Added endpoint to auth with username and password

src/db/accounts.go

@@ -58,7 +58,7 @@ func (d Db) AccountCreate(input AccountCreateInput) (CreatedAccount, error) {
 }
 
 // AccountGet fetches an account from the database
-func (d Db) AccountGet(accountID string, APIKey string) (Account, error) {
+func (d Db) AccountGet(accountID string, APIKey string, Name string) (Account, error) {
 	logContext := log.WithFields(log.Fields{
 		"accountID": accountID,
 		"APIKey":    len(APIKey),
@@ -75,6 +75,9 @@ func (d Db) AccountGet(accountID string, APIKey string) (Account, error) {
 	} else if APIKey != "" {
 		accountSQL = accountSQL + "\"apiKey\" = $1"
 		searchParam = APIKey
+	} else if Name != "" {
+		accountSQL = accountSQL + "name = $1"
+		searchParam = Name
 	}
 
 	accountErr := d.DbPool.QueryRow(context.Background(), accountSQL, searchParam).Scan(&account.ID, &account.Created, &account.Name, &account.Password)
@@ -114,7 +117,7 @@ func (d Db) AccountGet(accountID string, APIKey string) (Account, error) {
 func (d Db) RenewalTokenGet(accountID string) (string, error) {
 	logContext := log.WithFields(log.Fields{"accountID": accountID})
 
-	logContext.Debug("Createing new renewal token")
+	logContext.Debug("Creating new renewal token")
 
 	newToken := utils.RandString(60)
 

src/handlers/get.go

@@ -19,7 +19,7 @@ func (h Handlers) AccountGet(c *fiber.Ctx) error {
 		return c.Status(403).JSON([]ResJSONError{{Error: authErr.Error()}})
 	}
 
-	account, accountErr := h.Db.AccountGet(accountID, "")
+	account, accountErr := h.Db.AccountGet(accountID, "", "")
 	if accountErr != nil {
 		return c.Status(500).JSON([]ResJSONError{{Error: accountErr.Error()}})
 	}

src/handlers/post.go

@@ -75,7 +75,7 @@ func (h Handlers) AccountAuthAPIKey(c *fiber.Ctx) error {
 	inputAPIKey := string(c.Request().Body())
 	inputAPIKey = inputAPIKey[1 : len(inputAPIKey)-1]
 
-	resolvedAccount, accountErr := h.Db.AccountGet("", inputAPIKey)
+	resolvedAccount, accountErr := h.Db.AccountGet("", inputAPIKey, "")
 	if accountErr != nil {
 		if accountErr.Error() == "no rows in result set" {
 			return c.Status(403).JSON([]ResJSONError{{Error: "Invalid credentials"}})
@@ -86,3 +86,31 @@ func (h Handlers) AccountAuthAPIKey(c *fiber.Ctx) error {
 
 	return h.returnTokens(resolvedAccount, c)
 }
+
+// AccountAuthPassword auths a name/password pair
+func (h Handlers) AccountAuthPassword(c *fiber.Ctx) error {
+	type AuthInput struct {
+		Name     string `json:"name"`
+		Password string `json:"password"`
+	}
+
+	authInput := new(AuthInput)
+	if err := c.BodyParser(authInput); err != nil {
+		return c.Status(400).JSON([]ResJSONError{{Error: err.Error()}})
+	}
+
+	resolvedAccount, err := h.Db.AccountGet("", "", authInput.Name)
+	if err != nil {
+		if err.Error() == "No account found" {
+			return c.Status(403).JSON([]ResJSONError{{Error: "Invalid name or password"}})
+		}
+
+		return c.Status(500).JSON([]ResJSONError{{Error: err.Error()}})
+	}
+
+	if utils.CheckPasswordHash(authInput.Password, resolvedAccount.Password) == false {
+		return c.Status(403).JSON([]ResJSONError{{Error: "Invalid name or password"}})
+	}
+
+	return h.returnTokens(resolvedAccount, c)
+}

src/main.go

@@ -76,6 +76,7 @@ func main() {
 	app.Get("/account/:accountID", handlers.AccountGet)
 	app.Post("/account", handlers.AccountCreate)
 	app.Post("/auth/api-key", handlers.AccountAuthAPIKey)
+	app.Post("/auth/password", handlers.AccountAuthPassword)
 
 	log.WithFields(log.Fields{"WEB_BIND_HOST": os.Getenv("WEB_BIND_HOST")}).Info("Trying to start web server")