Click the link to reset your nKode.
Reset nKode", FrontendHost, nkodeResetJwt) + + // Construct the email message + input := &ses.SendEmailInput{ + Destination: &types.Destination{ + ToAddresses: []string{string(userEmail)}, + }, + Message: &types.Message{ + Body: &types.Body{ + Html: &types.Content{ + Data: aws.String(htmlBody), + }, + }, + Subject: &types.Content{ + Data: aws.String(subject), + }, + }, + Source: aws.String(sender), + } + + // Send the email + resp, err := sesClient.SendEmail(context.TODO(), input) + if err != nil { + return errors.New(fmt.Sprintf("failed to send email, %v", err)) + } + + // Output the message ID of the sent email + fmt.Printf("Email sent successfully, Message ID: %s\n", *resp.MessageId) + return nil +} diff --git a/core/config.go b/core/config.go new file mode 100644 index 0000000..113bba0 --- /dev/null +++ b/core/config.go @@ -0,0 +1,6 @@ +package core + +const ( + BackendHost = "localhost:8080" + FrontendHost = "localhost:8090" +) diff --git a/core/in_memory_db.go b/core/in_memory_db.go index 9963240..31d7bb9 100644 --- a/core/in_memory_db.go +++ b/core/in_memory_db.go @@ -66,6 +66,10 @@ func (db *InMemoryDb) WriteNewUser(user User) error { return nil } +func (db *InMemoryDb) UpdateUserNKode(user User) error { + return errors.ErrUnsupported +} + func (db *InMemoryDb) UpdateUserInterface(userId UserId, ui UserInterface) error { user, exists := db.Users[userId] if !exists { diff --git a/core/jwt_claims.go b/core/jwt_claims.go index 006c1eb..7a451a6 100644 --- a/core/jwt_claims.go +++ b/core/jwt_claims.go @@ -7,49 +7,57 @@ import ( "time" ) -type JwtTokens struct { +type AuthenticationTokens struct { AccessToken string `json:"access_token"` RefreshToken string `json:"refresh_token"` } +type ResetNKodeClaims struct { + Reset bool `json:"reset"` + jwt.RegisteredClaims +} + const ( - accessTokenExp = 5 * time.Minute - refreshTokenExp = 30 * 24 * time.Hour + accessTokenExp = 5 * time.Minute + refreshTokenExp = 30 * 24 * time.Hour + resetNKodeTokenExp = 5 * time.Minute ) var secret = []byte("your-secret-key") -func NewJwtTokens(username string) (JwtTokens, error) { - accessClaims := NewAccessClaim(username) +func NewAuthenticationTokens(username string, customerId CustomerId) (AuthenticationTokens, error) { + accessClaims := NewAccessClaim(username, customerId) refreshClaims := jwt.RegisteredClaims{ Subject: username, + Issuer: CustomerIdToString(customerId), ExpiresAt: jwt.NewNumericDate(time.Now().Add(refreshTokenExp)), } accessJwt, err := EncodeAndSignClaims(accessClaims) if err != nil { - return JwtTokens{}, err + return AuthenticationTokens{}, err } refreshJwt, err := EncodeAndSignClaims(refreshClaims) if err != nil { - return JwtTokens{}, err + return AuthenticationTokens{}, err } - return JwtTokens{ + return AuthenticationTokens{ AccessToken: accessJwt, RefreshToken: refreshJwt, }, nil } -func NewAccessClaim(username string) jwt.RegisteredClaims { +func NewAccessClaim(username string, customerId CustomerId) jwt.RegisteredClaims { return jwt.RegisteredClaims{ Subject: username, + Issuer: CustomerIdToString(customerId), ExpiresAt: jwt.NewNumericDate(time.Now().Add(accessTokenExp)), } } -func EncodeAndSignClaims(claims jwt.RegisteredClaims) (string, error) { +func EncodeAndSignClaims(claims jwt.Claims) (string, error) { token := jwt.NewWithClaims(jwt.SigningMethodHS256, claims) return token.SignedString(secret) } @@ -91,3 +99,29 @@ func ClaimExpired(claims jwt.RegisteredClaims) error { } return errors.New("claim expired") } + +func ResetNKodeToken(userEmail Email, customerId CustomerId) (string, error) { + resetClaims := ResetNKodeClaims{ + true, + jwt.RegisteredClaims{ + Subject: string(userEmail), + Issuer: CustomerIdToString(customerId), + ExpiresAt: jwt.NewNumericDate(time.Now().Add(resetNKodeTokenExp)), + }, + } + return EncodeAndSignClaims(resetClaims) +} + +func ParseRestNKodeToken(resetNKodeToken string) (*ResetNKodeClaims, error) { + token, err := jwt.ParseWithClaims(resetNKodeToken, &ResetNKodeClaims{}, func(token *jwt.Token) (interface{}, error) { + return secret, nil + }) + if err != nil { + return nil, fmt.Errorf("error parsing refresh token: %w", err) + } + claims, ok := token.Claims.