user create/insert into users table, pgxpool defer moved to top of app, me.tmpl.html, secret hashing with argon2id, updated migrations

6 files changed, 171 insertions, 22 deletions

diff --git a/src/db/db.go b/src/db/db.go
index 2b72382..6f617c2 100644
--- a/src/db/db.go
+++ b/src/db/db.go
@@ -2,8 +2,11 @@ package db
 
 import (
 	"context"
+	"fmt"
 	"log"
+	"strings"
 
+	"github.com/jackc/pgx/v5"
 	"github.com/jackc/pgx/v5/pgxpool"
 
 	"gitlab.com/alexkavon/newsstand/src/conf"
@@ -18,7 +21,6 @@ func NewDb(config *conf.Conf) *Database {
 	if err != nil {
 		log.Fatal(err)
 	}
-	defer pool.Close()
 
 	var testquery string
 	err = pool.QueryRow(context.Background(), "select 'Hello, PostgreSQL!'").Scan(&testquery)
@@ -30,3 +32,29 @@ func NewDb(config *conf.Conf) *Database {
 		p: pool,
 	}
 }
+
+func (d *Database) InsertTable(table string, columns []string, values pgx.NamedArgs) error {
+	columnstr := stringifyColumns(columns, "")
+	valuesstr := stringifyColumns(columns, "@")
+	query := fmt.Sprintf("INSERT INTO %s (%s) VALUES (%s) RETURNING *", table, columnstr, valuesstr)
+	log.Println(query, values)
+	ctx := context.Background()
+	row, err := d.p.Exec(ctx, query, values)
+	if err != nil {
+		return err
+	}
+	log.Println("Row", row)
+	return nil
+}
+
+func (d *Database) Close() {
+	d.p.Close()
+}
+
+func stringifyColumns(columns []string, prefix string) string {
+	ncolumns := []string{}
+	for _, v := range columns {
+		ncolumns = append(ncolumns, fmt.Sprintf("%s%s", prefix, v))
+	}
+	return strings.Join(ncolumns, ", ")
+}
diff --git a/src/main.go b/src/main.go
index 0687aae..4dc2caf 100644
--- a/src/main.go
+++ b/src/main.go
@@ -12,7 +12,9 @@ func main() {
 	config := conf.NewConf()
 	// connect database
 	// start server
-	s := server.NewServer(config, db.NewDb(config))
+	database := db.NewDb(config)
+	defer database.Close()
+	s := server.NewServer(config, database)
 	s.BuildUi()
 	routers := []server.Routes{
 		user.Routes,
diff --git a/src/server/server.go b/src/server/server.go
index 9cb2a3f..c483069 100644
--- a/src/server/server.go
+++ b/src/server/server.go
@@ -4,23 +4,26 @@ import (
 	"net/http"
 
 	"github.com/go-chi/chi/v5"
+	"github.com/google/uuid"
 	"gitlab.com/alexkavon/newsstand/src/conf"
 	"gitlab.com/alexkavon/newsstand/src/db"
 )
 
 type Server struct {
-	Router *chi.Mux
-	Db     *db.Database
-	Config *conf.Conf
-	Ui     Ui
+	Router   *chi.Mux
+	Db       *db.Database
+	Config   *conf.Conf
+	Ui       Ui
+	Sessions map[string]session
 }
 
 func NewServer(config *conf.Conf, database *db.Database) *Server {
 	return &Server{
-		Router: NewRouter(config),
-		Db:     database,
-		Config: config,
-		Ui:     NewUi(config),
+		Router:   NewRouter(config),
+		Db:       database,
+		Config:   config,
+		Ui:       NewUi(config),
+		Sessions: map[string]session{},
 	}
 }
 
@@ -37,3 +40,15 @@ func (s *Server) RegisterRoutes(routes Routes) {
 func (s *Server) Serve() {
 	http.ListenAndServe(":"+s.Config.Server.Port, s.Router)
 }
+
+func (s *Server) NewSession(w http.ResponseWriter, username string) {
+	token := uuid.NewString()
+	s.Sessions[token] = session{
+		username: username,
+	}
+
+	http.SetCookie(w, &http.Cookie{
+		Name:  "session_token",
+		Value: token,
+	})
+}
diff --git a/src/server/session.go b/src/server/session.go
new file mode 100644
index 0000000..3a12215
--- /dev/null
+++ b/src/server/session.go
@@ -0,0 +1,9 @@
+package server
+
+type session struct {
+	username string
+}
+
+func (s *session) Username() string {
+	return s.username
+}
diff --git a/src/user/routes.go b/src/user/routes.go
index f826822..64018d0 100644
--- a/src/user/routes.go
+++ b/src/user/routes.go
@@ -1,9 +1,10 @@
 package user
 
 import (
-	"fmt"
+	"log"
 	"net/http"
 
+	"github.com/go-playground/validator/v10"
 	"gitlab.com/alexkavon/newsstand/src/server"
 )
 
