|
|
|
// @Router /renew-token [post]
|
|
|
|
func (h Handlers) RenewToken(c *fiber.Ctx) error {
|
2021-01-05 16:49:50 +01:00
|
|
|
inputToken := string(c.Request().Body())
|
|
|
|
inputToken = inputToken[1 : len(inputToken)-1]
|
|
|
|
|
|
|
|
foundAccountID, err := h.Db.RenewalTokenGet(inputToken)
|
|
|
|
if err != nil {
|
|
|
|
return c.Status(500).JSON([]ResJSONError{{Error: err.Error()}})
|
|
|
|
} else if foundAccountID == "" {
|
|
|
|
return c.Status(403).JSON([]ResJSONError{{Error: "Invalid token"}})
|
|
|
|
}
|
|
|
|
|
|
|
|
resolvedAccount, accountErr := h.Db.AccountGet(foundAccountID, "", "")
|
|
|
|
if accountErr != nil {
|
|
|
|
if accountErr.Error() == "no rows in result set" {
|
|
|
|
return c.Status(500).JSON([]ResJSONError{{Error: "Database missmatch. Token found, but account is missing."}})
|
|
|
|
}
|
2021-06-22 22:52:48 +02:00
|
|
|
h.Log.Error("Something went wrong when trying to fetch account", "err", accountErr.Error())
|
2021-01-05 16:49:50 +01:00
|
|
|
return c.Status(500).JSON([]ResJSONError{{Error: "Something went wrong when trying to fetch account"}})
|
|
|
|
}
|
|
|
|
|
|
|
|
rmErr := h.Db.RenewalTokenRm(inputToken)
|
|
|
|
if rmErr != nil {
|
2021-06-22 22:52:48 +02:00
|
|
|
h.Log.Error("Something went wrong when trying to fetch account", "err", rmErr.Error())
|
|
|
|
return c.Status(500).JSON([]ResJSONError{{Error: "Could not remove old token"}})
|
2021-01-05 16:49:50 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
return h.returnTokens(resolvedAccount, c)
|
|
|
|
}
|