memos/server/auth.go

package server

import (
	"encoding/json"
	"fmt"
	"net/http"

	"github.com/usememos/memos/api"
	"github.com/usememos/memos/common"

	"github.com/labstack/echo/v4"
	"golang.org/x/crypto/bcrypt"
)

func (s *Server) registerAuthRoutes(g *echo.Group) {
	g.POST("/auth/signin", func(c echo.Context) error {
		ctx := c.Request().Context()
		signin := &api.Signin{}
		if err := json.NewDecoder(c.Request().Body).Decode(signin); err != nil {
			return echo.NewHTTPError(http.StatusBadRequest, "Malformatted signin request").SetInternal(err)
		}

		userFind := &api.UserFind{
			Email: &signin.Email,
		}
		user, err := s.Store.FindUser(ctx, userFind)
		if err != nil && common.ErrorCode(err) != common.NotFound {
			return echo.NewHTTPError(http.StatusInternalServerError, fmt.Sprintf("Failed to find user by email %s", signin.Email)).SetInternal(err)
		}
		if user == nil {
			return echo.NewHTTPError(http.StatusUnauthorized, fmt.Sprintf("User not found with email %s", signin.Email))
		} else if user.RowStatus == api.Archived {
			return echo.NewHTTPError(http.StatusForbidden, fmt.Sprintf("User has been archived with email %s", signin.Email))
		}

		// Compare the stored hashed password, with the hashed version of the password that was received.
		if err := bcrypt.CompareHashAndPassword([]byte(user.PasswordHash), []byte(signin.Password)); err != nil {
			// If the two passwords don't match, return a 401 status.
			return echo.NewHTTPError(http.StatusUnauthorized, "Incorrect password").SetInternal(err)
		}

		if err = setUserSession(c, user); err != nil {
			return echo.NewHTTPError(http.StatusInternalServerError, "Failed to set signin session").SetInternal(err)
		}

		c.Response().Header().Set(echo.HeaderContentType, echo.MIMEApplicationJSONCharsetUTF8)
		if err := json.NewEncoder(c.Response().Writer).Encode(composeResponse(user)); err != nil {
			return echo.NewHTTPError(http.StatusInternalServerError, "Failed to encode user response").SetInternal(err)
		}
		return nil
	})

	g.POST("/auth/logout", func(c echo.Context) error {
		err := removeUserSession(c)
		if err != nil {
			return echo.NewHTTPError(http.StatusInternalServerError, "Failed to set logout session").SetInternal(err)
		}

		c.Response().WriteHeader(http.StatusOK)
		return nil
	})

	g.POST("/auth/signup", func(c echo.Context) error {
		ctx := c.Request().Context()
		// Don't allow to signup by this api if site host existed.
		hostUserType := api.Host
		hostUserFind := api.UserFind{
			Role: &hostUserType,
		}
		hostUser, err := s.Store.FindUser(ctx, &hostUserFind)
		if err != nil && common.ErrorCode(err) != common.NotFound {
			return echo.NewHTTPError(http.StatusInternalServerError, "Failed to find host user").SetInternal(err)
		}
		if hostUser != nil {
			return echo.NewHTTPError(http.StatusUnauthorized, "Site Host existed, please contact the site host to signin account firstly.").SetInternal(err)
		}

		signup := &api.Signup{}
		if err := json.NewDecoder(c.Request().Body).Decode(signup); err != nil {
			return echo.NewHTTPError(http.StatusBadRequest, "Malformatted signup request").SetInternal(err)
		}

		userCreate := &api.UserCreate{
			Email:    signup.Email,
			Role:     api.Role(signup.Role),
			Name:     signup.Name,
			Password: signup.Password,
			OpenID:   common.GenUUID(),
		}
		if err := userCreate.Validate(); err != nil {
			return echo.NewHTTPError(http.StatusBadRequest, "Invalid user create format.").SetInternal(err)
		}

