refactor: moved hashing logic into application layer for security;
fix: error handling in auth service for database; refactor: removed redundant taken email check; chore: removed todos that were completed/not needed; fix: leaking transactions in complete registration and login on error; refactor: got rid of txless requests during transactions;
This commit is contained in:
@@ -25,6 +25,7 @@ import (
|
||||
"easywish/internal/utils/enums"
|
||||
"errors"
|
||||
|
||||
"github.com/jackc/pgerrcode"
|
||||
"github.com/jackc/pgx/v5"
|
||||
"go.uber.org/zap"
|
||||
)
|
||||
@@ -49,6 +50,8 @@ func (a *authServiceImpl) RegistrationBegin(request models.RegistrationBeginRequ
|
||||
|
||||
var user database.User
|
||||
var generatedCode string
|
||||
var generatedCodeHash string
|
||||
var passwordHash string
|
||||
|
||||
helper, db, _ := database.NewDbHelperTransaction(a.dbctx)
|
||||
defer helper.Rollback()
|
||||
@@ -56,46 +59,37 @@ func (a *authServiceImpl) RegistrationBegin(request models.RegistrationBeginRequ
|
||||
var err error
|
||||
|
||||
if user, err = db.TXQueries.CreateUser(db.CTX, request.Username); err != nil {
|
||||
|
||||
if errs.MatchPgError(err, pgerrcode.UniqueViolation) {
|
||||
a.log.Warn(
|
||||
"Attempted registration for a taken username",
|
||||
zap.String("username", request.Username),
|
||||
zap.Error(err))
|
||||
|
||||
if errors.Is(err, pgx.ErrNoRows) {
|
||||
a.log.Warn(
|
||||
"Attempted registration for a taken username",
|
||||
zap.String("username", request.Username),
|
||||
zap.Error(err))
|
||||
return false, errs.ErrUsernameTaken
|
||||
}
|
||||
return false, errs.ErrUsernameTaken
|
||||
}
|
||||
|
||||
a.log.Error("Failed to add user to database", zap.Error(err))
|
||||
return false, errs.ErrServerError
|
||||
}
|
||||
|
||||
if _, emailerr := db.TXQueries.GetUserByEmail(db.CTX, *request.Email); emailerr == nil {
|
||||
a.log.Warn(
|
||||
"Attempted registration for a taken email",
|
||||
zap.String("email", *request.Email))
|
||||
return false, errs.ErrEmailTaken
|
||||
if passwordHash, err = utils.HashPassword(request.Password); err != nil {
|
||||
a.log.Error("Error on hashing password", zap.Error(err))
|
||||
|
||||
} else if !errors.Is(emailerr, pgx.ErrNoRows) {
|
||||
a.log.Error(
|
||||
"Failed to check if email is not taken",
|
||||
zap.String("email", *request.Email),
|
||||
zap.Error(err))
|
||||
return false, errs.ErrServerError
|
||||
|
||||
} else {
|
||||
a.log.Debug("Verified that email is not taken", zap.String("email", *request.Email))
|
||||
}
|
||||
|
||||
a.log.Info(
|
||||
"Registraion of a new user",
|
||||
zap.String("username", user.Username),
|
||||
zap.Int64("id", user.ID))
|
||||
|
||||
if _, err = db.TXQueries.CreateLoginInformation(db.CTX, database.CreateLoginInformationParams{
|
||||
UserID: user.ID,
|
||||
Email: request.Email,
|
||||
Password: request.Password, // Hashed in database
|
||||
PasswordHash: passwordHash, // Hashed in database
|
||||
}); err != nil {
|
||||
|
||||
if errs.MatchPgError(err, pgerrcode.UniqueViolation) {
|
||||
// Since we've already checked for username previously, only email is left
|
||||
return false, errs.ErrEmailTaken
|
||||
}
|
||||
|
||||
a.log.Error("Failed to add login information for user to database", zap.Error(err))
|
||||
return false, errs.ErrServerError
|
||||
}
|
||||
@@ -104,21 +98,32 @@ func (a *authServiceImpl) RegistrationBegin(request models.RegistrationBeginRequ
|
||||
a.log.Error("Failed to generate a registration code", zap.Error(err))
|
||||
return false, errs.ErrServerError
|
||||
}
|
||||
if generatedCodeHash, err = utils.HashPassword(generatedCode); err != nil {
|
||||
a.log.Error("Failed to hash generated verification code", zap.Error(err))
|
||||
return false, errs.ErrServerError
|
||||
}
|
||||
|
||||
if _, err = db.TXQueries.CreateConfirmationCode(db.CTX, database.CreateConfirmationCodeParams{
|
||||
UserID: user.ID,
|
||||
CodeType: int32(enums.RegistrationCodeType),
|
||||
Code: generatedCode, // Hashed in database
