feat: use postgres to fetch and store user info

auth/auth.gen.go

@@ -116,9 +116,8 @@ type PostAuthSignInResponseObject interface {
 }
 
 type PostAuthSignIn200JSONResponse struct {
-	Error    *string `json:"error"`
+	UserId   int64  `json:"user_id"`
-	UserId   *string `json:"user_id"`
+	UserName string `json:"user_name"`
-	UserName *string `json:"user_name"`
 }
 
 func (response PostAuthSignIn200JSONResponse) VisitPostAuthSignInResponse(w http.ResponseWriter) error {
@@ -148,9 +147,7 @@ type PostAuthSignUpResponseObject interface {
 }
 
 type PostAuthSignUp200JSONResponse struct {
-	Error   *string `json:"error"`
+	UserId int64 `json:"user_id"`
-	Success *bool   `json:"success,omitempty"`
-	UserId  *string `json:"user_id"`
 }
 
 func (response PostAuthSignUp200JSONResponse) VisitPostAuthSignUpResponse(w http.ResponseWriter) error {

auth/openapi-auth.yaml

@@ -30,16 +30,13 @@ paths:
           content:
             application/json:
               schema:
+                required:
+                  - user_id
                 type: object
                 properties:
-                  success:
-                    type: boolean
-                  error:
-                    type: string
-                    nullable: true
                   user_id:
-                    type: string
+                    type: integer
-                    nullable: true
+                    format: int64
 
   /auth/sign-in:
     post:
@@ -65,17 +62,16 @@ paths:
           content:
             application/json:
               schema:
+                required:
+                  - user_id
+                  - user_name
                 type: object
                 properties:
-                  error:
-                    type: string
-                    nullable: true
                   user_id:
-                    type: string
+                    type: integer
-                    nullable: true
+                    format: int64
                   user_name:
                     type: string
-                    nullable: true
         "401":
           description: Access denied due to invalid credentials
           content:

go.mod

@@ -3,6 +3,7 @@ module nyanimedb
 go 1.25.0
 
 require (
+	github.com/alexedwards/argon2id v1.0.0
 	github.com/gin-contrib/cors v1.7.6
 	github.com/gin-gonic/gin v1.11.0
 	github.com/golang-jwt/jwt/v5 v5.3.0

