diff options
Diffstat (limited to '')
-rw-r--r-- | auth.go | 25 | ||||
-rw-r--r-- | index.go | 27 | ||||
-rw-r--r-- | sql/schema.sql | 10 | ||||
-rw-r--r-- | ws.go | 16 |
4 files changed, 23 insertions, 55 deletions
@@ -222,21 +222,25 @@ func handleAuth(w http.ResponseWriter, req *http.Request) { _, err = db.Exec( req.Context(), - "INSERT INTO users (id, name, email, department) VALUES ($1, $2, $3, $4)", + "INSERT INTO users (id, name, email, department, session, expr) VALUES ($1, $2, $3, $4, $5, $6)", claims.Oid, claims.Name, claims.Email, department, + cookieValue, + 1881839332, /* TODO */ ) if err != nil { var pgErr *pgconn.PgError if errors.As(err, &pgErr) && pgErr.Code == "23505" { _, err := db.Exec( req.Context(), - "UPDATE users SET (name, email, department) = ($1, $2, $3) WHERE id = $4", + "UPDATE users SET (name, email, department, session, expr) = ($1, $2, $3, $4, $5) WHERE id = $6", claims.Name, claims.Email, department, + cookieValue, + 1881839332, /* TODO */ claims.Oid, ) if err != nil { @@ -249,23 +253,6 @@ func handleAuth(w http.ResponseWriter, req *http.Request) { } } - _, err = db.Exec( - req.Context(), - "INSERT INTO sessions(userid, cookie, expr) VALUES ($1, $2, $3)", - claims.Oid, - cookieValue, - 1881839332, /* TODO */ - ) - if err != nil { - var pgErr *pgconn.PgError - if errors.As(err, &pgErr) && pgErr.Code == "23505" { - wstr(w, http.StatusInternalServerError, "Cookie collision. Try signing in again.") - return - } - wstr(w, http.StatusInternalServerError, "Database error while inserting session.") - return - } - http.Redirect(w, req, "/", http.StatusSeeOther) } @@ -73,12 +73,12 @@ func handleIndex(w http.ResponseWriter, req *http.Request) { return } - var userid string + var userID, userName, userDepartment string err = db.QueryRow( req.Context(), - "SELECT userid FROM sessions WHERE cookie = $1", + "SELECT id, name, department FROM users WHERE session = $1", sessionCookie.Value, - ).Scan(&userid) + ).Scan(&userID, &userName, &userDepartment) if err != nil { if errors.Is(err, pgx.ErrNoRows) { authURL, err := generateAuthorizationURL() @@ -91,7 +91,7 @@ func handleIndex(w http.ResponseWriter, req *http.Request) { "index_login", map[string]interface{}{ "authURL": authURL, - "notes": []string{"Technically you have a session cookie, but it seems invalid."}, + "notes": "Your sent an invalid session cookie.", }, ) if err != nil { @@ -104,29 +104,14 @@ func handleIndex(w http.ResponseWriter, req *http.Request) { return } - var name string - var department string - err = db.QueryRow( - req.Context(), - "SELECT name, department FROM users WHERE id = $1", - userid, - ).Scan(&name, &department) - if err != nil { - if errors.Is(err, pgx.ErrNoRows) { - wstr(w, http.StatusInternalServerError, "Error: User does not exist (database error?)") - return - } - wstr(w, http.StatusInternalServerError, "Error: Unexpected database error") - return - } err = tmpl.ExecuteTemplate( w, "index", map[string]interface{}{ "open": true, "user": map[string]interface{}{ - "Name": name, - "Department": department, + "Name": userName, + "Department": userDepartment, }, "courses": courses, }, diff --git a/sql/schema.sql b/sql/schema.sql index 7bfb9d0..06f4091 100644 --- a/sql/schema.sql +++ b/sql/schema.sql @@ -10,11 +10,7 @@ CREATE TABLE users ( id TEXT PRIMARY KEY NOT NULL, name TEXT, email TEXT, - department TEXT -); -CREATE TABLE sessions ( - cookie TEXT PRIMARY KEY NOT NULL, - userid TEXT NOT NULL, - expr INTEGER NOT NULL, - FOREIGN KEY(userid) REFERENCES users(id) + department TEXT, + session TEXT, + expr INTEGER ); @@ -119,14 +119,14 @@ func handleWs(w http.ResponseWriter, req *http.Request) { return } - var userid string + var userID string var expr int err = db.QueryRow( req.Context(), - "SELECT userid, expr FROM sessions WHERE cookie = $1", + "SELECT id, expr FROM users WHERE session = $1", sessionCookie.Value, - ).Scan(&userid, &expr) + ).Scan(&userID, &expr) if errors.Is(err, pgx.ErrNoRows) { err := c.Write( req.Context(), @@ -151,7 +151,7 @@ func handleWs(w http.ResponseWriter, req *http.Request) { /* * Now that we have an authenticated request, this WebSocket connection - * may be simply associated with the session and userid. + * may be simply associated with the session and userID. * TODO: There are various race conditions that could occur if one user * creates multiple connections, with the same or different session * cookies. The last situation could occur in normal use when a user @@ -164,7 +164,7 @@ func handleWs(w http.ResponseWriter, req *http.Request) { req.Context(), c, sessionCookie.Value, - userid, + userID, ) if err != nil { log.Printf("%v", err) @@ -254,7 +254,7 @@ func handleConn( ctx context.Context, c *websocket.Conn, session string, - userid string, + userID string, ) error { /* * TODO: Check for potential race conditions in chanPool handling @@ -264,13 +264,13 @@ func handleConn( func() { defer chanPoolLock.Unlock() chanPool[session] = &send - log.Printf("Channel %v added to pool for session %s, userid %s\n", &send, session, userid) + log.Printf("Channel %v added to pool for session %s, userID %s\n", &send, session, userID) }() defer func() { chanPoolLock.Lock() defer chanPoolLock.Unlock() delete(chanPool, session) - log.Printf("Purging channel %v for session %s userid %s, from pool\n", &send, session, userid) + log.Printf("Purging channel %v for session %s userID %s, from pool\n", &send, session, userID) }() /* |