new_gate/ms-auth
4
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

fix: limit hash size

Browse source
This commit is contained in:
Vyacheslav1557 2024-07-25 01:25:36 +05:00
parent 5af1a98b49
commit 717ed1f330
2 changed files with 54 additions and 27 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

36
internal/storage/postgresql.go
View file

@ -40,8 +40,8 @@ const (
type User struct { type User struct {
Id int32 `db:"id"` Id int32 `db:"id"`
Username string `db:"username"` Username string `db:"username"`
HashedPassword []byte `db:"hashed_password"` HashedPassword [60]byte `db:"hashed_pwd"`
Email *string `db:"email"` Email *string `db:"email"`
@ -51,24 +51,28 @@ type User struct {
Role int32 `db:"role"` Role int32 `db:"role"`
} }
func (hashedUser *User) IsAdmin() bool { func (user *User) IsAdmin() bool {
return lib.IsAdmin(hashedUser.Role) return lib.IsAdmin(user.Role)
} }
func (hashedUser *User) IsModerator() bool { func (user *User) IsModerator() bool {
return lib.IsModerator(hashedUser.Role) return lib.IsModerator(user.Role)
} }
func (hashedUser *User) IsParticipant() bool { func (user *User) IsParticipant() bool {
return lib.IsParticipant(hashedUser.Role) return lib.IsParticipant(user.Role)
} }
func (hashedUser *User) IsSpectator() bool { func (user *User) IsSpectator() bool {
return lib.IsSpectator(hashedUser.Role) return lib.IsSpectator(user.Role)
} }
func (hashedUser *User) ComparePassword(password string) error { func (user *User) AtLeast(role int32) bool {
if bcrypt.CompareHashAndPassword(hashedUser.HashedPassword, []byte(password)) != nil { return user.Role >= role
}
func (user *User) ComparePassword(password string) error {
if bcrypt.CompareHashAndPassword(user.HashedPassword[:], []byte(password)) != nil {
return lib.ErrBadHandleOrPassword return lib.ErrBadHandleOrPassword
} }
return nil return nil
@ -123,12 +127,12 @@ func (storage *PostgresqlStorage) CreateUser(
query := storage.db.Rebind(` query := storage.db.Rebind(`
INSERT INTO users INSERT INTO users
(username, hashed_password, email, expires_at, created_at, role) (username, hashed_pwd, email, expires_at, role)
VALUES (?, ?, ?, ?, ?, ?) VALUES (?, ?, ?, ?, ?)
RETURNING id RETURNING id
`) `)
rows, err := storage.db.QueryxContext(ctx, query, username, hashedPassword, email, expiresAt, now, role) rows, err := storage.db.QueryxContext(ctx, query, username, hashedPassword, email, expiresAt, role)
if err != nil { if err != nil {
return nil, storage.handlePgErr(err) return nil, storage.handlePgErr(err)
} }
@ -227,7 +231,7 @@ func (storage *PostgresqlStorage) UpdateUser(
query := storage.db.Rebind(` query := storage.db.Rebind(`
UPDATE users UPDATE users
SET username = COALESCE(?, username), SET username = COALESCE(?, username),
hashed_password = COALESCE(?, hashed_password), hashed_pwd = COALESCE(?, hashed_pwd),
email = COALESCE(?, email), email = COALESCE(?, email),
expires_at = COALESCE(?, expires_at), expires_at = COALESCE(?, expires_at),
role = COALESCE(?, role) role = COALESCE(?, role)

45
migrations/20240608163806_initial.sql
View file

@ -1,20 +1,43 @@
-- +goose Up -- +goose Up
CREATE TABLE IF NOT EXISTS users ( -- +goose StatementBegin
id serial NOT NULL, CREATE TABLE IF NOT EXISTS users
username VARCHAR(70) UNIQUE NOT NULL CHECK (length(username) != 0 AND username = lower(username)), (
hashed_password BYTEA NOT NULL CHECK (length(hashed_password) != 0), id serial NOT NULL,
email VARCHAR(70) UNIQUE CHECK (length(email) != 0 AND email = lower(email)), username VARCHAR(70) UNIQUE NOT NULL,
expires_at TIMESTAMP NOT NULL, hashed_pwd VARCHAR(60) NOT NULL,
created_at TIMESTAMP NOT NULL, email VARCHAR(70) UNIQUE,
role INT NOT NULL CHECK (role BETWEEN 0 AND 3), role INT NOT NULL,
PRIMARY KEY (id) expires_at TIMESTAMPTZ NOT NULL DEFAULT NOW(),
created_at TIMESTAMPTZ NOT NULL DEFAULT NOW(),
updated_at TIMESTAMPTZ NOT NULL DEFAULT NOW(),
PRIMARY KEY (id),
CHECK (length(username) != 0 AND username = lower(username)),
CHECK (length(email) != 0 AND email = lower(email)),
CHECK (lower(username) != lower(email)),
CHECK (length(hashed_pwd) != 0),
CHECK (role BETWEEN 0 AND 3)
); );
CREATE INDEX ON users (id); CREATE INDEX ON users (id);
CREATE INDEX ON users (username); CREATE INDEX ON users (username);
CREATE INDEX ON users (email); CREATE INDEX ON users (email);
CREATE FUNCTION usr_upd_trg_fn() RETURNS TRIGGER
LANGUAGE plpgsql AS
$$
BEGIN
NEW.updated_at = NOW();
RETURN NEW;
END;
$$;
CREATE TRIGGER usr_upd_trg
BEFORE UPDATE
ON users
FOR EACH ROW
EXECUTE PROCEDURE usr_upd_trg_fn();
-- +goose StatementEnd
-- +goose Down -- +goose Down
DROP TABLE IF EXISTS users; DROP TABLE IF EXISTS users;