From 11eed92c15c62265ec7bb1e6199d2a83ce2d984b Mon Sep 17 00:00:00 2001 From: Lukas Bachschwell Date: Thu, 8 Nov 2018 08:36:08 +0100 Subject: [PATCH] Moving Services to seperate namespaces again, auth endpoint working --- Readme.md | 4 + controllers/auth.go | 76 ++++++++- controllers/baseAPI.go | 2 +- controllers/companyData.go | 10 +- controllers/companyUser.go | 10 +- controllers/contact.go | 9 +- controllers/post.go | 10 +- lastupdate.tmp | 2 +- main.go | 9 +- models/userCompanyMap.go | 159 +++++++++++++++++++ services/{ => companydbservice}/companydb.go | 55 +++++-- services/{ => jwtservice}/jwt.go | 2 +- 12 files changed, 300 insertions(+), 48 deletions(-) create mode 100644 models/userCompanyMap.go rename services/{ => companydbservice}/companydb.go (58%) rename services/{ => jwtservice}/jwt.go (98%) diff --git a/Readme.md b/Readme.md index b837502..2347e86 100644 --- a/Readme.md +++ b/Readme.md @@ -15,3 +15,7 @@ To regenerate docs simply run `bee generate docs` - company controller, create databases and so on - Update not found to json - load db connections from config + +## Notes: + +- Fixes have been placed into the beego orm for setting the timezone when using NewOrmWithDB() diff --git a/controllers/auth.go b/controllers/auth.go index 11c68d8..5c49848 100644 --- a/controllers/auth.go +++ b/controllers/auth.go @@ -1,9 +1,13 @@ package controllers import ( - auth "multitenantStack/services" + "multitenantStack/models" + companydb "multitenantStack/services/companydbservice" + + jwtservice "multitenantStack/services/jwtservice" "time" + "github.com/astaxie/beego/orm" jwt "github.com/dgrijalva/jwt-go" ) @@ -41,23 +45,79 @@ func (c *AuthController) Login() { return } - //TODO: did the user send us a token? then just validate and tell him he is logged in + tokenHeader := c.Ctx.Request.Header.Get("X-JWTtoken") + if tokenHeader != "" { + valid, _ := jwtservice.Validate(tokenHeader) + if valid { + c.ServeJSONError("You are already logged in") + return + } + } email := c.GetString("email") password := c.GetString("password") - //TODO: check against main database, get company id and verify password - companyName := "company_1" - companyUserID := 5 + if email == "" || password == "" { + c.ServeJSONError("Email/Password missing") + return + } + /* + systemdb := companydb.GetSystemDatabase() + + if systemdb == nil { + c.ServeJSONError("Error retrieving User") + return + } + o, err := orm.NewOrmWithDB("postgres", "default", systemdb) + if err != nil { + c.ServeJSONError("Error retrieving User") + return + } + */ + o := orm.NewOrm() + o.Using("system") //TODO: Replace this with something cleverer (manager) once implemented + + userCompanyMapping, err := models.GetUserCompanyMapByEmail(o, email) + if err != nil { + c.ServeJSONError("Error retrieving User") + return + } + + if password != userCompanyMapping.PasswordHash { // TODO: Hash me + c.ServeJSONError("Email/Password incorrect") + return + } + + companyName := userCompanyMapping.Company + companyUserID := userCompanyMapping.CompanyUserID + + db, err := companydb.GetDatabaseWithName(companyName) + if err != nil { + c.ServeJSONError("Error retrieving Company") + return + } + + o, err = orm.NewOrmWithDB("postgres", "default", db) + if err != nil { + c.ServeJSONError("Error retrieving CompanyData") + return + } + + companyUser, err := models.GetCompanyUserById(o, int(companyUserID)) + if err != nil { + c.ServeJSONError("Error retrieving Company User") + return + } + //TODO: if found query the company database to get roleID, and name - name := "Lukas" - roleID := 5 + name := companyUser.Name + roleID := companyUser.Role tokenString := "" if email == "admin@admin.at" && password == "my password" { // The jwtClaims are our trusted clientside session - tokenString = auth.CreateToken(jwt.MapClaims{ + tokenString = jwtservice.CreateToken(jwt.MapClaims{ "email": email, "companyName": companyName, "companyUserID": companyUserID, diff --git a/controllers/baseAPI.go b/controllers/baseAPI.go index 6b5727d..308ae89 100644 --- a/controllers/baseAPI.go +++ b/controllers/baseAPI.go @@ -3,7 +3,7 @@ package controllers import ( "database/sql" "fmt" - companydb "multitenantStack/services" + companydb "multitenantStack/services/companydbservice" "github.com/astaxie/beego/orm" jwt "github.com/dgrijalva/jwt-go" diff --git a/controllers/companyData.go b/controllers/companyData.go index db0435c..26ae98a 100644 --- a/controllers/companyData.go +++ b/controllers/companyData.go @@ -34,7 +34,7 @@ func (c *CompanyDataController) URLMapping() { func (c *CompanyDataController) Post() { var v models.CompanyData if err := json.Unmarshal(c.Ctx.Input.RequestBody, &v); err == nil { - if _, err := models.AddCompanyData(&v); err == nil { + if _, err := models.AddCompanyData(o, &v); err == nil { c.Ctx.Output.SetStatus(201) c.Data["json"] = v } else { @@ -56,7 +56,7 @@ func (c *CompanyDataController) Post() { func (c *CompanyDataController) GetOne() { idStr := c.Ctx.Input.Param(":id") id, _ := strconv.Atoi(idStr) - v, err := models.GetCompanyDataById(id) + v, err := models.GetCompanyDataById(o, id) if err != nil { c.Data["json"] = err.Error() } else { @@ -119,7 +119,7 @@ func (c *CompanyDataController) GetAll() { } } - l, err := models.GetAllCompanyData(query, fields, sortby, order, offset, limit) + l, err := models.GetAllCompanyData(o, query, fields, sortby, order, offset, limit) if err != nil { c.Data["json"] = err.Error() } else { @@ -141,7 +141,7 @@ func (c *CompanyDataController) Put() { id, _ := strconv.Atoi(idStr) v := models.CompanyData{Id: id} if err := json.Unmarshal(c.Ctx.Input.RequestBody, &v); err == nil { - if err := models.UpdateCompanyDataById(&v); err == nil { + if err := models.UpdateCompanyDataById(o, &v); err == nil { c.Data["json"] = "OK" } else { c.Data["json"] = err.Error() @@ -162,7 +162,7 @@ func (c *CompanyDataController) Put() { func (c *CompanyDataController) Delete() { idStr := c.Ctx.Input.Param(":id") id, _ := strconv.Atoi(idStr) - if err := models.DeleteCompanyData(id); err == nil { + if err := models.DeleteCompanyData(o, id); err == nil { c.Data["json"] = "OK" } else { c.Data["json"] = err.Error() diff --git a/controllers/companyUser.go b/controllers/companyUser.go index 89d54df..3c3856c 100644 --- a/controllers/companyUser.go +++ b/controllers/companyUser.go @@ -34,7 +34,7 @@ func (c *CompanyUserController) URLMapping() { func (c *CompanyUserController) Post() { var v models.CompanyUser if err := json.Unmarshal(c.Ctx.Input.RequestBody, &v); err == nil { - if _, err := models.AddCompanyUser(&v); err == nil { + if _, err := models.AddCompanyUser(o, &v); err == nil { c.Ctx.Output.SetStatus(201) c.Data["json"] = v } else { @@ -56,7 +56,7 @@ func (c *CompanyUserController) Post() { func (c *CompanyUserController) GetOne() { idStr := c.Ctx.Input.Param(":id") id, _ := strconv.Atoi(idStr) - v, err := models.GetCompanyUserById(id) + v, err := models.GetCompanyUserById(o, id) if