Working DB connections and login

3 years ago · e32df47ca2
parent 91841ab3d3
commit e32df47ca2
12 changed files with 528 additions and 28 deletions
--- a/.gitignore
+++ b/.gitignore
@ -2,3 +2,4 @@ web/static/fonts/*
 web/data/
 configs/*
 cmd/bs1in/bs1in
 /build/.env
--- a/build/docker-compose.yml
+++ b/build/docker-compose.yml
@ -9,15 +9,15 @@ services:
    ports:
      - 8099:6969
    volumes:
-      - /srv/bs1in/configs:CONFIGFOLDER
+      - /srv/bs1in/configs:/go/src/g.phga.de/phga/bs1in/configs
-      - /srv/bs1in/web/data:DATAFOLDER
+      - /srv/bs1in/web/data:/go/src/g.phga.de/phga/bs1in/web/data
-      - /srv/bs1in/web/static/fonts:FONTSFOLDER
+      - /srv/bs1in/web/static/fonts:/go/src/g.phga.de/phga/bs1in/web/static/fonts
  mongo:
    image: mongo
    restart: 'no'
    env_file:
-      - /srv/gott/.env
+      - /srv/bs1in/.env
    ports:
      - 27017:27017
    volumes:
@ -30,3 +30,21 @@ services:
      - 9099:8081
    env_file:
      - /srv/bs1in/.env
  mariadb:
    image: mariadb
    container_name: mariadb
    restart: 'no'
    env_file:
      - /srv/bs1in/.env
    ports:
      - '3306:3306'
    volumes:
      - /srv/mariadb/init:/docker-entrypoint-initdb.d
  adminer:
    image: adminer:4.8.0
    container_name: adminer
    restart: 'no'
    ports:
      - '8013:8080'
--- a/cmd/bs1in/auth.go
+++ b/cmd/bs1in/auth.go
@ -0,0 +1,199 @@
 package main
 import (
 	"context"
 	cryptorand "crypto/rand"
 	"encoding/json"
 	"io"
 	"log"
 	"net/http"
 	"time"
 	"go.mongodb.org/mongo-driver/bson"
 	"golang.org/x/crypto/bcrypt"
 )
 type Session struct {
 	ID        [32]byte `json:"id" bson:"id"`
 	AuthToken [32]byte `json:"auth_token" bson:"auth_token"`
 	Timestamp int64    `json:"timestamp" bson:"timestamp"`
 }
 // ------------------------------- MIDDLEWARE ----------------------------------
 type ctxKey int
 const currUserKey ctxKey = 0
 // validateSession verifies that the client has a session that is still valid
 func validateSession(h http.HandlerFunc, role string) http.HandlerFunc {
 	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
 		// Allow to access required files pre login
 		if r.URL.Path == "/static/css/tt.css" ||
 			r.URL.Path == "/static/js/helper.js" ||
 			r.URL.Path == "/static/fonts/OpenSans-Regular.ttf" {
 			h(w, r)
 			return
 		}
 		cookie, err := r.Cookie("SESSION")
 		if err == http.ErrNoCookie {
 			// Redirect to /login
 			w.Header().Set("Location", "/login?r="+r.URL.Path)
 			w.WriteHeader(http.StatusFound)
 			log.Println(err)
 			return
 		} else if err != nil {
 			log.Fatal(err)
 			return
 		}
 		// TESTING: Show cookie content
 		// log.Printf("%+v", *cookie)
 		requestedUser := checkSession([]byte(cookie.Value))
 		if requestedUser == nil {
 			unsetCookie(w)
 			w.Header().Set("Location", "/login")
 			w.WriteHeader(http.StatusFound)
 			return
 		}
 		// Set new timestamp
 		requestedUser.CurrSession.Timestamp = time.Now().UTC().UnixNano()
 		// Save to database
 		updateSession(requestedUser)
 		setEncryptedCookie(w, requestedUser)
 		ctx := context.WithValue(r.Context(), currUserKey, *requestedUser)
