GoScrobble/internal/goscrobble/user.go

package goscrobble

import (
	"database/sql"
	"encoding/json"
	"errors"
	"fmt"
	"log"
	"net"
	"strings"
	"time"

	"golang.org/x/crypto/bcrypt"
)

const bCryptCost = 16

type User struct {
	UUID       string    `json:"uuid"`
	CreatedAt  time.Time `json:"created_at"`
	CreatedIp  net.IP    `json:"created_ip"`
	ModifiedAt time.Time `json:"modified_at"`
	ModifiedIP net.IP    `jsos:"modified_ip"`
	Username   string    `json:"username"`
	Password   []byte    `json:"password"`
	Email      string    `json:"email"`
	Verified   bool      `json:"verified"`
	Active     bool      `json:"active"`
	Admin      bool      `json:"admin"`
}

// RegisterRequest - Incoming JSON
type RegisterRequest struct {
	Username string `json:"username"`
	Email    string `json:"email"`
	Password string `json:"password"`
}

// RegisterRequest - Incoming JSON
type LoginRequest struct {
	Username string `json:"username"`
	Password string `json:"password"`
}

// LoginResponse - JWT issued
type LoginResponse struct {
	Token string `json:"token"`
}

// createUser - Called from API
func createUser(req *RegisterRequest, ip net.IP) error {
	// Check if user already exists..
	if len(req.Password) < 8 {
		return errors.New("Password must be at least 8 characters")
	}

	// Check Username is set
	if req.Username == "" {
		return errors.New("A username is required")
	}

	// Check username is valid
	if !isUsernameValid(req.Username) {
		return errors.New("Username contains invalid characters")
	}

	// If set an email.. validate it!
	if req.Email != "" {
		if !isEmailValid(req.Email) {
			return errors.New("Invalid email address")
		}
	}

	// Check if user or email exists!
	if userAlreadyExists(req) {
		return errors.New("Username or email already exists")
	}

	// Lets hashit!
	hash, err := hashPassword(req.Password)
	if err != nil {
		return err
	}

	return insertUser(req.Username, req.Email, hash, ip)
}

func loginUser(logReq *LoginRequest, ip net.IP) ([]byte, error) {
	var resp []byte
	var user User

	if logReq.Username == "" {
		return resp, errors.New("A username is required")
	}

	if logReq.Password == "" {
		return resp, errors.New("A password is required")
	}

	if strings.Contains(logReq.Username, "@") {
		err := db.QueryRow("SELECT BIN_TO_UUID(`uuid`, true), `username`, `email`, `password` FROM `users` WHERE `email` = ? AND `active` = 1",
			logReq.Username).Scan(&user.UUID, &user.Username, &user.Email, &user.Password)
		if err != nil {
			if err == sql.ErrNoRows {
				return resp, errors.New("Invalid Username or Password")
			}
		}
	} else {
		err := db.QueryRow("SELECT BIN_TO_UUID(`uuid`, true), `username`, `email`, `password` FROM `users` WHERE `username` = ? AND `active` = 1",
			logReq.Username).Scan(&user.UUID, &user.Username, &user.Email, &user.Password)
		if err == sql.ErrNoRows {
			return resp, errors.New("Invalid Username or Password")
		}
	}

	if !isValidPassword(logReq.Password, user) {
		return resp, errors.New("Invalid Username or Password")
	}

	// Issue JWT + Response
	token, err := generateJWTToken(user)
	if err != nil {
		log.Printf("Error generating JWT: %v", err)
		return resp, errors.New("Error logging in")
	}

	loginResp := LoginResponse{
		Token: token,
	}

	resp, _ = json.Marshal(&loginResp)
	return resp, nil
}

// insertUser - Does the dirtywork!
func insertUser(username string, email string, password []byte, ip net.IP) error {
	token := generateToken(32)
	_, err := db.Exec("INSERT INTO users (uuid, created_at, created_ip, modified_at, modified_ip, username, email, password, token) "+
		"VALUES (UUID_TO_BIN(UUID(), true),NOW(),?,NOW(),?,?,?,?,?)", ip, ip, username, email, password, token)

	return err
}

func updateUser(uuid string, field string, value string, ip net.IP) error {
	_, err := db.Exec("UPDATE users SET ? = ?, modified_at = NOW(), modified_ip = ? WHERE uuid = ?", field, value, uuid, ip)

	return err
}

func updateUserDirect(uuid string, field string, value string) error {
	_, err := db.Exec("UPDATE users SET ? = ? WHERE uuid = ?", field, value, uuid)

	return err
}

// hashPassword - Returns bcrypt hash
func hashPassword(password string) ([]byte, error) {
	return bcrypt.GenerateFromPassword([]byte(password), bCryptCost)
}