err != nil { c.Data["json"] = err.Error() } else { @@ -119,7 +119,7 @@ func (c *CompanyUserController) GetAll() { } } - l, err := models.GetAllCompanyUser(query, fields, sortby, order, offset, limit) + l, err := models.GetAllCompanyUser(o, query, fields, sortby, order, offset, limit) if err != nil { c.Data["json"] = err.Error() } else { @@ -141,7 +141,7 @@ func (c *CompanyUserController) Put() { id, _ := strconv.Atoi(idStr) v := models.CompanyUser{Id: id} if err := json.Unmarshal(c.Ctx.Input.RequestBody, &v); err == nil { - if err := models.UpdateCompanyUserById(&v); err == nil { + if err := models.UpdateCompanyUserById(o, &v); err == nil { c.Data["json"] = "OK" } else { c.Data["json"] = err.Error() @@ -162,7 +162,7 @@ func (c *CompanyUserController) Put() { func (c *CompanyUserController) Delete() { idStr := c.Ctx.Input.Param(":id") id, _ := strconv.Atoi(idStr) - if err := models.DeleteCompanyUser(id); err == nil { + if err := models.DeleteCompanyUser(o, id); err == nil { c.Data["json"] = "OK" } else { c.Data["json"] = err.Error() diff --git a/controllers/contact.go b/controllers/contact.go index eec9533..c626c00 100644 --- a/controllers/contact.go +++ b/controllers/contact.go @@ -34,7 +34,7 @@ func (c *ContactController) URLMapping() { func (c *ContactController) Post() { var v models.Contact if err := json.Unmarshal(c.Ctx.Input.RequestBody, &v); err == nil { - if _, err := models.AddContact(&v); err == nil { + if _, err := models.AddContact(o, &v); err == nil { c.Ctx.Output.SetStatus(201) c.Data["json"] = v } else { @@ -119,8 +119,7 @@ func (c *ContactController) GetAll() { } } - ob, _ := orm.NewOrmWithDB("postgres", "default", companyDB) - l, err := models.GetAllContact(ob, query, fields, sortby, order, offset, limit) + l, err := models.GetAllContact(o, query, fields, sortby, order, offset, limit) if err != nil { c.Data["json"] = err.Error() } else { @@ -143,7 +142,7 @@ func (c *ContactController) Put() { id, _ := strconv.Atoi(idStr) v := models.Contact{Id: id} if err := json.Unmarshal(c.Ctx.Input.RequestBody, &v); err == nil { - if err := models.UpdateContactById(&v); err == nil { + if err := models.UpdateContactById(o, &v); err == nil { c.Data["json"] = "OK" } else { c.Data["json"] = err.Error() @@ -164,7 +163,7 @@ func (c *ContactController) Put() { func (c *ContactController) Delete() { idStr := c.Ctx.Input.Param(":id") id, _ := strconv.Atoi(idStr) - if err := models.DeleteContact(id); err == nil { + if err := models.DeleteContact(o, id); err == nil { c.Data["json"] = "OK" } else { c.Data["json"] = err.Error() diff --git a/controllers/post.go b/controllers/post.go index 67733b5..da1e4a6 100644 --- a/controllers/post.go +++ b/controllers/post.go @@ -34,7 +34,7 @@ func (c *PostController) URLMapping() { func (c *PostController) Post() { var v models.Post if err := json.Unmarshal(c.Ctx.Input.RequestBody, &v); err == nil { - if _, err := models.AddPost(&v); err == nil { + if _, err := models.AddPost(o, &v); err == nil { c.Ctx.Output.SetStatus(201) c.Data["json"] = v } else { @@ -56,7 +56,7 @@ func (c *PostController) Post() { func (c *PostController) GetOne() { idStr := c.Ctx.Input.Param(":id") id, _ := strconv.Atoi(idStr) - v, err := models.GetPostById(id) + v, err := models.GetPostById(o, id) if err != nil { c.Data["json"] = err.Error() } else { @@ -119,7 +119,7 @@ func (c *PostController) GetAll() { } } - l, err := models.GetAllPost(query, fields, sortby, order, offset, limit) + l, err := models.GetAllPost(o, query, fields, sortby, order, offset, limit) if err != nil { c.Data["json"] = err.Error() } else { @@ -141,7 +141,7 @@ func (c *PostController) Put() { id, _ := strconv.Atoi(idStr) v := models.Post{Id: id} if err := json.Unmarshal(c.Ctx.Input.RequestBody, &v); err == nil { - if err := models.UpdatePostById(&v); err == nil { + if err := models.UpdatePostById(o, &v); err == nil { c.Data["json"] = "OK" } else { c.Data["json"] = err.Error() @@ -162,7 +162,7 @@ func (c *PostController) Put() { func (c *PostController) Delete() { idStr := c.Ctx.Input.Param(":id") id, _ := strconv.Atoi(idStr) - if err := models.DeletePost(id); err == nil { + if err := models.DeletePost(o, id); err == nil { c.Data["json"] = "OK" } else { c.Data["json"] = err.Error() diff --git a/lastupdate.tmp b/lastupdate.tmp index fef0110..f9f866d 100755 --- a/lastupdate.tmp +++ b/lastupdate.tmp @@ -1 +1 @@ -{"/Users/LB/go/src/multitenantStack/controllers":1541617005449208486} \ No newline at end of file +{"/Users/LB/go/src/multitenantStack/controllers":1541629384273036460} \ No newline at end of file diff --git a/main.go b/main.go index 852b79b..cf29d39 100644 --- a/main.go +++ b/main.go @@ -2,7 +2,8 @@ package main import ( _ "multitenantStack/routers" - auth "multitenantStack/services" + companydb "multitenantStack/services/companydbservice" + jwt "multitenantStack/services/jwtservice" "time" "github.com/astaxie/beego" @@ -12,11 +13,15 @@ import ( func init() { orm.RegisterDataBase("default", "postgres", "host=127.0.0.1 port=5435 user=postgres password=postgre sslmode=disable") - auth.InitJWTService() + orm.RegisterDataBase("system", "postgres", "host=127.0.0.1 port=5435 user=postgres password=postgre dbname=system sslmode=disable") + + jwt.InitJWTService() + companydb.InitCompanyService() orm.DefaultTimeLoc = time.UTC if beego.BConfig.RunMode == "dev" { beego.BConfig.WebConfig.DirectoryIndex = true beego.BConfig.WebConfig.StaticDir["/swagger"] = "swagger" + orm.Debug = true } } diff --git a/models/userCompanyMap.go b/models/userCompanyMap.go new file mode 100644 index 0000000..f891643 --- /dev/null +++ b/models/userCompanyMap.go @@ -0,0 +1,159 @@ +package models + +import ( + "errors" + "fmt" + "reflect" + "strings" + "time" + + "github.com/astaxie/beego/orm" +) + +type UserCompanyMap struct { + ID int `orm:"column(id);pk"` + Email string `orm:"column(email)"` + PasswordHash string `orm:"column(password_hash)"` + Company string `orm:"column(company)"` + CompanyUserID int16 `orm:"column(company_user_id)"` + Created time.Time `orm:"column(created);type(timestamp with time zone);auto_now_add"` + Modified time.Time `orm:"column(modified);type(timestamp with time zone);auto_now_add"` +} + +// TableName returns tablename +func (t *UserCompanyMap) TableName() string { + return "user_company_map" +} + +func init() { + orm.RegisterModel(new(UserCompanyMap)) +} + +// AddUserCompanyMap insert a new UserCompanyMap into database and returns +// last inserted Id on success. +func AddUserCompanyMap(o orm.Ormer, m *UserCompanyMap) (id int64, err error) { + id, err = o.Insert(m) + return +} + +// GetUserCompanyMapByID retrieves UserCompanyMap by Id. Returns error if Id doesn't exist +func GetUserCompanyMapByID(o orm.Ormer, id int) (v *UserCompanyMap, err error) { + v = &UserCompanyMap{ID: id} + if err = o.Read(v); err == nil { + return v, nil + } + return nil, err +} + +// GetUserCompanyMapByEmail retrieves UserCompanyMap