[rejestracja] [logowanie] szyfrowanie hasel jak w django

2019-01-09 06:33:30 +01:00 · 2019-01-09 06:33:30 +01:00 · 2f58eb4542
commit 2f58eb4542
parent 196dfca658
4 changed files with 45 additions and 14 deletions
--- a/backend/backend_tests/test_views.txt
+++ b/backend/backend_tests/test_views.txt
@ -31,7 +31,7 @@
 	"login": "A"
 }
 #"[addNewUserView][Error] Nie podano hasła"
-
+################################################################

 127.0.0.1:3000/api/updateUserPointsView
 {
@ -53,5 +53,20 @@
 #"[updateUserPointsView][Error] Brak uzytkownika w bazie"


+################################################################
+127.0.0.1:3000/api/loginUserView
+
+{
+	"login": "B2",
+	"password": "B",
+	"test": "test"
+}
+#true


+{
+	"login": "B2",
+	"password": "B2",
+	"test": "test"
+}
+#false
--- a/backend/connector_mysql.go
+++ b/backend/connector_mysql.go
@ -5,6 +5,7 @@ import (
 	"fmt"

 	_ "github.com/go-sql-driver/mysql"
+	"golang.org/x/crypto/bcrypt"
 )

 func connectMysql() (*sql.DB, error) {
@ -20,13 +21,18 @@ func addUser(_login string, _password string, _userDescription string) error {
 	//do rejestracji uzytkownika
 	// Insert do bazy Mysql Nowego użytkownika

-	db, err := connectMysql()
+	password := []byte(_password) //zamiana stringa na bajty dla funckji hashujacej

+	db, err := connectMysql()
 	if err != nil {
 		panic(err.Error())
 		return err
 	}

+	// Hashing the password with the default cost of 10
+	hashedPassword, err := bcrypt.GenerateFromPassword(password, bcrypt.DefaultCost)
+	encryptedPassword := string(hashedPassword)
+
 	queryInsert := fmt.Sprintf(`INSERT INTO users (
 			login,
 			password,
@ -37,7 +43,7 @@ func addUser(_login string, _password string, _userDescription string) error {
 			"%s",
 			"%s",
 			"%d"
-		)`, _login, _password, _userDescription, 0) //przy rejestracji kzdy ma 0 punktow
+		)`, _login, encryptedPassword, _userDescription, 0) //przy rejestracji kzdy ma 0 punktow

 	fmt.Printf(queryInsert)
 	insert, err := db.Query(queryInsert)
@ -118,7 +124,8 @@ func checkLoginExists(_login string) (bool, error) {
 func loginUser(_login string, _password string) (bool, error) {
 	//do logowanie w bazie
 	db, err := connectMysql()
-	querySelect := fmt.Sprintf(`SELECT login FROM users WHERE login='%s' AND password='%s' ;`, _login, _password)
+
+	querySelect := fmt.Sprintf(`SELECT password FROM users WHERE login='%s' ;`, _login)

 	result, err := db.Query(querySelect)
 	if err != nil {
@ -127,15 +134,17 @@ func loginUser(_login string, _password string) (bool, error) {
 	}

 	for result.Next() {
-		var userLogin string
+		var hashedPassword string

-		err = result.Scan(&userLogin)
+		err = result.Scan(&hashedPassword)
 		if err != nil {
 			panic(err.Error())
 			return false, err
 		}

-		if userLogin != "" {
+		// Comparing the password with the hash
+		err = bcrypt.CompareHashAndPassword([]byte(hashedPassword), []byte(_password))
+		if err == nil { // nil means it is a match
 			return true, nil
 		}
 	}
--- a/backend/main.exe
+++ b/backend/main.exe
--- a/backend/views.go
+++ b/backend/views.go
@ -5,6 +5,7 @@ import (
 	"net/http"

 	"github.com/gin-gonic/gin"
+	// go get "golang.org/x/crypto/bcrypt"
 )

 func getUsersView(c *gin.Context) {
@ -62,14 +63,20 @@ func addNewUserView(c *gin.Context) {
 	if isExists {
 		c.JSON(http.StatusOK, "Login zajęty")
 		return
-	} else {
-		err = addUser(_login, _password, _userDescription)
-
-		if err != nil {
-			c.JSON(http.StatusOK, "[addNewUserView][Error] Nie mozna dodac do bazy")
-			return
-		}
 	}
+
+	if err != nil {
+		c.JSON(http.StatusOK, "[addNewUserView][Error] Nie mozna zaszyfrowac hasla")
+		return
+	}
+
+	err = addUser(_login, _password, _userDescription)
+
+	if err != nil {
+		c.JSON(http.StatusOK, "[addNewUserView][Error] Nie mozna dodac do bazy")
+		return
+	}
+
 	c.Header("Content-Type", "application/json")
 	c.JSON(http.StatusOK, "[addNewUserView] Dodano uzytkownika do bazy")
 }