WIP

devhatt · May 24, 2024 · 468e2ee · 468e2ee
1 parent 9607b0a
commit 468e2ee
Show file tree

Hide file tree

Showing 7 changed files with 80 additions and 31 deletions.
diff --git a/api/controllers/user.go b/api/controllers/user.go
@@ -4,8 +4,10 @@ import (
 	"encoding/json"
 	"fmt"
 	"net/http"
+	"pet-dex-backend/v2/api/middlewares"
 	"pet-dex-backend/v2/entity/dto"
 	"pet-dex-backend/v2/infra/config"
+	"pet-dex-backend/v2/interfaces"
 	"pet-dex-backend/v2/pkg/uniqueEntityId"
 	"pet-dex-backend/v2/usecase"
 
@@ -108,17 +110,35 @@ func (uc *UserController) Update(w http.ResponseWriter, r *http.Request) {
 }
 
 func (uc *UserController) Delete(w http.ResponseWriter, r *http.Request) {
+	userclaims, ok := r.Context().Value(middlewares.ContextKey("userClaims")).(interfaces.UserClaims)
+	if !ok {
+		loggerUserController.Errorf("[#UserController.Delete] Falha ao receber userclaims")
+		http.Error(w, "Erro ao converter a requisição ", http.StatusBadRequest)
+		return
+	}
+
+	userIDFromUserclaims, err := uniqueEntityId.ParseID(userclaims.Id)
+	if err != nil {
+		loggerUserController.Errorf("[#UserController.Delete] Erro ao tentar receber o ID do token -> Erro: %v", err)
+		http.Error(w, "Erro ao converter a requisição ", http.StatusBadRequest)
+		return
+	}
+
 	IDStr := chi.URLParam(r, "id")
 	ID, err := uniqueEntityId.ParseID(IDStr)
-
 	if err != nil {
-		loggerUserController.Errorf("[#UserController.Delete] Erro ao tentar converter o body da requisiçao -> Erro: %v", err)
+		loggerUserController.Errorf("[#UserController.Delete] Erro ao tentar converter o body da requisição -> Erro: %v", err)
 		http.Error(w, "Erro ao converter a requisição ", http.StatusBadRequest)
 		return
 	}
 
-	err = uc.uusecase.Delete(ID)
+	if userIDFromUserclaims != ID {
+		loggerUserController.Errorf("[#UserController.Delete] Erro ao tentar excluir outro usuário -> Erro: %v", err)
+		http.Error(w, "Usuário não autorizado a excluir este usuário", http.StatusUnauthorized)
+		return
+	}
 
+	err = uc.uusecase.Delete(ID)
 	if err != nil {
 		loggerUserController.Errorf("[#UserController.Delete] Erro ao tentar deletar o usuário -> Erro: %v", err)
 		http.Error(w, "Erro ao tentar atualizar o usuário ", http.StatusBadRequest)

diff --git a/api/middlewares/auth.go b/api/middlewares/auth.go
@@ -1,37 +1,44 @@
 package middlewares
 
 import (
+	"context"
 	"net/http"
 	"pet-dex-backend/v2/infra/config"
 	"pet-dex-backend/v2/pkg/encoder"
 	"strings"
 	"time"
 )
 
+type ContextKey string
+
 func AuthMiddleware(next http.Handler) http.Handler {
+	const UserClaimsContextKey ContextKey = "userClaims"
+
 	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
 		encoder := encoder.NewEncoderAdapter(config.GetEnvConfig().JWT_SECRET)
 
 		authHeader := r.Header.Get("Authorization")
 		if authHeader == "" {
-			w.WriteHeader(401)
+			w.WriteHeader(http.StatusUnauthorized)
 			return
 		}
 		headerSplited := strings.Split(authHeader, " ")
 		if len(headerSplited) != 2 {
-			w.WriteHeader(401)
+			w.WriteHeader(http.StatusUnauthorized)
 			return
 		}
 		bearerToken := headerSplited[1]
 		if bearerToken == "" {
-			w.WriteHeader(401)
+			w.WriteHeader(http.StatusUnauthorized)
 			return
 		}
 		userclaims := encoder.ParseAccessToken(bearerToken)
 		if userclaims.ExpiresAt != 0 && userclaims.ExpiresAt < time.Now().Unix() {
-			w.WriteHeader(401)
+			w.WriteHeader(http.StatusUnauthorized)
 			return
 		}
-		next.ServeHTTP(w, r)
+
+		context := context.WithValue(r.Context(), UserClaimsContextKey, userclaims)
+		next.ServeHTTP(w, r.WithContext(context))
 	})
 }
diff --git a/api/routes/routes.go b/api/routes/routes.go
@@ -2,6 +2,7 @@ package routes
 
 import (
 	"pet-dex-backend/v2/api/controllers"
+	"pet-dex-backend/v2/api/middlewares"
 
