learn-go/snippetbox/internal/models/users.go

package models

import (
	"database/sql"
	"errors"
	"strings"
	"time"

	"github.com/go-sql-driver/mysql"
	"golang.org/x/crypto/bcrypt"
)

type User struct {
	ID             int
	Username       string
	Email          string
	HashedPassword []byte
	Created        time.Time
}

type UserModel struct {
	DB *sql.DB
}

// Insert
func (m *UserModel) Insert(username, email, password string) error {
	hashedPassword, err := bcrypt.GenerateFromPassword([]byte(password), 15)
	if err != nil {
		return err
	}

	stmt := `INSERT INTO users (username, email, hashed_password, created)
        VALUES(?, ?, ?, UTC_TIMESTAMP())`

	_, err = m.DB.Exec(stmt, username, email, string(hashedPassword))
	if err != nil {
		var mySQLError *mysql.MySQLError
		if errors.As(err, &mySQLError) {
			if mySQLError.Number == 1062 && strings.Contains(mySQLError.Message, "users_uc_email") {
				return ErrDuplicateEmail
			}
		}
		return err
	}

	return nil
}

// Authenticate
func (m *UserModel) Authenticate(email, password string) (int, error) {
	var id int
	var hashedPassword []byte

	stmt := "SELECT id, hashed_password FROM users WHERE email = ?"

	err := m.DB.QueryRow(stmt, email).Scan(&id, &hashedPassword)
	if err != nil {
		if errors.Is(err, sql.ErrNoRows) {
			return 0, ErrInvalidCredentials
		} else {
			return 0, err
		}
	}

	err = bcrypt.CompareHashAndPassword(hashedPassword, []byte(password))
	if err != nil {
		if errors.Is(err, bcrypt.ErrMismatchedHashAndPassword) {
			return 0, ErrInvalidCredentials
		} else {
			return 0, err
		}
	}

	return id, nil
}

// Exists
func (m *UserModel) Exists(id int) (bool, error) {
	var exists bool

	stmt := "SELECT EXISTS(SELECT true FROM users WHERE id = ?)"

	err := m.DB.QueryRow(stmt, id).Scan(&exists)
	return exists, err
}
lets-go:11.0 user signup without peeking deliberately skipping salting and encrypting passwords at this point. intending to approach this in tandem with authenication. also starting to want db migrations, but trying not to get distracted. 2024-02-07 19:07:29 +00:00			`package models`

			`import (`
			`"database/sql"`
lets-go:11.3 signup with bcrypt 2024-02-07 23:54:12 +00:00			`"errors"`
			`"strings"`
lets-go:11.3 user signup 2024-02-07 23:15:54 +00:00			`"time"`
lets-go:11.3 signup with bcrypt 2024-02-07 23:54:12 +00:00
			`"github.com/go-sql-driver/mysql"`
			`"golang.org/x/crypto/bcrypt"`
lets-go:11.0 user signup without peeking deliberately skipping salting and encrypting passwords at this point. intending to approach this in tandem with authenication. also starting to want db migrations, but trying not to get distracted. 2024-02-07 19:07:29 +00:00			`)`

			`type User struct {`
lets-go:11.3 user signup 2024-02-07 23:15:54 +00:00			`ID int`
			`Username string`
			`Email string`
			`HashedPassword []byte`
			`Created time.Time`
lets-go:11.0 user signup without peeking deliberately skipping salting and encrypting passwords at this point. intending to approach this in tandem with authenication. also starting to want db migrations, but trying not to get distracted. 2024-02-07 19:07:29 +00:00			`}`

			`type UserModel struct {`
			`DB *sql.DB`
			`}`

			`// Insert`
lets-go:11.3 signup with bcrypt 2024-02-07 23:54:12 +00:00			`func (m *UserModel) Insert(username, email, password string) error {`
			`hashedPassword, err := bcrypt.GenerateFromPassword([]byte(password), 15)`
			`if err != nil {`
			`return err`
			`}`

			stmt := `INSERT INTO users (username, email, hashed_password, created)
			VALUES(?, ?, ?, UTC_TIMESTAMP())`

			`_, err = m.DB.Exec(stmt, username, email, string(hashedPassword))`
			`if err != nil {`
			`var mySQLError *mysql.MySQLError`
			`if errors.As(err, &mySQLError) {`
			`if mySQLError.Number == 1062 && strings.Contains(mySQLError.Message, "users_uc_email") {`
			`return ErrDuplicateEmail`
			`}`
			`}`
			`return err`
			`}`

			`return nil`
lets-go:11.0 user signup without peeking deliberately skipping salting and encrypting passwords at this point. intending to approach this in tandem with authenication. also starting to want db migrations, but trying not to get distracted. 2024-02-07 19:07:29 +00:00			`}`

lets-go:11.3 user signup 2024-02-07 23:15:54 +00:00			`// Authenticate`
lets-go:11.4 login 2024-02-08 00:27:03 +00:00			`func (m *UserModel) Authenticate(email, password string) (int, error) {`
			`var id int`
			`var hashedPassword []byte`

			`stmt := "SELECT id, hashed_password FROM users WHERE email = ?"`

			`err := m.DB.QueryRow(stmt, email).Scan(&id, &hashedPassword)`
			`if err != nil {`
			`if errors.Is(err, sql.ErrNoRows) {`
			`return 0, ErrInvalidCredentials`
			`} else {`
			`return 0, err`
			`}`
			`}`

			`err = bcrypt.CompareHashAndPassword(hashedPassword, []byte(password))`
			`if err != nil {`
			`if errors.Is(err, bcrypt.ErrMismatchedHashAndPassword) {`
			`return 0, ErrInvalidCredentials`
			`} else {`
			`return 0, err`
			`}`
			`}`

			`return id, nil`
lets-go:11.3 user signup 2024-02-07 23:15:54 +00:00			`}`
lets-go:11.0 user signup without peeking deliberately skipping salting and encrypting passwords at this point. intending to approach this in tandem with authenication. also starting to want db migrations, but trying not to get distracted. 2024-02-07 19:07:29 +00:00
lets-go:11.3 user signup 2024-02-07 23:15:54 +00:00			`// Exists`
			`func (m *UserModel) Exists(id int) (bool, error) {`
lets-go:12.2 request context for authz 2024-02-08 17:26:25 +00:00			`var exists bool`

			`stmt := "SELECT EXISTS(SELECT true FROM users WHERE id = ?)"`

			`err := m.DB.QueryRow(stmt, id).Scan(&exists)`
			`return exists, err`
lets-go:11.0 user signup without peeking deliberately skipping salting and encrypting passwords at this point. intending to approach this in tandem with authenication. also starting to want db migrations, but trying not to get distracted. 2024-02-07 19:07:29 +00:00			`}`