|
||||
CodeHash: generatedCodeHash, // Hashed in database
|
||||
}); err != nil {
|
||||
a.log.Error("Failed to add registration code to database", zap.Error(err))
|
||||
return false, errs.ErrServerError
|
||||
}
|
||||
|
||||
a.log.Info("Registered a new user", zap.String("username", user.Username))
|
||||
a.log.Info(
|
||||
"Registered a new user",
|
||||
zap.String("username", user.Username),
|
||||
zap.Int64("id", user.ID))
|
||||
|
||||
helper.Commit()
|
||||
|
||||
a.log.Debug("Declated registration code for a new user", zap.String("username", user.Username), zap.String("code", generatedCode))
|
||||
// TODO: get rid of this when email verification will start working
|
||||
a.log.Debug(
|
||||
"Declated registration code for a new user",
|
||||
zap.String("username", user.Username),
|
||||
zap.String("code", generatedCode))
|
||||
|
||||
// TODO: Send verification email
|
||||
|
||||
@@ -135,6 +140,7 @@ func (a *authServiceImpl) RegistrationComplete(request models.RegistrationComple
|
||||
var err error
|
||||
|
||||
helper, db, _ := database.NewDbHelperTransaction(a.dbctx)
|
||||
defer helper.Rollback()
|
||||
|
||||
user, err = db.TXQueries.GetUserByUsername(db.CTX, request.Username)
|
||||
|
||||
@@ -154,7 +160,7 @@ func (a *authServiceImpl) RegistrationComplete(request models.RegistrationComple
|
||||
return nil, errs.ErrServerError
|
||||
}
|
||||
|
||||
confirmationCode, err = db.TXQueries.GetConfirmationCodeByCode(db.CTX, database.GetConfirmationCodeByCodeParams{
|
||||
confirmationCode, err = db.TXQueries.GetValidConfirmationCodeByCode(db.CTX, database.GetValidConfirmationCodeByCodeParams{
|
||||
UserID: user.ID,
|
||||
CodeType: int32(enums.RegistrationCodeType),
|
||||
Code: request.VerificationCode,
|
||||
@@ -192,6 +198,7 @@ func (a *authServiceImpl) RegistrationComplete(request models.RegistrationComple
|
||||
}
|
||||
|
||||
err = db.TXQueries.UpdateUser(db.CTX, database.UpdateUserParams{
|
||||
ID: user.ID,
|
||||
Verified: utils.NewPointer(true),
|
||||
})
|
||||
|
||||
@@ -205,7 +212,6 @@ func (a *authServiceImpl) RegistrationComplete(request models.RegistrationComple
|
||||
profile, err = db.TXQueries.CreateProfile(db.CTX, database.CreateProfileParams{
|
||||
UserID: user.ID,
|
||||
Name: request.Name,
|
||||
AvatarUrl: request.AvatarUrl,
|
||||
})
|
||||
|
||||
if err != nil {
|
||||
@@ -262,13 +268,12 @@ func (a *authServiceImpl) RegistrationComplete(request models.RegistrationComple
|
||||
RefreshToken: refreshToken,
|
||||
}}
|
||||
|
||||
return &response, errs.ErrNotImplemented
|
||||
return &response, nil
|
||||
}
|
||||
|
||||
// TODO: totp
|
||||
// TODO: banned user check
|
||||
func (a *authServiceImpl) Login(request models.LoginRequest) (*models.LoginResponse, error) {
|
||||
var userRow database.GetUserByLoginCredentialsRow
|
||||
var userRow database.GetValidUserByLoginCredentialsRow
|
||||
var session database.Session
|
||||
|
||||
helper, db, _ := database.NewDbHelperTransaction(a.dbctx)
|
||||
@@ -276,7 +281,7 @@ func (a *authServiceImpl) Login(request models.LoginRequest) (*models.LoginRespo
|
||||
|
||||
var err error
|
||||
|
||||
userRow, err = db.TXQueries.GetUserByLoginCredentials(db.CTX, database.GetUserByLoginCredentialsParams{
|
||||
userRow, err = db.TXQueries.GetValidUserByLoginCredentials(db.CTX, database.GetValidUserByLoginCredentialsParams{
|
||||
Username: request.Username,
|
||||
Password: request.Password,
|
||||
})
|
||||
@@ -298,7 +303,8 @@ func (a *authServiceImpl) Login(request models.LoginRequest) (*models.LoginRespo
|
||||
return nil, returnedError
|
||||
}
|
||||
|
||||
session, err = db.TXlessQueries.CreateSession(db.CTX, database.CreateSessionParams{
|
||||
session, err = db.TXQueries.CreateSession(db.CTX, database.CreateSessionParams{
|
||||
// TODO: use actual values for session metadata
|
||||
UserID: userRow.ID,
|
||||
Name: utils.NewPointer("New device"),
|
||||
Platform: utils.NewPointer("Unknown"),
|
||||
|
||||
Reference in New Issue
Block a user