feat: use postgres to fetch and store user info

2025-11-27 09:42:05 +03:00 · 2025-11-27 09:42:05 +03:00 · 6cbf0afb33
commit 6cbf0afb33
parent 79e8ece948
9 changed files with 175 additions and 42 deletions
--- a/modules/auth/handlers/handlers.go
+++ b/modules/auth/handlers/handlers.go
@ -3,22 +3,21 @@ package handlers
 import (
 	"context"
 	"fmt"
-	"log"
 	"net/http"
 	auth "nyanimedb/auth"
 	sqlc "nyanimedb/sql"
 	"strconv"
 	"time"

+	"github.com/alexedwards/argon2id"
 	"github.com/gin-gonic/gin"
 	"github.com/golang-jwt/jwt/v5"
+	log "github.com/sirupsen/logrus"
 )

 var accessSecret = []byte("my_access_secret_key")
 var refreshSecret = []byte("my_refresh_secret_key")

-var UserDb = make(map[string]string) // TEMP: stores passwords
-
 type Server struct {
 	db *sqlc.Queries
 }
@ -32,6 +31,22 @@ func parseInt64(s string) (int32, error) {
 	return int32(i), err
 }

+func HashPassword(password string) (string, error) {
+	params := &argon2id.Params{
+		Memory:      64 * 1024,
+		Iterations:  3,
+		Parallelism: 2,
+		SaltLength:  16,
+		KeyLength:   32,
+	}
+
+	return argon2id.CreateHash(password, params)
+}
+
+func CheckPassword(password, hash string) (bool, error) {
+	return argon2id.ComparePasswordAndHash(password, hash)
+}
+
 func generateTokens(userID string) (accessToken string, refreshToken string, err error) {
 	accessClaims := jwt.MapClaims{
 		"user_id": userID,
@ -57,19 +72,27 @@ func generateTokens(userID string) (accessToken string, refreshToken string, err
 }

 func (s Server) PostAuthSignUp(ctx context.Context, req auth.PostAuthSignUpRequestObject) (auth.PostAuthSignUpResponseObject, error) {
-	err := ""
-	success := true
-	UserDb[req.Body.Nickname] = req.Body.Pass
+	passhash, err := HashPassword(req.Body.Pass)
+	if err != nil {
+		log.Errorf("failed to hash password: %v", err)
+		// TODO: return 500
+	}
+
+	user_id, err := s.db.CreateNewUser(context.Background(), sqlc.CreateNewUserParams{
+		Passhash: passhash,
+		Nickname: req.Body.Nickname,
+	})
+	if err != nil {
+		log.Errorf("failed to create user %s: %v", req.Body.Nickname, err)
+		// TODO: check err and retyrn 400/500
+	}

 	return auth.PostAuthSignUp200JSONResponse{
-		Error:   &err,
-		Success: &success,
-		UserId:  &req.Body.Nickname,
+		UserId: user_id,
 	}, nil
 }

 func (s Server) PostAuthSignIn(ctx context.Context, req auth.PostAuthSignInRequestObject) (auth.PostAuthSignInResponseObject, error) {
-	// ctx.SetCookie("122")
 	ginCtx, ok := ctx.Value(gin.ContextKey).(*gin.Context)
 	if !ok {
 		log.Print("failed to get gin context")
@ -77,27 +100,38 @@ func (s Server) PostAuthSignIn(ctx context.Context, req auth.PostAuthSignInReque
 		return auth.PostAuthSignIn200JSONResponse{}, fmt.Errorf("failed to get gin.Context from context.Context")
 	}

-	err := ""
+	user, err := s.db.GetUserByNickname(context.Background(), req.Body.Nickname)
+	if err != nil {
+		log.Errorf("failed to get user by nickname %s: %v", req.Body.Nickname, err)
+		// TODO: return 400/500
+	}

-	pass, ok := UserDb[req.Body.Nickname]
-	if !ok || pass != req.Body.Pass {
-		e := "invalid credentials"
+	ok, err = CheckPassword(req.Body.Pass, user.Passhash)
+	if err != nil {
+		log.Errorf("failed to check password for user %s: %v", req.Body.Nickname, err)
+		// TODO: return 500
+	}
+	if !ok {
+		err_msg := "invalid credentials"
 		return auth.PostAuthSignIn401JSONResponse{
-			Error: &e,
+			Error: &err_msg,
 		}, nil
 	}

-	accessToken, refreshToken, _ := generateTokens(req.Body.Nickname)
+	accessToken, refreshToken, err := generateTokens(req.Body.Nickname)
+	if err != nil {
+		log.Errorf("failed to generate tokens for user %s: %v", req.Body.Nickname, err)
+		// TODO: return 500
+	}

+	// TODO: check cookie settings carefully
 	ginCtx.SetSameSite(http.SameSiteStrictMode)
-	ginCtx.SetCookie("access_token", accessToken, 604800, "/auth", "", true, true)
-	ginCtx.SetCookie("refresh_token", refreshToken, 604800, "/api", "", true, true)
+	ginCtx.SetCookie("access_token", accessToken, 604800, "/auth", "", false, true)
+	ginCtx.SetCookie("refresh_token", refreshToken, 604800, "/api", "", false, true)

-	// Return access token; refresh token can be returned in response or HttpOnly cookie
 	result := auth.PostAuthSignIn200JSONResponse{
-		Error:    &err,
-		UserId:   &req.Body.Nickname,
-		UserName: &req.Body.Nickname,
+		UserId:   user.ID,
+		UserName: user.Nickname,
 	}
 	return result, nil
 }
--- a/modules/auth/main.go
+++ b/modules/auth/main.go
@ -1,6 +1,9 @@
 package main

 import (
+	"context"
+	"fmt"
+	"os"
 	"time"

 	auth "nyanimedb/auth"
@ -9,14 +12,22 @@ import (

 	"github.com/gin-contrib/cors"
 	"github.com/gin-gonic/gin"
+	"github.com/jackc/pgx/v5/pgxpool"
 )

 var AppConfig Config

 func main() {
+	// TODO: env args
 	r := gin.Default()

-	var queries *sqlc.Queries = nil
+	pool, err := pgxpool.New(context.Background(), os.Getenv("DATABASE_URL"))
+	if err != nil {
+		fmt.Fprintf(os.Stderr, "Unable to connect to database: %v\n", err)
+		os.Exit(1)
+	}
+
+	var queries *sqlc.Queries = sqlc.New(pool)

 	server := handlers.NewServer(queries)

--- a/modules/auth/queries.sql
+++ b/modules/auth/queries.sql
@ -0,0 +1,11 @@
+-- name: GetUserByNickname :one
+SELECT *
+FROM users
+WHERE nickname = sqlc.arg('nickname');
+
+-- name: CreateNewUser :one
+INSERT 
+INTO users (passhash, nickname) 
+VALUES (sqlc.arg(passhash), sqlc.arg(nickname))
+RETURNING id;
+