		passwordHash, err := bcrypt.GenerateFromPassword([]byte(signup.Password), bcrypt.DefaultCost)
		if err != nil {
			return echo.NewHTTPError(http.StatusInternalServerError, "Failed to generate password hash").SetInternal(err)
		}

		userCreate.PasswordHash = string(passwordHash)

		user, err := s.Store.CreateUser(ctx, userCreate)
		if err != nil {
			return echo.NewHTTPError(http.StatusInternalServerError, "Failed to create user").SetInternal(err)
		}

		err = setUserSession(c, user)
		if err != nil {
			return echo.NewHTTPError(http.StatusInternalServerError, "Failed to set signup session").SetInternal(err)
		}

		c.Response().Header().Set(echo.HeaderContentType, echo.MIMEApplicationJSONCharsetUTF8)
		if err := json.NewEncoder(c.Response().Writer).Encode(composeResponse(user)); err != nil {
			return echo.NewHTTPError(http.StatusInternalServerError, "Failed to encode created user response").SetInternal(err)
		}
		return nil
	})
}
refactor: backend 2022-02-03 15:32:03 +08:00			`package server`

			`import (`
chore(go): use `json` instead of `jsonapi` 2022-02-04 16:51:48 +08:00			`"encoding/json"`
refactor: backend 2022-02-03 15:32:03 +08:00			`"fmt"`
			`"net/http"`

chore: rename module 2022-06-27 22:09:06 +08:00			`"github.com/usememos/memos/api"`
			`"github.com/usememos/memos/common"`

refactor: backend 2022-02-03 15:32:03 +08:00			`"github.com/labstack/echo/v4"`
feat: user hash password 2022-02-06 16:19:20 +08:00			`"golang.org/x/crypto/bcrypt"`
refactor: backend 2022-02-03 15:32:03 +08:00			`)`

			`func (s Server) registerAuthRoutes(g echo.Group) {`
refactor: visitor view (#107) * refactor: update api * refactor: visitor view * chore: update seed data 2022-07-07 23:11:20 +08:00			`g.POST("/auth/signin", func(c echo.Context) error {`
chore: use `tx` for user store 2022-08-07 09:23:46 +08:00			`ctx := c.Request().Context()`
refactor: visitor view (#107) * refactor: update api * refactor: visitor view * chore: update seed data 2022-07-07 23:11:20 +08:00			`signin := &api.Signin{}`
			`if err := json.NewDecoder(c.Request().Body).Decode(signin); err != nil {`
			`return echo.NewHTTPError(http.StatusBadRequest, "Malformatted signin request").SetInternal(err)`
refactor: backend 2022-02-03 15:32:03 +08:00			`}`

			`userFind := &api.UserFind{`
refactor: visitor view (#107) * refactor: update api * refactor: visitor view * chore: update seed data 2022-07-07 23:11:20 +08:00			`Email: &signin.Email,`
refactor: backend 2022-02-03 15:32:03 +08:00			`}`
chore: use `tx` for user store 2022-08-07 09:23:46 +08:00			`user, err := s.Store.FindUser(ctx, userFind)`
chore: release `v0.4.3` 2022-09-09 20:00:04 +08:00			`if err != nil && common.ErrorCode(err) != common.NotFound {`
refactor: visitor view (#107) * refactor: update api * refactor: visitor view * chore: update seed data 2022-07-07 23:11:20 +08:00			`return echo.NewHTTPError(http.StatusInternalServerError, fmt.Sprintf("Failed to find user by email %s", signin.Email)).SetInternal(err)`
refactor: backend 2022-02-03 15:32:03 +08:00			`}`
			`if user == nil {`
refactor: visitor view (#107) * refactor: update api * refactor: visitor view * chore: update seed data 2022-07-07 23:11:20 +08:00			`return echo.NewHTTPError(http.StatusUnauthorized, fmt.Sprintf("User not found with email %s", signin.Email))`
refactor: raw struct for store 2022-05-19 18:32:04 +08:00			`} else if user.RowStatus == api.Archived {`
refactor: visitor view (#107) * refactor: update api * refactor: visitor view * chore: update seed data 2022-07-07 23:11:20 +08:00			`return echo.NewHTTPError(http.StatusForbidden, fmt.Sprintf("User has been archived with email %s", signin.Email))`
refactor: backend 2022-02-03 15:32:03 +08:00			`}`

