Compare commits

...

3 Commits

Author SHA1 Message Date
769a24dff3 Saving token to local storage 2024-08-13 22:46:26 +02:00
e7f6983a22 Saving token to DB 2024-08-13 22:00:07 +02:00
6b7ce5b719 Create a function to generate a token 2024-08-13 21:39:33 +02:00
9 changed files with 175 additions and 53 deletions

View File

@ -2,10 +2,12 @@ package main
import ( import (
"encoding/json" "encoding/json"
"fmt"
"myapp/internal/cards" "myapp/internal/cards"
"myapp/internal/models" "myapp/internal/models"
"net/http" "net/http"
"strconv" "strconv"
"time"
"github.com/go-chi/chi/v5" "github.com/go-chi/chi/v5"
"github.com/stripe/stripe-go/v79" "github.com/stripe/stripe-go/v79"
@ -266,16 +268,32 @@ func (app *application) CreateAuthToken(w http.ResponseWriter, r *http.Request)
} }
// generate the token // generate the token
token, err := models.GenerateToken(user.ID, 24*time.Hour, models.ScopeAuthentication)
if err != nil {
app.errorLog.Println(err)
app.badRequest(w, r, err)
return
}
// save to DB
err = app.DB.InsertToken(token, user)
if err != nil {
app.errorLog.Println(err)
app.badRequest(w, r, err)
return
}
// send response // send response
var payload struct { var payload struct {
Error bool `json:"error"` Error bool `json:"error"`
Message string `json:"message"` Message string `json:"message"`
Token *models.Token `json:"authentication_token"`
} }
payload.Error = false payload.Error = false
payload.Message = "Success!" payload.Message = fmt.Sprintf("token for %s created", userInput.Email)
payload.Token = token
_ = app.writeJSON(w, http.StatusOK, payload) _ = app.writeJSON(w, http.StatusOK, payload)
} }

View File

@ -3,42 +3,47 @@
Login Login
{{ end }} {{ end }}
{{ define "content" }} {{ define "content" }}
<form action="" <div class="row">
method="post" <div class="col-md-6 offset-md-3">
name="login-form" <div class="alert alert-danger text-center d-none" id="login-messages"></div>
id="login-form" <form action=""
class="d-blick needs-validation col-sm-6" method="post"
autocomplete="off" name="login-form"
novalidate=""> id="login-form"
<h2 class="mt-2 mb-3 text-center">Login</h2> class="d-blick needs-validation"
<hr> autocomplete="off"
<div class="mb-3"> novalidate="">
<label for="-email" class="form-label">Email</label> <h2 class="mt-2 mb-3 text-center">Login</h2>
<input type="text" <hr>
id="email" <div class="mb-3">
name="email" <label for="-email" class="form-label">Email</label>
autocomplete="email-new" <input type="text"
required="" id="email"
class="form-control"> name="email"
autocomplete="email-new"
required=""
class="form-control">
</div>
<div class="mb-3">
<label for="password" class="form-label">Password</label>
<input type="password"
id="password"
name="password"
autocomplete="password-new"
required=""
class="form-control">
</div>
<hr>
<a href="javascript:void(0)" id="login-btn" class="btn btn-primary">Login</a>
</form>
</div> </div>
<div class="mb-3"> </div>
<label for="password" class="form-label">Password</label>
<input type="password"
id="password"
name="password"
autocomplete="password-new"
required=""
class="form-control">
</div>
<hr>
<a href="javascript:void(0)" id="login-btn" class="btn btn-primary">Login</a>
</form>
{{ end }} {{ end }}
{{define "js"}} {{ define "js" }}
<script type="module"> <script type="module">
import {val} from "/static/js/login.js" import {val} from "/static/js/login.js"
document.getElementById("login-btn").addEventListener("click", () => { document.getElementById("login-btn").addEventListener("click", () => {
val({{.API}}); val({{.API}});
}) })
</script> </script>
{{end}} {{ end }}

73
internal/models/tokens.go Normal file
View File

@ -0,0 +1,73 @@
package models
import (
"context"
"crypto/rand"
"crypto/sha256"
"encoding/base32"
"time"
)
const (
ScopeAuthentication = "authentication"
)
// Token is the type for authentication tokens
type Token struct {
PlainText string `json:"token"`
UserID int64 `json:"-"`
Hash []byte `json:"-"`
Expiry time.Time `json:"expiry"`
Scope string `json:"-"`
}
// GenerateToken Generates a token that lasts for ttl, and returns it
func GenerateToken(userID int, ttl time.Duration, scope string) (*Token, error) {
token := &Token{
UserID: int64(userID),
Expiry: time.Now().Add(ttl),
Scope: scope,
}
randomBytes := make([]byte, 16)
_, err := rand.Read(randomBytes)
if err != nil {
return nil, err
}
token.PlainText = base32.StdEncoding.WithPadding((base32.NoPadding)).
EncodeToString((randomBytes))
hash := sha256.Sum256([]byte(token.PlainText))
token.Hash = hash[:]
return token, nil
}
func (m *DBModel) InsertToken(t *Token, u User) error {
ctx, cancel := context.WithTimeout(context.Background(), 3*time.Second)
defer cancel()
// delete existing tokens
stmt := `DELETE FROM tokens WHERE user_id = ?`
_, err := m.DB.ExecContext(ctx, stmt, u.ID)
if err != nil {
return err
}
stmt = `INSERT INTO tokens
(user_id, name, email, token_hash, created_at, updated_at)
VALUES (?, ?, ?, ?, ?, ?)`
_, err = m.DB.ExecContext(ctx, stmt,
u.ID,
u.LastName,
u.Email,
t.Hash,
time.Now(),
time.Now(),
)
if err != nil {
return err
}
return nil
}

