ekzyis/delphi.market
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

base: ekzyis:3ac346df4f8baebdc088cdf210079fead0749381
Branches Tags
ekzyis:develop
..
compare: ekzyis:2653e816bbcbbeca954b1200700d0e2adcceb8e1
Branches Tags
ekzyis:develop

No commits in common. "3ac346df4f8baebdc088cdf210079fead0749381" and "2653e816bbcbbeca954b1200700d0e2adcceb8e1" have entirely different histories.
3ac346df4f ... 2653e816bb

5 changed files with 70 additions and 102 deletions
Show Stats Expand all files Collapse all files

5
server/router/handler/auth.go
View File

@ -111,10 +111,7 @@ func HandleLnAuthCallback(sc context.Context) echo.HandlerFunc {
} }
if query.Action == "register" { if query.Action == "register" {
err = tx.QueryRow(""+ err = tx.QueryRow("INSERT INTO users(ln_pubkey) VALUES ($1) RETURNING id", query.Key).Scan(&userId)
"INSERT INTO users(ln_pubkey) VALUES ($1) "+
"ON CONFLICT(ln_pubkey) DO UPDATE SET ln_pubkey = $1 "+
"RETURNING id", query.Key).Scan(&userId)
if err != nil { if err != nil {
tx.Rollback() tx.Rollback()
pqErr, ok = err.(*pq.Error) pqErr, ok = err.(*pq.Error)

