minor changes
Jes Olson j3s@c3f.net
Thu, 16 Mar 2023 00:39:10 -0700
5 files changed,
53 insertions(+),
23 deletions(-)
M
auth/auth.go
→
auth/auth.go
@@ -1,12 +1,19 @@
package auth import ( - "fmt" - "time" + "crypto/rand" + "encoding/hex" ) func GenerateSessionToken() string { - // TODO: don't use the time ffs - token := fmt.Sprintf("%x", time.Now().UnixNano()) - return token + // 32 bytes == 256 bits (AES security margin is 128 bits) + return generateSecureToken(32) +} + +func generateSecureToken(length int) string { + b := make([]byte, length) + if _, err := rand.Read(b); err != nil { + return "" + } + return hex.EncodeToString(b) }
M
main.go
→
main.go
@@ -7,11 +7,13 @@ )
func main() { s := New() - log.Println("listening on http://localhost:5544") mux := http.NewServeMux() + mux.HandleFunc("/", s.indexHandler) mux.HandleFunc("/login", s.loginHandler) mux.HandleFunc("/logout", s.logoutHandler) mux.HandleFunc("/register", s.registerHandler) - s.Start(":5544", mux) + + log.Println("listening on http://localhost:5544") + log.Fatal(http.ListenAndServe(":5544", mux)) }
M
readme
→
readme
@@ -6,7 +6,7 @@ describe what feeds.gay is & why it's cool, tell ppl to sign up
discover (list of top20 most popular feeds on feeds.gay) logged in: discover (list of top20 most popular feeds on feeds.gay) - [ ] GET /login + [x] GET /login form (existing account): username & password form (new account): username & password built & maintained by jes@@ -55,7 +55,7 @@ unauth'd: login
auth'd: my feeds | login sql - user (id, username, password, created_at) + user (id, username, password, session_token, created_at) feed (id, url, fetch_error, created_at, created_by) subscribe (id, user, feed, created_at, created_by)
M
site.go
→
site.go
@@ -2,7 +2,6 @@ package main
import ( "fmt" - "log" "net/http" "git.j3s.sh/feeds.gay/auth"@@ -26,10 +25,6 @@ title: "feeds.gay",
db: sqlite.New(title + ".db"), } return &s -} - -func (s *Site) Start(addr string, mux *http.ServeMux) { - log.Fatal(http.ListenAndServe(addr, mux)) } func (s *Site) indexHandler(w http.ResponseWriter, r *http.Request) {@@ -69,8 +64,8 @@ <label for="password">password:</label>
<input type="password" name="password" required><br> <input type="submit" value="login"> </form> - <p>if you want to create an account, click - <a href="/register">here</a>`) + <p>if you want to register a new account, click the tree: + <a href="/register">🌳</a>`) } } if r.Method == "POST" {@@ -79,7 +74,9 @@ password := r.FormValue("password")
err := s.login(w, username, password) if err != nil { - fmt.Fprintf(w, "<h1>incorrect username/password</h1>") + fmt.Fprintf(w, `<h1>incorrect username/password</h1> + <p>if you want to register a new account, click the tree: + <a href="/register">🌳</a>`) return } http.Redirect(w, r, "/", http.StatusSeeOther)
M
sqlite/sql.go
→
sqlite/sql.go
@@ -19,11 +19,35 @@ db, err := sql.Open("sqlite", path)
if err != nil { log.Fatal(err) } - _, err = db.Exec(`CREATE TABLE IF NOT EXISTS users ( + // user + _, err = db.Exec(`CREATE TABLE IF NOT EXISTS user ( id INTEGER PRIMARY KEY AUTOINCREMENT, username TEXT UNIQUE NOT NULL, password TEXT NOT NULL, - session_token TEXT UNIQUE + session_token TEXT UNIQUE, + created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP + )`) + if err != nil { + panic(err) + } + // feed + _, err = db.Exec(`CREATE TABLE IF NOT EXISTS feed ( + id INTEGER PRIMARY KEY AUTOINCREMENT, + url TEXT NOT NULL, + fetch_error TEXT, + created_by TEXT NOT NULL, + created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP + )`) + if err != nil { + panic(err) + } + // subscribe + _, err = db.Exec(`CREATE TABLE IF NOT EXISTS subscribe ( + id INTEGER PRIMARY KEY AUTOINCREMENT, + user_id TEXT NOT NULL, + feed_id TEXT NOT NULL, + created_by TEXT NOT NULL, + created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP )`) if err != nil { panic(err)@@ -40,7 +64,7 @@ // TODO: evaluate error cases
func (s *DB) GetUsernameBySessionToken(token string) string { var username string - err := s.sql.QueryRow("SELECT username FROM users WHERE session_token=?", token).Scan(&username) + err := s.sql.QueryRow("SELECT username FROM user WHERE session_token=?", token).Scan(&username) if err == sql.ErrNoRows { return "" }@@ -52,7 +76,7 @@ }
func (s *DB) GetPassword(username string) string { var password string - err := s.sql.QueryRow("SELECT password FROM users WHERE username=?", username).Scan(&password) + err := s.sql.QueryRow("SELECT password FROM user WHERE username=?", username).Scan(&password) if err == sql.ErrNoRows { return "" }@@ -62,14 +86,14 @@ }
return password } func (s *DB) SetSessionToken(username string, token string) { - _, err := s.sql.Exec("UPDATE users SET session_token=? WHERE username=?", token, username) + _, err := s.sql.Exec("UPDATE user SET session_token=? WHERE username=?", token, username) if err != nil { panic(err) } } func (s *DB) AddUser(username string, passwordHash string) { - _, err := s.sql.Exec("INSERT INTO users (username, password) VALUES (?, ?)", username, passwordHash) + _, err := s.sql.Exec("INSERT INTO user (username, password) VALUES (?, ?)", username, passwordHash) if err != nil { panic(err) }