by email. Returns error if email doesn't exist +func GetUserCompanyMapByEmail(o orm.Ormer, email string) (v *UserCompanyMap, err error) { + v = &UserCompanyMap{Email: email} + if err = o.Read(v, "email"); err == nil { + return v, nil + } + return nil, err +} + +// GetAllUserCompanyMap retrieves all UserCompanyMap matches certain condition. Returns empty list if +// no records exist +func GetAllUserCompanyMap(o orm.Ormer, query map[string]string, fields []string, sortby []string, order []string, + offset int64, limit int64) (ml []interface{}, err error) { + qs := o.QueryTable(new(UserCompanyMap)) + // query k=v + for k, v := range query { + // rewrite dot-notation to Object__Attribute + k = strings.Replace(k, ".", "__", -1) + if strings.Contains(k, "isnull") { + qs = qs.Filter(k, (v == "true" || v == "1")) + } else { + qs = qs.Filter(k, v) + } + } + // order by: + var sortFields []string + if len(sortby) != 0 { + if len(sortby) == len(order) { + // 1) for each sort field, there is an associated order + for i, v := range sortby { + orderby := "" + if order[i] == "desc" { + orderby = "-" + v + } else if order[i] == "asc" { + orderby = v + } else { + return nil, errors.New("Error: Invalid order. Must be either [asc|desc]") + } + sortFields = append(sortFields, orderby) + } + qs = qs.OrderBy(sortFields...) + } else if len(sortby) != len(order) && len(order) == 1 { + // 2) there is exactly one order, all the sorted fields will be sorted by this order + for _, v := range sortby { + orderby := "" + if order[0] == "desc" { + orderby = "-" + v + } else if order[0] == "asc" { + orderby = v + } else { + return nil, errors.New("Error: Invalid order. Must be either [asc|desc]") + } + sortFields = append(sortFields, orderby) + } + } else if len(sortby) != len(order) && len(order) != 1 { + return nil, errors.New("Error: 'sortby', 'order' sizes mismatch or 'order' size is not 1") + } + } else { + if len(order) != 0 { + return nil, errors.New("Error: unused 'order' fields") + } + } + + var l []UserCompanyMap + qs = qs.OrderBy(sortFields...) + if _, err = qs.Limit(limit, offset).All(&l, fields...); err == nil { + if len(fields) == 0 { + for _, v := range l { + ml = append(ml, v) + } + } else { + // trim unused fields + for _, v := range l { + m := make(map[string]interface{}) + val := reflect.ValueOf(v) + for _, fname := range fields { + m[fname] = val.FieldByName(fname).Interface() + } + ml = append(ml, m) + } + } + return ml, nil + } + return nil, err +} + +// UpdateUserCompanyMapById updates UserCompanyMap by Id and returns error if the record to be updated doesn't exist +func UpdateUserCompanyMapById(o orm.Ormer, m *UserCompanyMap) (err error) { + v := UserCompanyMap{ID: m.ID} + // ascertain id exists in the database + if err = o.Read(&v); err == nil { + var num int64 + if num, err = o.Update(m); err == nil { + fmt.Println("Number of records updated in database:", num) + } + } + return +} + +// DeleteUserCompanyMap deletes UserCompanyMap by Id and returns error if +// the record to be deleted doesn't exist +func DeleteUserCompanyMap(o orm.Ormer, id int) (err error) { + v := UserCompanyMap{ID: id} + // ascertain id exists in the database + if err = o.Read(&v); err == nil { + var num int64 + if num, err = o.Delete(&UserCompanyMap{ID: id}); err == nil { + fmt.Println("Number of records deleted in database:", num) + } + } + return +} diff --git a/services/companydb.go b/services/companydbservice/companydb.go