diff --git a/go.mod b/go.mod index ba8c85c..dbb98b2 100644 --- a/go.mod +++ b/go.mod @@ -3,6 +3,9 @@ module github.com/hazemKrimi/crimson-vault go 1.24.3 require ( + github.com/go-playground/validator/v10 v10.26.0 + github.com/gorilla/sessions v1.4.0 + github.com/labstack/echo-contrib v0.17.4 github.com/labstack/echo/v4 v4.13.4 github.com/spf13/cobra v1.9.1 gorm.io/driver/sqlite v1.5.7 @@ -13,7 +16,8 @@ require ( github.com/gabriel-vasile/mimetype v1.4.8 // indirect github.com/go-playground/locales v0.14.1 // indirect github.com/go-playground/universal-translator v0.18.1 // indirect - github.com/go-playground/validator/v10 v10.26.0 // indirect + github.com/gorilla/context v1.1.2 // indirect + github.com/gorilla/securecookie v1.1.2 // indirect github.com/inconshreveable/mousetrap v1.1.0 // indirect github.com/jinzhu/inflection v1.0.0 // indirect github.com/jinzhu/now v1.1.5 // indirect diff --git a/go.sum b/go.sum index 59f1f29..655ae53 100644 --- a/go.sum +++ b/go.sum @@ -3,18 +3,30 @@ github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/gabriel-vasile/mimetype v1.4.8 h1:FfZ3gj38NjllZIeJAmMhr+qKL8Wu+nOoI3GqacKw1NM= github.com/gabriel-vasile/mimetype v1.4.8/go.mod h1:ByKUIKGjh1ODkGM1asKUbQZOLGrPjydw3hYPU2YU9t8= +github.com/go-playground/assert/v2 v2.2.0 h1:JvknZsQTYeFEAhQwI4qEt9cyV5ONwRHC+lYKSsYSR8s= +github.com/go-playground/assert/v2 v2.2.0/go.mod h1:VDjEfimB/XKnb+ZQfWdccd7VUvScMdVu0Titje2rxJ4= github.com/go-playground/locales v0.14.1 h1:EWaQ/wswjilfKLTECiXz7Rh+3BjFhfDFKv/oXslEjJA= github.com/go-playground/locales v0.14.1/go.mod h1:hxrqLVvrK65+Rwrd5Fc6F2O76J/NuW9t0sjnWqG1slY= github.com/go-playground/universal-translator v0.18.1 h1:Bcnm0ZwsGyWbCzImXv+pAJnYK9S473LQFuzCbDbfSFY= github.com/go-playground/universal-translator v0.18.1/go.mod h1:xekY+UJKNuX9WP91TpwSH2VMlDf28Uj24BCp08ZFTUY= github.com/go-playground/validator/v10 v10.26.0 h1:SP05Nqhjcvz81uJaRfEV0YBSSSGMc/iMaVtFbr3Sw2k= github.com/go-playground/validator/v10 v10.26.0/go.mod h1:I5QpIEbmr8On7W0TktmJAumgzX4CA1XNl4ZmDuVHKKo= +github.com/google/gofuzz v1.2.0 h1:xRy4A+RhZaiKjJ1bPfwQ8sedCA+YS2YcCHW6ec7JMi0= +github.com/google/gofuzz v1.2.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= +github.com/gorilla/context v1.1.2 h1:WRkNAv2uoa03QNIc1A6u4O7DAGMUVoopZhkiXWA2V1o= +github.com/gorilla/context v1.1.2/go.mod h1:KDPwT9i/MeWHiLl90fuTgrt4/wPcv75vFAZLaOOcbxM= +github.com/gorilla/securecookie v1.1.2 h1:YCIWL56dvtr73r6715mJs5ZvhtnY73hBvEF8kXD8ePA= +github.com/gorilla/securecookie v1.1.2/go.mod h1:NfCASbcHqRSY+3a8tlWJwsQap2VX5pwzwo4h3eOamfo= +github.com/gorilla/sessions v1.4.0 h1:kpIYOp/oi6MG/p5PgxApU8srsSw9tuFbt46Lt7auzqQ= +github.com/gorilla/sessions v1.4.0/go.mod h1:FLWm50oby91+hl7p/wRxDth9bWSuk0qVL2emc7lT5ik= github.com/inconshreveable/mousetrap v1.1.0 h1:wN+x4NVGpMsO7ErUn/mUI3vEoE6Jt13X2s0bqwp9tc8= github.com/inconshreveable/mousetrap v1.1.0/go.mod h1:vpF70FUmC8bwa3OWnCshd2FqLfsEA9PFc4w1p2J65bw= github.com/jinzhu/inflection v1.0.0 h1:K317FqzuhWc8YvSVlFMCCUb36O/S9MCKRDI7QkRKD/E= github.com/jinzhu/inflection v1.0.0/go.mod h1:h+uFLlag+Qp1Va5pdKtLDYj+kHp5pxUVkryuEj+Srlc= github.com/jinzhu/now v1.1.5 h1:/o9tlHleP7gOFmsnYNz3RGnqzefHA47wQpKrrdTIwXQ= github.com/jinzhu/now