(*ResetNKodeClaims) + if !ok { + return nil, errors.New("unable to parse claims") + } + return claims, nil +} diff --git a/core/jwt_claims_test.go b/core/jwt_claims_test.go new file mode 100644 index 0000000..4637ca1 --- /dev/null +++ b/core/jwt_claims_test.go @@ -0,0 +1,28 @@ +package core + +import ( + "github.com/google/uuid" + "github.com/stretchr/testify/assert" + "testing" +) + +func TestJwtClaims(t *testing.T) { + email := "testing@example.com" + customerId := CustomerId(uuid.New()) + authTokens, err := NewAuthenticationTokens(email, customerId) + assert.NoError(t, err) + accessToken, err := ParseAccessToken(authTokens.AccessToken) + assert.NoError(t, err) + assert.Equal(t, accessToken.Subject, email) + assert.NoError(t, ClaimExpired(*accessToken)) + refreshToken, err := ParseRefreshToken(authTokens.RefreshToken) + assert.NoError(t, err) + assert.Equal(t, refreshToken.Subject, email) + assert.NoError(t, ClaimExpired(*refreshToken)) + resetNKode, err := ResetNKodeToken(Email(email), customerId) + assert.NoError(t, err) + resetToken, err := ParseRestNKodeToken(resetNKode) + assert.NoError(t, err) + assert.True(t, resetToken.Reset) + assert.Equal(t, resetToken.Subject, email) +} diff --git a/core/nkode_api.go b/core/nkode_api.go index 95a651a..290cdef 100644 --- a/core/nkode_api.go +++ b/core/nkode_api.go @@ -34,12 +34,12 @@ func (n *NKodeAPI) CreateNewCustomer(nkodePolicy NKodePolicy, id *CustomerId) (* return &newCustomer.Id, nil } -func (n *NKodeAPI) GenerateSignupInterface(userEmail Email, customerId CustomerId, kp KeypadDimension) (*GenerateSignupInterfaceResp, error) { +func (n *NKodeAPI) GenerateSignupResetInterface(userEmail Email, customerId CustomerId, kp KeypadDimension, reset bool) (*GenerateSignupResetInterfaceResp, error) { svgIdxInterface, err := n.Db.RandomSvgIdxInterface(kp) if err != nil { return nil, err } - signupSession, err := NewSignupSession(userEmail, kp, customerId, svgIdxInterface) + signupSession, err := NewSignupResetSession(userEmail, kp, customerId, svgIdxInterface, reset) if err != nil { return nil, err } @@ -48,7 +48,7 @@ func (n *NKodeAPI) GenerateSignupInterface(userEmail Email, customerId CustomerI if err != nil { return nil, err } - resp := GenerateSignupInterfaceResp{ + resp := GenerateSignupResetInterfaceResp{ UserIdxInterface: signupSession.SetIdxInterface, SvgInterface: svgInterface, SessionId: uuid.UUID(signupSession.Id).String(), @@ -95,7 +95,11 @@ func (n *NKodeAPI) ConfirmNKode(customerId CustomerId, sessionId SessionId, keyS if err != nil { return err } - err = n.Db.WriteNewUser(*user) + if session.Reset { + err = n.Db.UpdateUserNKode(*user) + } else { + err = n.Db.WriteNewUser(*user) + } delete(n.SignupSessions, session.Id) return err } @@ -105,6 +109,9 @@ func (n *NKodeAPI) GetLoginInterface(userEmail Email, customerId CustomerId) (*G if err != nil { return nil, err } + if user == nil { + return nil, errors.New(fmt.Sprintf("user %s for customer %s dne", userEmail, customerId)) + } err = user.Interface.PartialInterfaceShuffle() if err != nil { return nil, err @@ -126,14 +133,17 @@ func (n *NKodeAPI) GetLoginInterface(userEmail Email, customerId CustomerId) (*G return &resp, nil } -func (n *NKodeAPI) Login(customerId CustomerId, userEmail Email, keySelection KeySelection) (*JwtTokens, error) { +func (n *NKodeAPI) Login(customerId CustomerId, userEmail Email, keySelection KeySelection) (*AuthenticationTokens, error) { customer, err := n.Db.GetCustomer(customerId) if err != nil { return nil, err } user, err := n.Db.GetUser(userEmail, customerId) if err != nil { - return nil, errors.New(fmt.Sprintf("user dne %s", userEmail)) + return nil, err + } + if user == nil { + return nil, errors.New(fmt.Sprintf("user %s for customer %s dne", userEmail, customerId)) } passcode, err := ValidKeyEntry(*user, *customer, keySelection) if err != nil { @@ -146,7 +156,7 @@ func (n *NKodeAPI) Login(customerId CustomerId, userEmail Email, keySelection Ke return nil, err } } - jwtToken, err := NewJwtTokens(string(user.Email)) + jwtToken, err := NewAuthenticationTokens(string(user.Email), customerId) if err != nil { return nil, err } @@ -174,6 +184,9 @@ func (n *NKodeAPI) RefreshToken(userEmail Email, customerId CustomerId, refreshT if err != nil { return "", err } + if user == nil { + return "", errors.New(fmt.Sprintf("user %s for customer %s dne", userEmail, customerId)) + } if user.RefreshToken != refreshToken { return "", errors.New("refresh token is invalid") } @@ -184,6 +197,17 @@ func (n *NKodeAPI) RefreshToken(userEmail Email, customerId CustomerId, refreshT if err = ClaimExpired(*refreshClaims); err != nil { return "", err } - newAccessClaims := NewAccessClaim(string(userEmail)) + newAccessClaims := NewAccessClaim(string(userEmail), customerId) return EncodeAndSignClaims(newAccessClaims) } + +func (n *NKodeAPI) ResetNKode(userEmail Email, customerId CustomerId) error { + user, err := n.Db.GetUser(userEmail, customerId) + if err != nil { + return fmt.Errorf("error getting user in rest nkode %v", err) + } + if user == nil { + return nil + } + return ResetUserEmail(userEmail, customerId) +} diff --git a/core/nkode_api_test.go