Add encrypted email to user info

2024-10-27 14:43:38 +01:00
parent 3b4e1e01d2
commit 31484dd44a
7 changed files with 165 additions and 47 deletions
--- a/cmd/backend/users.go
+++ b/cmd/backend/users.go
@ -143,12 +143,17 @@ func (db *DB) AddUser(c *Config, u *User, pass string) (int64, error) {
 		return 0, fmt.Errorf("error encrypting last name: %v", err)
 	}

+	aesEmail, err := aesEncrypt(c, u.Email)
+	if err != nil {
+		return 0, fmt.Errorf("error encrypting email: %v", err)
+	}
+
 	query := `
-    INSERT INTO users (username, password, first_name, last_name, role)
-    VALUES (?, ?, ?, ?, ?)
+    INSERT INTO users (username, password, first_name, last_name, email, role)
+    VALUES (?, ?, ?, ?, ?, ?)
    `

-	result, err := db.Exec(query, u.UserName, string(hashedPass), aesFirstName, aesLastName, u.Role)
+	result, err := db.Exec(query, u.UserName, string(hashedPass), aesFirstName, aesLastName, aesEmail, u.Role)
 	if err != nil {
 		return 0, fmt.Errorf("error inserting new user %v into DB: %v", u.UserName, err)
 	}
@ -243,18 +248,18 @@ func (tx *Tx) ChangePassword(id int64, oldPass, newPass string) error {

 // TODO: No need for ID field in general
 func (db *DB) GetUser(c *Config, id int64) (*User, error) {
-	var aesFirstName, aesLastName string
+	var aesFirstName, aesLastName, aesEmail string
 	var err error

 	user := new(User)
 	query := `
-    SELECT id, username, first_name, last_name, role
+    SELECT id, username, first_name, last_name, email, role
    FROM users
    WHERE id = ?
    `

 	row := db.QueryRow(query, id)
-	if err := row.Scan(&user.ID, &user.UserName, &aesFirstName, &aesLastName, &user.Role); err != nil {
+	if err := row.Scan(&user.ID, &user.UserName, &aesFirstName, &aesLastName, &aesEmail, &user.Role); err != nil {
 		return nil, fmt.Errorf("error reading user information: %v", err)
 	}

@ -268,20 +273,18 @@ func (db *DB) GetUser(c *Config, id int64) (*User, error) {
 		return nil, fmt.Errorf("error decrypting last name: %v", err)
 	}

+	user.Email, err = aesDecrypt(c, aesEmail)
+	if err != nil {
+		return nil, fmt.Errorf("error decrypting email: %v", err)
+	}
+
 	return user, nil
 }

-func (db *DB) UpdateOwnUserAttributes(c *Config, id int64, userName, firstName, lastName, oldPass, newPass, newPass2 string) error {
-	passwordEmpty := true
-	if len(newPass) > 0 || len(newPass2) > 0 {
-		if newPass != newPass2 {
-			return fmt.Errorf("error: passwords do not match")
-		}
-		passwordEmpty = false
-	}
-
-	tx := new(Tx)
+func (db *DB) UpdateOwnUserAttributes(c *Config, id int64, userName, firstName, lastName, email, oldPass, newPass string) error {
 	var err error
+	tx := new(Tx)
+	passwordEmpty := len(newPass) > 0

 	for i := 0; i < TxMaxRetries; i++ {
 		err := func() error {
@ -315,10 +318,19 @@ func (db *DB) UpdateOwnUserAttributes(c *Config, id int64, userName, firstName,
 				return fmt.Errorf("error encrypting last name: %v", err)
 			}

+			aesEmail, err := aesEncrypt(c, email)
+			if err != nil {
+				if rollbackErr := tx.Rollback(); rollbackErr != nil {
+					log.Fatalf("transaction error: %v, rollback error: %v", err, rollbackErr)
+				}
+				return fmt.Errorf("error encrypting email: %v", err)
+			}
+
 			if err = tx.UpdateAttributes(
 				&Attribute{Table: "users", ID: id, AttName: "username", Value: userName},
 				&Attribute{Table: "users", ID: id, AttName: "first_name", Value: aesFirstName},
 				&Attribute{Table: "users", ID: id, AttName: "last_name", Value: aesLastName},
+				&Attribute{Table: "users", ID: id, AttName: "email", Value: aesEmail},
 			); err != nil {
 				if rollbackErr := tx.Rollback(); rollbackErr != nil {
 					log.Fatalf("transaction error: %v, rollback error: %v", err, rollbackErr)
@ -348,8 +360,8 @@ func (db *DB) AddFirstUser(c *Config, u *User, pass string) (int64, error) {
 	txOptions := &sql.TxOptions{Isolation: sql.LevelSerializable}
 	selectQuery := "SELECT COUNT(*) FROM users"
 	insertQuery := `
-    INSERT INTO users (username, password, first_name, last_name, role)
-    VALUES (?, ?, ?, ?, ?)
+    INSERT INTO users (username, password, first_name, last_name, email, role)
+    VALUES (?, ?, ?, ?, ?, ?)
    `

 	for i := 0; i < TxMaxRetries; i++ {
@ -396,7 +408,15 @@ func (db *DB) AddFirstUser(c *Config, u *User, pass string) (int64, error) {
 				return 0, fmt.Errorf("error encrypting last name: %v", err)
 			}