v1.1.5/go.mod h1:d3SSVoowX0Lcu0IBviAWJpolVfI5UJVZZ7cO71lE/z8= +github.com/labstack/echo-contrib v0.17.4 h1:g5mfsrJfJTKv+F5uNKCyrjLK7js+ZW6HTjg4FnDxxgk= +github.com/labstack/echo-contrib v0.17.4/go.mod h1:9O7ZPAHUeMGTOAfg80YqQduHzt0CzLak36PZRldYrZ0= github.com/labstack/echo/v4 v4.13.4 h1:oTZZW+T3s9gAu5L8vmzihV7/lkXGZuITzTQkTEhcXEA= github.com/labstack/echo/v4 v4.13.4/go.mod h1:g63b33BZ5vZzcIUF8AtRH40DrTlXnx4UMC8rBdndmjQ= github.com/labstack/gommon v0.4.2 h1:F8qTUNXgG1+6WQmqoUWnz8WiEU60mXVVw0P4ht1WRA0= diff --git a/internal/api/api.go b/internal/api/api.go index 3f67e38..d1b3575 100644 --- a/internal/api/api.go +++ b/internal/api/api.go @@ -6,6 +6,8 @@ import ( "github.com/go-playground/validator/v10" "github.com/labstack/echo/v4" "github.com/labstack/echo/v4/middleware" + "github.com/labstack/echo-contrib/session" + "github.com/gorilla/sessions" "github.com/hazemKrimi/crimson-vault/internal/lib" "github.com/hazemKrimi/crimson-vault/internal/models" @@ -32,10 +34,12 @@ func (api *API) Initialize() { api.instance = ech api.db = db - api.ClientRoutes() - api.UserRoutes() + // TODO: Change and store the secret separately when finilizing v1. + api.instance.Use(session.Middleware(sessions.NewCookieStore([]byte("SECRET")))) api.instance.Use(middleware.CORSWithConfig(middleware.CORSConfig{ AllowOrigins: []string{"*"}, })) + api.ClientRoutes() + api.UserRoutes() api.instance.Logger.Fatal(api.instance.Start(fmt.Sprintf(":%d", lib.DEFAULT_PORT))) } diff --git a/internal/api/client.go b/internal/api/client.go index 8596ac0..ad01fe2 100644 --- a/internal/api/client.go +++ b/internal/api/client.go @@ -46,7 +46,7 @@ func (api *API) GetClientHandler(context echo.Context) error { return context.String(http.StatusBadRequest, "ID is required to get a Client!") } - id, err := strconv.Atoi(idString) + id, err := strconv.ParseUint(idString, 10, 32) if err != nil { return context.String(http.StatusInternalServerError, "Unexpected error getting Client!") @@ -54,7 +54,7 @@ func (api *API) GetClientHandler(context echo.Context) error { var client types.Client - if err := api.db.GetClient(id, &client); err != nil { + if err := api.db.GetClient(uint32(id), &client); err != nil { return context.String(http.StatusNotFound, "Client not found!") } @@ -69,7 +69,7 @@ func (api *API) UpdateClientHandler(context echo.Context) error { return context.String(http.StatusBadRequest, "ID is required to update a Client!") } - id, err := strconv.Atoi(idString) + id, err := strconv.ParseUint(idString, 10, 32) if err != nil { return context.String(http.StatusInternalServerError, "Unexpected error updating Client!") @@ -88,7 +88,7 @@ func (api *API) UpdateClientHandler(context echo.Context) error { var client types.Client - if err := api.db.UpdateClient(id, body, &client); err != nil { + if err := api.db.UpdateClient(uint32(id), body, &client); err != nil { return context.String(http.StatusNotFound, "Client not found!") } @@ -103,7 +103,7 @@ func (api *API) DeleteClientHandler(context echo.Context) error { return context.String(http.StatusBadRequest, "ID is required to delete a Client!") } - id, err := strconv.Atoi(idString) + id, err := strconv.ParseUint(idString, 10, 32) if err != nil { return context.String(http.StatusInternalServerError, "Unexpected error deleting Client!") @@ -111,7 +111,7 @@ func (api *API) DeleteClientHandler(context echo.Context) error { var client types.Client - if err := api.db.DeleteClient(id); err != nil { + if err := api.db.DeleteClient(uint32(id)); err != nil { return context.String(http.StatusNotFound, "Client not found!") } diff --git a/internal/api/middleware.go b/internal/api/middleware.go new file mode 100644 index 0000000..41db133 --- /dev/null +++ b/internal/api/middleware.go @@ -0,0 +1,21 @@ +package api + +import ( + "net/http" + + "github.com/labstack/echo-contrib/session" + "github.com/labstack/echo/v4" +) + +func SessionMiddleware(next echo.HandlerFunc) echo.HandlerFunc { + return func(context echo.Context) error { + sess, err := session.Get("session", context) + + if sess == nil || err != nil { + return context.String(http.StatusBadRequest, "User not authenticated!") + } + + context.Set("id", sess.Values["id"]) + return next(context) + } +} diff --git a/internal/api/user.go b/internal/api/user.go index 83e332d..b393cf3 100644 --- a/internal/api/user.go +++ b/internal/api/user.go @@ -10,7 +10,9 @@ import ( "strconv" "strings" + "github.com/hazemKrimi/crimson-vault/internal/lib" "github.com/hazemKrimi/crimson-vault/internal/types" + "github.com/labstack/echo-contrib/session" "github.com/labstack/echo/v4" ) @@ -27,6 +29,18 @@ func (api *API) CreateUserHandler(context echo.Context) error { } user := api.db.CreateUser(body) + sess, err := session.Get("session", context) + + if err != nil { + api.db.DeleteUser(user.ID) + return context.String(http.StatusInternalServerError, "Unexpected error saving User session!") + } + + lib.ConstructSession(sess, user) + + if err := sess.Save(context.Request(), context.Response()); err != nil { + return context.String(http.StatusInternalServerError, "Unexpected error saving User session!") + } log.Println(fmt.Sprintf("User created with ID %d.", user.ID)) return context.JSON(http.StatusOK, user) @@ -50,7 +64,7 @@ func (api *API) GetUserHandler(context echo.Context) error { return context.String(http.StatusBadRequest, "ID is required to get a User!") } - id, err := strconv.Atoi(idString) + id, err := strconv.ParseUint(idString, 10, 32) if err != nil { return context.String(http.StatusInternalServerError, "Unexpected error getting User!") @@ -58,7 +72,7 @@ func (api *API) GetUserHandler(context echo.Context) error { var user types.User - if err := api.db.GetUser(id, &user); err != nil { + if err := api.db.GetUser(uint32(id), &user); err != nil { return context.String(http.StatusNotFound, "User not found!") } @@ -73,7 +87,7 @@ func (api *API) UpdateUserHandler(context echo.Context) error { return context.String(http.StatusBadRequest, "ID is required to update a User!") } - id, err := strconv.Atoi(idString) + id, err := strconv.ParseUint(idString, 10, 32) if err != nil { return context.String(http.StatusInternalServerError, "Unexpected error updating User!") @@ -92,7 +106,7 @@ func (api *API) UpdateUserHandler(context echo.Context) error { var user types.User - if err := api.db.UpdateUser(id, body, &user); err != nil { + if err := api.db.UpdateUser(uint32(id), body, &user); err != nil { return context.String(http.StatusNotFound, "User not found!") } @@ -107,7 +121,7 @@ func (api *API) UpdateUserSecurityDetailsHandler(context echo.Context) error { return context.String(http.StatusBadRequest, "ID is required to create security details for a User!") } - id, err := strconv.Atoi(idString) + id, err := strconv.ParseUint(idString, 10, 32) if err != nil { return context.String(http.StatusInternalServerError, "Unexpected error while creating security details for User!") @@ -126,7 +140,7 @@ func (api *API) UpdateUserSecurityDetailsHandler(context echo.Context) error { var user types.User - if err := api.db.UpdateUserSecurityDetails(id, body, &user); err != nil { + if err := api.db.UpdateUserSecurityDetails(uint32(id), body, &user); err != nil { return context.String(http.StatusNotFound, "User not found!") } @@ -141,7 +155,7 @@ func (api *API) UpdateUserLogoHandler(context echo.Context) error { return context.String(http.StatusBadRequest, "ID is required to update logo for User!") } - id, err := strconv.Atoi(idString) + id, err := strconv.ParseUint(idString, 10, 32) if err != nil { return context.String(http.StatusInternalServerError, "Unexpected error updating logo for User!") @@ -149,7 +163,7 @@ func (api *API) UpdateUserLogoHandler(context echo.Context) error { var user types.User - if err := api.db.GetUser(id, &user); err != nil { + if err := api.db.GetUser(uint32(id), &user); err != nil { return context.String(http.StatusNotFound, "User not found!") } @@ -231,13 +245,13 @@ func (api *API) DeleteUserHandler(context echo.Context) error { return context.String(http.StatusBadRequest, "ID is required to delete a User!") } - id, err := strconv.Atoi(idString) + id, err := strconv.ParseUint(idString, 10, 32) if err != nil { return context.String(http.StatusInternalServerError, "Unexpected error deleting User!") } - if err := api.db.DeleteUser(id); err != nil { + if err := api.db.DeleteUser(uint32(id)); err != nil { return context.String(http.StatusNotFound, "User not found!") } @@ -252,7 +266,7 @@ func (api *API) DeleteUserLogoHandler(context echo.Context) error { return context.String(http.StatusBadRequest, "ID is required to delete logo of User!") } - id, err := strconv.Atoi(idString) + id, err := strconv.ParseUint(idString, 10, 32) if err != nil { log.Println(fmt.Sprintf("Error deleting logo of User: %v.", err)) @@ -261,7 +275,7 @@ func (api *API) DeleteUserLogoHandler(context echo.Context) error { var user types.User - if err := api.db.GetUser(id, &user); err != nil { + if err := api.db.GetUser(uint32(id), &user); err != nil { return context.String(http.StatusNotFound, "User not found!") } diff --git a/internal/lib/constants.go b/internal/lib/constants.go index 03ba55c..47a4d24 100644 --- a/internal/lib/constants.go +++ b/internal/lib/constants.go @@ -1,4 +1,4 @@ package lib -const DEFAULT_PORT int = 6900 +const DEFAULT_PORT uint32 = 6900 const DEFAULT_CONFIG_DIRECTORY string = ".local/state/crimson-vault" diff --git a/internal/lib/utils.go b/internal/lib/utils.go index b47cc8a..4199982 