feat: user hash password 2022-02-06 16:19:20 +08:00			`// Compare the stored hashed password, with the hashed version of the password that was received.`
refactor: visitor view (#107) * refactor: update api * refactor: visitor view * chore: update seed data 2022-07-07 23:11:20 +08:00			`if err := bcrypt.CompareHashAndPassword([]byte(user.PasswordHash), []byte(signin.Password)); err != nil {`
feat: user hash password 2022-02-06 16:19:20 +08:00			`// If the two passwords don't match, return a 401 status.`
			`return echo.NewHTTPError(http.StatusUnauthorized, "Incorrect password").SetInternal(err)`
refactor: backend 2022-02-03 15:32:03 +08:00			`}`

chore: clean server 2022-03-29 00:01:34 +08:00			`if err = setUserSession(c, user); err != nil {`
refactor: visitor view (#107) * refactor: update api * refactor: visitor view * chore: update seed data 2022-07-07 23:11:20 +08:00			`return echo.NewHTTPError(http.StatusInternalServerError, "Failed to set signin session").SetInternal(err)`
fix: get&set session 2022-02-04 00:56:44 +08:00			`}`

refactor: backend 2022-02-03 15:32:03 +08:00			`c.Response().Header().Set(echo.HeaderContentType, echo.MIMEApplicationJSONCharsetUTF8)`
feat: compose response data 2022-02-04 17:06:04 +08:00			`if err := json.NewEncoder(c.Response().Writer).Encode(composeResponse(user)); err != nil {`
chore: address comments 2022-02-05 11:43:25 +08:00			`return echo.NewHTTPError(http.StatusInternalServerError, "Failed to encode user response").SetInternal(err)`
refactor: backend 2022-02-03 15:32:03 +08:00			`}`
			`return nil`
			`})`
chore: format server code 2022-02-18 22:21:10 +08:00
refactor: backend 2022-02-03 15:32:03 +08:00			`g.POST("/auth/logout", func(c echo.Context) error {`
fix: get&set session 2022-02-04 00:56:44 +08:00			`err := removeUserSession(c)`
			`if err != nil {`
			`return echo.NewHTTPError(http.StatusInternalServerError, "Failed to set logout session").SetInternal(err)`
			`}`
refactor: backend 2022-02-03 15:32:03 +08:00
			`c.Response().WriteHeader(http.StatusOK)`
			`return nil`
			`})`
chore: format server code 2022-02-18 22:21:10 +08:00
refactor: backend 2022-02-03 15:32:03 +08:00			`g.POST("/auth/signup", func(c echo.Context) error {`
chore: use `tx` for user store 2022-08-07 09:23:46 +08:00			`ctx := c.Request().Context()`
chore: rename user role (#108) * chore: rename user role to `host` * chore: related frontend changes * chore: fix migration file * chore: use tricky sql 2022-07-08 22:16:18 +08:00			`// Don't allow to signup by this api if site host existed.`
			`hostUserType := api.Host`
			`hostUserFind := api.UserFind{`
			`Role: &hostUserType,`
feat: add user role field (#49) * feat: add user role field * chore: fix typo * feat: update signup api 2022-05-15 10:57:54 +08:00			`}`
chore: use `tx` for user store 2022-08-07 09:23:46 +08:00			`hostUser, err := s.Store.FindUser(ctx, &hostUserFind)`
chore: release `v0.4.3` 2022-09-09 20:00:04 +08:00			`if err != nil && common.ErrorCode(err) != common.NotFound {`
chore: rename user role (#108) * chore: rename user role to `host` * chore: related frontend changes * chore: fix migration file * chore: use tricky sql 2022-07-08 22:16:18 +08:00			`return echo.NewHTTPError(http.StatusInternalServerError, "Failed to find host user").SetInternal(err)`
feat: add user role field (#49) * feat: add user role field * chore: fix typo * feat: update signup api 2022-05-15 10:57:54 +08:00			`}`
chore: rename user role (#108) * chore: rename user role to `host` * chore: related frontend changes * chore: fix migration file * chore: use tricky sql 2022-07-08 22:16:18 +08:00			`if hostUser != nil {`
			`return echo.NewHTTPError(http.StatusUnauthorized, "Site Host existed, please contact the site host to signin account firstly.").SetInternal(err)`
feat: add user role field (#49) * feat: add user role field * chore: fix typo * feat: update signup api 2022-05-15 10:57:54 +08:00			`}`