-			result, err := tx.Exec(insertQuery, u.UserName, string(hashedPass), aesFirstName, aesLastName, u.Role)
+			aesEmail, err := aesEncrypt(c, u.Email)
+			if err != nil {
+				if rollbackErr := tx.Rollback(); rollbackErr != nil {
+					log.Fatalf("transaction error: %v, rollback error: %v", err, rollbackErr)
+				}
+				return 0, fmt.Errorf("error encrypting email: %v", err)
+			}
+
+			result, err := tx.Exec(insertQuery, u.UserName, string(hashedPass), aesFirstName, aesLastName, aesEmail, u.Role)
 			if err != nil {
 				if rollbackErr := tx.Rollback(); rollbackErr != nil {
 					log.Fatalf("transaction error: %v, rollback error: %v", err, rollbackErr)
@ -428,10 +448,10 @@ func (db *DB) AddFirstUser(c *Config, u *User, pass string) (int64, error) {
 }

 func (db *DB) GetAllUsers(c *Config) (map[int64]*User, error) {
-	var aesFirstName, aesLastName string
+	var aesFirstName, aesLastName, aesEmail string
 	var err error

-	query := "SELECT id, username, first_name, last_name, role FROM users"
+	query := "SELECT id, username, first_name, last_name, email, role FROM users"

 	rows, err := db.Query(query)
 	if err != nil {
@ -441,7 +461,7 @@ func (db *DB) GetAllUsers(c *Config) (map[int64]*User, error) {
 	users := make(map[int64]*User, 0)
 	for rows.Next() {
 		user := new(User)
-		if err = rows.Scan(&user.ID, &user.UserName, &aesFirstName, &aesLastName, &user.Role); err != nil {
+		if err = rows.Scan(&user.ID, &user.UserName, &aesFirstName, &aesLastName, &aesEmail, &user.Role); err != nil {
 			return nil, fmt.Errorf("error getting user info: %v", err)
 		}

@ -455,6 +475,11 @@ func (db *DB) GetAllUsers(c *Config) (map[int64]*User, error) {
 			return nil, fmt.Errorf("error decrypting last name: %v", err)
 		}

+		user.Email, err = aesDecrypt(c, aesEmail)
+		if err != nil {
+			return nil, fmt.Errorf("error decrypting email: %v", err)
+		}
+
 		users[user.ID] = user
 	}

@ -481,17 +506,10 @@ func (tx *Tx) SetPassword(id int64, newPass string) error {
 	return nil
 }

-func (db *DB) UpdateUserAttributes(c *Config, id int64, userName, firstName, lastName, newPass, newPass2 string, role int) error {
-	passwordEmpty := true
-	if len(newPass) > 0 || len(newPass2) > 0 {
-		if newPass != newPass2 {
-			return fmt.Errorf("error: passwords do not match")
-		}
-		passwordEmpty = false
-	}
-
-	tx := new(Tx)
+func (db *DB) UpdateUserAttributes(c *Config, id int64, userName, firstName, lastName, email, newPass string, role int) error {
 	var err error
+	tx := new(Tx)
+	passwordEmpty := len(newPass) > 0

 	for i := 0; i < TxMaxRetries; i++ {
 		err := func() error {
@ -525,10 +543,19 @@ func (db *DB) UpdateUserAttributes(c *Config, id int64, userName, firstName, las
 				return fmt.Errorf("error encrypting last name: %v", err)
 			}

+			aesEmail, err := aesEncrypt(c, email)
+			if err != nil {
+				if rollbackErr := tx.Rollback(); rollbackErr != nil {
+					log.Fatalf("transaction error: %v, rollback error: %v", err, rollbackErr)
+				}
+				return fmt.Errorf("error encrypting email: %v", err)
+			}
+
 			if err = tx.UpdateAttributes(
 				&Attribute{Table: "users", ID: id, AttName: "username", Value: userName},
 				&Attribute{Table: "users", ID: id, AttName: "first_name", Value: aesFirstName},
 				&Attribute{Table: "users", ID: id, AttName: "last_name", Value: aesLastName},
+				&Attribute{Table: "users", ID: id, AttName: "email", Value: aesEmail},
 				&Attribute{Table: "users", ID: id, AttName: "role", Value: role},
 			); err != nil {
 				if rollbackErr := tx.Rollback(); rollbackErr != nil {