b/core/nkode_api_test.go index f324ff5..9ad0340 100644 --- a/core/nkode_api_test.go +++ b/core/nkode_api_test.go @@ -7,21 +7,21 @@ import ( ) func TestNKodeAPI(t *testing.T) { - db1 := NewInMemoryDb() - testNKodeAPI(t, &db1) + //db1 := NewInMemoryDb() + //testNKodeAPI(t, &db1) - //dbFile := "../../test.db" + dbFile := "../test.db" - //db2 := NewSqliteDB(dbFile) - //defer db2.CloseDb() - //testNKodeAPI(t, db2) + db2 := NewSqliteDB(dbFile) + defer db2.CloseDb() + testNKodeAPI(t, db2) - // if _, err := os.Stat(dbFile); err == nil { - // err = os.Remove(dbFile) - // assert.NoError(t, err) - // } else { - // assert.NoError(t, err) - // } + //if _, err := os.Stat(dbFile); err == nil { + // err = os.Remove(dbFile) + // assert.NoError(t, err) + //} else { + // assert.NoError(t, err) + //} } func testNKodeAPI(t *testing.T, db DbAccessor) { @@ -35,7 +35,7 @@ func testNKodeAPI(t *testing.T, db DbAccessor) { nkodeApi := NewNKodeAPI(db) customerId, err := nkodeApi.CreateNewCustomer(nkodePolicy, nil) assert.NoError(t, err) - signupResponse, err := nkodeApi.GenerateSignupInterface(userEmail, *customerId, keypadSize) + signupResponse, err := nkodeApi.GenerateSignupResetInterface(userEmail, *customerId, keypadSize, false) assert.NoError(t, err) setInterface := signupResponse.UserIdxInterface sessionIdStr := signupResponse.SessionId @@ -69,5 +69,31 @@ func testNKodeAPI(t *testing.T, db DbAccessor) { _, err = nkodeApi.Login(*customerId, userEmail, loginKeySelection) assert.NoError(t, err) + /// Reset nKode + attrsPerKey = 6 + keypadSize = KeypadDimension{AttrsPerKey: attrsPerKey, NumbOfKeys: numbOfKeys} + resetResponse, err := nkodeApi.GenerateSignupResetInterface(userEmail, *customerId, keypadSize, true) + assert.NoError(t, err) + setInterface = resetResponse.UserIdxInterface + sessionIdStr = resetResponse.SessionId + sessionId, err = SessionIdFromString(sessionIdStr) + assert.NoError(t, err) + keypadSize = KeypadDimension{AttrsPerKey: numbOfKeys, NumbOfKeys: numbOfKeys} + userPasscode = setInterface[:passcodeLen+1] + setKeySelect, err = SelectKeyByAttrIdx(setInterface, userPasscode, keypadSize) + assert.NoError(t, err) + confirmInterface, err = nkodeApi.SetNKode(*customerId, sessionId, setKeySelect) + assert.NoError(t, err) + confirmKeySelect, err = SelectKeyByAttrIdx(confirmInterface, userPasscode, keypadSize) + err = nkodeApi.ConfirmNKode(*customerId, sessionId, confirmKeySelect) + assert.NoError(t, err) + + keypadSize = KeypadDimension{AttrsPerKey: attrsPerKey, NumbOfKeys: numbOfKeys} + loginInterface2, err := nkodeApi.GetLoginInterface(userEmail, *customerId) + assert.NoError(t, err) + loginKeySelection, err = SelectKeyByAttrIdx(loginInterface2.UserIdxInterface, userPasscode, keypadSize) + assert.NoError(t, err) + _, err = nkodeApi.Login(*customerId, userEmail, loginKeySelection) + assert.NoError(t, err) } } diff --git a/core/nkode_handler.go b/core/nkode_handler.go index 6a915f9..86e4946 100644 --- a/core/nkode_handler.go +++ b/core/nkode_handler.go @@ -6,6 +6,7 @@ import ( "github.com/google/uuid" "log" "net/http" + "strings" ) type NKodeHandler struct { @@ -13,23 +14,24 @@ type NKodeHandler struct { } const ( - CreateNewCustomer = "/create-new-customer" - GenerateSignupInterface = "/generate-signup-interface" - SetNKode = "/set-nkode" - ConfirmNKode = "/confirm-nkode" - GetLoginInterface = "/get-login-interface" - Login = "/login" - RenewAttributes = "/renew-attributes" - RandomSvgInterface = "/random-svg-interface" - RefreshToken = "/refresh-token" + CreateNewCustomer = "/create-new-customer" + GenerateSignupResetInterface = "/generate-signup-reset-interface" + SetNKode = "/set-nkode" + ConfirmNKode = "/confirm-nkode" + GetLoginInterface = "/get-login-interface" + Login = "/login" + RenewAttributes = "/renew-attributes" + RandomSvgInterface = "/random-svg-interface" + RefreshToken = "/refresh-token" + ResetNKode = "/reset-nkode" ) func (h *NKodeHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) { switch r.URL.Path { case CreateNewCustomer: h.CreateNewCustomerHandler(w, r) - case GenerateSignupInterface: - h.GenerateSignupInterfaceHandler(w, r) + case GenerateSignupResetInterface: + h.GenerateSignupResetInterfaceHandler(w, r) case SetNKode: h.SetNKodeHandler(w, r) case ConfirmNKode: @@ -44,6 +46,8 @@ func (h *NKodeHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) { h.RandomSvgInterfaceHandler(w, r) case RefreshToken: h.RefreshTokenHandler(w, r) + case ResetNKode: + h.ResetNKode(w, r) default: w.WriteHeader(http.StatusNotFound) _, err := w.Write([]byte("404 not found")) @@ -88,23 +92,22 @@ func (h *NKodeHandler) CreateNewCustomerHandler(w http.ResponseWriter, r *http.R w.WriteHeader(http.StatusOK) } -func (h *NKodeHandler) GenerateSignupInterfaceHandler(w http.ResponseWriter, r *http.Request) { +func (h *NKodeHandler) GenerateSignupResetInterfaceHandler(w http.ResponseWriter, r *http.Request) { if r.Method != http.MethodPost { methodNotAllowed(w) return } - log.Print("signup interface") - var signupPost GenerateSignupInterfacePost - err := decodeJson(w, r, &signupPost) + var signupResetPost GenerateSignupRestInterfacePost + err := decodeJson(w, r, &signupResetPost) if err != nil { internalServerErrorHandler(w) log.Println(err) return } kp := KeypadDimension{ - AttrsPerKey: signupPost.AttrsPerKey, - NumbOfKeys: signupPost.NumbOfKeys, + AttrsPerKey: signupResetPost.AttrsPerKey, + NumbOfKeys: signupResetPost.NumbOfKeys, } err = kp.IsValidKeypadDimension() if err != nil { @@ -112,14 +115,19 @@ func (h *NKodeHandler) GenerateSignupInterfaceHandler(w http.ResponseWriter, r * log.Println(err) return } - customerId, err := uuid.Parse(signupPost.CustomerId) + customerId, err := uuid.Parse(signupResetPost.CustomerId) if err != nil { internalServerErrorHandler(w) log.Println(err) return } - userEmail, err := ParseEmail(signupPost.UserEmail) - resp, err := h.Api.GenerateSignupInterface(userEmail, CustomerId(customerId), kp) + userEmail, err := ParseEmail(signupResetPost.UserEmail) + if err != nil { + internalServerErrorHandler(w) + log.Println(err) + return + } + resp, err := h.Api.GenerateSignupResetInterface(userEmail, CustomerId(customerId), kp, signupResetPost.Reset) if err != nil { internalServerErrorHandler(w) log.Println(err) @@ -370,30 +378,29 @@ func (h *NKodeHandler) RandomSvgInterfaceHandler(w http.ResponseWriter, r *http. } func (h *NKodeHandler) RefreshTokenHandler(w http.ResponseWriter, r *http.Request) { - if r.Method != http.MethodPost { + if r.Method != http.MethodGet { methodNotAllowed(w) } - var refreshTokenPost RefreshTokenPost - err := decodeJson(w, r, &refreshTokenPost) - + refreshToken, err := getBearerToken(r) if err != nil { internalServerErrorHandler(w) log.Println(err) return } - customerId, err := uuid.Parse(refreshTokenPost.CustomerId) + refreshClaims, err := ParseRefreshToken(refreshToken) + customerId, err := uuid.Parse(refreshClaims.Issuer) if err != nil { internalServerErrorHandler(w) log.Println(err) return } - userEmail, err := ParseEmail(refreshTokenPost.UserEmail) + userEmail, err := ParseEmail(refreshClaims.Subject) if err != nil { internalServerErrorHandler(w) log.Println(err) return } - accessToken, err := h.Api.RefreshToken(userEmail, CustomerId(customerId), refreshTokenPost.RefreshToken) + accessToken, err := h.Api.RefreshToken(userEmail, CustomerId(customerId), refreshToken) if err != nil { internalServerErrorHandler(w) @@ -417,6 +424,38 @@ func (h *NKodeHandler) RefreshTokenHandler(w http.ResponseWriter, r *http.Reques w.WriteHeader(http.StatusOK) } +func (h *NKodeHandler) ResetNKode(w http.ResponseWriter, r *http.Request) { + if r.Method != http.MethodPost { + methodNotAllowed(w) + } + var resetNKodePost ResetNKodePost + err := decodeJson(w, r, &resetNKodePost) + if err != nil { + internalServerErrorHandler(w) + log.Println("error decoding reset nkode post: ", err) + return + } + customerId, err := uuid.Parse(resetNKodePost.CustomerId) + if err != nil { + internalServerErrorHandler(w) + log.Println(err) + return + } + userEmail, err := ParseEmail(resetNKodePost.UserEmail) + if err != nil { + internalServerErrorHandler(w) + log.Println(err) + return + } + err = h.Api.ResetNKode(userEmail, CustomerId(customerId)) + if err != nil { + internalServerErrorHandler(w) + log.Println(err) + return + } + w.WriteHeader(http.StatusOK) +} + func decodeJson(w http.ResponseWriter, r *http.Request, post any) error { if r.Body == nil { invalidJson(w) @@ -449,3 +488,13 @@ func invalidJson(w http.ResponseWriter) { w.WriteHeader(http.StatusBadRequest) w.Write([]byte("invalid json")) } + +func getBearerToken(r *http.Request) (string, error) { + authHeader := r.Header.Get("Authorization") + // Check if the Authorization header is present and starts with "Bearer " + if authHeader == "" || !strings.HasPrefix(authHeader, "Bearer ") { + return "", errors.New("authorization header missing or invalid") + } + token := strings.TrimPrefix(authHeader, "Bearer ") + return token, nil +} diff --git a/core/sqlite_db.go b/core/sqlite_db.go index 9f0f724..0588881 100644 --- a/core/sqlite_db.go +++ b/core/sqlite_db.go @@ -95,9 +95,57 @@ VALUES (?