similarity index 58% rename from services/companydb.go rename to services/companydbservice/companydb.go index 3f3a4f3..57a411f 100644 --- a/services/companydb.go +++ b/services/companydbservice/companydb.go @@ -1,12 +1,12 @@ -package services +package companydbservice import ( "database/sql" "errors" "fmt" + "multitenantStack/services/jwtservice" "os" - "github.com/astaxie/beego/orm" jwt "github.com/dgrijalva/jwt-go" ) @@ -17,9 +17,7 @@ func InitCompanyService() { fmt.Println("Hello from init") // test if init gets called from each orm dbs := make(map[string]*sql.DB) - orm.RegisterDataBase("default", "postgres", "host=127.0.0.1 port=5435 user=postgres password=postgre sslmode=disable") - - systemDB, err := sql.Open("postgres", "host=127.0.0.1 port=5435 user=postgres password=postgre dbname=company5 sslmode=disable") + systemDB, err := sql.Open("postgres", "host=127.0.0.1 port=5435 user=postgres password=postgre dbname=system sslmode=disable") if err != nil { fmt.Println("Fatal: could not connect to db, exiting... Error:", err) os.Exit(1) @@ -28,10 +26,35 @@ func InitCompanyService() { } +// GetSystemDatabase returns system db +func GetSystemDatabase() *sql.DB { + return dbs["system"] +} + +// GetDatabase Get orm and user information +func GetDatabaseWithName(companyName string) (*sql.DB, error) { + + if dbs[companyName] != nil { + fmt.Println("DB Already open") + return dbs[companyName], nil + } + + conStr := fmt.Sprintf("host=127.0.0.1 port=5435 user=postgres password=postgre dbname=%s sslmode=disable", companyName) + fmt.Println(conStr) + db, err := sql.Open("postgres", conStr) + if err != nil { + return nil, err + } + + // return db with orm or error + return db, nil +} + +// TODO: call upper function in this one to reduce code // GetDatabase Get orm and user information func GetDatabase(tokenString string) (jwt.MapClaims, *sql.DB, error) { // validate token - valid, token := Validate(tokenString) + valid, token := jwtservice.Validate(tokenString) if !valid { return nil, nil, errors.New("Token is invalid") } @@ -44,7 +67,7 @@ func GetDatabase(tokenString string) (jwt.MapClaims, *sql.DB, error) { return tokenMap, dbs[companyName], nil } - conStr := fmt.Sprintf("host=127.0.0.1 port=5435 user=postgres password=postgre dbname=%s sslmode=disable", tokenMap["companyName"]) + conStr := fmt.Sprintf("host=127.0.0.1 port=5435 user=postgres password=postgre dbname=%s sslmode=disable", companyName) fmt.Println(conStr) db, err := sql.Open("postgres", conStr) if err != nil { @@ -69,15 +92,17 @@ func CreateDatabase(token string) { // DeleteDatabase Delete an entire database, this is very very dangerous :-) func DeleteDatabase(token string) { + //_, db, err := GetDatabase(token) /* - db.Close() - fmt.Println("Closed company5") - //} + remove from map! + db.Close() + fmt.Println("Closed company5") + //} - res, err := o.Raw("DROP DATABASE company5;").Exec() - if err == nil { - num, _ := res.RowsAffected() - fmt.Println("mysql row affected number: ", num) - } + res, err := o.Raw("DROP DATABASE company5;").Exec() + if err == nil { + num, _ := res.RowsAffected() + fmt.Println("mysql row affected number: ", num) + } */ } diff --git a/services/jwt.go b/services/jwtservice/jwt.go similarity index 98% rename from services/jwt.go rename to services/jwtservice/jwt.go index e698a69..e354ccc 100644 --- a/services/jwt.go +++ b/services/jwtservice/jwt.go @@ -1,4 +1,4 @@ -package services +package jwtservice import ( "crypto/rand"