fix: session authentication middleware

internal/models/user.go

@@ -3,6 +3,8 @@ package models
 import (
 	"strings"
 
+	"github.com/google/uuid"
+	"github.com/hazemKrimi/crimson-vault/internal/lib"
 	"github.com/hazemKrimi/crimson-vault/internal/types"
 )
 
@@ -10,8 +12,10 @@ func (db *DB) MigrateUsers() {
 	db.instance.AutoMigrate(&types.User{})
 }
 
-func (db *DB) CreateUser(body types.CreateUserRequestBody) types.User {
+func (db *DB) CreateUser(body types.CreateUserRequestBody) (types.User, error) {
 	user := types.User{
+		ID:         uuid.New().String(),
+		SessionID:  uuid.New().String(),
 		Name:       body.Name,
 		FiscalCode: body.FiscalCode,
 		Address:    body.Address,
@@ -21,8 +25,13 @@ func (db *DB) CreateUser(body types.CreateUserRequestBody) types.User {
 		Email:      body.Email,
 	}
 
-	db.instance.Create(&user)
-	return user
+	result := db.instance.Create(&user)
+
+	if result.Error != nil {
+		return types.User{}, result.Error
+	}
+
+	return user, nil
 }
 
 func (db *DB) GetUsers() ([]types.User, error) {
@@ -37,8 +46,8 @@ func (db *DB) GetUsers() ([]types.User, error) {
 	return users, nil
 }
 
-func (db *DB) GetUser(id uint32, user *types.User) error {
-	result := db.instance.Where("id = ?", id).First(user, id)
+func (db *DB) GetUserById(id uuid.UUID, user *types.User) error {
+	result := db.instance.Where("id = ?", id).First(user)
 
 	if result.Error != nil {
 		return result.Error
@@ -47,7 +56,27 @@ func (db *DB) GetUser(id uint32, user *types.User) error {
 	return nil
 }
 
-func (db *DB) UpdateUser(id uint32, body types.UpdateUserRequestBody, user *types.User) error {
+func (db *DB) GetUserBySessionId(sessionId uuid.UUID, user *types.User) error {
+	result := db.instance.Where("session_id = ?", sessionId).First(user)
+
+	if result.Error != nil {
+		return result.Error
+	}
+
+	return nil
+}
+
+func (db *DB) GetUserByUsername(username string, user *types.User) error {
+	result := db.instance.Where("username = ?", username).First(user)
+
+	if result.Error != nil {
+		return result.Error
+	}
+
+	return nil
+}
+
+func (db *DB) UpdateUser(id uuid.UUID, body types.UpdateUserRequestBody, user *types.User) error {
 	result := db.instance.Where("id = ?", id).First(user, id)
 
 	if result.Error != nil {
@@ -71,16 +100,22 @@ func (db *DB) UpdateUser(id uint32, body types.UpdateUserRequestBody, user *type
 	return nil
 }
 
-func (db *DB) UpdateUserSecurityDetails(id uint32, body types.UpdateUserSecurityDetailsBody, user *types.User) error {
+func (db *DB) UpdateUserSecurityDetails(id uuid.UUID, body types.UpdateUserSecurityDetailsBody, user *types.User) error {
 	result := db.instance.Where("id = ?", id).First(user, id)
 
 	if result.Error != nil {
 		return result.Error
 	}
 
+	hashedPassword, err := lib.HashPassword(body.Password)
+
+	if err != nil {
+		return err
+	}
+
 	result = db.instance.Model(user).Updates(types.User{
 		Username: strings.ToLower(body.Username),
-		Password: body.Password,
+		Password: hashedPassword,
 	})
 
 	if result.Error != nil {
@@ -102,8 +137,20 @@ func (db *DB) UpdateUserLogo(path string, user *types.User) error {
 	return nil
 }
 
-func (db *DB) DeleteUser(id uint32) error {
-	result := db.instance.Delete(&types.User{}, id)
+func (db *DB) UpdateUserSessionID(user *types.User) error {
+	result := db.instance.Model(user).Updates(types.User{
+		SessionID: uuid.New().String(),
+	})
+
+	if result.Error != nil {
+		return result.Error
+	}
+
+	return nil
+}
+
+func (db *DB) DeleteUser(id uuid.UUID) error {
+	result := db.instance.Unscoped().Delete(&types.User{}, id)
 
 	if result.Error != nil {
 		return result.Error
@@ -123,3 +170,13 @@ func (db *DB) DeleteUserLogo(user *types.User) error {
 
 	return nil
 }
+
+func (db *DB) DeleteUserSessionID(sessionId string) error {
+	result := db.instance.Model(&types.User{}).Where("session_id = ?", sessionId).Update("session_id", "")
+
+	if result.Error != nil {
+		return result.Error
+	}
+
+	return nil
+}