@@ -11,7 +12,7 @@ var Routes = server.Routes{
 	server.Route{
 		Name:        "Create",
 		Method:      "GET",
-		Path:        "/user/create",
+		Path:        "/u/create",
 		HandlerFunc: Create,
 	},
 	server.Route{
@@ -23,19 +24,19 @@ var Routes = server.Routes{
 	server.Route{
 		Name:        "LoginForm",
 		Method:      "GET",
-		Path:        "/user/auth",
+		Path:        "/u/auth",
 		HandlerFunc: LoginForm,
 	},
 	server.Route{
 		Name:        "Authenticate",
 		Method:      "POST",
-		Path:        "/user/auth",
+		Path:        "/u/auth",
 		HandlerFunc: Authenticate,
 	},
 	server.Route{
 		Name:         "Me",
 		Method:       "GET",
-		Path:         "/user/me",
+		Path:         "/u/me",
 		AuthRequired: true,
 		HandlerFunc:  Show,
 	},
@@ -50,8 +51,36 @@ func Create(s *server.Server) http.HandlerFunc {
 func Store(s *server.Server) http.HandlerFunc {
 	return func(w http.ResponseWriter, r *http.Request) {
 		r.ParseForm()
-		fmt.Println(r.PostForm)
-		s.Ui.RenderTemplate(w, "core", "messages", &struct{ Message string }{Message: "Congrats"})
+
+		user := &User{
+			Db:       s.Db,
+			Username: r.PostFormValue("username"),
+			Secret:   r.PostFormValue("secret"),
+			Email:    r.PostFormValue("email"),
+		}
+		// Validate User Input
+		v := validator.New()
+		err := v.Struct(user)
+		if err != nil {
+			log.Println("Validator failed", err.(validator.ValidationErrors))
+		}
+
+		// Hash secret
+		err = user.HashSecret()
+		if err != nil {
+			log.Println("Hash failure", err)
+		}
+
+		// Store user
+		err = user.Insert()
+		if err != nil {
+			log.Println("Insert Error", err)
+		}
+		// Send email validation
+		// Create cookie session
+		s.NewSession(w, user.Username)
+		// Redirect to user profile
+		http.Redirect(w, r, "/u/me", http.StatusSeeOther)
 	}
 }
 
@@ -66,5 +95,16 @@ func Authenticate(s *server.Server) http.HandlerFunc {
 }
 
 func Show(s *server.Server) http.HandlerFunc {
-	return func(w http.ResponseWriter, r *http.Request) {}
+	return func(w http.ResponseWriter, r *http.Request) {
+		token, err := r.Cookie("session_token")
+		if err != nil {
+			s.Ui.Render(w, "user/login", &struct{ Message string }{"You are not logged in! Missing Cookie"})
+		}
+		session, ok := s.Sessions[token.Value]
+		if !ok {
+			s.Ui.Render(w, "user/login", &struct{ Message string }{"You are not logged in! With Session."})
+		}
+
+		s.Ui.Render(w, "user/me", &struct{ Message, Username string }{"Congrats on getting this far!", session.Username()})
+	}
 }
diff --git a/src/user/user.go b/src/user/user.go
index 83e39e3..e35c7c5 100644
--- a/src/user/user.go
+++ b/src/user/user.go
@@ -1,18 +1,73 @@
 package user
 
 import (
-	"errors"
+	"crypto/rand"
+	"encoding/base64"
+	"fmt"
 	"time"
+
+	"github.com/jackc/pgx/v5"
+	"gitlab.com/alexkavon/newsstand/src/db"
+	"golang.org/x/crypto/argon2"
 )
 
 type User struct {
 	Id        int64
-	Username  string
+	Username  string `validate:"required,max=50"`
+	Secret    string `validate:"required,min=8,max=128"`
+	Email     string `validate:"required,email"`
 	Karma     uint64
 	UpdatedAt time.Time
 	CreatedAt time.Time
+	hash      string
+	Db        *db.Database
+}
+
+func (u *User) Insert() error {
+	err := u.Db.InsertTable(
+		"users",
+		[]string{"username", "secret", "email"},
+		pgx.NamedArgs{"username": u.Username, "secret": string(u.hash), "email": u.Email},
+	)
+	if err != nil {
+		return err
+	}
+	return nil
 }
 
-func NewUser(username, secret string) error {
-	return errors.New("Not Implemented")
+func (u *User) HashSecret() error {
+	hashconf := &struct {
+		memory      uint32
+		iterations  uint32
+		parallelism uint8
+		keyLength   uint32
+		saltLength  uint32
+	}{64 * 1024, 3, 2, 12, 16}
+	salt := make([]byte, hashconf.saltLength)
+	_, err := rand.Read(salt)
+	if err != nil {
+		return err
+	}
+
+	hash := argon2.IDKey(
+		[]byte(u.Secret),
+		salt,
+		hashconf.iterations,
+		hashconf.memory,
+		hashconf.parallelism,
+		hashconf.keyLength,
+	)
+	b64Salt := base64.RawStdEncoding.EncodeToString(salt)
+	b64Hash := base64.RawStdEncoding.EncodeToString(hash)
+	encodedHash := fmt.Sprintf(
+		"$argon2id$v=%d$m=%d,t=%d,p=%d$%s$%s",
+		argon2.Version,
+		hashconf.memory,
+		hashconf.iterations,
+		hashconf.parallelism,
+		b64Salt,
+		b64Hash,
+	)
+	u.hash = encodedHash
+	return nil
 }