 		requestWithUser := r.WithContext(ctx)
 		// ORIGINAL HANDLER
 		switch role {
 		case "":
 			h(w, requestWithUser)
 		case "admin":
 			if isAdmin(requestedUser) {
 				h(w, requestWithUser)
 			} else {
 				w.Header().Set("Location", "/")
 				w.WriteHeader(http.StatusFound)
 			}
 		}
 	})
 }
 func isAdmin(u *User) bool {
 	if u.Role == "admin" {
 		log.Println("IS ADMIN")
 		return true
 	} else {
 		log.Println("IS NOT ADMIN")
 		return false
 	}
 }
 func encryptSession(s Session) (es []byte) {
 	js, err := json.Marshal(s)
 	if err != nil {
 		log.Fatal(err)
 	}
 	es, err = encrypt(js, encKey)
 	if err != nil {
 		log.Fatal(err)
 	}
 	return
 }
 func setEncryptedCookie(w http.ResponseWriter, u *User) {
 	cValue := encryptSession(u.CurrSession)
 	cookie := &http.Cookie{
 		Name:     "SESSION",
 		Value:    string(cValue),
 		MaxAge:   int(6 * time.Hour / time.Second),
 		Path:     "/",
 		HttpOnly: false,
 	}
 	http.SetCookie(w, cookie)
 }
 func unsetCookie(w http.ResponseWriter) {
 	cookie := &http.Cookie{
 		Name:   "SESSION",
 		MaxAge: -69,
 		Path:   "/",
 	}
 	http.SetCookie(w, cookie)
 }
 // checkCredentials compares the pw provided by the user to the hashed version
 // in the database and returns true for success and false otherwise
 func checkCredentials(u *User, pw string) bool {
 	hashedPw := u.Pass
 	err := bcrypt.CompareHashAndPassword([]byte(hashedPw), []byte(pw))
 	if err != nil {
 		log.Print(err)
 		return false
 	}
 	return true
 }
 // checkSession compares the encrypted session string with the current Session
 // set for the user and returns true if they match
 func checkSession(receivedSession []byte) *User {
 	// Test
 	dec, err := decrypt(receivedSession, encKey)
 	if err != nil {
 		log.Println("Encryption key changed, deleting remaining cookies!")
 		return nil
 	}
 	// log.Println(string(dec))
 	decryptedSession := Session{}
 	err = json.Unmarshal(dec, &decryptedSession)
 	if err != nil {
 		log.Fatal(err)
 	}
 	// There is no current user but a (mayb) valid session -> get user with session from db
 	requestedUser, err := getUserBySession(&decryptedSession)
 	if err != nil {
 		log.Println("No user with that session found in db:", err)
 		return nil
 	}
 	// 6 hours ago
 	maxSessionAge := time.Now().UTC().UnixNano() - int64(6*time.Hour)
 	// Check if session is still valid (Other values must match anyways)
 	if requestedUser.CurrSession.Timestamp >= maxSessionAge {
 		return requestedUser
 	} else {
 		log.Println("User logged out because Session is no longer valid")
 		return nil
 	}
 }
 func updateSession(u *User) {
 	filter := bson.D{{"uid", u.UID}}
 	update := bson.D{{"$set", bson.D{{"curr_session", u.CurrSession}}}}
 	res, err := colUsers.UpdateOne(mongoCtx, filter, update)
 	if err != nil {
 		log.Fatal(err, res)
 	}
 }
 func createSession() (s Session) {
 	var sID, aToken [32]byte
 	_, err := io.ReadFull(cryptorand.Reader, sID[:])
 	if err != nil {
 		log.Fatal(err)
 	}
 	_, err = io.ReadFull(cryptorand.Reader, aToken[:])
 	if err != nil {
 		log.Fatal(err)
 	}
 	// MAYB: Also hash the random number? Any advantages?
