new endpoints, budget adjustment

2026-03-16 18:56:01 -07:00 · 2023-04-11 22:41:39 -04:00 · 2023-04-11 22:41:39 -04:00 · c4047a36cc
commit c4047a36cc
parent cc36b80e72
9 changed files with 276 additions and 20 deletions
--- a/routes/createAccount.go
+++ b/routes/createAccount.go
@ -34,12 +34,17 @@ func CreateAccount(w http.ResponseWriter, r *http.Request) {
 	v.Name = r.FormValue("name")
 	if v.Email == "" || v.Password == "" || v.Name == "" {
 		w.WriteHeader(http.StatusBadRequest)
+		fmt.Fprint(w, "{\"error\":\"field(s) are missing\"}")
 		return
 	}

-	if len(v.Password) < 8 || len(v.Password) > 255 || !EmailIsValid(v.Email) {
+	if len(v.Password) < 8 || len(v.Password) > 255 {
 		w.WriteHeader(http.StatusBadRequest)
-		fmt.Fprint(w, "{\"error\":\"there was a problem with your request. Please try again with different values\"}")
+		fmt.Fprint(w, "{\"error\":\"password must be 8 characters or greater\"}")
+		return
+	} else if !EmailIsValid(v.Email) {
+		w.WriteHeader(http.StatusBadRequest)
+		fmt.Fprint(w, "{\"error\":\"email is invalid\"}")
 		return
 	}

