Added logs
This commit is contained in:
@@ -18,20 +18,20 @@ var cfg, _ = config.LoadConfig()
|
|||||||
func Register(w http.ResponseWriter, r *http.Request) {
|
func Register(w http.ResponseWriter, r *http.Request) {
|
||||||
var user models.User
|
var user models.User
|
||||||
if err := json.NewDecoder(r.Body).Decode(&user); err != nil {
|
if err := json.NewDecoder(r.Body).Decode(&user); err != nil {
|
||||||
log.Println("[api/register] " + r.RemoteAddr + ": " + err.Error())
|
log.Println("POST [api/register] " + r.RemoteAddr + ": " + err.Error())
|
||||||
http.Error(w, "Invalid request body", http.StatusBadRequest)
|
http.Error(w, "Invalid request body", http.StatusBadRequest)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
if user.Username == "" || user.Password == "" {
|
if user.Username == "" || user.Password == "" {
|
||||||
log.Println("[api/register] " + r.RemoteAddr + ": Username or Password is empty")
|
log.Println("POST [api/register] " + r.RemoteAddr + ": Username or Password is empty")
|
||||||
http.Error(w, "username and password required", http.StatusBadRequest)
|
http.Error(w, "username and password required", http.StatusBadRequest)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
hashed, err := auth.HashPassword(user.Password)
|
hashed, err := auth.HashPassword(user.Password)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
log.Println("[api/register] " + r.RemoteAddr + ": " + err.Error())
|
log.Println("POST [api/register] " + r.RemoteAddr + ": " + err.Error())
|
||||||
http.Error(w, "internal error", http.StatusInternalServerError)
|
http.Error(w, "internal error", http.StatusInternalServerError)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
@@ -40,13 +40,13 @@ func Register(w http.ResponseWriter, r *http.Request) {
|
|||||||
user.Role = "user"
|
user.Role = "user"
|
||||||
|
|
||||||
if err := storage.AddUser(&user); err != nil {
|
if err := storage.AddUser(&user); err != nil {
|
||||||
log.Println("[api/register] " + r.RemoteAddr + ": " + err.Error())
|
log.Println("POST [api/register] " + r.RemoteAddr + ": " + err.Error())
|
||||||
http.Error(w, "user already exists", http.StatusBadRequest)
|
http.Error(w, "user already exists", http.StatusBadRequest)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
w.WriteHeader(http.StatusCreated)
|
w.WriteHeader(http.StatusCreated)
|
||||||
log.Println("[api/register] " + r.RemoteAddr + ": Successfully created user")
|
log.Println("POST [api/register] " + r.RemoteAddr + ": Successfully created user")
|
||||||
}
|
}
|
||||||
func Login(w http.ResponseWriter, r *http.Request) {
|
func Login(w http.ResponseWriter, r *http.Request) {
|
||||||
var creds struct {
|
var creds struct {
|
||||||
@@ -54,41 +54,41 @@ func Login(w http.ResponseWriter, r *http.Request) {
|
|||||||
Password string `json:"password"`
|
Password string `json:"password"`
|
||||||
}
|
}
|
||||||
if err := json.NewDecoder(r.Body).Decode(&creds); err != nil {
|
if err := json.NewDecoder(r.Body).Decode(&creds); err != nil {
|
||||||
log.Println("[api/login] " + r.RemoteAddr + ": " + err.Error())
|
log.Println("POST [api/login] " + r.RemoteAddr + ": " + err.Error())
|
||||||
http.Error(w, "Invalid request", http.StatusBadRequest)
|
http.Error(w, "Invalid request", http.StatusBadRequest)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
user, err := storage.GetUserByUsername(creds.Username)
|
user, err := storage.GetUserByUsername(creds.Username)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
log.Println("[api/login] " + r.RemoteAddr + ": " + err.Error())
|
log.Println("POST [api/login] " + r.RemoteAddr + ": " + err.Error())
|
||||||
http.Error(w, "Invalid credentials", http.StatusUnauthorized)
|
http.Error(w, "Invalid credentials", http.StatusUnauthorized)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
if !auth.CheckPasswordHash(creds.Password, user.Password) {
|
if !auth.CheckPasswordHash(creds.Password, user.Password) {
|
||||||
log.Println("[api/login] " + r.RemoteAddr + ": Invalid credentials")
|
log.Println("POST [api/login] " + r.RemoteAddr + ": Invalid credentials")
|
||||||
http.Error(w, "Invalid credentials", http.StatusUnauthorized)
|
http.Error(w, "Invalid credentials", http.StatusUnauthorized)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
secret := []byte(os.Getenv("SHAP_JWT_SECRET"))
|
secret := []byte(os.Getenv("SHAP_JWT_SECRET"))
|
||||||
if len(secret) == 0 {
|
if len(secret) == 0 {
|
||||||
log.Println("[api/login] " + r.RemoteAddr + ": Server misconfiguration")
|
log.Println("POST [api/login] " + r.RemoteAddr + ": Server misconfiguration")
|
||||||
http.Error(w, "Server misconfiguration", http.StatusInternalServerError)
|
http.Error(w, "Server misconfiguration", http.StatusInternalServerError)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
accessToken, err := auth.GenerateJWT(user.ID, user.Role, secret)
|
accessToken, err := auth.GenerateJWT(user.ID, user.Role, secret)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
log.Println("[api/login] " + r.RemoteAddr + ": " + err.Error())
|
log.Println("POST [api/login] " + r.RemoteAddr + ": " + err.Error())
|
||||||
http.Error(w, "Could not generate token", http.StatusInternalServerError)
|
http.Error(w, "Could not generate token", http.StatusInternalServerError)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
refreshTokenPlain, err := utils.GenerateRefreshToken()
|
refreshTokenPlain, err := utils.GenerateRefreshToken()
|
||||||
if err != nil {
|
if err != nil {
|
||||||
log.Println("[api/login] " + r.RemoteAddr + ": " + err.Error())
|
log.Println("POST [api/login] " + r.RemoteAddr + ": " + err.Error())
|
||||||
http.Error(w, "could not generate refresh token", http.StatusInternalServerError)
|
http.Error(w, "could not generate refresh token", http.StatusInternalServerError)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
@@ -107,7 +107,7 @@ func Login(w http.ResponseWriter, r *http.Request) {
|
|||||||
CreatedAt: time.Now().Unix(),
|
CreatedAt: time.Now().Unix(),
|
||||||
Revoked: false,
|
Revoked: false,
|
||||||
}); err != nil {
|
}); err != nil {
|
||||||
log.Println("[api/login] " + r.RemoteAddr + ": " + err.Error())
|
log.Println("POST [api/login] " + r.RemoteAddr + ": " + err.Error())
|
||||||
http.Error(w, "could not save refresh token", http.StatusInternalServerError)
|
http.Error(w, "could not save refresh token", http.StatusInternalServerError)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
@@ -127,17 +127,17 @@ func Login(w http.ResponseWriter, r *http.Request) {
|
|||||||
w.Header().Set("Content-Type", "application/json")
|
w.Header().Set("Content-Type", "application/json")
|
||||||
err = json.NewEncoder(w).Encode(resp)
|
err = json.NewEncoder(w).Encode(resp)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
log.Println("[api/login] " + r.RemoteAddr + ": " + err.Error())
|
log.Println("POST [api/login] " + r.RemoteAddr + ": " + err.Error())
|
||||||
http.Error(w, "Something went wrong", http.StatusInternalServerError)
|
http.Error(w, "Something went wrong", http.StatusInternalServerError)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
log.Println("[api/login] " + r.RemoteAddr + ": Successfully logged in")
|
log.Println("POST [api/login] " + r.RemoteAddr + ": Successfully logged in")
|
||||||
}
|
}
|
||||||
func Logout(w http.ResponseWriter, r *http.Request) {
|
func Logout(w http.ResponseWriter, r *http.Request) {
|
||||||
claims := r.Context().Value(auth.UserContextKey).(*auth.Claims)
|
claims := r.Context().Value(auth.UserContextKey).(*auth.Claims)
|
||||||
err := storage.RevokeAllRefreshTokensForUser(claims.UserID)
|
err := storage.RevokeAllRefreshTokensForUser(claims.UserID)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
log.Println("[api/logout] " + r.RemoteAddr + ": " + err.Error())
|
log.Println("GET [api/logout] " + r.RemoteAddr + ": " + err.Error())
|
||||||
http.Error(w, "Internal server error", http.StatusInternalServerError)
|
http.Error(w, "Internal server error", http.StatusInternalServerError)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
@@ -150,20 +150,20 @@ func TestHandler(w http.ResponseWriter, r *http.Request) {
|
|||||||
err := json.NewEncoder(w).Encode(map[string]interface{}{
|
err := json.NewEncoder(w).Encode(map[string]interface{}{
|
||||||
"user_id": claims.UserID,
|
"user_id": claims.UserID,
|
||||||
"role": claims.Role,
|
"role": claims.Role,
|
||||||
"msg": "access granted to protected endpoint",
|
"msg": "Authentication successful",
|
||||||
})
|
})
|
||||||
if err != nil {
|
if err != nil {
|
||||||
log.Println("[api/ping] " + r.RemoteAddr + ": " + err.Error())
|
log.Println("GET [api/ping] " + r.RemoteAddr + ": " + err.Error())
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
log.Println("[api/login] " + r.RemoteAddr + ": Successfully tested connection")
|
log.Println("GET [api/login] " + r.RemoteAddr + ": Successfully tested connection")
|
||||||
}
|
}
|
||||||
func RefreshToken(w http.ResponseWriter, r *http.Request) {
|
func RefreshToken(w http.ResponseWriter, r *http.Request) {
|
||||||
var req struct {
|
var req struct {
|
||||||
RefreshToken string `json:"refresh_token"`
|
RefreshToken string `json:"refresh_token"`
|
||||||
}
|
}
|
||||||
if err := json.NewDecoder(r.Body).Decode(&req); err != nil {
|
if err := json.NewDecoder(r.Body).Decode(&req); err != nil {
|
||||||
log.Println("[api/refresh] " + r.RemoteAddr + ": " + err.Error())
|
log.Println("POST [api/refresh] " + r.RemoteAddr + ": " + err.Error())
|
||||||
http.Error(w, "Invalid request", http.StatusBadRequest)
|
http.Error(w, "Invalid request", http.StatusBadRequest)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
@@ -172,7 +172,7 @@ func RefreshToken(w http.ResponseWriter, r *http.Request) {
|
|||||||
|
|
||||||
tokenRow, err := storage.GetRefreshToken(hashed)
|
tokenRow, err := storage.GetRefreshToken(hashed)
|
||||||
if err != nil || tokenRow.Revoked || tokenRow.ExpiresAt < time.Now().Unix() {
|
if err != nil || tokenRow.Revoked || tokenRow.ExpiresAt < time.Now().Unix() {
|
||||||
log.Println("[api/refresh] " + r.RemoteAddr + ": Invalid refresh token")
|
log.Println("POST [api/refresh] " + r.RemoteAddr + ": Invalid refresh token")
|
||||||
http.Error(w, "Invalid refresh token", http.StatusUnauthorized)
|
http.Error(w, "Invalid refresh token", http.StatusUnauthorized)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
@@ -195,7 +195,7 @@ func RefreshToken(w http.ResponseWriter, r *http.Request) {
|
|||||||
Revoked: false,
|
Revoked: false,
|
||||||
DeviceInfo: deviceInfo,
|
DeviceInfo: deviceInfo,
|
||||||
}); err != nil {
|
}); err != nil {
|
||||||
log.Println("[api/refresh] " + r.RemoteAddr + ": " + err.Error())
|
log.Println("POST [api/refresh] " + r.RemoteAddr + ": " + err.Error())
|
||||||
http.Error(w, "Could not generate new refresh token", http.StatusInternalServerError)
|
http.Error(w, "Could not generate new refresh token", http.StatusInternalServerError)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
@@ -206,7 +206,7 @@ func RefreshToken(w http.ResponseWriter, r *http.Request) {
|
|||||||
"access_token": accessToken,
|
"access_token": accessToken,
|
||||||
"refresh_token": newToken,
|
"refresh_token": newToken,
|
||||||
}); err != nil {
|
}); err != nil {
|
||||||
log.Println("[api/refresh] " + r.RemoteAddr + ": " + err.Error())
|
log.Println("POST [api/refresh] " + r.RemoteAddr + ": " + err.Error())
|
||||||
http.Error(w, "Internal server error", http.StatusInternalServerError)
|
http.Error(w, "Internal server error", http.StatusInternalServerError)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -2,10 +2,12 @@ package handlers
|
|||||||
|
|
||||||
import (
|
import (
|
||||||
"encoding/json"
|
"encoding/json"
|
||||||
|
"log"
|
||||||
"net/http"
|
"net/http"
|
||||||
"shap-planner-backend/models"
|
"shap-planner-backend/models"
|
||||||
"shap-planner-backend/storage"
|
"shap-planner-backend/storage"
|
||||||
"shap-planner-backend/utils"
|
"shap-planner-backend/utils"
|
||||||
|
"time"
|
||||||
)
|
)
|
||||||
|
|
||||||
func Expenses(w http.ResponseWriter, r *http.Request) {
|
func Expenses(w http.ResponseWriter, r *http.Request) {
|
||||||
@@ -20,37 +22,54 @@ func Expenses(w http.ResponseWriter, r *http.Request) {
|
|||||||
Shares []models.ExpenseShare `json:"shares"`
|
Shares []models.ExpenseShare `json:"shares"`
|
||||||
}
|
}
|
||||||
if err := json.NewDecoder(r.Body).Decode(&body); err != nil {
|
if err := json.NewDecoder(r.Body).Decode(&body); err != nil {
|
||||||
|
log.Println("POST [api/expense] " + r.RemoteAddr + ": " + err.Error())
|
||||||
http.Error(w, "Invalid request body", http.StatusBadRequest)
|
http.Error(w, "Invalid request body", http.StatusBadRequest)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
if claims.UserID != body.Expense.PayerID { // You cannot create an expense in the name of another user
|
if claims.UserID != body.Expense.PayerID { // You cannot create an expense in the name of another user
|
||||||
http.Error(w, "Invalid request", http.StatusUnauthorized)
|
log.Println("POST [api/expense] " + r.RemoteAddr + ": claims.UserID and expense.PayerID does not match")
|
||||||
|
http.Error(w, "Invalid request", http.StatusBadRequest)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
// Set ExpenseID
|
||||||
if body.Expense.ID != "" {
|
if body.Expense.ID != "" {
|
||||||
http.Error(w, "Invalid request", http.StatusUnauthorized)
|
log.Println("POST [api/expense] " + r.RemoteAddr + ": Expense ID must be empty")
|
||||||
|
http.Error(w, "Invalid request", http.StatusBadRequest)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
body.Expense.ID = utils.GenerateUUID()
|
body.Expense.ID = utils.GenerateUUID()
|
||||||
|
if body.Expense.CreatedAt == 0 {
|
||||||
|
body.Expense.CreatedAt = time.Now().Unix()
|
||||||
|
}
|
||||||
|
if body.Expense.Amount <= 0 {
|
||||||
|
log.Println("POST [api/expense] " + r.RemoteAddr + ": Amount must be greater than zero")
|
||||||
|
http.Error(w, "Invalid request", http.StatusBadRequest)
|
||||||
|
return
|
||||||
|
}
|
||||||
|
// Set ShareIDs and save them
|
||||||
for _, share := range body.Shares {
|
for _, share := range body.Shares {
|
||||||
if share.ID != "" {
|
if share.ID != "" {
|
||||||
http.Error(w, "Invalid request", http.StatusUnauthorized)
|
log.Println("POST [api/expense] " + r.RemoteAddr + ": Share ID must be empty")
|
||||||
|
http.Error(w, "Invalid request", http.StatusBadRequest)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
if share.ExpenseID != "" {
|
if share.ExpenseID != "" {
|
||||||
http.Error(w, "Invalid request", http.StatusUnauthorized)
|
log.Println("POST [api/expense] " + r.RemoteAddr + ": Expense ID of Share must be empty")
|
||||||
|
http.Error(w, "Invalid request", http.StatusBadRequest)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
share.ExpenseID = body.Expense.ID
|
share.ExpenseID = body.Expense.ID
|
||||||
share.ID = utils.GenerateUUID()
|
share.ID = utils.GenerateUUID()
|
||||||
err := storage.AddShare(&share)
|
err := storage.AddShare(&share)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
log.Println("POST [api/expense] " + r.RemoteAddr + ": " + err.Error())
|
||||||
http.Error(w, "Error adding expense", http.StatusBadRequest) // Should never happen
|
http.Error(w, "Error adding expense", http.StatusBadRequest) // Should never happen
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
err := storage.AddExpense(&body.Expense)
|
err := storage.AddExpense(&body.Expense)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
log.Println("POST [api/expense] " + r.RemoteAddr + ": " + err.Error())
|
||||||
http.Error(w, "Error adding expense", http.StatusBadRequest)
|
http.Error(w, "Error adding expense", http.StatusBadRequest)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
@@ -59,13 +78,16 @@ func Expenses(w http.ResponseWriter, r *http.Request) {
|
|||||||
"shares": body.Shares,
|
"shares": body.Shares,
|
||||||
})
|
})
|
||||||
if err != nil {
|
if err != nil {
|
||||||
println(err.Error())
|
log.Println("POST [api/expense] " + r.RemoteAddr + ": " + err.Error())
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
log.Println("POST [api/expense] " + r.RemoteAddr + ": Successfully added expense and its shares")
|
||||||
break
|
break
|
||||||
case http.MethodPut: // -> Update Expense
|
case http.MethodPut: // -> Update Expense
|
||||||
break
|
break
|
||||||
case http.MethodDelete: // -> Delete Expense
|
case http.MethodDelete: // -> Delete Expense
|
||||||
|
default:
|
||||||
|
http.Error(w, "Invalid request method", http.StatusMethodNotAllowed)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
func AdminPanel(w http.ResponseWriter, r *http.Request) {}
|
func AdminPanel(w http.ResponseWriter, r *http.Request) {}
|
||||||
|
|||||||
Reference in New Issue
Block a user