 	// sID := sha256.Sum256(nonce)
 	// aToken := sha256.Sum256(nonce)
 	return Session{ID: sID, AuthToken: aToken, Timestamp: time.Now().UTC().UnixNano()}
 }
--- a/cmd/bs1in/bs1in.go
+++ b/cmd/bs1in/bs1in.go
@ -12,12 +12,14 @@ import (
 )
 func main() {
-	// cheap routing
+	http.HandleFunc("/login", handleLogin)
-	http.HandleFunc("/", handleIndex)
+	http.HandleFunc("/register", handleRegister)
-	http.HandleFunc("/db_user", handleDbUser)
+	http.HandleFunc("/logout", validateSession(handleLogout, ""))
 	http.HandleFunc("/", validateSession(handleIndex, ""))
 	http.HandleFunc("/admin_panel", validateSession(handleAdminPanel, "admin"))
 	// provide the inc directory to the useragent
-	http.HandleFunc("/static/", handleStatic)
+	http.HandleFunc("/static/", validateSession(handleStatic, ""))
 	// listen on port 8080 (I use nginx to proxy this local server)
 	log.Fatalln(http.ListenAndServe(":"+config.WebPort, nil))
 }
@ -38,13 +40,85 @@ func handleStatic(w http.ResponseWriter, r *http.Request) {
 func handleIndex(w http.ResponseWriter, r *http.Request) {
 	// Parses all required html files to provide the actual html that is shipped.
 	t, _ := getTemplate("layouts/base.html", "main.html", "header.html")
-	t.Execute(w, t)
+	currUser := r.Context().Value(currUserKey).(User)
 	td := TmplData{currUser, nil}
 	t.Execute(w, td)
 }
-func handleDbUser(w http.ResponseWriter, r *http.Request) {
+func handleAdminPanel(w http.ResponseWriter, r *http.Request) {
-	// Parses all required html files to provide the actual html that is shipped.
+	if r.Method == http.MethodGet {
-	t, _ := getTemplate("layouts/base.html", "db_user.html", "header.html")
+		t, _ := getTemplate("layouts/base.html", "admin_panel.html", "header.html")
-	t.Execute(w, t)
+		currUser := r.Context().Value(currUserKey).(User)
 		td := TmplData{currUser, nil}
 		t.Execute(w, td)
 	}
 }
 func handleRegister(w http.ResponseWriter, r *http.Request) {
 	if r.Method == http.MethodGet {
 		t, _ := getTemplate("layouts/base.html", "register.html")
 		err := t.Execute(w, nil)
 		if err != nil {
 			log.Println(err)
 		}
 	}
 }
 func handleLogin(w http.ResponseWriter, r *http.Request) {
 	if r.Method == http.MethodGet {
 		t, _ := getTemplate("layouts/base.html", "login.html")
 		lastURL := r.URL.Query().Get("r")
 		if len(lastURL) == 0 {
 			lastURL = "/"
 		}
 		td := TmplData{nil, struct{ RedirectTo string }{lastURL}}
 		err := t.Execute(w, td)
 		if err != nil {
 			log.Println(err)
 		}
 	} else if r.Method == http.MethodPost {
 		if err := r.ParseForm(); err != nil {
 			log.Fatal(err)
 		}
 		uid := r.PostForm.Get("username")
 		pw := r.PostForm.Get("password")
 		// TESTING: Logging of entered credentials
 		log.Println("UID: ", uid, " PW: ", pw)
 		var requestedUser *User
 		var err error
 		requestedUser, err = getUserByUID(uid)
 		if err != nil {
 			log.Println("No user with this id exists: ", uid)
 			w.WriteHeader(http.StatusForbidden)
 			return
 		}
 		success := checkCredentials(requestedUser, pw)
 		if success {
 			// IT IS IMPORTANT TO SET THE COOKIE BEFORE ANY OTHER OUTPUT TO W OCCURS