// isValidPassword - Checks if password is valid
func isValidPassword(password string, user User) bool {
	err := bcrypt.CompareHashAndPassword(user.Password, []byte(password))
	if err != nil {
		return false
	}

	return true
}

// userAlreadyExists - Returns bool indicating if a record exists for either username or email
// Using two look ups to make use of DB indexes.
func userAlreadyExists(req *RegisterRequest) bool {
	count, err := getDbCount("SELECT COUNT(*) FROM users WHERE username = ?", req.Username)
	if err != nil {
		fmt.Printf("Error querying for duplicate users: %v", err)
		return true
	}

	if count > 0 {
		return true
	}

	if req.Email != "" {
		// Only run email check if there's an email...
		count, err = getDbCount("SELECT COUNT(*) FROM users WHERE email = ?", req.Email)
	}

	if err != nil {
		fmt.Printf("Error querying for duplicate users: %v", err)
		return true
	}

	return count > 0
}
Initial Commit 2021-03-23 08:43:44 +00:00			`package goscrobble`
Add user table + funcs 2021-03-24 09:28:05 +00:00
			`import (`
Issue JWT on login 2021-03-25 23:21:28 +00:00			`"database/sql"`
			`"encoding/json"`
Add user table + funcs 2021-03-24 09:28:05 +00:00			`"errors"`
			`"fmt"`
Issue JWT on login 2021-03-25 23:21:28 +00:00			`"log"`
			`"net"`
			`"strings"`
Register API complete, email validation too 2021-03-25 10:09:17 +00:00			`"time"`
Add user table + funcs 2021-03-24 09:28:05 +00:00
			`"golang.org/x/crypto/bcrypt"`
			`)`

			`const bCryptCost = 16`

			`type User struct {`
Issue JWT on login 2021-03-25 23:21:28 +00:00			UUID string `json:"uuid"`
			CreatedAt time.Time `json:"created_at"`
			CreatedIp net.IP `json:"created_ip"`
			ModifiedAt time.Time `json:"modified_at"`
			ModifiedIP net.IP `jsos:"modified_ip"`
			Username string `json:"username"`
			Password []byte `json:"password"`
			Email string `json:"email"`
			Verified bool `json:"verified"`
			Active bool `json:"active"`
			Admin bool `json:"admin"`
Register API complete, email validation too 2021-03-25 10:09:17 +00:00			`}`

			`// RegisterRequest - Incoming JSON`
			`type RegisterRequest struct {`
Add user table + funcs 2021-03-24 09:28:05 +00:00			Username string `json:"username"`
			Email string `json:"email"`
Register API complete, email validation too 2021-03-25 10:09:17 +00:00			Password string `json:"password"`
Add user table + funcs 2021-03-24 09:28:05 +00:00			`}`

Issue JWT on login 2021-03-25 23:21:28 +00:00			`// RegisterRequest - Incoming JSON`
			`type LoginRequest struct {`
			Username string `json:"username"`
			Password string `json:"password"`
			`}`

			`// LoginResponse - JWT issued`
			`type LoginResponse struct {`
			Token string `json:"token"`
			`}`

Add user table + funcs 2021-03-24 09:28:05 +00:00			`// createUser - Called from API`
Issue JWT on login 2021-03-25 23:21:28 +00:00			`func createUser(req *RegisterRequest, ip net.IP) error {`
Add user table + funcs 2021-03-24 09:28:05 +00:00			`// Check if user already exists..`
Register API complete, email validation too 2021-03-25 10:09:17 +00:00			`if len(req.Password) < 8 {`
Add user table + funcs 2021-03-24 09:28:05 +00:00			`return errors.New("Password must be at least 8 characters")`
			`}`