109
server/router/handler/lnauth_test.go
View File

@ -39,19 +39,19 @@ func TestLnAuthSignup(t *testing.T) {
c.SetParamNames("method") c.SetParamNames("method")
c.SetParamValues("lightning") c.SetParamValues("lightning")
handler.HandleAuth(sc, "register")(c) err = handler.HandleAuth(sc, "register")(c)
assert.Equal(http.StatusOK, rec.Code, "wrong status code") assert.NoErrorf(err, "handler returned error")
// Set-Cookie header present // Set-Cookie header present
cookies = rec.Result().Cookies() cookies = rec.Result().Cookies()
assert.Equal(1, len(cookies), "wrong number of Set-Cookie headers") assert.Equalf(1, len(cookies), "wrong number of Set-Cookie headers")
assert.Equal("session", cookies[0].Name, "wrong cookie name") assert.Equalf("session", cookies[0].Name, "wrong cookie name")
// new challenge inserted which matches cookie value // new challenge inserted which matches cookie value
sessionId = cookies[0].Value sessionId = cookies[0].Value
err = db.QueryRow("SELECT session_id FROM lnauth WHERE session_id = $1", sessionId).Scan(&dbSessionId) err = db.QueryRow("SELECT session_id FROM lnauth WHERE session_id = $1", sessionId).Scan(&dbSessionId)
assert.NoError(err) assert.NoError(err)
assert.Equal(sessionId, dbSessionId, "wrong session id") assert.Equalf(sessionId, dbSessionId, "wrong session id")
} }
func TestLnAuthSignupCallbackUserNotExists(t *testing.T) { func TestLnAuthSignupCallbackUserNotExists(t *testing.T) {
@ -79,39 +79,37 @@ func TestLnAuthSignupCallbackUserNotExists(t *testing.T) {
err = db.QueryRow( err = db.QueryRow(
"INSERT INTO lnauth(k1, lnurl) VALUES($1, $2) RETURNING session_id", "INSERT INTO lnauth(k1, lnurl) VALUES($1, $2) RETURNING session_id",
lnAuth.K1, lnAuth.LNURL).Scan(&sessionId) lnAuth.K1, lnAuth.LNURL).Scan(&sessionId)
assert.NoError(err, "error creating challenge") assert.NoErrorf(err, "error creating challenge")
sk, pk, err = test.GenerateKeyPair() sk, pk, err = test.GenerateKeyPair()
assert.NoError(err, "error generating keypair") assert.NoErrorf(err, "error generating keypair")
sig, err = test.Sign(sk, lnAuth.K1) sig, err = test.Sign(sk, lnAuth.K1)
assert.NoError(err, "error signing k1") assert.NoErrorf(err, "error signing k1")
key = hex.EncodeToString(pk.SerializeCompressed()) key = hex.EncodeToString(pk.SerializeCompressed())
sc = context.Context{Db: db} sc = context.Context{Db: db}
e, req, rec = test.HTTPMocks( e, req, rec = test.HTTPMocks("GET",
"GET", fmt.Sprintf("/api/login?tag=login&k1=%s&key=%s&sig=%s&action=%s", lnAuth.K1, key, sig, "register"), nil)
fmt.Sprintf("/api/lnauth?tag=login&k1=%s&key=%s&sig=%s&action=%s", lnAuth.K1, key, sig, "register"),
nil)
c = e.NewContext(req, rec) c = e.NewContext(req, rec)
handler.HandleLnAuthCallback(sc)(c) err = handler.HandleLnAuthCallback(sc)(c)
assert.Equal(http.StatusOK, rec.Code, "wrong status code") assert.NoErrorf(err, "handler returned error")
// user created // user created
err = db.QueryRow("SELECT id FROM users WHERE ln_pubkey = $1", key).Scan(&userId) err = db.QueryRow("SELECT id FROM users WHERE ln_pubkey = $1", key).Scan(&userId)
assert.NoError(err, "error fetching user") assert.NoErrorf(err, "error fetching user")
// session created // session created
err = db.QueryRow("SELECT COUNT(1) FROM sessions WHERE id = $1 AND user_id = $2", sessionId, userId).Scan(&count) err = db.QueryRow("SELECT COUNT(1) FROM sessions WHERE id = $1 AND user_id = $2", sessionId, userId).Scan(&count)
assert.NoError(err, "error fetching session") assert.NoErrorf(err, "error fetching session")
assert.Equal(1, count, "invalid session count") assert.Equalf(1, count, "invalid session count")
// challenge deleted // challenge deleted
err = db.QueryRow("SELECT COUNT(1) FROM lnauth WHERE k1 = $1", lnAuth.K1).Scan(&count) err = db.QueryRow("SELECT COUNT(1) FROM lnauth WHERE k1 = $1", lnAuth.K1).Scan(&count)
assert.NoError(err, "error fetching challenge") assert.NoErrorf(err, "error fetching challenge")