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?) return nil } +func (d *SqliteDB) UpdateUserNKode(u User) error { + tx, err := d.db.Begin() + if err != nil { + return err + } + defer func() { + if err != nil { + err = tx.Rollback() + if err != nil { + log.Fatal(fmt.Sprintf("Write new user won't roll back %+v", err)) + } + } + }() + updateUser := ` +UPDATE user +SET renew = ?, refresh_token = ?, code = ?, mask = ?, attributes_per_key = ?, number_of_keys = ?, alpha_key = ?, set_key = ?, pass_key = ?, mask_key = ?, salt = ?, max_nkode_len = ?, idx_interface = ?, svg_id_interface = ? +WHERE username = ? AND customer_id = ? +` + var renew int + if u.Renew { + renew = 1 + } else { + renew = 0 + } + _, err = tx.Exec(updateUser, renew, u.RefreshToken, u.EncipheredPasscode.Code, u.EncipheredPasscode.Mask, u.Kp.AttrsPerKey, u.Kp.NumbOfKeys, util.Uint64ArrToByteArr(u.CipherKeys.AlphaKey), util.Uint64ArrToByteArr(u.CipherKeys.SetKey), util.Uint64ArrToByteArr(u.CipherKeys.PassKey), util.Uint64ArrToByteArr(u.CipherKeys.MaskKey), u.CipherKeys.Salt, u.CipherKeys.MaxNKodeLen, util.IntArrToByteArr(u.Interface.IdxInterface), util.IntArrToByteArr(u.Interface.SvgId), string(u.Email), uuid.UUID(u.CustomerId)) + + if err != nil { + return err + } + err = tx.Commit() + if err != nil { + return err + } + return nil +} + func (d *SqliteDB) GetCustomer(id CustomerId) (*Customer, error) { + tx, err := d.db.Begin() + if err != nil { + return nil, err + } + defer func() { + if err != nil { + err = tx.Rollback() + if err != nil { + log.Fatal(fmt.Sprintf("Write new user won't roll back %+v", err)) + } + } + }() selectCustomer := `SELECT max_nkode_len, min_nkode_len, distinct_sets, distinct_attributes, lock_out, expiration, attribute_values, set_values FROM customer WHERE id = ?` - rows, err := d.db.Query(selectCustomer, uuid.UUID(id)) + rows, err := tx.Query(selectCustomer, uuid.UUID(id)) if !rows.Next() { return nil, errors.New(fmt.Sprintf("no new row for customer %s with err %s", id, rows.Err())) @@ -131,18 +179,26 @@ func (d *SqliteDB) GetCustomer(id CustomerId) (*Customer, error) { }, Attributes: NewCustomerAttributesFromBytes(attributeValues, setValues), } - + err = tx.Commit() + if err != nil { + return nil, fmt.Errorf("read customer won't commit %w", err) + } return &customer, nil } func (d *SqliteDB) GetUser(username Email, customerId CustomerId) (*User, error) { + tx, err := d.db.Begin() + if err != nil { + return nil, err + } + defer tx.Commit() userSelect := ` SELECT id, renew, refresh_token, code, mask, attributes_per_key, number_of_keys, alpha_key, set_key, pass_key, mask_key, salt, max_nkode_len, idx_interface, svg_id_interface FROM user WHERE user.username = ? AND user.customer_id = ? ` - rows, err := d.db.Query(userSelect, string(username), uuid.UUID(customerId).String()) + rows, err := tx.Query(userSelect, string(username), uuid.UUID(customerId).String()) if !rows.Next() { - return nil, errors.New(fmt.Sprintf("no new rows for user %s of customer %s", string(username), uuid.UUID(customerId).String())) + return nil, nil } var id string var renewVal int @@ -246,7 +302,11 @@ UPDATE customer SET attribute_values = ?, set_values = ? WHERE id = ?; userQuery := ` SELECT id, alpha_key, set_key, attributes_per_key, number_of_keys FROM user WHERE customer_id = ? ` - rows, err := d.db.Query(userQuery, uuid.UUID(id).String()) + tx, err := d.db.Begin() + if err != nil { + return err + } + rows, err := tx.Query(userQuery, uuid.UUID(id).String()) for rows.Next() { var userId string var alphaBytes []byte @@ -283,8 +343,20 @@ SELECT id, alpha_key, set_key, attributes_per_key, number_of_keys FROM user WHER renewExec += ` COMMIT; ` + err = tx.Commit() + if err != nil { + return err + } + tx, err = d.db.Begin() + if err != nil { + return err + } _, err = d.db.Exec(renewExec, renewArgs...) + err = tx.Commit() + if err != nil { + return err + } return err } @@ -317,10 +389,15 @@ func (d *SqliteDB) GetSvgStringInterface(idxs SvgIdInterface) ([]string, error) } func (d *SqliteDB) getSvgsById(ids []int) ([]string, error) { + tx, err := d.db.Begin() + if err != nil { + return nil, err + } + defer tx.Commit() selectId := "SELECT svg FROM svg_icon where id = ?" svgs := make([]string, len(ids)) for idx, id := range ids { - rows, err := d.db.Query(selectId, id) + rows, err := tx.Query(selectId, id) if err != nil { return nil, err } @@ -336,7 +413,12 @@ func (d *SqliteDB) getSvgsById(ids []int) ([]string, error) { } func (d *SqliteDB) getRandomIds(count int) ([]int, error) { - rows, err := d.db.Query("SELECT COUNT(*) as count FROM svg_icon;") + tx, err := d.db.Begin() + if err != nil { + return nil, err + } + defer tx.Commit() + rows, err := tx.Query("SELECT COUNT(*) as count FROM svg_icon;") if err != nil { return nil, err } diff --git a/core/test_helper.go b/core/test_helper.go index ceb7761..116085b 100644 --- a/core/test_helper.go +++ b/core/test_helper.go @@ -10,8 +10,11 @@ func