2024-03-17 16:55:40 +01:00
|
|
|
package handlers
|
|
|
|
|
|
|
|
|
|
import (
|
2024-03-18 14:47:15 +01:00
|
|
|
"fmt"
|
2024-03-17 16:55:40 +01:00
|
|
|
"time"
|
|
|
|
|
"ttime/internal/types"
|
|
|
|
|
|
|
|
|
|
"github.com/gofiber/fiber/v2"
|
|
|
|
|
"github.com/golang-jwt/jwt/v5"
|
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
// Register is a simple handler that registers a new user
|
|
|
|
|
//
|
|
|
|
|
// @Summary Register a new user
|
|
|
|
|
// @Description Register a new user
|
|
|
|
|
// @Tags User
|
|
|
|
|
// @Accept json
|
|
|
|
|
// @Produce json
|
|
|
|
|
// @Success 200 {string} string "User added"
|
|
|
|
|
// @Failure 400 {string} string "Bad request"
|
|
|
|
|
// @Failure 500 {string} string "Internal server error"
|
|
|
|
|
// @Router /api/register [post]
|
|
|
|
|
func (gs *GState) Register(c *fiber.Ctx) error {
|
|
|
|
|
u := new(types.NewUser)
|
|
|
|
|
if err := c.BodyParser(u); err != nil {
|
2024-03-17 19:33:13 +01:00
|
|
|
println("Error parsing body")
|
2024-03-17 16:55:40 +01:00
|
|
|
return c.Status(400).SendString(err.Error())
|
|
|
|
|
}
|
|
|
|
|
|
2024-03-17 19:33:13 +01:00
|
|
|
println("Adding user:", u.Username)
|
2024-03-17 16:55:40 +01:00
|
|
|
if err := gs.Db.AddUser(u.Username, u.Password); err != nil {
|
|
|
|
|
return c.Status(500).SendString(err.Error())
|
|
|
|
|
}
|
|
|
|
|
|
2024-03-17 19:33:13 +01:00
|
|
|
println("User added:", u.Username)
|
2024-03-17 16:55:40 +01:00
|
|
|
return c.Status(200).SendString("User added")
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// This path should obviously be protected in the future
|
|
|
|
|
// UserDelete deletes a user from the database
|
|
|
|
|
func (gs *GState) UserDelete(c *fiber.Ctx) error {
|
|
|
|
|
// Read from path parameters
|
|
|
|
|
username := c.Params("username")
|
|
|
|
|
|
|
|
|
|
// Read username from Locals
|
|
|
|
|
auth_username := c.Locals("user").(*jwt.Token).Claims.(jwt.MapClaims)["name"].(string)
|
|
|
|
|
|
|
|
|
|
if username != auth_username {
|
|
|
|
|
return c.Status(403).SendString("You can only delete yourself")
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if err := gs.Db.RemoveUser(username); err != nil {
|
|
|
|
|
return c.Status(500).SendString(err.Error())
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return c.Status(200).SendString("User deleted")
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Login is a simple login handler that returns a JWT token
|
|
|
|
|
func (gs *GState) Login(c *fiber.Ctx) error {
|
|
|
|
|
// The body type is identical to a NewUser
|
|
|
|
|
u := new(types.NewUser)
|
|
|
|
|
if err := c.BodyParser(u); err != nil {
|
2024-03-17 19:24:13 +01:00
|
|
|
println("Error parsing body")
|
2024-03-17 16:55:40 +01:00
|
|
|
return c.Status(400).SendString(err.Error())
|
|
|
|
|
}
|
|
|
|
|
|
2024-03-17 19:24:13 +01:00
|
|
|
println("Username:", u.Username)
|
2024-03-17 16:55:40 +01:00
|
|
|
if !gs.Db.CheckUser(u.Username, u.Password) {
|
|
|
|
|
println("User not found")
|
|
|
|
|
return c.SendStatus(fiber.StatusUnauthorized)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Create the Claims
|
|
|
|
|
claims := jwt.MapClaims{
|
|
|
|
|
"name": u.Username,
|
|
|
|
|
"admin": false,
|
|
|
|
|
"exp": time.Now().Add(time.Hour * 72).Unix(),
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Create token
|
|
|
|
|
token := jwt.NewWithClaims(jwt.SigningMethodHS256, claims)
|
2024-03-17 19:24:13 +01:00
|
|
|
println("Token created for user:", u.Username)
|
2024-03-17 16:55:40 +01:00
|
|
|
|
|
|
|
|
// Generate encoded token and send it as response.
