128 lines
2.9 KiB
Go
128 lines
2.9 KiB
Go
package data
|
|
|
|
import (
|
|
"database/sql"
|
|
"fmt"
|
|
|
|
"github.com/go-sql-driver/mysql"
|
|
"golang.org/x/crypto/bcrypt"
|
|
)
|
|
|
|
type DB struct {
|
|
*sql.DB
|
|
}
|
|
|
|
func OpenDB(dbName string) (*DB, error) {
|
|
var err error
|
|
db := DB{DB: &sql.DB{}}
|
|
|
|
cfg := mysql.NewConfig()
|
|
cfg.DBName = dbName
|
|
cfg.User, cfg.Passwd, err = getCredentials()
|
|
if err != nil {
|
|
return nil, fmt.Errorf("error reading user credentials for DB: %v", err)
|
|
}
|
|
|
|
db.DB, err = sql.Open("mysql", cfg.FormatDSN())
|
|
if err != nil {
|
|
return nil, fmt.Errorf("error opening DB: %v", err)
|
|
}
|
|
if err = db.Ping(); err != nil {
|
|
return nil, fmt.Errorf("error pinging DB: %v", err)
|
|
}
|
|
|
|
return &db, nil
|
|
}
|
|
|
|
func (db *DB) AddUser(user, pass, first, last string, writer, editor, admin bool) error {
|
|
userString, stringLen, ok := checkUserStrings(user, first, last)
|
|
if !ok {
|
|
return fmt.Errorf("error: %v is longer than %v characters", userString, stringLen)
|
|
}
|
|
|
|
if !permissionsOK(writer, editor, admin) {
|
|
return fmt.Errorf("error: permissions must be mutually exclusive: writer = %v, editor = %v, admin = %v",
|
|
writer, editor, admin)
|
|
}
|
|
|
|
hashedPass, err := bcrypt.GenerateFromPassword([]byte(pass), bcrypt.DefaultCost)
|
|
if err != nil {
|
|
return fmt.Errorf("error creating password hash: %v", err)
|
|
}
|
|
|
|
query := `
|
|
INSERT INTO users
|
|
(username, password, first_name, last_name, writer, editor, admin)
|
|
VALUES
|
|
(?, ?, ?, ?, ?, ?)
|
|
`
|
|
_, err = db.Exec(query, user, string(hashedPass), first, last, writer, editor, admin)
|
|
if err != nil {
|
|
return fmt.Errorf("error inserting user into DB: %v", err)
|
|
}
|
|
|
|
return nil
|
|
}
|
|
|
|
func (db *DB) GetID(user string) (int64, error) {
|
|
var id int64
|
|
|
|
query := `
|
|
SELECT id FROM
|
|
users
|
|
WHERE
|
|
username = ?
|
|
`
|
|
row := db.QueryRow(query, user)
|
|
if err := row.Scan(&id); err != nil {
|
|
return 0, fmt.Errorf("user not in DB: %v", err)
|
|
}
|
|
|
|
return id, nil
|
|
}
|
|
|
|
func (db *DB) CheckPassword(id int64, pass string) error {
|
|
var queriedPass string
|
|
|
|
query := `
|
|
SELECT password FROM
|
|
users
|
|
WHERE
|
|
id = ?
|
|
`
|
|
row := db.QueryRow(query, id)
|
|
if err := row.Scan(&queriedPass); err != nil {
|
|
return fmt.Errorf("error reading password from DB: %v", err)
|
|
}
|
|
|
|
if err := bcrypt.CompareHashAndPassword([]byte(queriedPass), []byte(pass)); err != nil {
|
|
return fmt.Errorf("incorrect password: %v", err)
|
|
}
|
|
|
|
return nil
|
|
}
|
|
|
|
func (db *DB) ChangePassword(id int64, oldPass, newPass string) error {
|
|
if err := db.CheckPassword(id, oldPass); err != nil {
|
|
return fmt.Errorf("error checking password: %v", err)
|
|
}
|
|
|
|
newHashedPass, err := bcrypt.GenerateFromPassword([]byte(newPass), bcrypt.DefaultCost)
|
|
if err != nil {
|
|
return fmt.Errorf("error creating password hash: %v", err)
|
|
}
|
|
|
|
updateQuery := `
|
|
UPDATE users SET
|
|
password = ?
|
|
WHERE
|
|
id = ?
|
|
`
|
|
_, err = db.Exec(updateQuery, string(newHashedPass), id)
|
|
if err != nil {
|
|
return fmt.Errorf("error updating password in DB: %v", err)
|
|
}
|
|
|
|
return nil
|
|
}
|