assert.Equal(count, 0, "challenge not deleted") assert.Equalf(count, 0, "challenge not deleted")
} }
func TestLnAuthSignupCallbackUserExists(t *testing.T) { func TestLnAuthSignupCallbackUserExists(t *testing.T) {
@ -137,30 +135,28 @@ func TestLnAuthSignupCallbackUserExists(t *testing.T) {
err = db.QueryRow( err = db.QueryRow(
"INSERT INTO lnauth(k1, lnurl) VALUES($1, $2) RETURNING session_id", "INSERT INTO lnauth(k1, lnurl) VALUES($1, $2) RETURNING session_id",
lnAuth.K1, lnAuth.LNURL).Scan(&sessionId) lnAuth.K1, lnAuth.LNURL).Scan(&sessionId)
assert.NoError(err, "error creating challenge") assert.NoErrorf(err, "error creating challenge")
sk, pk, err = test.GenerateKeyPair() sk, pk, err = test.GenerateKeyPair()
assert.NoError(err, "error generating keypair") assert.NoErrorf(err, "error generating keypair")
sig, err = test.Sign(sk, lnAuth.K1) sig, err = test.Sign(sk, lnAuth.K1)
assert.NoError(err, "error signing k1") assert.NoErrorf(err, "error signing k1")
key = hex.EncodeToString(pk.SerializeCompressed()) key = hex.EncodeToString(pk.SerializeCompressed())
// create user before signup // create user such that signup must fail
_, err = db.Exec("INSERT INTO users(ln_pubkey) VALUES($1) RETURNING id", key) _, err = db.Exec("INSERT INTO users(ln_pubkey) VALUES($1) RETURNING id", key)
assert.NoError(err, "error creating user") assert.NoErrorf(err, "error creating user")
sc = context.Context{Db: db} sc = context.Context{Db: db}
e, req, rec = test.HTTPMocks( e, req, rec = test.HTTPMocks("GET",
"GET", fmt.Sprintf("/api/login?tag=login&k1=%s&key=%s&sig=%s&action=%s", lnAuth.K1, key, sig, "register"), nil)
fmt.Sprintf("/api/lnauth?tag=login&k1=%s&key=%s&sig=%s&action=%s", lnAuth.K1, key, sig, "register"),
nil)
c = e.NewContext(req, rec) c = e.NewContext(req, rec)
// does not throw an error for UX reasons // must throw error because user already exists
handler.HandleLnAuthCallback(sc)(c) err = handler.HandleLnAuthCallback(sc)(c)
assert.Equal(http.StatusOK, rec.Code, "wrong status code") assert.ErrorContains(err, "user already exists", "user check failed")
} }
func TestLnAuthLogin(t *testing.T) { func TestLnAuthLogin(t *testing.T) {
@ -183,18 +179,18 @@ func TestLnAuthLogin(t *testing.T) {
c.SetParamValues("lightning") c.SetParamValues("lightning")
err = handler.HandleAuth(sc, "login")(c) err = handler.HandleAuth(sc, "login")(c)
assert.NoError(err, "handler returned error") assert.NoErrorf(err, "handler returned error")
// Set-Cookie header present // Set-Cookie header present
cookies = rec.Result().Cookies() cookies = rec.Result().Cookies()
assert.Equal(len(cookies), 1, "wrong number of Set-Cookie headers") assert.Equalf(len(cookies), 1, "wrong number of Set-Cookie headers")
assert.Equal("session", cookies[0].Name, "wrong cookie name") assert.Equalf("session", cookies[0].Name, "wrong cookie name")
// new challenge inserted which matches cookie value // new challenge inserted which matches cookie value
sessionId = cookies[0].Value sessionId = cookies[0].Value
err = db.QueryRow("SELECT session_id FROM lnauth WHERE session_id = $1", sessionId).Scan(&dbSessionId) err = db.QueryRow("SELECT session_id FROM lnauth WHERE session_id = $1", sessionId).Scan(&dbSessionId)
assert.NoError(err) assert.NoError(err)
assert.Equal(sessionId, dbSessionId, "wrong session id") assert.Equalf(sessionId, dbSessionId, "wrong session id")
} }
func TestLnAuthLoginCallbackUserNotExists(t *testing.T) { func TestLnAuthLoginCallbackUserNotExists(t *testing.T) {
@ -220,27 +216,24 @@ func TestLnAuthLoginCallbackUserNotExists(t *testing.T) {
err = db.QueryRow( err = db.QueryRow(
"INSERT INTO lnauth(k1, lnurl) VALUES($1, $2) RETURNING session_id", "INSERT INTO lnauth(k1, lnurl) VALUES($1, $2) RETURNING session_id",
lnAuth.K1, lnAuth.LNURL).Scan(&sessionId) lnAuth.K1, lnAuth.LNURL).Scan(&sessionId)
assert.NoError(err, "error creating challenge") assert.NoErrorf(err, "error creating challenge")
sk, pk, err = test.GenerateKeyPair() sk, pk, err = test.GenerateKeyPair()