go.sum

@@ -1,4 +1,6 @@
 github.com/RaveNoX/go-jsoncommentstrip v1.0.0/go.mod h1:78ihd09MekBnJnxpICcwzCMzGrKSKYe4AqU6PDYYpjk=
+github.com/alexedwards/argon2id v1.0.0 h1:wJzDx66hqWX7siL/SRUmgz3F8YMrd/nfX/xHHcQQP0w=
+github.com/alexedwards/argon2id v1.0.0/go.mod h1:tYKkqIjzXvZdzPvADMWOEZ+l6+BD6CtBXMj5fnJppiw=
 github.com/apapsch/go-jsonmerge/v2 v2.0.0 h1:axGnT1gRIfimI7gJifB699GoE/oq+F2MU7Dml6nw9rQ=
 github.com/apapsch/go-jsonmerge/v2 v2.0.0/go.mod h1:lvDnEdqiQrp0O42VQGgmlKpxL1AP2+08jFMw88y4klk=
 github.com/bmatcuk/doublestar v1.1.1/go.mod h1:UD6OnuiIn0yFxxA2le/rnRU1G4RaI4UvFv1sNto9p6w=
@@ -87,26 +89,64 @@ github.com/twitchyliquid64/golang-asm v0.15.1 h1:SU5vSMR7hnwNxj24w34ZyCi/FmDZTkS
 github.com/twitchyliquid64/golang-asm v0.15.1/go.mod h1:a1lVb/DtPvCB8fslRZhAngC2+aY1QWCk3Cedj/Gdt08=
 github.com/ugorji/go/codec v1.3.0 h1:Qd2W2sQawAfG8XSvzwhBeoGq71zXOC/Q1E9y/wUcsUA=
 github.com/ugorji/go/codec v1.3.0/go.mod h1:pRBVtBSKl77K30Bv8R2P+cLSGaTtex6fsA2Wjqmfxj4=
+github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY=
 go.uber.org/mock v0.5.0 h1:KAMbZvZPyBPWgD14IrIQ38QCyjwpvVVV6K/bHl1IwQU=
 go.uber.org/mock v0.5.0/go.mod h1:ge71pBPLYDk7QIi1LupWxdAykm7KIEFchiOqd6z7qMM=
 golang.org/x/arch v0.20.0 h1:dx1zTU0MAE98U+TQ8BLl7XsJbgze2WnNKF/8tGp/Q6c=
 golang.org/x/arch v0.20.0/go.mod h1:bdwinDaKcfZUGpH09BB7ZmOfhalA8lQdzl62l8gGWsk=
+golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
+golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
+golang.org/x/crypto v0.14.0/go.mod h1:MVFd36DqK4CsrnJYDkBA3VC4m2GkXAM0PvzMCn4JQf4=
 golang.org/x/crypto v0.40.0 h1:r4x+VvoG5Fm+eJcxMaY8CQM7Lb0l1lsmjGBQ6s8BfKM=
 golang.org/x/crypto v0.40.0/go.mod h1:Qr1vMER5WyS2dfPHAlsOj01wgLbsyWtFn/aY+5+ZdxY=
+golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4=
+golang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs=
 golang.org/x/mod v0.25.0 h1:n7a+ZbQKQA/Ysbyb0/6IbB1H/X41mKgbhfv7AfG/44w=
 golang.org/x/mod v0.25.0/go.mod h1:IXM97Txy2VM4PJ3gI61r1YEk/gAj6zAHN3AdZt6S9Ww=
+golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
+golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
+golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c=
+golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs=
+golang.org/x/net v0.10.0/go.mod h1:0qNGK6F8kojg2nk9dLZ2mShWaEBan6FAoqfSigmmuDg=
 golang.org/x/net v0.42.0 h1:jzkYrhi3YQWD6MLBJcsklgQsoAcw89EcZbJw8Z614hs=
 golang.org/x/net v0.42.0/go.mod h1:FF1RA5d3u7nAYA4z2TkclSCKh68eSXtiFwcWQpPXdt8=
+golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.16.0 h1:ycBJEhp9p4vXvUZNszeOq0kGTPghopOL8q0fq3vstxw=
 golang.org/x/sync v0.16.0/go.mod h1:1dzgHSNfp02xaA81J2MS99Qcpr2w7fw1gpm99rleRqA=
+golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
+golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.8.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.13.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.35.0 h1:vz1N37gP5bs89s7He8XuIYXpyY0+QlsKmzipCbUtyxI=
 golang.org/x/sys v0.35.0/go.mod h1:BJP2sWEmIv4KK5OTEluFJCKSidICx8ciO85XgH3Ak8k=
+golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
+golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
+golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k=
+golang.org/x/term v0.8.0/go.mod h1:xPskH00ivmX89bAKVGSKKtLOWNx2+17Eiy94tnKShWo=
+golang.org/x/term v0.13.0/go.mod h1:LTmsnFJwVN6bCy1rVCoS+qHT1HhALEFxKncY3WNNh4U=
+golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
+golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
+golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ=
+golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
+golang.org/x/text v0.9.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8=
+golang.org/x/text v0.13.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE=
 golang.org/x/text v0.27.0 h1:4fGWRpyh641NLlecmyl4LOe6yDdfaYNrGb2zdfo4JV4=
 golang.org/x/text v0.27.0/go.mod h1:1D28KMCvyooCX9hBiosv5Tz/+YLxj0j7XhWjpSUF7CU=
+golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
+golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
+golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc=
+golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU=
 golang.org/x/tools v0.34.0 h1:qIpSLOxeCYGg9TrcJokLBG4KFA6d795g0xkBkiESGlo=
 golang.org/x/tools v0.34.0/go.mod h1:pAP9OwEaY1CAW3HOmg3hLZC5Z0CCmzjAF2UQMSqNARg=
+golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 google.golang.org/protobuf v1.36.9 h1:w2gp2mA27hUeUzj9Ex9FBjsBm40zfaDtEWow293U7Iw=
 google.golang.org/protobuf v1.36.9/go.mod h1:fuxRtAxBytpl4zzqUh6/eyUujkJdNiuEkXntxiD/uRU=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=

modules/auth/handlers/handlers.go

@@ -3,22 +3,21 @@ package handlers
 import (
 	"context"
 	"fmt"
-	"log"
 	"net/http"
 	auth "nyanimedb/auth"
 	sqlc "nyanimedb/sql"
 	"strconv"
 	"time"
 