View File

@ -0,0 +1,2 @@
drop_table("tokens")

View File

@ -0,0 +1,11 @@
create_table("tokens") {
t.Column("id", "integer", {primary: true})
t.Column("user_id", "integer", {"unsigned": true})
t.Column("name", "string", {"size": 255})
t.Column("email", "string", {})
t.Column("token_hash", "string", {})
}
sql("ALTER TABLE tokens MODIFY token_hash varbinary(255);")
sql("ALTER TABLE tokens ALTER COLUMN created_at SET DEFAULT now();")
sql("ALTER TABLE tokens ALTER COLUMN updated_at SET DEFAULT now();")

View File

@ -1,6 +1,5 @@
export let card; export let card;
export let stripe; export let stripe;
const cardMessages = document.getElementById("card-messages");
const payButton = document.getElementById("pay-button"); const payButton = document.getElementById("pay-button");
export const processing = document.getElementById("processing-payment"); export const processing = document.getElementById("processing-payment");
@ -14,18 +13,20 @@ export function showPayButton() {
processing.classList.add("d-none"); processing.classList.add("d-none");
} }
export function showCardError(msg) { export function showError(element, msg) {
cardMessages.classList.add("alert-danger"); const messages = document.getElementById(element);
cardMessages.classList.remove("alert-success"); messages.classList.add("alert-danger");
cardMessages.classList.remove("d-none"); messages.classList.remove("alert-success");
cardMessages.innerText = msg; messages.classList.remove("d-none");
messages.innerText = msg;
} }
export function showCardSuccess() { export function showSuccess(element, msg) {
cardMessages.classList.add("alert-success"); const messages = document.getElementById(element);
cardMessages.classList.remove("alert-danger"); messages.classList.add("alert-success");
cardMessages.classList.remove("d-none"); messages.classList.remove("alert-danger");
cardMessages.innerText = "Trasaction successful"; messages.classList.remove("d-none");
messages.innerText = msg;
} }
export function stripeInit(pubKey) { export function stripeInit(pubKey) {

View File

@ -1,3 +1,8 @@
import {
showError,
showSuccess,
} from './common.js';
export function val(api) { export function val(api) {
let form = document.getElementById("login-form"); let form = document.getElementById("login-form");
@ -27,6 +32,13 @@ export function val(api) {
.then(response => response.json()) .then(response => response.json())
.then(response => { .then(response => {
console.log(response) console.log(response)
if (response.error === false) {
localStorage.setItem("token", response.authentication_token.token);
localStorage.setItem("token_expiry", response.authentication_token.expiry);
showSuccess("login-messages", "Login successful.")
} else {
showError("login-messages", response.message)
}
}); });
} }

View File

@ -1,8 +1,8 @@
import { import {
hidePayButton, hidePayButton,
showPayButton, showPayButton,
showCardError, showError,
showCardSuccess, showSuccess,
stripe, stripe,
card, card,
processing, processing,
@ -35,7 +35,7 @@ export function val(plan_id, api) {
function stripePaymentMethodHandler(result, plan_id, api) { function stripePaymentMethodHandler(result, plan_id, api) {
if (result.error) { if (result.error) {
showCardError(result.error.message); showError("card-messages", result.error.message);
} else { } else {
// create a customer and subscribe to plan // create a customer and subscribe to plan
let payload = { let payload = {
@ -66,7 +66,7 @@ function stripePaymentMethodHandler(result, plan_id, api) {
.then(function (data) { .then(function (data) {
console.log(data); console.log(data);
processing.classList.add("d-none"); processing.classList.add("d-none");
showCardSuccess(); showSuccess("card-messages", "Transaction successful!");
sessionStorage.first_name = document.getElementById("first-name").value; sessionStorage.first_name = document.getElementById("first-name").value;
sessionStorage.last_name = document.getElementById("last-name").value; sessionStorage.last_name = document.getElementById("last-name").value;
sessionStorage.amount = document.getElementById("amount").value; sessionStorage.amount = document.getElementById("amount").value;

View File

@ -1,8 +1,8 @@
import { import {
hidePayButton, hidePayButton,
showPayButton, showPayButton,
showCardError, showError,
showCardSuccess, showSuccess,
stripe, stripe,
card, card,
processing, processing,
@ -52,7 +52,7 @@ export function val(api) {
}).then(function (result) { }).then(function (result) {
if (result.error) { if (result.error) {
// card declined, or sth went wrong with the card // card declined, or sth went wrong with the card
showCardError(result.error.message); showError("card-messages", result.error.message);
showPayButton(); showPayButton();
} else if (result.paymentIntent) { } else if (result.paymentIntent) {
if (result.paymentIntent.status === "succeeded") { if (result.paymentIntent.status === "succeeded") {
@ -62,7 +62,7 @@ export function val(api) {
document.getElementById("payment_amount").value = result.paymentIntent.amount; document.getElementById("payment_amount").value = result.paymentIntent.amount;
document.getElementById("payment_currency").value = result.paymentIntent.currency; document.getElementById("payment_currency").value = result.paymentIntent.currency;
processing.classList.add("d-none"); processing.classList.add("d-none");
showCardSuccess(); showSuccess("card-messages", "Trasaction successful!");
document.getElementById("charge_form").submit(); document.getElementById("charge_form").submit();
} }
} }