|
|
|
|
|
t, err := token.SignedString([]byte("secret"))
|
|
|
|
|
if err != nil {
|
2024-03-17 19:24:13 +01:00
|
|
|
println("Error signing token")
|
2024-03-17 16:55:40 +01:00
|
|
|
return c.SendStatus(fiber.StatusInternalServerError)
|
|
|
|
|
}
|
|
|
|
|
|
2024-03-17 19:24:13 +01:00
|
|
|
println("Successfully signed token for user:", u.Username)
|
2024-03-17 16:55:40 +01:00
|
|
|
return c.JSON(fiber.Map{"token": t})
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// LoginRenew is a simple handler that renews the token
|
|
|
|
|
func (gs *GState) LoginRenew(c *fiber.Ctx) error {
|
|
|
|
|
// For testing: curl localhost:3000/restricted -H "Authorization: Bearer <token>"
|
|
|
|
|
user := c.Locals("user").(*jwt.Token)
|
|
|
|
|
claims := user.Claims.(jwt.MapClaims)
|
|
|
|
|
claims["exp"] = time.Now().Add(time.Hour * 72).Unix()
|
|
|
|
|
renewed := jwt.MapClaims{
|
|
|
|
|
"name": claims["name"],
|
|
|
|
|
"admin": claims["admin"],
|
|
|
|
|
"exp": claims["exp"],
|
|
|
|
|
}
|
|
|
|
|
token := jwt.NewWithClaims(jwt.SigningMethodHS256, renewed)
|
|
|
|
|
t, err := token.SignedString([]byte("secret"))
|
|
|
|
|
if err != nil {
|
|
|
|
|
return c.SendStatus(fiber.StatusInternalServerError)
|
|
|
|
|
}
|
|
|
|
|
return c.JSON(fiber.Map{"token": t})
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// ListAllUsers is a handler that returns a list of all users in the application database
|
|
|
|
|
func (gs *GState) ListAllUsers(c *fiber.Ctx) error {
|
|
|
|
|
// Get all users from the database
|
|
|
|
|
users, err := gs.Db.GetAllUsersApplication()
|
|
|
|
|
if err != nil {
|
|
|
|
|
return c.Status(500).SendString(err.Error())
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Return the list of users as JSON
|
|
|
|
|
return c.JSON(users)
|
|
|
|
|
}
|
2024-03-18 14:47:15 +01:00
|
|
|
|
|
|
|
|
func (gs *GState) PromoteToAdmin(c *fiber.Ctx) error {
|
|
|
|
|
// Extract the username from the request body
|
|
|
|
|
var newUser types.NewUser
|
|
|
|
|
if err := c.BodyParser(&newUser); err != nil {
|
|
|
|
|
return c.Status(400).SendString("Bad request")
|
|
|
|
|
}
|
|
|
|
|
username := newUser.Username
|
|
|
|
|
|
|
|
|
|
println("Promoting user to admin:", username) // Debug print
|
|
|
|
|
|
|
|
|
|
// Promote the user to a site admin in the database
|
|
|
|
|
if err := gs.Db.PromoteToAdmin(username); err != nil {
|
|
|
|
|
fmt.Println("Error promoting user to admin:", err) // Debug print
|
|
|
|
|
return c.Status(500).SendString(err.Error())
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
println("User promoted to admin successfully:", username) // Debug print
|
|
|
|
|
|
|
|
|
|
// Return a success message
|
|
|
|
|
return c.SendStatus(fiber.StatusOK)
|
|
|
|
|
}
|