+	"github.com/alexedwards/argon2id"
 	"github.com/gin-gonic/gin"
 	"github.com/golang-jwt/jwt/v5"
+	log "github.com/sirupsen/logrus"
 )
 
 var accessSecret = []byte("my_access_secret_key")
 var refreshSecret = []byte("my_refresh_secret_key")
 
-var UserDb = make(map[string]string) // TEMP: stores passwords
-
 type Server struct {
 	db *sqlc.Queries
 }
@@ -32,6 +31,22 @@ func parseInt64(s string) (int32, error) {
 	return int32(i), err
 }
 
+func HashPassword(password string) (string, error) {
+	params := &argon2id.Params{
+		Memory:      64 * 1024,
+		Iterations:  3,
+		Parallelism: 2,
+		SaltLength:  16,
+		KeyLength:   32,
+	}
+
+	return argon2id.CreateHash(password, params)
+}
+
+func CheckPassword(password, hash string) (bool, error) {
+	return argon2id.ComparePasswordAndHash(password, hash)
+}
+
 func generateTokens(userID string) (accessToken string, refreshToken string, err error) {
 	accessClaims := jwt.MapClaims{
 		"user_id": userID,
@@ -57,19 +72,27 @@ func generateTokens(userID string) (accessToken string, refreshToken string, err
 }
 
 func (s Server) PostAuthSignUp(ctx context.Context, req auth.PostAuthSignUpRequestObject) (auth.PostAuthSignUpResponseObject, error) {
-	err := ""
+	passhash, err := HashPassword(req.Body.Pass)
-	success := true
+	if err != nil {
-	UserDb[req.Body.Nickname] = req.Body.Pass
+		log.Errorf("failed to hash password: %v", err)
+		// TODO: return 500
+	}
+
+	user_id, err := s.db.CreateNewUser(context.Background(), sqlc.CreateNewUserParams{
+		Passhash: passhash,
+		Nickname: req.Body.Nickname,
+	})
+	if err != nil {
+		log.Errorf("failed to create user %s: %v", req.Body.Nickname, err)
+		// TODO: check err and retyrn 400/500
+	}
 
 	return auth.PostAuthSignUp200JSONResponse{
-		Error:   &err,
+		UserId: user_id,
-		Success: &success,
-		UserId:  &req.Body.Nickname,
 	}, nil
 }
 
 func (s Server) PostAuthSignIn(ctx context.Context, req auth.PostAuthSignInRequestObject) (auth.PostAuthSignInResponseObject, error) {
-	// ctx.SetCookie("122")
 	ginCtx, ok := ctx.Value(gin.ContextKey).(*gin.Context)
 	if !ok {
 		log.Print("failed to get gin context")
@@ -77,27 +100,38 @@ func (s Server) PostAuthSignIn(ctx context.Context, req auth.PostAuthSignInReque
 		return auth.PostAuthSignIn200JSONResponse{}, fmt.Errorf("failed to get gin.Context from context.Context")
 	}
 
-	err := ""
+	user, err := s.db.GetUserByNickname(context.Background(), req.Body.Nickname)
+	if err != nil {
+		log.Errorf("failed to get user by nickname %s: %v", req.Body.Nickname, err)
+		// TODO: return 400/500
+	}
 
-	pass, ok := UserDb[req.Body.Nickname]
+	ok, err = CheckPassword(req.Body.Pass, user.Passhash)
-	if !ok || pass != req.Body.Pass {
+	if err != nil {
-		e := "invalid credentials"
+		log.Errorf("failed to check password for user %s: %v", req.Body.Nickname, err)
+		// TODO: return 500
+	}
+	if !ok {
+		err_msg := "invalid credentials"
 		return auth.PostAuthSignIn401JSONResponse{
-			Error: &e,
+			Error: &err_msg,
 		}, nil
 	}
 
-	accessToken, refreshToken, _ := generateTokens(req.Body.Nickname)
+	accessToken, refreshToken, err := generateTokens(req.Body.Nickname)
+	if err != nil {
+		log.Errorf("failed to generate tokens for user %s: %v", req.Body.Nickname, err)
+		// TODO: return 500
+	}
 
