Add hashing for link password and update link update service method

2021-04-04 16:36:13 +06:00 · 2021-04-04 16:36:13 +06:00 · f4684be37d
commit f4684be37d
parent a01f540a29
4 changed files with 79 additions and 32 deletions
--- a/go.mod
+++ b/go.mod
@ -13,8 +13,9 @@ require (
 	github.com/knadh/koanf v0.15.0
 	github.com/labstack/echo/v4 v4.2.1
 	github.com/mitchellh/copystructure v1.1.1 // indirect
-	github.com/patrickmn/go-cache v2.1.0+incompatible // indirect
+	github.com/patrickmn/go-cache v2.1.0+incompatible
 	github.com/rs/zerolog v1.20.0
+	golang.org/x/crypto v0.0.0-20210220033148-5ea612d1eb83
 	golang.org/x/sys v0.0.0-20210309074719-68d13333faf2 // indirect
 	golang.org/x/text v0.3.5 // indirect
 	golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1 // indirect
--- a/link/dto.go
+++ b/link/dto.go
@ -16,7 +16,6 @@ type ResourceModel struct {
 	Id           string `json:"id"`
 	Name         string `json:"name"`
 	RedirectURL  string `json:"redirectUrl"`
-	Password     string `json:"password"`
 	CreationTime int64  `json:"creationTime"`
 }

@ -46,7 +45,6 @@ func MapEntityToModel(entity *Link) ResourceModel {
 		Id:           entity.Id,
 		Name:         entity.Name,
 		RedirectURL:  entity.RedirectURL.String(),
-		Password:     entity.Password,
 		CreationTime: entity.CreationTime.Unix(),
 	}
 }
--- a/link/handlers.go
+++ b/link/handlers.go
@ -92,32 +92,19 @@ func updateHandler(ctx echo.Context, serv Service) error {
 		return echo.NewHTTPError(http.StatusBadRequest, "Invalid data format.")
 	}

-	updatingLink, err := serv.GetById(linkId)
+	var parsedUrl *url.URL
+	parsedUrl, err := url.Parse(model.RedirectURL)
 	if err != nil {
-		return err
-	}
-
-	hasChanges := false
-	switch {
-	case model.Name != "" && model.Name != updatingLink.Name:
-		updatingLink.Name = model.Name
-
-		hasChanges = true
-	case model.RedirectURL != "" && model.RedirectURL != updatingLink.RedirectURL.String():
-		if parsedUrl, err := url.Parse(model.RedirectURL); err != nil {
 		return echo.NewHTTPError(http.StatusBadRequest, "Invalid URL value.")
-		} else {
-			updatingLink.RedirectURL = *parsedUrl
 	}

-		hasChanges = true
-	}
-
-	if hasChanges {
-		if err = serv.Update(updatingLink); err != nil {
+	if err := serv.UpdateById(linkId, struct {
+		Name        string
+		Password    string
+		RedirectURL *url.URL
+	}{Name: model.Name, Password: model.Password, RedirectURL: parsedUrl}); err != nil {
 		return err
 	}
-	}

 	return ctx.NoContent(http.StatusOK)
 }
--- a/link/service.go
+++ b/link/service.go
@ -3,6 +3,7 @@ package link
 import (
 	apperrors "cgnolink/errors"
 	"github.com/patrickmn/go-cache"
+	"golang.org/x/crypto/bcrypt"
 	"net/url"
 )

@ -13,7 +14,14 @@ type Service interface {
 	GetById(id string) (*Link, error)
 	AccessLink(id string, password string) (*url.URL, error)
 	GetAll(limit int, offset int) (Links, error)
-	Update(data *Link) error
+	UpdateById(
+		id string,
+		data struct {
+			Name        string
+			Password    string
+			RedirectURL *url.URL
+		},
+	) error
 	DeleteById(id string) error
 }

@ -29,7 +37,7 @@ func (service *PgService) AccessLink(id string, password string) (*url.URL, erro
 	}

 	if link.Password != "" {
-		if password == "" || link.Password != password {
+		if password == "" || bcrypt.CompareHashAndPassword([]byte(link.Password), []byte(password)) != nil {
 			return nil, linkNotFoundError
 		}
 	}
@ -54,6 +62,15 @@ func (service *PgService) Create(link *Link) error {
 		return apperrors.AlreadyExistsError{Message: "Link with given ID already exists."}
 	}

+	if link.Password != "" {
+		hashedPassword, err := HashPassword(link.Password)
+		if err != nil {
+			return err
+		}
+
+		link.Password = hashedPassword
+	}
+
 	if err = service.rep.Save(link); err != nil {
 		return apperrors.UnknownError{Err: err}
 	}
@ -91,11 +108,46 @@ func (service *PgService) GetAll(limit int, offset int) (Links, error) {
 	return links, nil
 }

-func (service *PgService) Update(data *Link) error {
-	if err := service.rep.Update(data); err != nil {
+func (service *PgService) UpdateById(
+	id string,
+	data struct {
+		Name        string
+		Password    string
+		RedirectURL *url.URL
+	},
+) error {
+	link, err := service.GetById(id)
+	if err != nil {
+		return err
+	}
+
+	hasChanges := false
+	switch {
+	case data.Name != "":
+		link.Name = data.Name
+
+		hasChanges = true
+	case data.RedirectURL != nil:
+		link.RedirectURL = *data.RedirectURL
+
+		hasChanges = true
+	case data.Password != "":
+		hashedPw, err := HashPassword(data.Password)
+		if err != nil {
+			return err
+		}
+
+		link.Password = hashedPw
+
+		hasChanges = true
+	}
+
+	if hasChanges {
+		if err := service.rep.Update(link); err != nil {
 			return apperrors.UnknownError{Err: err}
 		}
-	service.cache.Delete(data.Id)
+		service.cache.Delete(link.Id)
+	}

 	return nil
 }
@ -108,3 +160,12 @@ func (service *PgService) DeleteById(id string) error {

 	return nil
 }
+
+func HashPassword(password string) (string, error) {
+	hashedPw, err := bcrypt.GenerateFromPassword([]byte(password), bcrypt.DefaultCost)
+	if err != nil {
+		return "", apperrors.UnknownError{Err: err}
+	}
+
+	return string(hashedPw), nil
+}