assert.NoError(err, "error generating keypair") assert.NoErrorf(err, "error generating keypair")
sig, err = test.Sign(sk, lnAuth.K1) sig, err = test.Sign(sk, lnAuth.K1)
assert.NoError(err, "error signing k1") assert.NoErrorf(err, "error signing k1")
key = hex.EncodeToString(pk.SerializeCompressed()) key = hex.EncodeToString(pk.SerializeCompressed())
sc = context.Context{Db: db} sc = context.Context{Db: db}
e, req, rec = test.HTTPMocks( e, req, rec = test.HTTPMocks("GET",
"GET", fmt.Sprintf("/api/login?tag=login&k1=%s&key=%s&sig=%s&action=%s", lnAuth.K1, key, sig, "login"), nil)
fmt.Sprintf("/api/lnauth?tag=login&k1=%s&key=%s&sig=%s&action=%s", lnAuth.K1, key, sig, "login"),
nil)
c = e.NewContext(req, rec) c = e.NewContext(req, rec)
// must throw error because user does not exist // must throw error because user does not exist
handler.HandleLnAuthCallback(sc)(c) err = handler.HandleLnAuthCallback(sc)(c)
assert.Equal(http.StatusNotFound, rec.Code, "wrong status code") assert.ErrorContains(err, "user not found", "user check failed")
assert.Contains(rec.Body.String(), "\"reason\":\"user not found\"", "user check failed")
} }
func TestLnAuthLoginCallbackUserExists(t *testing.T) { func TestLnAuthLoginCallbackUserExists(t *testing.T) {
@ -268,37 +261,35 @@ func TestLnAuthLoginCallbackUserExists(t *testing.T) {
err = db.QueryRow( err = db.QueryRow(
"INSERT INTO lnauth(k1, lnurl) VALUES($1, $2) RETURNING session_id", "INSERT INTO lnauth(k1, lnurl) VALUES($1, $2) RETURNING session_id",
lnAuth.K1, lnAuth.LNURL).Scan(&sessionId) lnAuth.K1, lnAuth.LNURL).Scan(&sessionId)
assert.NoError(err, "error creating challenge") assert.NoErrorf(err, "error creating challenge")
sk, pk, err = test.GenerateKeyPair() sk, pk, err = test.GenerateKeyPair()
assert.NoError(err, "error generating keypair") assert.NoErrorf(err, "error generating keypair")
sig, err = test.Sign(sk, lnAuth.K1) sig, err = test.Sign(sk, lnAuth.K1)
assert.NoError(err, "error signing k1") assert.NoErrorf(err, "error signing k1")
key = hex.EncodeToString(pk.SerializeCompressed()) key = hex.EncodeToString(pk.SerializeCompressed())
// create user such that login does not fail // create user such that login does not fail
err = db.QueryRow("INSERT INTO users(ln_pubkey) VALUES($1) RETURNING id", key).Scan(&userId) err = db.QueryRow("INSERT INTO users(ln_pubkey) VALUES($1) RETURNING id", key).Scan(&userId)
assert.NoError(err, "error creating user") assert.NoErrorf(err, "error creating user")
sc = context.Context{Db: db} sc = context.Context{Db: db}
e, req, rec = test.HTTPMocks( e, req, rec = test.HTTPMocks("GET",
"GET", fmt.Sprintf("/api/login?tag=login&k1=%s&key=%s&sig=%s&action=%s", lnAuth.K1, key, sig, "login"), nil)
fmt.Sprintf("/api/lnauth?tag=login&k1=%s&key=%s&sig=%s&action=%s", lnAuth.K1, key, sig, "login"),
nil)
c = e.NewContext(req, rec) c = e.NewContext(req, rec)
handler.HandleLnAuthCallback(sc)(c) err = handler.HandleLnAuthCallback(sc)(c)
assert.Equal(http.StatusOK, rec.Code, "wrong status code") assert.NoErrorf(err, "handler returned error")
// session created // session created
err = db.QueryRow("SELECT COUNT(1) FROM sessions WHERE id = $1 AND user_id = $2", sessionId, userId).Scan(&count) err = db.QueryRow("SELECT COUNT(1) FROM sessions WHERE id = $1 AND user_id = $2", sessionId, userId).Scan(&count)
assert.NoError(err, "error fetching session") assert.NoErrorf(err, "error fetching session")
assert.Equal(1, count, "invalid session count") assert.Equalf(1, count, "invalid session count")
// challenge deleted // challenge deleted
err = db.QueryRow("SELECT COUNT(1) FROM lnauth WHERE k1 = $1", lnAuth.K1).Scan(&count) err = db.QueryRow("SELECT COUNT(1) FROM lnauth WHERE k1 = $1", lnAuth.K1).Scan(&count)
assert.NoError(err, "error fetching challenge") assert.NoErrorf(err, "error fetching challenge")
assert.Equal(count, 0, "challenge not deleted") assert.Equalf(count, 0, "challenge not deleted")
} }

