DEVELOPMENT ENVIRONMENT

~liljamo/tixe

ref: internal-users-1st-draft tixe/api/login.go -rw-r--r-- 1.4 KiB
c57a862cJonni Liljamo wip: internal users 1 year, 2 months ago 
                                                                                
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56

package api

import (
	"context"
	"log"
	"net/http"
	"tixe/db"

	"github.com/gin-gonic/gin"
	"github.com/matthewhartstonge/argon2"
)

type PostInternalLoginDetails struct {
	Username string `form:"username"`
	Password string `form:"password"`
}

func PostInternalLogin(c *gin.Context) {
	userDetails := &PostInternalLoginDetails{}
	if err := c.Bind(userDetails); err != nil {
		log.Print("[tixe/api/iauth/login] Could not bind login details")
		c.String(http.StatusBadRequest, "could not bind login details")
		return;
	}

	// Fetch user
	var (
		username string
		passwordHash string
	)
	
	err := db.PgPool.QueryRow(context.Background(), "SELECT username, password FROM users WHERE username = $1", userDetails.Username).Scan(&username, &passwordHash)
	if err != nil {
		log.Printf("[tixe/api/iauth/login] WARN: Error querying internal user from database: %s", err.Error())
		c.String(http.StatusUnauthorized, "incorrect details")
		return
	}

	// Verify password
	ok, err := argon2.VerifyEncoded([]byte(userDetails.Password), []byte(passwordHash))
	if err != nil {
		log.Printf("[tixe/api/iauth/login] WARN: Error verifying internal user password: %s", err.Error())
		c.String(http.StatusUnauthorized, "incorrect details")
		return
	}

	if !ok {
		// Password did not match
		c.String(http.StatusUnauthorized, "incorrect details")
		return
	}

	

	c.Redirect(http.StatusTemporaryRedirect, "/")
}