100644 --- a/internal/lib/utils.go +++ b/internal/lib/utils.go @@ -3,6 +3,9 @@ package lib import ( "os" "path/filepath" + + "github.com/gorilla/sessions" + "github.com/hazemKrimi/crimson-vault/internal/types" ) func GetConfigDirectory() (string, error) { @@ -16,3 +19,12 @@ func GetConfigDirectory() (string, error) { return config, nil } + +func ConstructSession(session *sessions.Session, user types.User) { + session.Options = &sessions.Options{ + Path: "/", + MaxAge: 86400 * 7, + HttpOnly: true, + } + session.Values["id"] = user.ID +} diff --git a/internal/models/client.go b/internal/models/client.go index 76477ed..fd735cc 100644 --- a/internal/models/client.go +++ b/internal/models/client.go @@ -35,7 +35,7 @@ func (db *DB) GetClients() ([]types.Client, error) { return clients, nil } -func (db *DB) GetClient(id int, client *types.Client) error { +func (db *DB) GetClient(id uint32, client *types.Client) error { result := db.instance.Where("id = ?", id).First(client, id) if result.Error != nil { @@ -45,7 +45,7 @@ func (db *DB) GetClient(id int, client *types.Client) error { return nil } -func (db *DB) UpdateClient(id int, body types.UpdateClientRequestBody, client *types.Client) error { +func (db *DB) UpdateClient(id uint32, body types.UpdateClientRequestBody, client *types.Client) error { result := db.instance.Where("id = ?", id).First(client, id) if result.Error != nil { @@ -69,7 +69,7 @@ func (db *DB) UpdateClient(id int, body types.UpdateClientRequestBody, client *t return nil } -func (db *DB) DeleteClient(id int) error { +func (db *DB) DeleteClient(id uint32) error { result := db.instance.Delete(&types.Client{}, id) if result.Error != nil { diff --git a/internal/models/user.go b/internal/models/user.go index 990347c..0c481ad 100644 --- a/internal/models/user.go +++ b/internal/models/user.go @@ -37,7 +37,7 @@ func (db *DB) GetUsers() ([]types.User, error) { return users, nil } -func (db *DB) GetUser(id int, user *types.User) error { +func (db *DB) GetUser(id uint32, user *types.User) error { result := db.instance.Where("id = ?", id).First(user, id) if result.Error != nil { @@ -47,7 +47,7 @@ func (db *DB) GetUser(id int, user *types.User) error { return nil } -func (db *DB) UpdateUser(id int, body types.UpdateUserRequestBody, user *types.User) error { +func (db *DB) UpdateUser(id uint32, body types.UpdateUserRequestBody, user *types.User) error { result := db.instance.Where("id = ?", id).First(user, id) if result.Error != nil { @@ -71,7 +71,7 @@ func (db *DB) UpdateUser(id int, body types.UpdateUserRequestBody, user *types.U return nil } -func (db *DB) UpdateUserSecurityDetails(id int, body types.UpdateUserSecurityDetailsBody, user *types.User) error { +func (db *DB) UpdateUserSecurityDetails(id uint32, body types.UpdateUserSecurityDetailsBody, user *types.User) error { result := db.instance.Where("id = ?", id).First(user, id) if result.Error != nil { @@ -102,7 +102,7 @@ func (db *DB) UpdateUserLogo(path string, user *types.User) error { return nil } -func (db *DB) DeleteUser(id int) error { +func (db *DB) DeleteUser(id uint32) error { result := db.instance.Delete(&types.User{}, id) if result.Error != nil {