Updated implementation of Authentication login actions with user-agen…

…t and client address information.
nthnn · Nov 13, 2024 · 0767091 · 0767091
1 parent c494a49
commit 0767091
Show file tree

Hide file tree

Showing 2 changed files with 29 additions and 12 deletions.
diff --git a/backend/auth/callback.go b/backend/auth/callback.go
@@ -583,6 +583,8 @@ func isUserEnabled(apiKey string, args []string) func(*sql.DB) {
 func loginUserWithUsername(apiKey string, args []string) func(*sql.DB) {
 	username := args[2]
 	password := args[3]
+	useragent := args[4]
+	address := args[5]
 
 	if !validateUsername(username) {
 		proc.ShowFailedResponse("Invalid username string.")
@@ -610,13 +612,14 @@ func loginUserWithUsername(apiKey string, args []string) func(*sql.DB) {
 		}
 
 		if count != 1 {
-			proc.ShowResult("\"error\"")
+			proc.ShowResult("\"0\"")
 		}
 
 		uuid := uuid.New().String()
 		query, err = d.Query("INSERT INTO " + apiKey +
-			"_account_session (username, uuid) VALUES(\"" +
-			username + "\", \"" + uuid + "\")")
+			"_account_session (username, uuid, useragent, address) VALUES(\"" +
+			username + "\", \"" + uuid + "\", \"" +
+			useragent + "\", \"" + address + "\")")
 
 		if err != nil {
 			proc.ShowFailedResponse("Internal error occured.")
@@ -631,6 +634,8 @@ func loginUserWithUsername(apiKey string, args []string) func(*sql.DB) {
 func loginUserWithEmail(apiKey string, args []string) func(*sql.DB) {
 	email := args[2]
 	password := args[3]
+	useragent := args[4]
+	address := args[5]
 
 	if !validateEmail(email) {
 		proc.ShowFailedResponse("Invalid email string.")
@@ -643,7 +648,7 @@ func loginUserWithEmail(apiKey string, args []string) func(*sql.DB) {
 	}
 
 	return func(d *sql.DB) {
-		query, err := d.Query("SELECT * FROM " + apiKey +
+		query, err := d.Query("SELECT username FROM " + apiKey +
 			"_accounts WHERE email=\"" + email +
 			"\" AND password=\"" + password + "\"")
 
@@ -652,17 +657,29 @@ func loginUserWithEmail(apiKey string, args []string) func(*sql.DB) {
 			return
 		}
 
+		username := ""
 		count := 0
 		for query.Next() {
+			query.Scan(&username)
 			count += 1
 		}
 
-		if count == 1 {
-			proc.ShowResult("\"1\"")
-		} else {
+		if count != 1 {
 			proc.ShowResult("\"0\"")
 		}
 
+		uuid := uuid.New().String()
+		query, err = d.Query("INSERT INTO " + apiKey +
+			"_account_session (username, uuid, useragent, address) VALUES(\"" +
+			username + "\", \"" + uuid + "\", \"" +
+			useragent + "\", \"" + address + "\")")
+
+		if err != nil {
+			proc.ShowFailedResponse("Internal error occured.")
+			return
+		}
+
+		proc.ShowResult("\"" + uuid + "\"")
 		query.Close()
 	}
 }
diff --git a/backend/auth/main.go b/backend/auth/main.go
@@ -1,7 +1,7 @@
 /*
  * This file is part of QLBase (https://github.com/nthnn/QLBase).
  * Copyright 2024 - Nathanne Isip
- * 
+ *
  * Permission is hereby granted, free of charge,
  * to any person obtaining a copy of this software
  * and associated documentation files (the “Software”),
@@ -11,11 +11,11 @@
  * sell copies of the Software, and to permit persons to
  * whom the Software is furnished to do so, subject to
  * the following conditions:
- * 
+ *
  * The above copyright notice and this permission notice
  * shall be included in all copies or substantial portions
  * of the Software.
- * 
+ *
  * THE SOFTWARE IS PROVIDED “AS IS”, WITHOUT WARRANTY OF
  * ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED
  * TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A
@@ -104,11 +104,11 @@ func main() {
 		callback = isUserEnabled(apiKey, args)
 
 	case "login_username":
-		failOnUmatchedArgSize(4, args)
+		failOnUmatchedArgSize(6, args)
 		callback = loginUserWithUsername(apiKey, args)
 
 	case "login_email":
-		failOnUmatchedArgSize(4, args)
+		failOnUmatchedArgSize(6, args)
 		callback = loginUserWithEmail(apiKey, args)
 
 	case "fetch_all":