From 782e762019e3be828fabbbb266bb693d2e3c2a23 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Thu, 21 Mar 2024 18:39:32 +0100 Subject: [PATCH] WIP: Something is going on --- api/v1/accounts.go | 61 +++++++++++----------- internal/controllers/accounts.go | 82 +++++++++++++----------------- internal/controllers/email.go.tmp | 13 +++++ internal/helpers/email/email.go | 6 +-- internal/helpers/hash/hash.go | 5 +- internal/helpers/hash/hash_test.go | 14 ++--- main.go | 19 ++++--- 7 files changed, 98 insertions(+), 102 deletions(-) create mode 100644 internal/controllers/email.go.tmp diff --git a/api/v1/accounts.go b/api/v1/accounts.go index 26ae309..e7bf7a9 100644 --- a/api/v1/accounts.go +++ b/api/v1/accounts.go @@ -4,36 +4,30 @@ import ( "context" "git.badhouseplants.net/softplayer/softplayer-backend/internal/controllers" - "git.badhouseplants.net/softplayer/softplayer-backend/internal/helpers/email" "git.badhouseplants.net/softplayer/softplayer-go-proto/pkg/accounts" - // "google.golang.org/protobuf/types/known/emptypb" ctrl "sigs.k8s.io/controller-runtime" ) -func NewAccountRPCImpl(contoller ctrl.Manager, emailConfig email.EmailConf) *AccountsServer { +func NewAccountRPCImpl(contoller ctrl.Manager, hashCost int16) *AccountsServer { return &AccountsServer{ Controller: contoller, - EmailConfig: emailConfig, + Params: &controllers.AccountParams{ + HashCost: hashCost, + }, } } type AccountsServer struct { accounts.UnimplementedAccountsServer - EmailConfig email.EmailConf Controller ctrl.Manager + Params *controllers.AccountParams } func (a *AccountsServer) SignUp(ctx context.Context, in *accounts.AccountWithPassword) (*accounts.AccountFullWithToken, error) { - data := controllers.AccountData{ - Username: in.Data.GetName(), - Password: in.Password.GetPassword(), - Email: in.Data.GetEmail(), - } - acc := controllers.Account{ - Controller: a.Controller, - Data: &data, - } + data := populateData(in.Data.GetName(), in.Password.GetPassword(), in.Data.GetEmail()) + acc := populateAccount(data, a.Controller) + if err := acc.Create(ctx); err != nil { return nil, err } @@ -51,23 +45,18 @@ func (a *AccountsServer) SignUp(ctx context.Context, in *accounts.AccountWithPas } func (a *AccountsServer) SignIn(ctx context.Context, in *accounts.AccountWithPassword) (*accounts.AccountFullWithToken, error) { - data := controllers.AccountData{ - Username: in.Data.GetName(), - Password: in.Password.GetPassword(), - Email: in.Data.GetEmail(), - } - acc := controllers.Account{ - Controller: a.Controller, - Data: &data, - } + data := populateData(in.Data.GetName(), in.Password.GetPassword(), in.Data.GetEmail()) + acc := populateAccount(data, a.Controller) + if err := acc.Login(ctx); err != nil { return nil, err } + return &accounts.AccountFullWithToken{ - Id: &accounts.AccountId{ + Id: &accounts.AccountId{ Id: acc.Data.UUID, }, - Data: &accounts.AccountData{ + Data: &accounts.AccountData{ Name: acc.Data.Username, Email: acc.Data.Email, }, @@ -75,10 +64,18 @@ func (a *AccountsServer) SignIn(ctx context.Context, in *accounts.AccountWithPas }, nil } -//func (a *AccountsServer) ValidateEmail(ctx context.Context, in *accounts.AccountDataWithEmailCode) (*emptypb.Empty, error) { -// data := controllers.AccountData { -// Username: in.Data.GetName(), -// Email: in.Data.GetEmail(), -// } -// acc := controllers.Account {} -//} +func populateData(username, password, email string) *controllers.AccountData { + return &controllers.AccountData{ + Username: username, + Password: password, + Email: email, + } +} + +func populateAccount(data *controllers.AccountData, controller ctrl.Manager) *controllers.Account { + return &controllers.Account{ + Controller: controller, + Data: data, + } +} + diff --git a/internal/controllers/accounts.go b/internal/controllers/accounts.go index 2590eb6..d81f183 100644 --- a/internal/controllers/accounts.go +++ b/internal/controllers/accounts.go @@ -7,8 +7,8 @@ import ( "log" "time" + "git.badhouseplants.net/softplayer/softplayer-backend/internal/helpers/hash" "github.com/google/uuid" - "golang.org/x/crypto/bcrypt" corev1 "k8s.io/api/core/v1" rbacv1 "k8s.io/api/rbac/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" @@ -20,14 +20,15 @@ import ( type Account struct { Controller ctrl.Manager - Params AccountParams + Params AccountParams Data *AccountData - Token string + Token string } type AccountParams struct { HashCost int16 } + type AccountData struct { Username string Password string @@ -35,29 +36,19 @@ type AccountData struct { UUID string } -func HashPassword(password string) (string, error) { - bytes, err := bcrypt.GenerateFromPassword([]byte(password), 1) - return string(bytes), err -} - -func CheckPasswordHash(password, hash string) bool { - err := bcrypt.CompareHashAndPassword([]byte(hash), []byte(password)) - return err == nil -} - -func waitUntilCreated(ctx context.Context, client client.Client ,obj client.Object, attemps int, timeout time.Duration) error { +func waitUntilCreated(ctx context.Context, client client.Client, obj client.Object, attemps int, timeout time.Duration) error { log.Printf("Waiting %d", attemps) if err := client.Get(ctx, types.NamespacedName{ Namespace: obj.GetNamespace(), - Name: obj.GetName(), + Name: obj.GetName(), }, obj); err != nil { if attemps > 0 { time.Sleep(timeout) - waitUntilCreated(ctx, client, obj, attemps - 1, timeout) + waitUntilCreated(ctx, client, obj, attemps-1, timeout) } else { return err } - } + } return nil } @@ -66,11 +57,11 @@ func (acc *Account) Create(ctx context.Context) error { acc.Data.UUID = uuid.New().String() log.Println(acc.Data.UUID) - passwordHash, err := HashPassword(acc.Data.Password) + passwordHash, err := hash.HashPassword(acc.Data.Password, int(acc.Params.HashCost)) if err != nil { return nil } - + namespace := corev1.Namespace{ ObjectMeta: metav1.ObjectMeta{ Name: acc.Data.UUID, @@ -81,13 +72,12 @@ func (acc *Account) Create(ctx context.Context) error { return err } - if err := waitUntilCreated(ctx, client, &namespace, 10, time.Millisecond * 50); err != nil { + if err := waitUntilCreated(ctx, client, &namespace, 10, time.Millisecond*50); err != nil { return err } - if err := client.Get(ctx, types.NamespacedName{ - Name: acc.Data.UUID, + Name: acc.Data.UUID, }, &namespace); err != nil { if err := client.Delete(ctx, &namespace); err != nil { return err @@ -97,14 +87,14 @@ func (acc *Account) Create(ctx context.Context) error { // Create a secret with the account data secret := corev1.Secret{ ObjectMeta: metav1.ObjectMeta{ - Name: acc.Data.Username, + Name: acc.Data.Username, Namespace: "softplayer-accounts", - OwnerReferences: []metav1.OwnerReference{ + OwnerReferences: []metav1.OwnerReference{ metav1.OwnerReference{ - APIVersion: "v1", - Kind: "Namespace", - Name: acc.Data.UUID, - UID: namespace.UID, + APIVersion: "v1", + Kind: "Namespace", + Name: acc.Data.UUID, + UID: namespace.UID, }, }, }, @@ -132,26 +122,25 @@ func (acc *Account) Create(ctx context.Context) error { return err } - sa := &corev1.ServiceAccount{ - ObjectMeta: metav1.ObjectMeta{ - Name: acc.Data.UUID, + ObjectMeta: metav1.ObjectMeta{ + Name: acc.Data.UUID, Namespace: acc.Data.UUID, }, } rb := &rbacv1.RoleBinding{ ObjectMeta: metav1.ObjectMeta{ - Name: acc.Data.UUID, - Namespace: acc.Data.UUID, + Name: acc.Data.UUID, + Namespace: acc.Data.UUID, }, - Subjects: []rbacv1.Subject{ + Subjects: []rbacv1.Subject{ rbacv1.Subject{ Kind: "ServiceAccount", Name: acc.Data.UUID, Namespace: acc.Data.UUID, }, }, - RoleRef: rbacv1.RoleRef{ + RoleRef: rbacv1.RoleRef{ APIGroup: "rbac.authorization.k8s.io", Kind: "Role", Name: acc.Data.Username, @@ -175,13 +164,13 @@ func (acc *Account) Create(ctx context.Context) error { tokenName := fmt.Sprintf("sa-%s", acc.Data.UUID) saSec := &corev1.Secret{ ObjectMeta: metav1.ObjectMeta{ - Name: tokenName, + Name: tokenName, Namespace: acc.Data.UUID, Annotations: map[string]string{ "kubernetes.io/service-account.name": acc.Data.UUID, }, }, - Type: "kubernetes.io/service-account-token", + Type: "kubernetes.io/service-account-token", } if err := client.Create(ctx, saSec); err != nil { @@ -190,7 +179,7 @@ func (acc *Account) Create(ctx context.Context) error { } return err } - if err := waitUntilCreated(ctx, client, saSec, 10, time.Millisecond * 50); err != nil { + if err := waitUntilCreated(ctx, client, saSec, 10, time.Millisecond*50); err != nil { return err } @@ -204,7 +193,7 @@ func (acc *Account) Create(ctx context.Context) error { return nil } -func (acc *Account) Login (ctx context.Context) error { +func (acc *Account) Login(ctx context.Context) error { client := acc.Controller.GetClient() sec := &corev1.Secret{} if err := client.Get(ctx, types.NamespacedName{ @@ -213,7 +202,7 @@ func (acc *Account) Login (ctx context.Context) error { }, sec); err != nil { return err } - if !CheckPasswordHash(acc.Data.Password, string(sec.Data["password"])){ + if !hash.CheckPasswordHash(acc.Data.Password, string(sec.Data["password"])) { err := errors.New("wrong password") return err } @@ -221,30 +210,29 @@ func (acc *Account) Login (ctx context.Context) error { tokenName := fmt.Sprintf("sa-%s", acc.Data.UUID) saSec := &corev1.Secret{ ObjectMeta: metav1.ObjectMeta{ - Name: tokenName, + Name: tokenName, Namespace: acc.Data.UUID, Annotations: map[string]string{ "kubernetes.io/service-account.name": acc.Data.UUID, }, }, - Type: "kubernetes.io/service-account-token", + Type: "kubernetes.io/service-account-token", } var err error acc.Token, err = acc.getToken(ctx, saSec) - if err != nil{ - return err + if err != nil { + return err } return nil } -func (acc *Account) getToken (ctx context.Context, saSec *corev1.Secret) (string, error) { +func (acc *Account) getToken(ctx context.Context, saSec *corev1.Secret) (string, error) { client := acc.Controller.GetClient() if err := client.Get(ctx, types.NamespacedName{ Namespace: acc.Data.UUID, - Name: saSec.ObjectMeta.Name, + Name: saSec.ObjectMeta.Name, }, saSec); err != nil { return "", err } return string(saSec.Data["token"]), nil } - diff --git a/internal/controllers/email.go.tmp b/internal/controllers/email.go.tmp new file mode 100644 index 0000000..5c5ec10 --- /dev/null +++ b/internal/controllers/email.go.tmp @@ -0,0 +1,13 @@ +# package controllers + +import "context" + +type EmailSvc struct {} + +type EmailData strict { + UserID string +} + +func (svc *EmailSvc) SendVerification(ctx context.Context) { + +} diff --git a/internal/helpers/email/email.go b/internal/helpers/email/email.go index c7a44e2..a890622 100644 --- a/internal/helpers/email/email.go +++ b/internal/helpers/email/email.go @@ -5,13 +5,13 @@ import ( ) type EmailConf struct { - From string + From string Password string SmtpHost string SmtpPort string } -func (e *EmailConf) SendEmail (to string, message string )error { +func (e *EmailConf) SendEmail(to string, message string) error { messageByte := []byte(message) auth := smtp.PlainAuth("", e.From, e.Password, e.SmtpHost) @@ -19,4 +19,4 @@ func (e *EmailConf) SendEmail (to string, message string )error { return err } return nil -} +} diff --git a/internal/helpers/hash/hash.go b/internal/helpers/hash/hash.go index be34a0b..d07a56c 100644 --- a/internal/helpers/hash/hash.go +++ b/internal/helpers/hash/hash.go @@ -8,7 +8,6 @@ func HashPassword(password string, cost int) (string, error) { } func CheckPasswordHash(password, hash string) bool { - err := bcrypt.CompareHashAndPassword([]byte(hash), []byte(password)) - return err == nil + err := bcrypt.CompareHashAndPassword([]byte(hash), []byte(password)) + return err == nil } - diff --git a/internal/helpers/hash/hash_test.go b/internal/helpers/hash/hash_test.go index 616a1f2..53da91b 100644 --- a/internal/helpers/hash/hash_test.go +++ b/internal/helpers/hash/hash_test.go @@ -8,14 +8,14 @@ import ( ) func TestHashValid(t *testing.T) { - password := "qwertyu9" - hpass, err := hash.HashPassword(password, 10) - assert.NoError(t, err) - assert.True(t, hash.CheckPasswordHash(password, hpass)) + password := "qwertyu9" + hpass, err := hash.HashPassword(password, 10) + assert.NoError(t, err) + assert.True(t, hash.CheckPasswordHash(password, hpass)) } func TestHashInvalid(t *testing.T) { - password := "qwertyu9" - invhash := "qwertyu9" - assert.False(t, hash.CheckPasswordHash(password, invhash)) + password := "qwertyu9" + invhash := "qwertyu9" + assert.False(t, hash.CheckPasswordHash(password, invhash)) } diff --git a/main.go b/main.go index 3597aea..25da25c 100644 --- a/main.go +++ b/main.go @@ -16,14 +16,14 @@ import ( ) type Serve struct { - Port int16 `short:"p" env:"SOFTPLAYER_PORT" default:"8080"` - Host string `env:"SOFTPLAYER_HOST" default:"0.0.0.0"` - HashCost int16 `env:"SOFTPLAYER_HASH_COST" default:"10"` - Reflection bool `env:"SOFTPLAYER_REFLECTION" default:"false"` - SmtpHost string `env:"SOFTPLAYER_SMTP_HOST"` - SmtpPort string `env:"SOFTPLAYER_SMTP_PORT" default:"587"` - SmtpFrom string `env:"SOFTPLAYER_SMTP_FROM" default:"overlord@badhouseplants.net"` - SmtpPassword string `env:"SOFTPLAYER_SMTP_PASSWORD"` + Port int16 `short:"p" env:"SOFTPLAYER_PORT" default:"8080"` + Host string `env:"SOFTPLAYER_HOST" default:"0.0.0.0"` + HashCost int16 `env:"SOFTPLAYER_HASH_COST" default:"10"` + Reflection bool `env:"SOFTPLAYER_REFLECTION" default:"false"` + SmtpHost string `env:"SOFTPLAYER_SMTP_HOST"` + SmtpPort string `env:"SOFTPLAYER_SMTP_PORT" default:"587"` + SmtpFrom string `env:"SOFTPLAYER_SMTP_FROM" default:"overlord@badhouseplants.net"` + SmtpPassword string `env:"SOFTPLAYER_SMTP_PASSWORD"` } var CLI struct { @@ -42,14 +42,13 @@ func main() { } } - func server(params Serve) error { controller, err := ctrl.NewManager(ctrl.GetConfigOrDie(), ctrl.Options{}) if err != nil { return err } - go func(){ + go func() { controller.Start(context.Background()) }()