merged main, dev, and i guess got accounts working??

i am so good at commit messages :3
2025-01-20 15:08:01 +00:00 · 2025-01-20 15:08:01 +00:00 · 5566a795da
commit 5566a795da
parent d5f1fcb5e0 35d3ce5c5d
53 changed files with 1366 additions and 398 deletions
--- a/controller/account.go
+++ b/controller/account.go
@ -0,0 +1,124 @@
+package controller
+
+import (
+	"arimelody-web/global"
+	"arimelody-web/model"
+	"errors"
+	"fmt"
+	"math/rand"
+	"net/http"
+	"strings"
+
+	"github.com/jmoiron/sqlx"
+)
+
+func GetAccount(db *sqlx.DB, username string) (*model.Account, error) {
+    var account = model.Account{}
+
+    err := db.Get(&account, "SELECT * FROM account WHERE username=$1", username)
+    if err != nil {
+        return nil, err
+    }
+
+    return &account, nil
+}
+
+func GetAccountByEmail(db *sqlx.DB, email string) (*model.Account, error) {
+    var account = model.Account{}
+
+    err := db.Get(&account, "SELECT * FROM account WHERE email=$1", email)
+    if err != nil {
+        return nil, err
+    }
+
+    return &account, nil
+}
+
+func GetAccountByToken(db *sqlx.DB, token string) (*model.Account, error) {
+    if token == "" { return nil, nil }
+
+    account := model.Account{}
+
+    err := db.Get(&account, "SELECT account.* FROM account JOIN token ON id=account WHERE token=$1", token)
+    if err != nil {
+        if err.Error() == "sql: no rows in result set" {
+            return nil, nil
+        }
+        return nil, err
+    }
+
+    return &account, nil
+}
+
+func GetAccountByRequest(db *sqlx.DB, r *http.Request) (*model.Account, error) {
+    tokenStr := strings.TrimPrefix(r.Header.Get("Authorization"), "Bearer ")
+
+    if tokenStr == "" {
+        cookie, err := r.Cookie(global.COOKIE_TOKEN)
+        if err != nil {
+            // not logged in
+            return nil, nil
+        }
+        tokenStr = cookie.Value
+    }
+
+    token, err := GetToken(db, tokenStr)
+    if err != nil {
+        if strings.HasPrefix(err.Error(), "sql: no rows") {
+            return nil, nil
+        }
+        return nil, errors.New(fmt.Sprintf("GetToken: %s", err.Error()))
+    }
+
+    // does user-agent match the token?
+    if r.UserAgent() != token.UserAgent {
+        // invalidate the token
+        DeleteToken(db, tokenStr)
+        fmt.Printf("WARN: Attempted use of token by unauthorised User-Agent (Expected `%s`, got `%s`)\n", token.UserAgent, r.UserAgent())
+        // TODO: log unauthorised activity to the user
+        return nil, errors.New("User agent mismatch")
+    }
+
+    return GetAccountByToken(db, tokenStr)
+}
+
+func CreateAccount(db *sqlx.DB, account *model.Account) error {
+    _, err := db.Exec(
+    "INSERT INTO account (username, password, email, avatar_url) " +
+    "VALUES ($1, $2, $3, $4)",
+    account.Username,
+    account.Password,
+    account.Email,
+    account.AvatarURL)
+
+    return err
+}
+
+func UpdateAccount(db *sqlx.DB, account *model.Account) error {
+    _, err := db.Exec(
+    "UPDATE account " +
+    "SET username=$2, password=$3, email=$4, avatar_url=$5) " +
+    "WHERE id=$1",
+    account.ID,
+    account.Username,
+    account.Password,
+    account.Email,
+    account.AvatarURL)
+
+    return err
+}
+
+func DeleteAccount(db *sqlx.DB, accountID string) error {
+    _, err := db.Exec("DELETE FROM account WHERE id=$1", accountID)
+    return err
+}
+
+var inviteChars = []byte("abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789")
+
+func GenerateInviteCode(length int) []byte {
+    code := []byte{}
+    for i := 0; i < length; i++ {
+        code = append(code, inviteChars[rand.Intn(len(inviteChars) - 1)])
+    }
+    return code
+}
--- a/controller/controller.go
+++ b/controller/controller.go
@ -0,0 +1,13 @@
+package controller
+
+import "math/rand"
+
+func GenerateAlnumString(length int) []byte {
+    const CHARS = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789"
+    res := []byte{}
+    for i := 0; i < length; i++ {
+        res = append(res, CHARS[rand.Intn(len(CHARS))])
+    }
+    return res
+}
+
--- a/controller/release.go
+++ b/controller/release.go
@ -223,7 +223,6 @@ func UpdateReleaseLinks(db *sqlx.DB, releaseID string, new_links []*model.Link)
        return err
    }
    for _, link := range new_links {
-        fmt.Printf("%s: %s\n", link.Name, link.URL)
        _, err := tx.Exec(
            "INSERT INTO musiclink "+
            "(release, name, url) "+
--- a/controller/token.go
+++ b/controller/token.go
@ -0,0 +1,61 @@
+package controller
+
+import (
+	"time"
+
+	"arimelody-web/model"
+
+	"github.com/jmoiron/sqlx"
+)
+
+const TOKEN_LEN = 32
+
+func CreateToken(db *sqlx.DB, accountID string, userAgent string) (*model.Token, error) {
+    tokenString := GenerateAlnumString(TOKEN_LEN)
+
+    token := model.Token{
+        Token: string(tokenString),
+        AccountID: accountID,
+        UserAgent: userAgent,
+        CreatedAt: time.Now(),
+        ExpiresAt: time.Now().Add(time.Hour * 24),
+    }
+
+    _, err := db.Exec("INSERT INTO token " +
+        "(token, account, user_agent, created_at, expires_at) VALUES " +
+        "($1, $2, $3, $4, $5)",
+        token.Token,
+        token.AccountID,
+        token.UserAgent,
+        token.CreatedAt,
+        token.ExpiresAt,
+    )
+    if err != nil {
+        return nil, err
+    }
+
+    return &token, nil
+}
+
+func GetToken(db *sqlx.DB, token_str string) (*model.Token, error) {
+    token := model.Token{}
+    err := db.Get(&token, "SELECT * FROM token WHERE token=$1", token_str)
+    return &token, err
+}
+
+func GetAllTokensForAccount(db *sqlx.DB, accountID string) ([]model.Token, error) {
+    tokens := []model.Token{}
+    err := db.Select(&tokens, "SELECT * FROM token WHERE account=$1 AND expires_at>current_timestamp", accountID)
+    return tokens, err
+}
+
+func DeleteAllTokensForAccount(db *sqlx.DB, accountID string) error {
+    _, err := db.Exec("DELETE FROM token WHERE account=$1", accountID)
+    return err
+}
+
+func DeleteToken(db *sqlx.DB, token string) error {
+    _, err := db.Exec("DELETE FROM token WHERE token=$1", token)
+    return err
+}
+