44
server/router/middleware/session.go
View File

@ -1,41 +1,33 @@
package middleware package middleware
import ( import (
"database/sql"
"net/http" "net/http"
"git.ekzyis.com/ekzyis/delphi.market/server/router/context" "git.ekzyis.com/ekzyis/delphi.market/server/router/context"
"git.ekzyis.com/ekzyis/delphi.market/types"
"github.com/labstack/echo/v4" "github.com/labstack/echo/v4"
) )
func Session(sc context.Context) echo.MiddlewareFunc { func Session(sc context.Context) echo.MiddlewareFunc {
return func(next echo.HandlerFunc) echo.HandlerFunc { return func(next echo.HandlerFunc) echo.HandlerFunc {
return func(c echo.Context) error { return func(c echo.Context) error {
var ( // TODO: implement session middleware
db = sc.Db // var (
ctx = c.Request().Context() // cookie *http.Cookie
cookie *http.Cookie // err error
err error // s *db.Session
u = types.User{} // u *db.User
) // )
if cookie, err = c.Cookie("session"); err != nil { // if cookie, err = c.Cookie("session"); err != nil {
// cookie not found // // cookie not found
return next(c) // return next(c)
} // }
if err = db.QueryRowContext( // s = &db.Session{SessionId: cookie.Value}
ctx, // if err = sc.Db.FetchSession(s); err == nil {
""+ // // session found
"SELECT u.id, u.created_at, COALESCE(u.ln_pubkey, ''), COALESCE(u.nostr_pubkey, ''), u.msats "+ // c.Set("session", *u)
"FROM sessions s LEFT JOIN users u ON u.id = s.user_id "+ // } else if err != sql.ErrNoRows {
"WHERE s.id = $1", // return err
cookie.Value). // }
Scan(&u.Id, &u.CreatedAt, &u.LnPubkey, &u.NostrPubkey, &u.Msats); err == nil {
// session found
c.Set("session", u)
} else if err != sql.ErrNoRows {
return err
}
return next(c) return next(c)
} }
} }

3
server/router/router.go
View File

@ -5,13 +5,12 @@ import (
"git.ekzyis.com/ekzyis/delphi.market/server/router/context" "git.ekzyis.com/ekzyis/delphi.market/server/router/context"
"git.ekzyis.com/ekzyis/delphi.market/server/router/handler" "git.ekzyis.com/ekzyis/delphi.market/server/router/handler"
"git.ekzyis.com/ekzyis/delphi.market/server/router/middleware"
) )
type Context = context.Context type Context = context.Context
func Init(e *echo.Echo, sc Context) { func Init(e *echo.Echo, sc Context) {
e.Use(middleware.Session(sc)) // e.Use(middleware.Session(sc))
e.GET("/", handler.HandleIndex(sc)) e.GET("/", handler.HandleIndex(sc))
e.GET("/about", handler.HandleAbout(sc)) e.GET("/about", handler.HandleAbout(sc))

11
types/types.go
View File

@ -1,11 +0,0 @@
package types
import "time"
type User struct {
Id int
CreatedAt time.Time
LnPubkey string
NostrPubkey string
Msats int64
}