 	"github.com/go-chi/chi/v5"
 	"github.com/go-chi/chi/v5/middleware"
@@ -19,27 +20,33 @@ func InitRoutes(controllers Controllers, c *chi.Mux) {
 	c.Route("/api", func(r chi.Router) {
 		r.Use(middleware.AllowContentType("application/json"))
 
-		r.Route("/pets", func(r chi.Router) {
-			r.Route("/breeds", func(r chi.Router) {
-				r.Get("/", controllers.BreedController.List)
+		r.Group(func(private chi.Router) {
+			private.Use(middlewares.AuthMiddleware)
+
+			private.Route("/pets", func(r chi.Router) {
+				r.Route("/breeds", func(r chi.Router) {
+					r.Get("/", controllers.BreedController.List)
+				})
+
+				r.Patch("/{petID}", controllers.PetController.Update)
+				r.Post("/", controllers.PetController.CreatePet)
 			})
 
-			r.Get("/breeds", controllers.BreedController.List)
-			r.Patch("/{petID}", controllers.PetController.Update)
-			r.Post("/", controllers.PetController.CreatePet)
-		})
+			private.Route("/ongs", func(r chi.Router) {
+				r.Post("/", controllers.OngController.Insert)
+				r.Patch("/{ongID}", controllers.OngController.Update)
+			})
 
-		r.Route("/ongs", func(r chi.Router) {
-			r.Post("/", controllers.OngController.Insert)
-			r.Patch("/{ongID}", controllers.OngController.Update)
+			private.Route("/user", func(r chi.Router) {
+				r.Get("/{id}/my-pets", controllers.PetController.ListUserPets)
+				r.Patch("/{id}", controllers.UserController.Update)
+				r.Delete("/{id}", controllers.UserController.Delete)
+			})
 		})
 
-		r.Route("/user", func(r chi.Router) {
-			r.Get("/{id}/my-pets", controllers.PetController.ListUserPets)
-			r.Post("/token", controllers.UserController.GenerateToken)
-			r.Post("/", controllers.UserController.Insert)
-			r.Patch("/{id}", controllers.UserController.Update)
-			r.Delete("/{id}", controllers.UserController.Delete)
+		r.Group(func(public chi.Router) {
+			public.Post("/user", controllers.UserController.Insert)
+			public.Post("/user/token", controllers.UserController.GenerateToken)
 		})
 	})
 }
diff --git a/infra/db/user_repository.go b/infra/db/user_repository.go
@@ -1,6 +1,7 @@
 package db
 
 import (
+	"database/sql"
 	"fmt"
 	"pet-dex-backend/v2/entity"
 	"pet-dex-backend/v2/infra/config"
@@ -28,7 +29,7 @@ func (ur *UserRepository) Delete(id uniqueEntityId.ID) error {
 
 	if err != nil {
 		loggerUserRepository.Error(fmt.Errorf("#UserRepository.Delete error: %w", err))
-		return fmt.Errorf("error on update user")
+		return fmt.Errorf("error on delete user")
 	}
 
 	return nil
@@ -117,8 +118,18 @@ func (ur *UserRepository) FindById(id uniqueEntityId.ID) *entity.User {
 	return &entity.User{}
 }
 
-func (ur *UserRepository) FindByEmail(email string) *entity.User {
-	return &entity.User{}
+func (ur *UserRepository) FindByEmail(email string) (*entity.User, error) {
+	var user entity.User
+	err := ur.dbconnection.QueryRow("SELECT name, pass, email FROM users WHERE email = ?", email).Scan(&user.Name, &user.Pass, &user.Email)
+
+	if err != nil {
+		if err == sql.ErrNoRows {
+			return nil, nil
+		}
+		return nil, fmt.Errorf("error retrieving user: %w", err)
+	}
+
+	return &user, nil
 }
 
 func (ur *UserRepository) List() (users []entity.User, err error) {

diff --git a/interfaces/user_repository.go b/interfaces/user_repository.go
@@ -10,7 +10,7 @@ type UserRepository interface {
 	Update(userID uniqueEntityId.ID, user entity.User) error
 	Delete(id uniqueEntityId.ID) error
 	FindById(id uniqueEntityId.ID) *entity.User
-	FindByEmail(email string) *entity.User
+	FindByEmail(email string) (*entity.User, error)
 	List() ([]entity.User, error)
 	AdressRepo
 }
diff --git a/mocks/pet-dex-backend/v2/interfaces/mock_UserRepository.go b/mocks/pet-dex-backend/v2/interfaces/mock_UserRepository.go
diff --git a/usecase/user.go b/usecase/user.go
@@ -59,7 +59,11 @@ func (uc *UserUsecase) Save(userDto dto.UserInsertDto) error {
 }
 
 func (uc *UserUsecase) GenerateToken(loginDto *dto.UserLoginDto) (string, error) {
-	user := uc.repo.FindByEmail(loginDto.Email)
+	user, err := uc.repo.FindByEmail(loginDto.Email)
+	if err != nil {
+		return "", errors.New("invalid credentials")
+	}
+
 	if user.Name == "" {
 		return "", errors.New("invalid credentials")
 	}