 			requestedUser.CurrSession = createSession()
 			updateSession(requestedUser)
 			setEncryptedCookie(w, requestedUser)
 			w.WriteHeader(http.StatusOK)
 			return
 		} else {
 			log.Println("Failed login attempt for user: ", uid)
 			w.WriteHeader(http.StatusForbidden)
 			return
 		}
 	}
 }
 func handleLogout(w http.ResponseWriter, r *http.Request) {
 	unsetCookie(w)
 	w.Header().Set("Location", "/")
 	w.WriteHeader(http.StatusFound)
 }
 // ------------------------- TEMPLATE HELPERS ----------------------------------
--- a/cmd/bs1in/config.go
+++ b/cmd/bs1in/config.go
@ -8,10 +8,17 @@ import (
 type Config struct {
 	WebPort        string `json:"web_port"`
-	DbUser         string `json:"db_user"`
+	WebDomain      string `json:"web_domain"`
-	DbPass         string `json:"db_pass"`
+	WebAdmin       string `json:"web_admin"`
-	DbHost         string `json:"db_host"`
+	WebAdminPass   string `json:"web_admin_pass"`
-	DbPort         string `json:"db_port"`
+	MongoDbUser    string `json:"mongodb_user"`
 	MongoDbPass    string `json:"mongodb_pass"`
 	MongoDbHost    string `json:"mongodb_host"`
 	MongoDbPort    string `json:"mongodb_port"`
 	MariaDbUser    string `json:"mariadb_user"`
 	MariaDbPass    string `json:"mariadb_pass"`
 	MariaDbHost    string `json:"mariadb_host"`
 	MariaDbPort    string `json:"mariadb_port"`
 	MailUser       string `json:"mail_user"`
 	MailPass       string `json:"mail_pass"`
 	MailSmtpServer string `json:"mail_smtp_server"`
--- a/cmd/bs1in/database.go
+++ b/cmd/bs1in/database.go
@ -7,18 +7,28 @@ import (
 	"go.mongodb.org/mongo-driver/mongo"
 	"go.mongodb.org/mongo-driver/mongo/options"
 	"database/sql"
 	"github.com/go-sql-driver/mysql"
 	_ "github.com/go-sql-driver/mysql"
 )
 var client mongo.Client
-var colDbUsers *mongo.Collection
+var colUsers *mongo.Collection
 var mongoCtx context.Context
 func init() {
 	openMongoDBConnection()
 	openMariaDBConnection()
 }
 func openMongoDBConnection() {
 	// Mongo DB setup
-	clientOptions := options.Client().ApplyURI("mongodb://" + config.DbUser + ":" + config.DbPass + "@" + config.DbHost + ":" + config.DbPort)
+	clientOptions := options.Client().ApplyURI("mongodb://" + config.MongoDbUser + ":" + config.MongoDbPass + "@" + config.MongoDbHost + ":" + config.MongoDbPort)
 	client, err := mongo.NewClient(clientOptions)
 	if err != nil {
-		log.Fatal(err)
+		log.Fatal("DB Error: ", err)
 	}
 	// Cancel if Timeout
 	ctx, cancel := context.WithTimeout(context.Background(), 20*time.Second)
@ -27,8 +37,31 @@ func init() {
 	// Connect to DB
 	err = client.Connect(ctx)
 	if err != nil {
-		log.Fatal(err)
+		log.Fatal("DB Error: ", err)
 	}
 	colUsers = client.Database("bs1in").Collection("users")
 }
 func openMariaDBConnection() {
 	dbConf := mysql.Config{
 		User:                 config.MariaDbUser,
 		Passwd:               config.MariaDbPass,
 		Net:                  "tcp",
 		Addr:                 config.MariaDbHost + ":" + config.MariaDbPort,
 		AllowNativePasswords: true, // Without this it did not work...
