Register API complete, email validation too

2024-11-22 16:35:14 +00:00 · 2021-03-25 23:09:17 +13:00 · 2021-03-25 23:09:17 +13:00 · 1018742a22
commit 1018742a22
parent 9420566cc9
5 changed files with 113 additions and 44 deletions
--- a/internal/goscrobble/server.go
+++ b/internal/goscrobble/server.go
@ -36,7 +36,7 @@ func HandleRequests() {
 	v1.HandleFunc("/profile/{id}", jwtMiddleware(serveEndpoint))
 	// No Auth
-	v1.HandleFunc("/register", serveEndpoint).Methods("POST")
+	v1.HandleFunc("/register", handleRegister).Methods("POST")
 	v1.HandleFunc("/login", serveEndpoint).Methods("POST")
 	v1.HandleFunc("/logout", serveEndpoint).Methods("POST")
@ -52,16 +52,30 @@ func HandleRequests() {
 }
 // MIDDLEWARE
 // throwUnauthorized - Throws a 403
 func throwUnauthorized(w http.ResponseWriter, m string) {
 	jr := jsonResponse{
 		Err: m,
 	}
 	js, _ := json.Marshal(&jr)
 	err := errors.New(string(js))
 	http.Error(w, err.Error(), http.StatusUnauthorized)
 }
 // throwUnauthorized - Throws a 403 :
 func throwBadReq(w http.ResponseWriter, m string) {
 	jr := jsonResponse{
 		Err: m,
 	}
 	js, _ := json.Marshal(&jr)
 	err := errors.New(string(js))
 	http.Error(w, err.Error(), http.StatusBadRequest)
 }
 // tokenMiddleware - Validates token to a user
 func tokenMiddleware(next http.HandlerFunc) http.HandlerFunc {
-	return func(res http.ResponseWriter, req *http.Request) {
+	return func(w http.ResponseWriter, r *http.Request) {
-		jr := jsonResponse{
+		throwUnauthorized(w, "Invalid API Token")
 			Err: "Invalid API Token",
 		}
 		js, _ := json.Marshal(&jr)
 		err := errors.New(string(js))
 		http.Error(res, err.Error(), http.StatusUnauthorized)
 		return
 		// next(res, req)
 	}
@ -69,31 +83,45 @@ func tokenMiddleware(next http.HandlerFunc) http.HandlerFunc {
 // jwtMiddleware - Validates middleware to a user
 func jwtMiddleware(next http.HandlerFunc) http.HandlerFunc {
-	return func(res http.ResponseWriter, req *http.Request) {
+	return func(w http.ResponseWriter, r *http.Request) {
-		jr := jsonResponse{
+		throwUnauthorized(w, "Invalid JWT Token")
 			Err: "Invalid JWT Token",
 		}
 		js, _ := json.Marshal(&jr)
 		err := errors.New(string(js))
 		http.Error(res, err.Error(), http.StatusUnauthorized)
 		return
 		// next(res, req)
 	}
 }
-// ENDPOINT HANDLING
+// API ENDPOINT HANDLING
 // handleRegister - Does as it says!
 func handleRegister(w http.ResponseWriter, r *http.Request) {
 	regReq := RegisterRequest{}
 	decoder := json.NewDecoder(r.Body)
 	err := decoder.Decode(&regReq)
 	if err != nil {
 		throwBadReq(w, err.Error())
 		return
 	}
 	err = createUser(&regReq)
 	if err != nil {
 		throwBadReq(w, err.Error())
 		return
 	}
 	// Lets trick 'em for now ;) ;)
 	fmt.Fprintf(w, "{}")
 }
 // serveEndpoint - API stuffs
 func serveEndpoint(w http.ResponseWriter, r *http.Request) {
-	var jsonInput map[string]interface{}
+	json, err := decodeJson(r.Body)
 	decoder := json.NewDecoder(r.Body)
 	err := decoder.Decode(&jsonInput)
 	if err != nil {
 		// If we can't decode. Lets tell them nicely.
 		http.Error(w, "{\"error\":\"Invalid JSON\"}", http.StatusBadRequest)
 		return
 	}
 	log.Printf("%v", json)
 	// Lets trick 'em for now ;) ;)
 	fmt.Fprintf(w, "{}")
 }
--- a/internal/goscrobble/user.go
+++ b/internal/goscrobble/user.go
@ -3,6 +3,7 @@ package goscrobble
 import (
 	"errors"
 	"fmt"
 	"time"
 	"golang.org/x/crypto/bcrypt"
 )
@ -10,44 +11,59 @@ import (
 const bCryptCost = 16
 type User struct {
-	UUID     string `json:"uuid"`
+	UUID      string    `json:"uuid"`
 	CreatedAt time.Time `json:"created_at"`
 	Username  string    `json:"username"`
 	password  []byte
 	Email     string `json:"email"`
 	Verified  bool   `json:"verified"`
 	Active    bool   `json:"active"`
 	Admin     bool   `json:"admin"`
 }
 // RegisterRequest - Incoming JSON
 type RegisterRequest struct {
 	Username string `json:"username"`
 	password []byte
 	Email    string `json:"email"`
-	Verified bool   `json:"verified"`
+	Password string `json:"password"`
 	Active   bool   `json:"active"`
 	Admin    bool   `json:"admin"`
 }
 // createUser - Called from API
-func createUser(username string, email string, password string) error {
+func createUser(req *RegisterRequest) error {
 	// Check if user already exists..