refactor: backend 2022-02-03 15:32:03 +08:00			`signup := &api.Signup{}`
chore(go): use `json` instead of `jsonapi` 2022-02-04 16:51:48 +08:00			`if err := json.NewDecoder(c.Request().Body).Decode(signup); err != nil {`
fix: get&set session 2022-02-04 00:56:44 +08:00			`return echo.NewHTTPError(http.StatusBadRequest, "Malformatted signup request").SetInternal(err)`
refactor: backend 2022-02-03 15:32:03 +08:00			`}`

chore: update user create validator 2022-08-20 21:03:15 +08:00			`userCreate := &api.UserCreate{`
			`Email: signup.Email,`
			`Role: api.Role(signup.Role),`
			`Name: signup.Name,`
			`Password: signup.Password,`
			`OpenID: common.GenUUID(),`
feat: add user role field (#49) * feat: add user role field * chore: fix typo * feat: update signup api 2022-05-15 10:57:54 +08:00			`}`
chore: update user create validator 2022-08-20 21:03:15 +08:00			`if err := userCreate.Validate(); err != nil {`
			`return echo.NewHTTPError(http.StatusBadRequest, "Invalid user create format.").SetInternal(err)`
feat: user hash password 2022-02-06 16:19:20 +08:00			`}`

			`passwordHash, err := bcrypt.GenerateFromPassword([]byte(signup.Password), bcrypt.DefaultCost)`
			`if err != nil {`
			`return echo.NewHTTPError(http.StatusInternalServerError, "Failed to generate password hash").SetInternal(err)`
			`}`

chore: update user create validator 2022-08-20 21:03:15 +08:00			`userCreate.PasswordHash = string(passwordHash)`

chore: use `tx` for user store 2022-08-07 09:23:46 +08:00			`user, err := s.Store.CreateUser(ctx, userCreate)`
refactor: backend 2022-02-03 15:32:03 +08:00			`if err != nil {`
			`return echo.NewHTTPError(http.StatusInternalServerError, "Failed to create user").SetInternal(err)`
			`}`

fix: get&set session 2022-02-04 00:56:44 +08:00			`err = setUserSession(c, user)`
			`if err != nil {`
			`return echo.NewHTTPError(http.StatusInternalServerError, "Failed to set signup session").SetInternal(err)`
			`}`

refactor: backend 2022-02-03 15:32:03 +08:00			`c.Response().Header().Set(echo.HeaderContentType, echo.MIMEApplicationJSONCharsetUTF8)`
feat: compose response data 2022-02-04 17:06:04 +08:00			`if err := json.NewEncoder(c.Response().Writer).Encode(composeResponse(user)); err != nil {`
chore: address comments 2022-02-05 11:43:25 +08:00			`return echo.NewHTTPError(http.StatusInternalServerError, "Failed to encode created user response").SetInternal(err)`
refactor: backend 2022-02-03 15:32:03 +08:00			`}`
			`return nil`
			`})`
			`}`