Issue JWT on login 2021-03-25 23:21:28 +00:00			`// Check Username is set`
Register API complete, email validation too 2021-03-25 10:09:17 +00:00			`if req.Username == "" {`
Add user table + funcs 2021-03-24 09:28:05 +00:00			`return errors.New("A username is required")`
			`}`

0.0.5 - Only allow ItemType:Audio from Jellyfin - Fix NavBar for Mobile (Ugly hack but.. TO REWORK) - Fixed registration page issues - Add functionality to pull recent scrobbles to Dashboard - Add MX record lookup validation for emails - Add username validation for a-Z 0-9 _ and . - Dashboard shows basic table of last 500 scrobbles. 2021-03-30 08:36:28 +00:00			`// Check username is valid`
			`if !isUsernameValid(req.Username) {`
Issue JWT on login 2021-03-25 23:21:28 +00:00			`return errors.New("Username contains invalid characters")`
			`}`

Register API complete, email validation too 2021-03-25 10:09:17 +00:00			`// If set an email.. validate it!`
			`if req.Email != "" {`
			`if !isEmailValid(req.Email) {`
			`return errors.New("Invalid email address")`
			`}`
			`}`

Add user table + funcs 2021-03-24 09:28:05 +00:00			`// Check if user or email exists!`
Register API complete, email validation too 2021-03-25 10:09:17 +00:00			`if userAlreadyExists(req) {`
Add user table + funcs 2021-03-24 09:28:05 +00:00			`return errors.New("Username or email already exists")`
			`}`

			`// Lets hashit!`
Register API complete, email validation too 2021-03-25 10:09:17 +00:00			`hash, err := hashPassword(req.Password)`
Add user table + funcs 2021-03-24 09:28:05 +00:00			`if err != nil {`
			`return err`
			`}`

Issue JWT on login 2021-03-25 23:21:28 +00:00			`return insertUser(req.Username, req.Email, hash, ip)`
			`}`

			`func loginUser(logReq *LoginRequest, ip net.IP) ([]byte, error) {`
			`var resp []byte`
			`var user User`

			`if logReq.Username == "" {`
Tidy Login buttons and add API_URL env var 2021-03-27 04:05:05 +00:00			`return resp, errors.New("A username is required")`
Issue JWT on login 2021-03-25 23:21:28 +00:00			`}`

			`if logReq.Password == "" {`
Tidy Login buttons and add API_URL env var 2021-03-27 04:05:05 +00:00			`return resp, errors.New("A password is required")`
Issue JWT on login 2021-03-25 23:21:28 +00:00			`}`

			`if strings.Contains(logReq.Username, "@") {`
- Login flow working.. - Jellyfin scrobble working - Returns scrobbles via API for authed users /api/v1/user/{uuid}/scrobble - Add redis handler + funcs - Move middleware to pass in uuid as needed 2021-03-29 07:56:34 +00:00			err := db.QueryRow("SELECT BIN_TO_UUID(`uuid`, true), `username`, `email`, `password` FROM `users` WHERE `email` = ? AND `active` = 1",
			`logReq.Username).Scan(&user.UUID, &user.Username, &user.Email, &user.Password)`
Issue JWT on login 2021-03-25 23:21:28 +00:00			`if err != nil {`
			`if err == sql.ErrNoRows {`
			`return resp, errors.New("Invalid Username or Password")`
			`}`
			`}`
			`} else {`
- Login flow working.. - Jellyfin scrobble working - Returns scrobbles via API for authed users /api/v1/user/{uuid}/scrobble - Add redis handler + funcs - Move middleware to pass in uuid as needed 2021-03-29 07:56:34 +00:00			err := db.QueryRow("SELECT BIN_TO_UUID(`uuid`, true), `username`, `email`, `password` FROM `users` WHERE `username` = ? AND `active` = 1",
			`logReq.Username).Scan(&user.UUID, &user.Username, &user.Email, &user.Password)`
Issue JWT on login 2021-03-25 23:21:28 +00:00			`if err == sql.ErrNoRows {`
			`return resp, errors.New("Invalid Username or Password")`
			`}`
			`}`