SelectKeyByAttrIdx(interfaceUser []int, passcodeIdxs []int, keypadSize Keyp selectedKeys := make([]int, len(passcodeIdxs)) for idx := range passcodeIdxs { attrIdx := util.IndexOf[int](interfaceUser, passcodeIdxs[idx]) + if attrIdx == -1 { + return nil, errors.New(fmt.Sprintf("index: %d out of range 0-%d", passcodeIdxs[idx], keypadSize.TotalAttrs()-1)) + } keyNumb := attrIdx / keypadSize.AttrsPerKey - if keyNumb < 0 || keyNumb >= keypadSize.NumbOfKeys { + if keyNumb >= keypadSize.NumbOfKeys { return nil, errors.New(fmt.Sprintf("index key number: %d out of range 0-%d", keyNumb, keypadSize.NumbOfKeys-1)) } selectedKeys[idx] = keyNumb diff --git a/core/type.go b/core/type.go index 79120a6..b805e15 100644 --- a/core/type.go +++ b/core/type.go @@ -21,11 +21,12 @@ type NewCustomerPost struct { NKodePolicy NKodePolicy `json:"nkode_policy"` } -type GenerateSignupInterfacePost struct { +type GenerateSignupRestInterfacePost struct { CustomerId string `json:"customer_id"` AttrsPerKey int `json:"attrs_per_key"` NumbOfKeys int `json:"numb_of_keys"` UserEmail string `json:"email"` + Reset bool `json:"reset"` } type SetNKodePost struct { @@ -56,16 +57,20 @@ type RenewAttributesPost struct { } type RefreshTokenPost struct { - UserEmail string `json:"username"` - CustomerId string `json:"customer_id"` - RefreshToken string `json:"refresh_token"` + UserEmail string `json:"email"` + CustomerId string `json:"customer_id"` +} + +type ResetNKodePost struct { + UserEmail string `json:"email"` + CustomerId string `json:"customer_id"` } type CreateNewCustomerResp struct { CustomerId string `json:"customer_id"` } -type GenerateSignupInterfaceResp struct { +type GenerateSignupResetInterfaceResp struct { SessionId string `json:"session_id"` UserIdxInterface IdxInterface `json:"user_interface"` SvgInterface []string `json:"svg_interface"` @@ -80,6 +85,12 @@ type GetLoginInterfaceResp struct { type KeySelection []int type CustomerId uuid.UUID + +func CustomerIdToString(customerId CustomerId) string { + customerUuid := uuid.UUID(customerId) + return customerUuid.String() +} + type SessionId uuid.UUID type UserId uuid.UUID @@ -116,6 +127,7 @@ type DbAccessor interface { GetUser(Email, CustomerId) (*User, error) WriteNewCustomer(Customer) error WriteNewUser(User) error + UpdateUserNKode(User) error UpdateUserInterface(UserId, UserInterface) error UpdateUserRefreshToken(UserId, string) error Renew(CustomerId) error diff --git a/core/user_signup_session.go b/core/user_signup_session.go index e5882c3..0e42911 100644 --- a/core/user_signup_session.go +++ b/core/user_signup_session.go @@ -18,10 +18,11 @@ type UserSignSession struct { ConfirmIdxInterface IdxInterface SetKeySelection KeySelection UserEmail Email + Reset bool Expire int } -func NewSignupSession(userEmail Email, kp KeypadDimension, customerId CustomerId, svgInterface SvgIdInterface) (*UserSignSession, error) { +func NewSignupResetSession(userEmail Email, kp KeypadDimension, customerId CustomerId, svgInterface SvgIdInterface, reset bool) (*UserSignSession, error) { loginInterface, err := NewUserInterface(&kp, svgInterface) if err != nil { return nil, err @@ -39,6 +40,7 @@ func NewSignupSession(userEmail Email, kp KeypadDimension, customerId CustomerId SetKeySelection: nil, UserEmail: userEmail, Kp: kp, + Reset: reset, } return &session, nil diff --git a/go.mod b/go.mod index b58ce95..4552e92 100644 --- a/go.mod +++ b/go.mod @@ -13,8 +13,24 @@ require ( ) require ( + github.com/aws/aws-sdk-go v1.55.5 // indirect + github.com/aws/aws-sdk-go-v2 v1.31.0 // indirect + github.com/aws/aws-sdk-go-v2/config v1.27.37 // indirect + github.com/aws/aws-sdk-go-v2/credentials v1.17.35 // indirect + github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.14 // indirect + github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.18 // indirect + github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.18 // indirect + github.com/aws/aws-sdk-go-v2/internal/ini v1.8.1 // indirect + github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.11.5 // indirect + github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.11.20 // indirect + github.com/aws/aws-sdk-go-v2/service/ses v1.27.1 // indirect + github.com/aws/aws-sdk-go-v2/service/sso v1.23.1 // indirect + github.com/aws/aws-sdk-go-v2/service/ssooidc v1.27.1 // indirect + github.com/aws/aws-sdk-go-v2/service/sts v1.31.1 // indirect + github.com/aws/smithy-go v1.21.0 // indirect github.com/davecgh/go-spew v1.1.1 // indirect github.com/golang-jwt/jwt/v5 v5.2.1 // indirect + github.com/jmespath/go-jmespath v0.4.0 // indirect github.com/pmezard/go-difflib v1.0.0 // indirect gopkg.in/yaml.v3 v3.0.1 // indirect ) diff --git a/go.sum