 	}
 	mariadb, err := sql.Open("mysql", dbConf.FormatDSN())
 	if err != nil {
 		log.Fatal("MariaDB Connection Error: ", err)
 	}
 	err = mariadb.Ping()
 	if err != nil {
 		log.Fatal("MariaDB not reachable (Ping Error): ", err)
 	}
-	colDbUsers = client.Database("bs1in").Collection("db_users")
+	var version string
 	mariadb.QueryRow("SELECT VERSION()").Scan(&version)
 	log.Println("Connected to:", version)
 }
--- a/cmd/bs1in/mail_test.go
+++ b/cmd/bs1in/mail_test.go
@ -5,8 +5,8 @@ import (
 )
 func TestSendMail(t *testing.T) {
-	err := sendMail("mrc1rz+8ca4wocgn0mz8@sharklasers.com", "Test Test 123", "Hello, this is just a test")
+	// err := sendMail("pmvfck+22j3zqaeild4k@sharklasers.com", "Test Test 123", "Hello, this is just a test")
-	if err != nil {
+	// if err != nil {
-		t.Error(err)
+	// 	t.Error("Mail Error: ", err)
-	}
+	// }
 }
--- a/cmd/bs1in/user.go
+++ b/cmd/bs1in/user.go
@ -0,0 +1,116 @@
 package main
 import (
 	"log"
 	"go.mongodb.org/mongo-driver/bson"
 	"go.mongodb.org/mongo-driver/bson/primitive"
 	"go.mongodb.org/mongo-driver/mongo"
 	"golang.org/x/crypto/bcrypt"
 )
 // User of the experiment
 type User struct {
 	ID          primitive.ObjectID `bson:"_id"`
 	UID         string             `bson:"uid"`
 	Mail        string             `bson: mail`
 	Pass        string             `bson:"pass"`
 	CurrSession Session            `bson:"curr_session"`
 	Role        string             `bson:"role"`
 }
 func init() {
 	createUser(config.WebAdmin, "", config.WebAdminPass, "admin")
 }
 // createUser creates a new participant and writes it to the database.
 func createUser(uid string, email string, pass string, role string) *User {
 	_, err := getUserByUID(uid)
 	if err != mongo.ErrNoDocuments {
 		log.Println("User with that UID already exists")
 		return nil
 	}
 	if len(email) > 0 {
 		_, err = getUserByEmail(email)
 		if err != mongo.ErrNoDocuments {
 			log.Println("User with that email already exists")
 			return nil
 		}
 	}
 	// salt+hash password to store in DB
 	hashedPw, err := bcrypt.GenerateFromPassword([]byte(pass), bcrypt.DefaultCost)
 	if err != nil {
 		log.Fatal("Error while creating a new User: ", err)
 	}
 	u := &User{
 		ID:   primitive.NewObjectID(),
 		UID:  uid,
 		Mail: email,
 		Pass: string(hashedPw),
 		Role: role,
 	}
 	_, err = colUsers.InsertOne(mongoCtx, u)
 	if err != nil {
 		log.Fatal("Error while saving new user to DB: ", err)
 	}
 	return u
 }
 // generateUserID generates a unique ID for each participant
 func generateUserID() (uid string) {
 	for {
 		uid = generateRandomString(5, "ABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890")
 		// Check if ID is already in use
 		err := colUsers.FindOne(mongoCtx, bson.M{"uid": uid}).Decode(bson.M{})
 		// If not in use stop loop
 		if err == mongo.ErrNoDocuments {
 			break
 		} else {
 			// Log other errors
 			log.Fatal(err)
 		}
 	}
 	return
 }
 // getUserByUID returns a user with the same UID as uid from the DB
 func getUserByUID(uid string) (p *User, err error) {
 	p = &User{}
 	err = colUsers.FindOne(mongoCtx, bson.M{"uid": uid}).Decode(p)
 	if err == mongo.ErrNoDocuments {
 		return nil, err
 	} else if err != nil {
 		log.Fatal(err)
 	}
 	return p, nil
 }
 // getUserByEmail returns a user with the same email as email from the DB
 func getUserByEmail(email string) (p *User, err error) {
 	p = &User{}
 	err = colUsers.FindOne(mongoCtx, bson.M{"mail": email}).Decode(p)