+	// TODO: check cookie settings carefully
 	ginCtx.SetSameSite(http.SameSiteStrictMode)
-	ginCtx.SetCookie("access_token", accessToken, 604800, "/auth", "", true, true)
+	ginCtx.SetCookie("access_token", accessToken, 604800, "/auth", "", false, true)
-	ginCtx.SetCookie("refresh_token", refreshToken, 604800, "/api", "", true, true)
+	ginCtx.SetCookie("refresh_token", refreshToken, 604800, "/api", "", false, true)
 
-	// Return access token; refresh token can be returned in response or HttpOnly cookie
 	result := auth.PostAuthSignIn200JSONResponse{
-		Error:    &err,
+		UserId:   user.ID,
-		UserId:   &req.Body.Nickname,
+		UserName: user.Nickname,
-		UserName: &req.Body.Nickname,
 	}
 	return result, nil
 }

modules/auth/main.go

@@ -1,6 +1,9 @@
 package main
 
 import (
+	"context"
+	"fmt"
+	"os"
 	"time"
 
 	auth "nyanimedb/auth"
@@ -9,14 +12,22 @@ import (
 
 	"github.com/gin-contrib/cors"
 	"github.com/gin-gonic/gin"
+	"github.com/jackc/pgx/v5/pgxpool"
 )
 
 var AppConfig Config
 
 func main() {
+	// TODO: env args
 	r := gin.Default()
 
-	var queries *sqlc.Queries = nil
+	pool, err := pgxpool.New(context.Background(), os.Getenv("DATABASE_URL"))
+	if err != nil {
+		fmt.Fprintf(os.Stderr, "Unable to connect to database: %v\n", err)
+		os.Exit(1)
+	}
+
+	var queries *sqlc.Queries = sqlc.New(pool)
 
 	server := handlers.NewServer(queries)
 

modules/auth/queries.sql

@@ -0,0 +1,11 @@
+-- name: GetUserByNickname :one
+SELECT *
+FROM users
+WHERE nickname = sqlc.arg('nickname');
+
+-- name: CreateNewUser :one
+INSERT 
+INTO users (passhash, nickname) 
+VALUES (sqlc.arg(passhash), sqlc.arg(nickname))
+RETURNING id;
+

sql/queries.sql.go

@@ -55,6 +55,25 @@ func (q *Queries) DeleteUserTitle(ctx context.Context, arg DeleteUserTitleParams
 	return i, err
 }
 
+const createNewUser = `-- name: CreateNewUser :one
+INSERT 
+INTO users (passhash, nickname) 
+VALUES ($1, $2)
+RETURNING id
+`
+
+type CreateNewUserParams struct {
+	Passhash string `json:"passhash"`
+	Nickname string `json:"nickname"`
+}
+
+func (q *Queries) CreateNewUser(ctx context.Context, arg CreateNewUserParams) (int64, error) {
+	row := q.db.QueryRow(ctx, createNewUser, arg.Passhash, arg.Nickname)
+	var id int64
+	err := row.Scan(&id)
+	return id, err
+}
+
 const getImageByID = `-- name: GetImageByID :one
 SELECT id, storage_type, image_path
 FROM images
@@ -262,6 +281,29 @@ func (q *Queries) GetUserByID(ctx context.Context, id int64) (GetUserByIDRow, er
 	return i, err
 }
 
+const getUserByNickname = `-- name: GetUserByNickname :one
+SELECT id, avatar_id, passhash, mail, nickname, disp_name, user_desc, creation_date, last_login
+FROM users
+WHERE nickname = $1
+`
+
+func (q *Queries) GetUserByNickname(ctx context.Context, nickname string) (User, error) {
+	row := q.db.QueryRow(ctx, getUserByNickname, nickname)
+	var i User
+	err := row.Scan(
+		&i.ID,
+		&i.AvatarID,
+		&i.Passhash,
+		&i.Mail,
+		&i.Nickname,
+		&i.DispName,
+		&i.UserDesc,
+		&i.CreationDate,
+		&i.LastLogin,
+	)
+	return i, err
+}
+
 const insertStudio = `-- name: InsertStudio :one
 INSERT INTO studios (studio_name, illust_id, studio_desc)
 VALUES (

sql/sqlc.yaml

@@ -3,6 +3,7 @@ sql:
   - engine: "postgresql"
     queries: 
       - "../modules/backend/queries.sql"
+      - "../modules/auth/queries.sql"
     schema: "migrations"
     gen:
       go: