ekzyis
/
delphi.market
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

base: ekzyis:2653e816bbcbbeca954b1200700d0e2adcceb8e1
Branches Tags
ekzyis:develop
...
compare: ekzyis:3ac346df4f8baebdc088cdf210079fead0749381
Branches Tags
ekzyis:develop

6 Commits
2653e816bb ... 3ac346df4f

Author SHA1 Message Date
ekzyis 3ac346df4f Fix route 2024-07-12 20:35:47 +02:00
ekzyis 36ac326767 Check status code instead of returned error 2024-07-12 20:32:50 +02:00
ekzyis 4e13271dbd Don't throw if user already exists on signup 2024-07-12 20:30:34 +02:00
ekzyis 0f3866866a Don't use assert format version unnecessarily 2024-07-12 20:21:12 +02:00
ekzyis df1886632b Fix tests 2024-07-12 20:11:03 +02:00
ekzyis 9a92444eee Add session middleware 2024-07-12 15:30:50 +02:00
5 changed files with 102 additions and 70 deletions
Show Stats Expand all files Collapse all files

5
server/router/handler/auth.go
View File

@ -111,7 +111,10 @@ func HandleLnAuthCallback(sc context.Context) echo.HandlerFunc {
}
if query.Action == "register" {
err = tx.QueryRow("INSERT INTO users(ln_pubkey) VALUES ($1) RETURNING id", query.Key).Scan(&userId)
err = tx.QueryRow(""+
"INSERT INTO users(ln_pubkey) VALUES ($1) "+
"ON CONFLICT(ln_pubkey) DO UPDATE SET ln_pubkey = $1 "+
"RETURNING id", query.Key).Scan(&userId)
if err != nil {
tx.Rollback()
pqErr, ok = err.(*pq.Error)

109
server/router/handler/lnauth_test.go
View File

@ -39,19 +39,19 @@ func TestLnAuthSignup(t *testing.T) {
c.SetParamNames("method")
c.SetParamValues("lightning")
err = handler.HandleAuth(sc, "register")(c)
assert.NoErrorf(err, "handler returned error")
handler.HandleAuth(sc, "register")(c)
assert.Equal(http.StatusOK, rec.Code, "wrong status code")
// Set-Cookie header present
cookies = rec.Result().Cookies()
assert.Equalf(1, len(cookies), "wrong number of Set-Cookie headers")
assert.Equalf("session", cookies[0].Name, "wrong cookie name")
assert.Equal(1, len(cookies), "wrong number of Set-Cookie headers")
assert.Equal("session", cookies[0].Name, "wrong cookie name")
// new challenge inserted which matches cookie value
sessionId = cookies[0].Value
err = db.QueryRow("SELECT session_id FROM lnauth WHERE session_id = $1", sessionId).Scan(&dbSessionId)
assert.NoError(err)
assert.Equalf(sessionId, dbSessionId, "wrong session id")
assert.Equal(sessionId, dbSessionId, "wrong session id")
}
func TestLnAuthSignupCallbackUserNotExists(t *testing.T) {
@ -79,37 +79,39 @@ func TestLnAuthSignupCallbackUserNotExists(t *testing.T) {
err = db.QueryRow(
"INSERT INTO lnauth(k1, lnurl) VALUES($1, $2) RETURNING session_id",
lnAuth.K1, lnAuth.LNURL).Scan(&sessionId)
assert.NoErrorf(err, "error creating challenge")
assert.NoError(err, "error creating challenge")
sk, pk, err = test.GenerateKeyPair()
assert.NoErrorf(err, "error generating keypair")
assert.NoError(err, "error generating keypair")
sig, err = test.Sign(sk, lnAuth.K1)
assert.NoErrorf(err, "error signing k1")
assert.NoError(err, "error signing k1")
key = hex.EncodeToString(pk.SerializeCompressed())
sc = context.Context{Db: db}
e, req, rec = test.HTTPMocks("GET",
fmt.Sprintf("/api/login?tag=login&k1=%s&key=%s&sig=%s&action=%s", lnAuth.K1, key, sig, "register"), nil)
e, req, rec = test.HTTPMocks(
"GET",
fmt.Sprintf("/api/lnauth?tag=login&k1=%s&key=%s&sig=%s&action=%s", lnAuth.K1, key, sig, "register"),
nil)
c = e.NewContext(req, rec)
err = handler.HandleLnAuthCallback(sc)(c)
assert.NoErrorf(err, "handler returned error")
handler.HandleLnAuthCallback(sc)(c)
assert.Equal(http.StatusOK, rec.Code, "wrong status code")
// user created
err = db.QueryRow("SELECT id FROM users WHERE ln_pubkey = $1", key).Scan(&userId)
assert.NoErrorf(err, "error fetching user")
assert.NoError(err, "error fetching user")
// session created
err = db.QueryRow("SELECT COUNT(1) FROM sessions WHERE id = $1 AND user_id = $2", sessionId, userId).Scan(&count)
assert.NoErrorf(err, "error fetching session")
assert.Equalf(1, count, "invalid session count")
assert.NoError(err, "error fetching session")
assert.Equal(1, count, "invalid session count")
// challenge deleted
err = db.QueryRow("SELECT COUNT(1) FROM lnauth WHERE k1 = $1", lnAuth.K1).Scan(&count)
assert.NoErrorf(err, "error fetching challenge")
assert.Equalf(count, 0, "challenge not deleted")
assert.NoError(err, "error fetching challenge")
assert.Equal(count, 0, "challenge not deleted")
}
func TestLnAuthSignupCallbackUserExists(t *testing.T) {
@ -135,28 +137,30 @@ func TestLnAuthSignupCallbackUserExists(t *testing.T) {
err = db.QueryRow(
"INSERT INTO lnauth(k1, lnurl) VALUES($1, $2) RETURNING session_id",
lnAuth.K1, lnAuth.LNURL).Scan(&sessionId)
assert.NoErrorf(err, "error creating challenge")
assert.NoError(err, "error creating challenge")
sk, pk, err = test.GenerateKeyPair()
assert.NoErrorf(err, "error generating keypair")
assert.NoError(err, "error generating keypair")
sig, err = test.Sign(sk, lnAuth.K1)
assert.NoErrorf(err, "error signing k1")
assert.NoError(err, "error signing k1")
key = hex.EncodeToString(pk.SerializeCompressed())
// create user such that signup must fail
// create user before signup
_, err = db.Exec("INSERT INTO users(ln_pubkey) VALUES($1) RETURNING id", key)
assert.NoErrorf(err, "error creating user")
assert.NoError(err, "error creating user")
sc = context.Context{Db: db}
e, req, rec = test.HTTPMocks("GET",
fmt.Sprintf("/api/login?tag=login&k1=%s&key=%s&sig=%s&action=%s", lnAuth.K1, key, sig, "register"), nil)
e, req, rec = test.HTTPMocks(
"GET",
fmt.Sprintf("/api/lnauth?tag=login&k1=%s&key=%s&sig=%s&action=%s", lnAuth.K1, key, sig, "register"),
nil)
c = e.NewContext(req, rec)
// must throw error because user already exists
err = handler.HandleLnAuthCallback(sc)(c)
assert.ErrorContains(err, "user already exists", "user check failed")