			`if !isValidPassword(logReq.Password, user) {`
			`return resp, errors.New("Invalid Username or Password")`
			`}`

			`// Issue JWT + Response`
- Login flow working.. - Jellyfin scrobble working - Returns scrobbles via API for authed users /api/v1/user/{uuid}/scrobble - Add redis handler + funcs - Move middleware to pass in uuid as needed 2021-03-29 07:56:34 +00:00			`token, err := generateJWTToken(user)`
Issue JWT on login 2021-03-25 23:21:28 +00:00			`if err != nil {`
			`log.Printf("Error generating JWT: %v", err)`
			`return resp, errors.New("Error logging in")`
			`}`

			`loginResp := LoginResponse{`
			`Token: token,`
			`}`

			`resp, _ = json.Marshal(&loginResp)`
			`return resp, nil`
			`}`

Add user table + funcs 2021-03-24 09:28:05 +00:00			`// insertUser - Does the dirtywork!`
Issue JWT on login 2021-03-25 23:21:28 +00:00			`func insertUser(username string, email string, password []byte, ip net.IP) error {`
Scrobbles work! 2021-03-28 08:52:34 +00:00			`token := generateToken(32)`
			`_, err := db.Exec("INSERT INTO users (uuid, created_at, created_ip, modified_at, modified_ip, username, email, password, token) "+`
			`"VALUES (UUID_TO_BIN(UUID(), true),NOW(),?,NOW(),?,?,?,?,?)", ip, ip, username, email, password, token)`
Issue JWT on login 2021-03-25 23:21:28 +00:00
			`return err`
			`}`

Scrobbles work! 2021-03-28 08:52:34 +00:00			`func updateUser(uuid string, field string, value string, ip net.IP) error {`
Issue JWT on login 2021-03-25 23:21:28 +00:00			`_, err := db.Exec("UPDATE users SET ? = ?, modified_at = NOW(), modified_ip = ? WHERE uuid = ?", field, value, uuid, ip)`

			`return err`
			`}`

			`func updateUserDirect(uuid string, field string, value string) error {`
			`_, err := db.Exec("UPDATE users SET ? = ? WHERE uuid = ?", field, value, uuid)`
Add user table + funcs 2021-03-24 09:28:05 +00:00
			`return err`
			`}`

			`// hashPassword - Returns bcrypt hash`
			`func hashPassword(password string) ([]byte, error) {`
			`return bcrypt.GenerateFromPassword([]byte(password), bCryptCost)`
			`}`

			`// isValidPassword - Checks if password is valid`
			`func isValidPassword(password string, user User) bool {`
Issue JWT on login 2021-03-25 23:21:28 +00:00			`err := bcrypt.CompareHashAndPassword(user.Password, []byte(password))`
Add user table + funcs 2021-03-24 09:28:05 +00:00			`if err != nil {`
			`return false`
			`}`

			`return true`
			`}`

			`// userAlreadyExists - Returns bool indicating if a record exists for either username or email`
			`// Using two look ups to make use of DB indexes.`
Register API complete, email validation too 2021-03-25 10:09:17 +00:00			`func userAlreadyExists(req *RegisterRequest) bool {`
Issue JWT on login 2021-03-25 23:21:28 +00:00			`count, err := getDbCount("SELECT COUNT(*) FROM users WHERE username = ?", req.Username)`
			`if err != nil {`
			`fmt.Printf("Error querying for duplicate users: %v", err)`
			`return true`
			`}`

			`if count > 0 {`
Register API complete, email validation too 2021-03-25 10:09:17 +00:00			`return true`
			`}`

			`if req.Email != "" {`
			`// Only run email check if there's an email...`
Issue JWT on login 2021-03-25 23:21:28 +00:00			`count, err = getDbCount("SELECT COUNT(*) FROM users WHERE email = ?", req.Email)`
Add user table + funcs 2021-03-24 09:28:05 +00:00			`}`

			`if err != nil {`
			`fmt.Printf("Error querying for duplicate users: %v", err)`
			`return true`
			`}`

Issue JWT on login 2021-03-25 23:21:28 +00:00			`return count > 0`
Add user table + funcs 2021-03-24 09:28:05 +00:00			`}`