 	if err == mongo.ErrNoDocuments {
 		return nil, err
 	} else if err != nil {
 		log.Fatal(err)
 	}
 	return p, nil
 }
 // getUserBySession returns a user with the same session as session from the DB
 func getUserBySession(s *Session) (p *User, err error) {
 	p = &User{}
 	// Get only id and authtoken otherwise timestamp might be already overwritten
 	err = colUsers.FindOne(mongoCtx, bson.M{
 		"curr_session.id":         s.ID,
 		"curr_session.auth_token": s.AuthToken,
 	}).Decode(p)
 	if err == mongo.ErrNoDocuments {
 		return nil, err
 	} else if err != nil {
 		log.Fatal(err)
 	}
 	return p, nil
 }
--- a/go.mod
+++ b/go.mod
@ -5,6 +5,7 @@ go 1.17
 require go.mongodb.org/mongo-driver v1.7.3
 require (
 	github.com/go-sql-driver/mysql v1.6.0 // indirect
 	github.com/go-stack/stack v1.8.0 // indirect
 	github.com/golang/snappy v0.0.1 // indirect
 	github.com/klauspost/compress v1.13.6 // indirect
--- a/go.sum
+++ b/go.sum
@ -2,6 +2,8 @@ github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03
 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/go-sql-driver/mysql v1.6.0 h1:BCTh4TKNUYmOmMUcQ3IipzF5prigylS7XXjEkfCHuOE=
 github.com/go-sql-driver/mysql v1.6.0/go.mod h1:DCzpHaOWr8IXmIStZouvnhqoel9Qv2LBy8hT2VhHyBg=
 github.com/go-stack/stack v1.8.0 h1:5SgMzNM5HxrEjV0ww2lTmX6E2Izsfxas4+YHWRs3Lsk=
 github.com/go-stack/stack v1.8.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/melR3HDY=
 github.com/gobuffalo/attrs v0.0.0-20190224210810-a9411de4debd/go.mod h1:4duuawTqi2wkkpB4ePgWMaai6/Kc6WEz83bhFwpHzj0=
--- a/web/templates/header.html
+++ b/web/templates/header.html
@ -1,4 +1,9 @@
 {{define "header"}}
    <header>
        <nav>
            <a href="/">home</a>
            <a href="/admin_panel">admin</a>
            <a href="/logout">logout</a>
        </nav>
    </header>
 {{end}}
--- a/web/templates/login.html
+++ b/web/templates/login.html
@ -0,0 +1,44 @@
 {{define "body"}}
    <form id="frm-login" method="post" action="/login">
        <label for="inp-username">Participant ID:</label>
        <input id="inp-username" name="username" type="text" value=""/>
        <label for="inp-password">Password:</label>
        <input id="inp-password" name="password" type="password" value=""/>
        <input type="hidden" name="redirectTo" value="{{ .RedirectTo }}" />
        <button>Login</button>
    </form>
    <div class="hidden" id="general-info"></div>
 {{end}}
 {{define "scripts"}}
    <script>
     let frm = document.getElementById("frm-login");
     let infoBox = document.getElementById("general-info");
     frm.addEventListener("submit", e => {
         e.preventDefault();
         let fd = new FormData(frm);
         fetch("/login", {
             method: "POST",
             body: new URLSearchParams({
                 username: fd.get("username"),
                 password: fd.get("password")
             }),
             headers: {
                 "Content-Type": "application/x-www-form-urlencoded; charset=UTF-8"
             }
         }).then(res => {
             if (res.status == 200) {
                 window.location = fd.get("redirectTo");
             } else {
                 setInfo(infoBox, "Failure", "red", "grey1");
                 toggleHidden(infoBox, "off");
                 setTimeout(() => {
                     toggleHidden(infoBox, "on");
                 }, 2000);
             }
         })
     })
    </script>
    <script src="/static/js/helper.js"></script>
 {{end}}