b/go.sum index aa30304..5d6d19b 100644 --- a/go.sum +++ b/go.sum @@ -1,13 +1,48 @@ +github.com/aws/aws-sdk-go v1.55.5 h1:KKUZBfBoyqy5d3swXyiC7Q76ic40rYcbqH7qjh59kzU= +github.com/aws/aws-sdk-go v1.55.5/go.mod h1:eRwEWoyTWFMVYVQzKMNHWP5/RV4xIUGMQfXQHfHkpNU= +github.com/aws/aws-sdk-go-v2 v1.31.0 h1:3V05LbxTSItI5kUqNwhJrrrY1BAXxXt0sN0l72QmG5U= +github.com/aws/aws-sdk-go-v2 v1.31.0/go.mod h1:ztolYtaEUtdpf9Wftr31CJfLVjOnD/CVRkKOOYgF8hA= +github.com/aws/aws-sdk-go-v2/config v1.27.37 h1:xaoIwzHVuRWRHFI0jhgEdEGc8xE1l91KaeRDsWEIncU= +github.com/aws/aws-sdk-go-v2/config v1.27.37/go.mod h1:S2e3ax9/8KnMSyRVNd3sWTKs+1clJ2f1U6nE0lpvQRg= +github.com/aws/aws-sdk-go-v2/credentials v1.17.35 h1:7QknrZhYySEB1lEXJxGAmuD5sWwys5ZXNr4m5oEz0IE= +github.com/aws/aws-sdk-go-v2/credentials v1.17.35/go.mod h1:8Vy4kk7at4aPSmibr7K+nLTzG6qUQAUO4tW49fzUV4E= +github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.14 h1:C/d03NAmh8C4BZXhuRNboF/DqhBkBCeDiJDcaqIT5pA= +github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.14/go.mod h1:7I0Ju7p9mCIdlrfS+JCgqcYD0VXz/N4yozsox+0o078= +github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.18 h1:kYQ3H1u0ANr9KEKlGs/jTLrBFPo8P8NaH/w7A01NeeM= +github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.18/go.mod h1:r506HmK5JDUh9+Mw4CfGJGSSoqIiLCndAuqXuhbv67Y= +github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.18 h1:Z7IdFUONvTcvS7YuhtVxN99v2cCoHRXOS4mTr0B/pUc= +github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.18/go.mod h1:DkKMmksZVVyat+Y+r1dEOgJEfUeA7UngIHWeKsi0yNc= +github.com/aws/aws-sdk-go-v2/internal/ini v1.8.1 h1:VaRN3TlFdd6KxX1x3ILT5ynH6HvKgqdiXoTxAF4HQcQ= +github.com/aws/aws-sdk-go-v2/internal/ini v1.8.1/go.mod h1:FbtygfRFze9usAadmnGJNc8KsP346kEe+y2/oyhGAGc= +github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.11.5 h1:QFASJGfT8wMXtuP3D5CRmMjARHv9ZmzFUMJznHDOY3w= +github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.11.5/go.mod h1:QdZ3OmoIjSX+8D1OPAzPxDfjXASbBMDsz9qvtyIhtik= +github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.11.20 h1:Xbwbmk44URTiHNx6PNo0ujDE6ERlsCKJD3u1zfnzAPg= +github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.11.20/go.mod h1:oAfOFzUB14ltPZj1rWwRc3d/6OgD76R8KlvU3EqM9Fg= +github.com/aws/aws-sdk-go-v2/service/ses v1.27.1 h1:I+53TmxXi/Z6QRbgGlsWKUlin7x0K7si50MdMoutIwg= +github.com/aws/aws-sdk-go-v2/service/ses v1.27.1/go.mod h1:WJjeWePq/vToxtM4fKbGHiXvInPARrWn8XJ0NOu4KtY= +github.com/aws/aws-sdk-go-v2/service/sso v1.23.1 h1:2jrVsMHqdLD1+PA4BA6Nh1eZp0Gsy3mFSB5MxDvcJtU= +github.com/aws/aws-sdk-go-v2/service/sso v1.23.1/go.mod h1:XRlMvmad0ZNL+75C5FYdMvbbLkd6qiqz6foR1nA1PXY= +github.com/aws/aws-sdk-go-v2/service/ssooidc v1.27.1 h1:0L7yGCg3Hb3YQqnSgBTZM5wepougtL1aEccdcdYhHME= +github.com/aws/aws-sdk-go-v2/service/ssooidc v1.27.1/go.mod h1:FnvDM4sfa+isJ3kDXIzAB9GAwVSzFzSy97uZ3IsHo4E= +github.com/aws/aws-sdk-go-v2/service/sts v1.31.1 h1:8K0UNOkZiK9Uh3HIF6Bx0rcNCftqGCeKmOaR7Gp5BSo= +github.com/aws/aws-sdk-go-v2/service/sts v1.31.1/go.mod h1:yMWe0F+XG0DkRZK5ODZhG7BEFYhLXi2dqGsv6tX0cgI= +github.com/aws/smithy-go v1.21.0 h1:H7L8dtDRk0P1Qm6y0ji7MCYMQObJ5R9CRpyPhRUkLYA= +github.com/aws/smithy-go v1.21.0/go.mod h1:irrKGvNn1InZwb2d7fkIRNucdfwR8R+Ts3wxYa/cJHg= +github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/golang-jwt/jwt/v5 v5.2.1 h1:OuVbFODueb089Lh128TAcimifWaLhJwVflnrgM17wHk= github.com/golang-jwt/jwt/v5 v5.2.1/go.mod h1:pqrtFR0X4osieyHYxtmOUWsAWrfe1Q5UVIyoH402zdk= github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0= github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= +github.com/jmespath/go-jmespath v0.4.0 h1:BEgLn5cpjn8UN1mAw4NjwDrS35OdebyEtFe+9YPoQUg= +github.com/jmespath/go-jmespath v0.4.0/go.mod h1:T8mJZnbsbmF+m6zOOFylbeCJqk5+pHWvzYPziyZiYoo= +github.com/jmespath/go-jmespath/internal/testify v1.5.1/go.mod h1:L3OGu8Wl2/fWfCI6z80xFu9LTZmf1ZRjMHUOPmWr69U= github.com/mattn/go-sqlite3 v1.14.22 h1:2gZY6PC6kBnID23Tichd1K+Z0oS6nE/XwU+Vz/5o4kU= github.com/mattn/go-sqlite3 v1.14.22/go.mod h1:Uh1q+B4BYcTPb+yiD3kU8Ct7aC0hY9fxUwlHK0RXw+Y= github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= +github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= github.com/stretchr/testify v1.9.0 h1:HtqpIVDClZ4nwg75+f6Lvsy/wHu+3BoSGCbBAcpTsTg= github.com/stretchr/testify v1.9.