From 47fedca70236db6dac5cecaa1df4d2219ae84687 Mon Sep 17 00:00:00 2001 From: puni9869 Date: Tue, 21 May 2024 10:51:57 +0530 Subject: [PATCH] fix: password validation and auth and minor tweaks in code. removing fmt.Println statements. --- cmd/command/version.go | 2 +- config/local.json | 2 +- models/session.go | 13 ++++++++++--- pkg/config/config.go | 2 -- server/auth/login.go | 8 ++++---- 5 files changed, 16 insertions(+), 11 deletions(-) diff --git a/cmd/command/version.go b/cmd/command/version.go index 9c8b06a..a1dde27 100644 --- a/cmd/command/version.go +++ b/cmd/command/version.go @@ -16,7 +16,7 @@ var Version = cli.Command{ const version = "v1.0" // versionAction prints the current version -func versionAction(ctx *cli.Context) error { +func versionAction(_ *cli.Context) error { fmt.Println(version) return nil } diff --git a/config/local.json b/config/local.json index 9e7f8db..1fc7ea7 100644 --- a/config/local.json +++ b/config/local.json @@ -20,7 +20,7 @@ "postgres": { "type": "postgres", "host": "127.0.0.1", - "username": "punitinani", + "username": "puni9869", "password": "", "port": "5432", "databaseName": "pinmyblogs", diff --git a/models/session.go b/models/session.go index 9b13677..c0afa9b 100644 --- a/models/session.go +++ b/models/session.go @@ -1,9 +1,16 @@ package models -import "gorm.io/gorm" +import ( + "time" + + "gorm.io/gorm" +) // Session is gorm sessionstore shadow to properly delete the session type Session struct { - gorm.Model - data string //lint:ignore U1000 Ignore unused function temporarily for debugging + ID string `gorm:"primarykey;size:65"` + CreatedAt time.Time + UpdatedAt time.Time + DeletedAt gorm.DeletedAt `gorm:"index"` + data string //lint:ignore U1000 Ignore unused function temporarily for debugging } diff --git a/pkg/config/config.go b/pkg/config/config.go index e7bf979..4ee38e4 100644 --- a/pkg/config/config.go +++ b/pkg/config/config.go @@ -2,7 +2,6 @@ package config import ( "errors" - "fmt" "github.com/spf13/viper" ) @@ -85,7 +84,6 @@ func LoadConfig(environment string) error { return err } err = viper.Unmarshal(&C) - fmt.Println(C) if err != nil { return err } diff --git a/server/auth/login.go b/server/auth/login.go index 093e0ca..24a384e 100644 --- a/server/auth/login.go +++ b/server/auth/login.go @@ -4,6 +4,7 @@ import ( "crypto/sha256" "fmt" "net/http" + "strings" "github.com/gin-contrib/sessions" "github.com/gin-gonic/gin" @@ -35,12 +36,11 @@ func LoginPost(c *gin.Context) { c.Abort() return } + h := sha256.New() - h.Write([]byte(password)) bs := h.Sum(nil) - pas := fmt.Sprintf("%x", bs) - fmt.Println(pas) - if fmt.Sprintf("%x", bs) != user.Password { + pass := fmt.Sprintf("%x", bs) + if strings.Compare(pass, user.Password) != 0 { log.WithField("email", email).WithError(result.Error).Error("Invalid password.") c.HTML(http.StatusUnauthorized, "login.tmpl", gin.H{"HasError": true, "Error": "Invalid email or password"}) c.Abort()