From eaaf3092604eb9c4009816dcba5abe3b029b6874 Mon Sep 17 00:00:00 2001
From: "Zed A. Shaw" <zed.shaw@gmail.com>
Date: Fri, 27 Jun 2025 12:02:05 -0400
Subject: [PATCH] Now have a basic auth library for doing bcrypt auth.

---
 api/auth.go             | 55 +++++++++++++++++++++++++++++++++++++++++
 api/controllers.go      | 40 ++++++++++--------------------
 go.mod                  |  2 +-
 public/login/index.html |  1 -
 4 files changed, 69 insertions(+), 29 deletions(-)
 create mode 100644 api/auth.go

diff --git a/api/auth.go b/api/auth.go
new file mode 100644
index 0000000..f15ec09
--- /dev/null
+++ b/api/auth.go
@@ -0,0 +1,55 @@
+package api
+
+import (
+  "golang.org/x/crypto/bcrypt"
+
+  "github.com/gofiber/fiber/v2"
+  _ "github.com/mattn/go-sqlite3"
+  sq "github.com/Masterminds/squirrel"
+  "github.com/gofiber/fiber/v2/middleware/session"
+
+  "zedshaw.games/webapp/data"
+)
+
+func CheckAuthed(c *fiber.Ctx) (bool, *session.Session, error) {
+  sess, err := STORE.Get(c)
+  if err != nil { return false, sess, err }
+  authed := sess.Get("authenticated") == true
+  return authed, sess, nil
+}
+
+func NotAuthed(err error, authed bool) bool {
+  return err != nil || authed == false
+}
+
+func LogoutUser(c *fiber.Ctx) error {
+  sess, err := STORE.Get(c)
+  if err != nil { return err }
+
+  sess.Set("authenticated", false)
+  err = sess.Save()
+  return err
+}
+
+func LoginUser(result *data.User, login *data.Login) (bool, error) {
+  sql, args, err := sq.Select("username, password").
+      From("user").Where("username=?", login.Username).ToSql()
+
+  if err != nil { return false, err }
+
+  err = data.DB.Get(result, sql, args...)
+  if err != nil { return false, err }
+
+  pass_good := bcrypt.CompareHashAndPassword([]byte(result.Password), []byte(login.Password))
+  if pass_good != nil { return false, pass_good }
+
+  return login.Username == result.Username && pass_good == nil, nil
+}
+
+func SetUserPassword(password string, user *data.User) error {
+  hashed, err := bcrypt.GenerateFromPassword([]byte(password), 12)
+  if err == nil { return err }
+
+  user.Password = string(hashed)
+  return nil
+}
diff --git a/api/controllers.go b/api/controllers.go
index 32bfd13..0ed1127 100644
--- a/api/controllers.go
+++ b/api/controllers.go
@@ -2,36 +2,28 @@ package api
 
 import (
   "log"
-  "github.com/gofiber/fiber/v2"
 
-   _ "github.com/mattn/go-sqlite3"
-   sq "github.com/Masterminds/squirrel"
-   "github.com/gofiber/fiber/v2/middleware/session"
+  "github.com/gofiber/fiber/v2"
+  _ "github.com/mattn/go-sqlite3"
+  sq "github.com/Masterminds/squirrel"
+  "github.com/gofiber/fiber/v2/middleware/session"
 
   "zedshaw.games/webapp/data"
 )
 
 var STORE *session.Store
 
-func Logout(c *fiber.Ctx) error {
-  sess, err := STORE.Get(c)
-  if err != nil { return IfErrNil(err, c) }
 
-  sess.Set("authenticated", false)
-  err = sess.Save()
+func GetApiLogout(c *fiber.Ctx) error {
+  err := LogoutUser(c)
   if err != nil { return IfErrNil(err, c) }
 
   return c.Redirect("/")
 }
 
 func GetApiStream(c *fiber.Ctx) error {
-  sess, err := STORE.Get(c)
-  if err != nil { return IfErrNil(err, c) }
-
-  if sess.Get("authenticated") != true {
-    // NOTE: need my own error thing
-    return IfErrNil(err, c)
-  }
+  authed, _, err := CheckAuthed(c)
+  if NotAuthed(err, authed) { return IfErrNil(err, c) }
 
   sql, args, err := sq.Select("*").From("stream").ToSql()
   err = data.SelectJson[data.Stream](c, err, sql, args...)
@@ -58,20 +50,15 @@ func GetApiStreamIdLinks(c *fiber.Ctx) error {
 }
 
 func PostApiLogin(c *fiber.Ctx) error {
-  var result data.User
+  var user data.User
 
   login, err := ReceivePost[data.Login](c)
   if(err != nil) { return IfErrNil(err, c) }
 
-  sql, args, err := sq.Select("username, password").
-      From("user").Where("username=?", login.Username).ToSql()
-
+  pass_good, err := LoginUser(&user, login)
   if err != nil { return IfErrNil(err, c) }
 
-  err = data.DB.Get(&result, sql, args...)
-  if err != nil { return IfErrNil(err, c) }
-
-  if login.Username == result.Username && login.Password == result.Password {
+  if pass_good {
     sess, err := STORE.Get(c)
     if err != nil { return IfErrNil(err, c) }
 
@@ -103,12 +90,11 @@ func PostApiLink(c *fiber.Ctx) error {
      return IfErrNil(err, c)
 }
 
-
 func Setup(app *fiber.App) {
   STORE = session.New()
 
-  app.Get("/api/stream/", GetApiStream)
-  app.Get("/api/logout/", Logout)
+  app.Get("/api/stream", GetApiStream)
+  app.Get("/api/logout", GetApiLogout)
   app.Get("/api/stream/:id", GetApiStreamId)
   app.Get("/api/stream/:id/links", GetApiStreamIdLinks)
   app.Post("/api/login", PostApiLogin)
diff --git a/go.mod b/go.mod
index 7dd815a..317fccd 100644
--- a/go.mod
+++ b/go.mod
@@ -11,6 +11,7 @@ require (
 	github.com/jmoiron/sqlx v1.4.0
 	github.com/mattn/go-sqlite3 v1.14.28
 	github.com/stretchr/testify v1.10.0
+	golang.org/x/crypto v0.39.0
 )
 
 require (
@@ -95,7 +96,6 @@ require (
 	go.opentelemetry.io/otel v1.35.0 // indirect
 	go.opentelemetry.io/otel/trace v1.35.0 // indirect
 	go.uber.org/multierr v1.11.0 // indirect
-	golang.org/x/crypto v0.39.0 // indirect
 	golang.org/x/exp v0.0.0-20250531010427-b6e5de432a8b // indirect
 	golang.org/x/mod v0.25.0 // indirect
 	golang.org/x/net v0.41.0 // indirect
diff --git a/public/login/index.html b/public/login/index.html
index 18a7ef3..04b4f41 100644
--- a/public/login/index.html
+++ b/public/login/index.html
@@ -8,7 +8,6 @@
     <title>ZedShaw's Game Thing</title>
   </head>
 
-
   <body data-testid="login-page">
     <header>
       <a href="/">🏡</a> <span>Zed's Game Dev Website Yay</span>