fix: limit hash size

This commit is contained in:
Vyacheslav1557 2024-07-25 01:25:36 +05:00
parent 5af1a98b49
commit 717ed1f330
2 changed files with 54 additions and 27 deletions

View file

@ -41,7 +41,7 @@ type User struct {
Id int32 `db:"id"`
Username string `db:"username"`
HashedPassword []byte `db:"hashed_password"`
HashedPassword [60]byte `db:"hashed_pwd"`
Email *string `db:"email"`
@ -51,24 +51,28 @@ type User struct {
Role int32 `db:"role"`
}
func (hashedUser *User) IsAdmin() bool {
return lib.IsAdmin(hashedUser.Role)
func (user *User) IsAdmin() bool {
return lib.IsAdmin(user.Role)
}
func (hashedUser *User) IsModerator() bool {
return lib.IsModerator(hashedUser.Role)
func (user *User) IsModerator() bool {
return lib.IsModerator(user.Role)
}
func (hashedUser *User) IsParticipant() bool {
return lib.IsParticipant(hashedUser.Role)
func (user *User) IsParticipant() bool {
return lib.IsParticipant(user.Role)
}
func (hashedUser *User) IsSpectator() bool {
return lib.IsSpectator(hashedUser.Role)
func (user *User) IsSpectator() bool {
return lib.IsSpectator(user.Role)
}
func (hashedUser *User) ComparePassword(password string) error {
if bcrypt.CompareHashAndPassword(hashedUser.HashedPassword, []byte(password)) != nil {
func (user *User) AtLeast(role int32) bool {
return user.Role >= role
}
func (user *User) ComparePassword(password string) error {
if bcrypt.CompareHashAndPassword(user.HashedPassword[:], []byte(password)) != nil {
return lib.ErrBadHandleOrPassword
}
return nil
@ -123,12 +127,12 @@ func (storage *PostgresqlStorage) CreateUser(
query := storage.db.Rebind(`
INSERT INTO users
(username, hashed_password, email, expires_at, created_at, role)
VALUES (?, ?, ?, ?, ?, ?)
(username, hashed_pwd, email, expires_at, role)
VALUES (?, ?, ?, ?, ?)
RETURNING id
`)
rows, err := storage.db.QueryxContext(ctx, query, username, hashedPassword, email, expiresAt, now, role)
rows, err := storage.db.QueryxContext(ctx, query, username, hashedPassword, email, expiresAt, role)
if err != nil {
return nil, storage.handlePgErr(err)
}
@ -227,7 +231,7 @@ func (storage *PostgresqlStorage) UpdateUser(
query := storage.db.Rebind(`
UPDATE users
SET username = COALESCE(?, username),
hashed_password = COALESCE(?, hashed_password),
hashed_pwd = COALESCE(?, hashed_pwd),
email = COALESCE(?, email),
expires_at = COALESCE(?, expires_at),
role = COALESCE(?, role)

View file

@ -1,20 +1,43 @@
-- +goose Up
CREATE TABLE IF NOT EXISTS users (
-- +goose StatementBegin
CREATE TABLE IF NOT EXISTS users
(
id serial NOT NULL,
username VARCHAR(70) UNIQUE NOT NULL CHECK (length(username) != 0 AND username = lower(username)),
hashed_password BYTEA NOT NULL CHECK (length(hashed_password) != 0),
email VARCHAR(70) UNIQUE CHECK (length(email) != 0 AND email = lower(email)),
expires_at TIMESTAMP NOT NULL,
created_at TIMESTAMP NOT NULL,
role INT NOT NULL CHECK (role BETWEEN 0 AND 3),
PRIMARY KEY (id)
username VARCHAR(70) UNIQUE NOT NULL,
hashed_pwd VARCHAR(60) NOT NULL,
email VARCHAR(70) UNIQUE,
role INT NOT NULL,
expires_at TIMESTAMPTZ NOT NULL DEFAULT NOW(),
created_at TIMESTAMPTZ NOT NULL DEFAULT NOW(),
updated_at TIMESTAMPTZ NOT NULL DEFAULT NOW(),
PRIMARY KEY (id),
CHECK (length(username) != 0 AND username = lower(username)),
CHECK (length(email) != 0 AND email = lower(email)),
CHECK (lower(username) != lower(email)),
CHECK (length(hashed_pwd) != 0),
CHECK (role BETWEEN 0 AND 3)
);
CREATE INDEX ON users (id);
CREATE INDEX ON users (username);
CREATE INDEX ON users (email);
CREATE FUNCTION usr_upd_trg_fn() RETURNS TRIGGER
LANGUAGE plpgsql AS
$$
BEGIN
NEW.updated_at = NOW();
RETURN NEW;
END;
$$;
CREATE TRIGGER usr_upd_trg
BEFORE UPDATE
ON users
FOR EACH ROW
EXECUTE PROCEDURE usr_upd_trg_fn();
-- +goose StatementEnd
-- +goose Down
DROP TABLE IF EXISTS users;