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY= golang.org/x/crypto v0.26.0 h1:RrRspgV4mU+YwB4FYnuBoKsUapNIL5cohGAmSH3azsw= @@ -16,5 +51,6 @@ golang.org/x/exp v0.0.0-20240909161429-701f63a606c0 h1:e66Fs6Z+fZTbFBAxKfP3PALWB golang.org/x/exp v0.0.0-20240909161429-701f63a606c0/go.mod h1:2TbTHSBQa924w8M6Xs1QcRcFwyucIwBGpK1p2f1YFFY= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405 h1:yhCVgyC4o1eVCa2tZl7eS0r+SDo693bJlVdllGtEeKM= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= +gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= diff --git a/main.go b/main.go index a2cedf3..4cbb117 100644 --- a/main.go +++ b/main.go @@ -16,7 +16,7 @@ func main() { handler := core.NKodeHandler{Api: nkodeApi} mux := http.NewServeMux() mux.Handle(core.CreateNewCustomer, &handler) - mux.Handle(core.GenerateSignupInterface, &handler) + mux.Handle(core.GenerateSignupResetInterface, &handler) mux.Handle(core.SetNKode, &handler) mux.Handle(core.ConfirmNKode, &handler) mux.Handle(core.GetLoginInterface, &handler) @@ -24,6 +24,7 @@ func main() { mux.Handle(core.RenewAttributes, &handler) mux.Handle(core.RandomSvgInterface, &handler) mux.Handle(core.RefreshToken, &handler) + mux.Handle(core.ResetNKode, &handler) fmt.Println("Running on localhost:8080...") log.Fatal(http.ListenAndServe("localhost:8080", corsMiddleware(mux))) } diff --git a/main_test.go b/main_test.go index ad5f9e7..b5b2a24 100644 --- a/main_test.go +++ b/main_test.go @@ -3,6 +3,7 @@ package main import ( "bytes" "encoding/json" + "fmt" "github.com/stretchr/testify/assert" "go-nkode/core" "io" @@ -23,14 +24,15 @@ func TestApi(t *testing.T) { testApiPost(t, base+core.CreateNewCustomer, newCustomerBody, &customerResp) username := "test_username@example.com" - signupInterfaceBody := core.GenerateSignupInterfacePost{ + signupInterfaceBody := core.GenerateSignupRestInterfacePost{ CustomerId: customerResp.CustomerId, AttrsPerKey: kp.AttrsPerKey, NumbOfKeys: kp.NumbOfKeys, UserEmail: username, + Reset: false, } - var signupInterfaceResp core.GenerateSignupInterfaceResp - testApiPost(t, base+core.GenerateSignupInterface, signupInterfaceBody, &signupInterfaceResp) + var signupInterfaceResp core.GenerateSignupResetInterfaceResp + testApiPost(t, base+core.GenerateSignupResetInterface, signupInterfaceBody, &signupInterfaceResp) assert.Len(t, signupInterfaceResp.SvgInterface, kp.TotalAttrs()) passcodeLen := 4 setInterface := signupInterfaceResp.UserIdxInterface @@ -71,7 +73,7 @@ func TestApi(t *testing.T) { UserEmail: username, KeySelection: loginKeySelection, } - var jwtTokens core.JwtTokens + var jwtTokens core.AuthenticationTokens testApiPost(t, base+core.Login, loginBody, &jwtTokens) refreshClaims, err := core.ParseRefreshToken(jwtTokens.RefreshToken) assert.Equal(t, refreshClaims.Subject, username) @@ -91,17 +93,12 @@ func TestApi(t *testing.T) { testApiPost(t, base+core.Login, loginBody, &jwtTokens) var randomSvgInterfaceResp core.RandomSvgInterfaceResp - testApiGet(t, base+core.RandomSvgInterface, &randomSvgInterfaceResp) + testApiGet(t, base+core.RandomSvgInterface, &randomSvgInterfaceResp, "") assert.Equal(t, core.KeypadMax.TotalAttrs(), len(randomSvgInterfaceResp.Svgs)) - refreshBody := core.RefreshTokenPost{ - UserEmail: username, - CustomerId: customerResp.CustomerId, - RefreshToken: jwtTokens.RefreshToken, - } - var refreshTokenResp core.RefreshTokenResp - testApiPost(t, base+core.RefreshToken, refreshBody, &refreshTokenResp) + + testApiGet(t, base+core.RefreshToken, &refreshTokenResp, jwtTokens.RefreshToken) accessClaims, err = core.ParseAccessToken(refreshTokenResp.AccessToken) assert.NoError(t, err) assert.Equal(t, accessClaims.Subject, username) @@ -131,8 +128,26 @@ func testApiPost(t *testing.T, endpointStr string, postBody any, respBody any) { } } -func testApiGet(t *testing.T, endpointStr string, respBody any) { - resp, err := http.Get(endpointStr) +func testApiGet(t *testing.T, endpointStr string, respBody any, bearerToken string) { + req, err := http.NewRequest("GET", endpointStr, nil) + if err != nil { + fmt.Println("Error creating request:", err) + return + } + + // Add the Bearer token to the Authorization header + if bearerToken != "" { + req.Header.Set("Authorization", "Bearer "+bearerToken) + } + // Make the HTTP request + client := &http.Client{} + resp, err := client.Do(req) + if err != nil { + fmt.Println("Error making request:", err) + return + } + defer resp.Body.Close() + assert.NoError(t, err) assert.Equal(t, resp.StatusCode, http.StatusOK) if respBody != nil { diff --git a/sqlite-init/sqlite_init.go b/sqlite-init/sqlite_init.go index 3e0dc51..5999a5c 100644 --- a/sqlite-init/sqlite_init.go +++ b/sqlite-init/sqlite_init.go @@ -144,7 +144,9 @@ func MakeTables(dbPath string) { defer db.Close() createTable := ` PRAGMA journal_mode=WAL; -PRAGMA foreign_keys = ON; +--PRAGMA busy_timeout = 5000; -- Wait up to 5 seconds +--PRAGMA synchronous = NORMAL; -- Reduce sync frequency for less locking +--PRAGMA cache_size = -16000; -- Increase cache size (16MB)PRAGMA foreign_keys = ON; CREATE TABLE IF NOT EXISTS customer ( id TEXT NOT NULL PRIMARY KEY,