// does not throw an error for UX reasons
handler.HandleLnAuthCallback(sc)(c)
assert.Equal(http.StatusOK, rec.Code, "wrong status code")
}
func TestLnAuthLogin(t *testing.T) {
@ -179,18 +183,18 @@ func TestLnAuthLogin(t *testing.T) {
c.SetParamValues("lightning")
err = handler.HandleAuth(sc, "login")(c)
assert.NoErrorf(err, "handler returned error")
assert.NoError(err, "handler returned error")
// Set-Cookie header present
cookies = rec.Result().Cookies()
assert.Equalf(len(cookies), 1, "wrong number of Set-Cookie headers")
assert.Equalf("session", cookies[0].Name, "wrong cookie name")
assert.Equal(len(cookies), 1, "wrong number of Set-Cookie headers")
assert.Equal("session", cookies[0].Name, "wrong cookie name")
// new challenge inserted which matches cookie value
sessionId = cookies[0].Value
err = db.QueryRow("SELECT session_id FROM lnauth WHERE session_id = $1", sessionId).Scan(&dbSessionId)
assert.NoError(err)
assert.Equalf(sessionId, dbSessionId, "wrong session id")
assert.Equal(sessionId, dbSessionId, "wrong session id")
}
func TestLnAuthLoginCallbackUserNotExists(t *testing.T) {
@ -216,24 +220,27 @@ func TestLnAuthLoginCallbackUserNotExists(t *testing.T) {
err = db.QueryRow(
"INSERT INTO lnauth(k1, lnurl) VALUES($1, $2) RETURNING session_id",
lnAuth.K1, lnAuth.LNURL).Scan(&sessionId)
assert.NoErrorf(err, "error creating challenge")
assert.NoError(err, "error creating challenge")
sk, pk, err = test.GenerateKeyPair()
assert.NoErrorf(err, "error generating keypair")
assert.NoError(err, "error generating keypair")
sig, err = test.Sign(sk, lnAuth.K1)
assert.NoErrorf(err, "error signing k1")
assert.NoError(err, "error signing k1")
key = hex.EncodeToString(pk.SerializeCompressed())
sc = context.Context{Db: db}
e, req, rec = test.HTTPMocks("GET",
fmt.Sprintf("/api/login?tag=login&k1=%s&key=%s&sig=%s&action=%s", lnAuth.K1, key, sig, "login"), nil)
e, req, rec = test.HTTPMocks(
"GET",
fmt.Sprintf("/api/lnauth?tag=login&k1=%s&key=%s&sig=%s&action=%s", lnAuth.K1, key, sig, "login"),
nil)
c = e.NewContext(req, rec)
// must throw error because user does not exist
err = handler.HandleLnAuthCallback(sc)(c)
assert.ErrorContains(err, "user not found", "user check failed")
handler.HandleLnAuthCallback(sc)(c)
assert.Equal(http.StatusNotFound, rec.Code, "wrong status code")
assert.Contains(rec.Body.String(), "\"reason\":\"user not found\"", "user check failed")
}
func TestLnAuthLoginCallbackUserExists(t *testing.T) {
@ -261,35 +268,37 @@ func TestLnAuthLoginCallbackUserExists(t *testing.T) {
err = db.QueryRow(
"INSERT INTO lnauth(k1, lnurl) VALUES($1, $2) RETURNING session_id",
lnAuth.K1, lnAuth.LNURL).Scan(&sessionId)
assert.NoErrorf(err, "error creating challenge")
assert.NoError(err, "error creating challenge")
sk, pk, err = test.GenerateKeyPair()
assert.NoErrorf(err, "error generating keypair")
assert.NoError(err, "error generating keypair")
sig, err = test.Sign(sk, lnAuth.K1)
assert.NoErrorf(err, "error signing k1")
assert.NoError(err, "error signing k1")
key = hex.EncodeToString(pk.SerializeCompressed())
// create user such that login does not fail
err = db.QueryRow("INSERT INTO users(ln_pubkey) VALUES($1) RETURNING id", key).Scan(&userId)
assert.NoErrorf(err, "error creating user")
assert.NoError(err, "error creating user")
sc = context.Context{Db: db}
e, req, rec = test.HTTPMocks("GET",
fmt.Sprintf("/api/login?tag=login&k1=%s&key=%s&sig=%s&action=%s", lnAuth.K1, key, sig, "login"), nil)
e, req, rec = test.HTTPMocks(
"GET",
fmt.Sprintf("/api/lnauth?tag=login&k1=%s&key=%s&sig=%s&action=%s", lnAuth.K1, key, sig, "login"),
nil)
c = e.NewContext(req, rec)
err = handler.HandleLnAuthCallback(sc)(c)
assert.NoErrorf(err, "handler returned error")
handler.HandleLnAuthCallback(sc)(c)
assert.Equal(http.StatusOK, rec.Code, "wrong status code")
// session created
err = db.QueryRow("SELECT COUNT(1) FROM sessions WHERE id = $1 AND user_id = $2", sessionId, userId).Scan(&count)
assert.NoErrorf(err, "error fetching session")
assert.Equalf(1, count, "invalid session count")
assert.NoError(err, "error fetching session")
assert.Equal(1, count, "invalid session count")
// challenge deleted
err = db.QueryRow("SELECT COUNT(1) FROM lnauth WHERE k1 = $1", lnAuth.K1).Scan(&count)
assert.NoErrorf(err, "error fetching challenge")
assert.Equalf(count, 0, "challenge not deleted")
assert.NoError(err, "error fetching challenge")
assert.Equal(count, 0, "challenge not deleted")
}