-	if len(password) < 8 {
+	if len(req.Password) < 8 {
 		return errors.New("Password must be at least 8 characters")
 	}
 	// Check username is set
-	if username == "" {
+	if req.Username == "" {
 		return errors.New("A username is required")
 	}
 	// If set an email.. validate it!
 	if req.Email != "" {
 		if !isEmailValid(req.Email) {
 			return errors.New("Invalid email address")
 		}
 	}
 	// Check if user or email exists!
-	if userAlreadyExists(username, email) {
+	if userAlreadyExists(req) {
 		return errors.New("Username or email already exists")
 	}
 	// Lets hashit!
-	hash, err := hashPassword(password)
+	hash, err := hashPassword(req.Password)
 	if err != nil {
 		return err
 	}
-	return insertUser(username, email, hash)
+	return insertUser(req.Username, req.Email, hash)
 }
 // insertUser - Does the dirtywork!
 func insertUser(username string, email string, password []byte) error {
-	_, err := db.Exec("INSERT INTO users (uuid, username, email, password) VALUES (UUID_TO_BIN(UUID(), true),'?','?','?')", username, email, password)
+	_, err := db.Exec("INSERT INTO users (uuid, created_at, username, email, password) VALUES (UUID_TO_BIN(UUID(), true),NOW(),?,?,?)", username, email, password)
 	return err
 }
@ -69,14 +85,16 @@ func isValidPassword(password string, user User) bool {
 // userAlreadyExists - Returns bool indicating if a record exists for either username or email
 // Using two look ups to make use of DB indexes.
-func userAlreadyExists(username string, email string) bool {
+func userAlreadyExists(req *RegisterRequest) bool {
-	var usernameCount, emailCount int
+	var userExists int
-	err := db.QueryRow("SELECT COUNT(*) FROM users WHERE username = '?'", username).Scan(&usernameCount)
+	err := db.QueryRow("SELECT COUNT(*) FROM users WHERE username = ?", req.Username).Scan(&userExists)
-	// Only run email check if there's an email...
+	if userExists > 0 {
-	if email != "" {
+		return true
-		err = db.QueryRow("SELECT COUNT(*) FROM users WHERE email = '?'", email).Scan(&emailCount)
+	}
-	} else {
+
-		emailCount = 0
+	if req.Email != "" {
 		// Only run email check if there's an email...
 		err = db.QueryRow("SELECT COUNT(*) FROM users WHERE email = ?", req.Email).Scan(&userExists)
 	}
 	if err != nil {
@ -84,8 +102,5 @@ func userAlreadyExists(username string, email string) bool {
 		return true
 	}
-	count := usernameCount + emailCount
+	return userExists > 0
 	// If there is more than one.. Return true. User exists.
 	return count != 0
 }
--- a/internal/goscrobble/utils.go
+++ b/internal/goscrobble/utils.go
@ -1 +1,26 @@
 package goscrobble
 import (
 	"encoding/json"
 	"io"
 	"regexp"
 )
 var emailRegex = regexp.MustCompile("^[a-zA-Z0-9.!#$%&'*+\\/=?^_`{|}~-]+@[a-zA-Z0-9](?:[a-zA-Z0-9-]{0,61}[a-zA-Z0-9])?(?:\\.[a-zA-Z0-9](?:[a-zA-Z0-9-]{0,61}[a-zA-Z0-9])?)*$")
 // decodeJson - Returns a map[string]interface{}
 func decodeJson(body io.ReadCloser) (map[string]interface{}, error) {
 	var jsonInput map[string]interface{}
 	decoder := json.NewDecoder(body)
 	err := decoder.Decode(&jsonInput)
 	return jsonInput, err
 }
 // isEmailValid - checks if the email provided passes the required structure and length.
 func isEmailValid(e string) bool {
 	if len(e) < 3 && len(e) > 254 {
 		return false
 	}
 	return emailRegex.MatchString(e)
 }
--- a/migrations/2_users.down.sql
+++ b/migrations/2_users.down.sql
@ -1 +1 @@
-DROP TABLE IF EXISTS users;
+DROP TABLE IF EXISTS `users`;
--- a/migrations/2_users.up.sql
+++ b/migrations/2_users.up.sql
@ -1,5 +1,6 @@
 CREATE TABLE IF NOT EXISTS `users` (
    `uuid` BINARY(16) PRIMARY KEY,
    `created_at` DATETIME NOT NULL,
    `username` VARCHAR(64) NOT NULL,
    `password` VARCHAR(60) NOT NULL,
    `email` VARCHAR(255) NULL DEFAULT NULL,
		`@ -1 +1 @@`
			`DROP TABLE IF EXISTS users;`				DROP TABLE IF EXISTS `users`;