--- a/routes/deleteAccount.go
+++ b/routes/deleteAccount.go
@ -0,0 +1,66 @@
+package routes
+
+import (
+	"context"
+	"fmt"
+	"log"
+	"net/http"
+
+	"github.com/jacobmveber-01839764/BudgetBuddy/db"
+	"go.mongodb.org/mongo-driver/bson"
+	"go.mongodb.org/mongo-driver/bson/primitive"
+	"go.mongodb.org/mongo-driver/mongo/readpref"
+	"golang.org/x/crypto/bcrypt"
+)
+
+func DeleteAccount(w http.ResponseWriter, r *http.Request) {
+	log.Println("* /auth/deleteaccount")
+	// get session key from request
+	session := r.Header.Get("x-session-key")
+	// prepare DB
+	err := db.Client.Ping(context.Background(), readpref.Primary())
+	if err != nil {
+		db.Connect()
+	}
+	var userCollection = db.Client.Database("budgetbuddy").Collection("users")
+
+	// var v contains POST credentials
+	var v db.UserSchema
+	r.ParseForm()
+	v.Password = r.FormValue("password")
+	if v.Password == "" {
+		w.WriteHeader(http.StatusBadRequest)
+		fmt.Fprintf(w, "{\"error\":\"password must be provided\"}")
+		return
+	}
+
+	// cmp struct will be compared with v to verify credentials
+	var cmp db.UserSchema
+	found := userCollection.FindOne(r.Context(), bson.D{primitive.E{Key: "session", Value: session}})
+	if found.Err() != nil {
+		w.WriteHeader(http.StatusUnauthorized)
+		fmt.Fprintf(w, "{\"error\":\"session key invalid\"}")
+		return
+	}
+	err = found.Decode(&cmp)
+	if err != nil {
+		w.WriteHeader(http.StatusInternalServerError)
+		return
+	}
+
+	err = bcrypt.CompareHashAndPassword([]byte(cmp.Password), []byte(v.Password))
+	if err != nil {
+		w.WriteHeader(http.StatusUnauthorized)
+		fmt.Fprintf(w, "{\"error\":\"invalid password\"}")
+		return
+	}
+
+	_, err = userCollection.DeleteOne(context.TODO(), bson.D{primitive.E{Key: "session", Value: session}})
+
+	if err != nil {
+		w.WriteHeader(http.StatusInternalServerError)
+		fmt.Fprintf(w, "{\"error\":\"unable to delete account\"}")
+		return
+	}
+	w.Write([]byte("{\"status\": 200}"))
+}
--- a/routes/editAccount.go
+++ b/routes/editAccount.go
@ -0,0 +1,120 @@
+package routes
+
+import (
+	"context"
+	"fmt"
+	"log"
+	"net/http"
+
+	"github.com/jacobmveber-01839764/BudgetBuddy/db"
+	"go.mongodb.org/mongo-driver/bson"
+	"go.mongodb.org/mongo-driver/bson/primitive"
+	"go.mongodb.org/mongo-driver/mongo/options"
+	"go.mongodb.org/mongo-driver/mongo/readpref"
+	"golang.org/x/crypto/bcrypt"
+)
+
+func ChangePassword(w http.ResponseWriter, r *http.Request) {
+	log.Println("* /auth/changepassword")
+	// get session key from request
+	session := r.Header.Get("x-session-key")
+	// prepare DB
+	err := db.Client.Ping(context.Background(), readpref.Primary())
+	if err != nil {
+		db.Connect()
+	}
+	var userCollection = db.Client.Database("budgetbuddy").Collection("users")
+
+	// var v contains POST credentials
+	r.ParseForm()
+	newpass := r.FormValue("new")
+	oldpass := r.FormValue("old")
+	if newpass == "" {
+		w.WriteHeader(http.StatusBadRequest)
+		fmt.Fprintf(w, "{\"error\":\"password must be provided\"}")
+		return
+	}
+
+	// cmp struct will be compared with v to verify credentials
+	var cmp db.UserSchema
+	found := userCollection.FindOne(r.Context(), bson.D{primitive.E{Key: "session", Value: session}})
+	if found.Err() != nil {
+		w.WriteHeader(http.StatusUnauthorized)
+		fmt.Fprintf(w, "{\"error\":\"invalid session key\"}")
+		return
+	}
+	err = found.Decode(&cmp)
+	if err != nil {
+		w.WriteHeader(http.StatusInternalServerError)
+		return
+	}
+
+	err = bcrypt.CompareHashAndPassword([]byte(cmp.Password), []byte(oldpass))
+	if err != nil {
+		w.WriteHeader(http.StatusUnauthorized)
+		fmt.Fprintf(w, "{\"error\":\"invalid password\"}")
+		return
+	}
+
+	if len(newpass) < 8 || len(newpass) > 255 {
+		w.WriteHeader(http.StatusBadRequest)
+		fmt.Fprint(w, "{\"error\":\"password must be 8 characters or greater\"}")
+		return
+	}
+
+	// hash and store the user's hashed password
+	hashedPass, err := bcrypt.GenerateFromPassword([]byte(newpass), 8)
+	if err != nil {
+		w.WriteHeader(http.StatusInternalServerError)
+		fmt.Fprintf(w, "{\"error\":\"internal server error, please try again later\"}")
+	}
+
+	filter := bson.D{primitive.E{Key: "session", Value: session}}
+	opts := options.Update().SetUpsert(true)
+	update := bson.D{primitive.E{Key: "$set", Value: bson.D{primitive.E{Key: "password", Value: string(hashedPass)}}}}
+	_, err = userCollection.UpdateOne(context.TODO(), filter, update, opts)
+	if err != nil {
+		w.WriteHeader(http.StatusUnauthorized)
+		fmt.Fprintf(w, "{\"error\":\"invalid session key\"}")
+		return
+	}
+
+	w.Write([]byte("{\"status\": 200}"))
+
+}
+
+func ChangeName(w http.ResponseWriter, r *http.Request) {
+	log.Println("* /auth/changename")
+	// get session key from request
+	session := r.Header.Get("x-session-key")
+
+	// get collection handle from db
+	var userCollection = db.Client.Database("budgetbuddy").Collection("users")
+
+	r.ParseForm()
+
+	if r.FormValue("name") == "" {
+		w.WriteHeader(http.StatusBadRequest)
+		fmt.Fprintf(w, "{\"error\":\"name cannot be blank\"}")
+		return
+	}
+
+	found := userCollection.FindOne(r.Context(), bson.D{primitive.E{Key: "session", Value: session}})
+	if found.Err() != nil {
+		w.WriteHeader(http.StatusUnauthorized)
+		fmt.Fprintf(w, "{\"error\":\"invalid session key\"}")
+		return
+	}
+
+	filter := bson.D{primitive.E{Key: "session", Value: session}}
+	opts := options.Update().SetUpsert(true)
+	update := bson.D{primitive.E{Key: "$set", Value: bson.D{primitive.E{Key: "name", Value: r.FormValue("name")}}}}
+	_, err := userCollection.UpdateOne(context.TODO(), filter, update, opts)
+	if err != nil {
+		w.WriteHeader(http.StatusUnauthorized)
+		fmt.Fprintf(w, "{\"error\":\"invalid session key\"}")
+		return
+	}
+
+	w.Write([]byte("{\"status\": 200}"))
+}
--- a/routes/login.go
+++ b/routes/login.go
@ -40,6 +40,7 @@ func Login(w http.ResponseWriter, r *http.Request) {
 	v.Password = r.FormValue("password")
 	if v.Email == "" || v.Password == "" {
 		w.WriteHeader(http.StatusBadRequest)
+		fmt.Fprintf(w, "{\"error\":\"both email and password must be provided\"}")
 		return
 	}

@ -75,15 +76,15 @@ func Login(w http.ResponseWriter, r *http.Request) {

 	// set new session cookie for user, either persistent (remember me) or temporary
 	sessionID := uuid.NewString()
-	var session = &http.Cookie{
-		Name:     "session",
-		Value:    sessionID,
-		Path:     "/",
-		Secure:   true,
-		SameSite: http.SameSiteLaxMode,
-		MaxAge:   0,
-	}
-	http.SetCookie(w, session)
+	// var session = &http.Cookie{
+	// 	Name:     "session",
+	// 	Value:    sessionID,
+	// 	Path:     "/",
+	// 	Secure:   true,
+	// 	SameSite: http.SameSiteLaxMode,
+	// 	MaxAge:   0,
+	// }
+	// http.SetCookie(w, session)

 	// update the new user session in the DB
 	filter := bson.D{primitive.E{Key: "email", Value: strings.ToLower(account.Email)}}
@ -92,6 +93,7 @@ func Login(w http.ResponseWriter, r *http.Request) {
 	userCollection.UpdateOne(context.TODO(), filter, update, opts)

 	account.Status = 200
+	account.Session = sessionID
 	acc, err := json.Marshal(account)
 	if err != nil {
 		fmt.Println("Error marshalling bson.D response")