44
server/router/middleware/session.go
View File

@ -1,33 +1,41 @@
package middleware
import (
"database/sql"
"net/http"
"git.ekzyis.com/ekzyis/delphi.market/server/router/context"
"git.ekzyis.com/ekzyis/delphi.market/types"
"github.com/labstack/echo/v4"
)
func Session(sc context.Context) echo.MiddlewareFunc {
return func(next echo.HandlerFunc) echo.HandlerFunc {
return func(c echo.Context) error {
// TODO: implement session middleware
// var (
// cookie *http.Cookie
// err error
// s *db.Session
// u *db.User
// )
// if cookie, err = c.Cookie("session"); err != nil {
// // cookie not found
// return next(c)
// }
// s = &db.Session{SessionId: cookie.Value}
// if err = sc.Db.FetchSession(s); err == nil {
// // session found
// c.Set("session", *u)
// } else if err != sql.ErrNoRows {
// return err
// }
var (
db = sc.Db
ctx = c.Request().Context()
cookie *http.Cookie
err error
u = types.User{}
)
if cookie, err = c.Cookie("session"); err != nil {
// cookie not found
return next(c)
}
if err = db.QueryRowContext(
ctx,
""+
"SELECT u.id, u.created_at, COALESCE(u.ln_pubkey, ''), COALESCE(u.nostr_pubkey, ''), u.msats "+
"FROM sessions s LEFT JOIN users u ON u.id = s.user_id "+
"WHERE s.id = $1",
cookie.Value).
Scan(&u.Id, &u.CreatedAt, &u.LnPubkey, &u.NostrPubkey, &u.Msats); err == nil {
// session found
c.Set("session", u)
} else if err != sql.ErrNoRows {
return err
}
return next(c)
}
}

3
server/router/router.go
View File

@ -5,12 +5,13 @@ import (
"git.ekzyis.com/ekzyis/delphi.market/server/router/context"
"git.ekzyis.com/ekzyis/delphi.market/server/router/handler"
"git.ekzyis.com/ekzyis/delphi.market/server/router/middleware"
)
type Context = context.Context
func Init(e *echo.Echo, sc Context) {
// e.Use(middleware.Session(sc))
e.Use(middleware.Session(sc))
e.GET("/", handler.HandleIndex(sc))
e.GET("/about", handler.HandleAbout(sc))

11
types/types.go Normal file
View File

@ -0,0 +1,11 @@
package types
import "time"
type User struct {
Id int
CreatedAt time.Time
LnPubkey string
NostrPubkey string
Msats int64
}