root
/
NAM-APJATEL-BACKEND
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

base: root:40178e7fccb88029bfdc82031ec262330cf9d614
Branches Tags
root:main
root:dev
..
compare: root:2fb3876ee6e980e188fe179977b26c4920507aa5
Branches Tags
root:dev
root:main

No commits in common. "40178e7fccb88029bfdc82031ec262330cf9d614" and "2fb3876ee6e980e188fe179977b26c4920507aa5" have entirely different histories.
40178e7fcc ... 2fb3876ee6

5 changed files with 39 additions and 52 deletions
Show Stats Expand all files Collapse all files

9
delivery/controller/users_controller.go
View File

@ -18,11 +18,8 @@ type UsersController struct {
func (uc *UsersController) Route() { func (uc *UsersController) Route() {
rg:= uc.rg.Group("/users") rg:= uc.rg.Group("/users")
rg.Use(middleware.CORSMiddleware())
rg.Use(middleware.RateLoginMiddleware()) rg.Use(middleware.RateLoginMiddleware())
rg.OPTIONS("/login", func(c *gin.Context) { rg.Use(middleware.CORSMiddleware())
c.Status(http.StatusNoContent)
})
{ {
rg.POST("/login", uc.Login()) rg.POST("/login", uc.Login())
} }
@ -47,7 +44,7 @@ func (uc *UsersController) Login() gin.HandlerFunc {
return return
} }
token,role,name, err := uc.ac.Login(login) token, err := uc.ac.Login(login)
if err != nil { if err != nil {
common.ErrorResponses(c, http.StatusUnauthorized, err.Error()) common.ErrorResponses(c, http.StatusUnauthorized, err.Error())
@ -55,7 +52,7 @@ func (uc *UsersController) Login() gin.HandlerFunc {
} }
common.SingleResponses(c, "Login success", gin.H{"token": token, "role": role, "name": name}) common.SingleResponses(c, "Login success", gin.H{"token": token})
} }
} }

14
middleware/cors_middleware.go
View File

@ -1,20 +1,18 @@
package middleware package middleware
import ( import (
"net/http"
"github.com/gin-gonic/gin" "github.com/gin-gonic/gin"
) )
func CORSMiddleware() gin.HandlerFunc { func CORSMiddleware() gin.HandlerFunc {
return func(c *gin.Context) { return func(c *gin.Context) {
c.Writer.Header().Set("Access-Control-Allow-Origin", "*") // Change to specific domains if needed c.Writer.Header().Set("Access-Control-Allow-Origin", "*")
c.Writer.Header().Set("Access-Control-Allow-Methods", "GET, POST, OPTIONS, PUT, DELETE") c.Writer.Header().Set("Access-Control-Allow-Credentials", "true")
c.Writer.Header().Set("Access-Control-Allow-Headers", "Authorization, Content-Type") c.Writer.Header().Set("Access-Control-Allow-Headers", "Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, accept, origin, Cache-Control, X-Requested-With")
c.Writer.Header().Set("Access-Control-Allow-Methods", "POST, OPTIONS, GET, PUT, DELETE")
// Allow OPTIONS method to pass through if c.Request.Method == "OPTIONS" {
if c.Request.Method == http.MethodOptions { c.AbortWithStatus(204)
c.AbortWithStatus(http.StatusNoContent)
return return
} }

10
middleware/rate_limitter.go
View File

@ -34,7 +34,7 @@ func getLoginLimiter() *rate.Limiter {
limiter, exists := rateLimiters["login"] limiter, exists := rateLimiters["login"]
if !exists { if !exists {
limiter = rate.NewLimiter(rate.Every(1*time.Minute), 10) // 5 request per second with a burst of 10 requests limiter = rate.NewLimiter(rate.Every(1*time.Minute), 4) // 5 request per second with a burst of 10 requests
rateLimiters["login"] = limiter rateLimiters["login"] = limiter
} }
@ -43,10 +43,6 @@ func getLoginLimiter() *rate.Limiter {
func RateLimitMiddleware() gin.HandlerFunc{ func RateLimitMiddleware() gin.HandlerFunc{
return func(c *gin.Context) { return func(c *gin.Context) {
if c.Request.Method == http.MethodOptions {
c.Next()
return
}
userID, exists := c.Get("userID") userID, exists := c.Get("userID")
if !exists { if !exists {
common.ErrorResponses(c, http.StatusUnauthorized, "Unauthorized: No user ID found") common.ErrorResponses(c, http.StatusUnauthorized, "Unauthorized: No user ID found")
@ -68,10 +64,6 @@ func RateLimitMiddleware() gin.HandlerFunc{
func RateLoginMiddleware() gin.HandlerFunc{ func RateLoginMiddleware() gin.HandlerFunc{
return func(c *gin.Context) { return func(c *gin.Context) {
if c.Request.Method == http.MethodOptions {
c.Next()
return
}
limiter := getLoginLimiter() limiter := getLoginLimiter()
if !limiter.Allow() { if !limiter.Allow() {

2
model/dto/req/tower_dto.go
View File

@ -11,7 +11,7 @@ type TowerDTO struct {
type UpdateTowerDTO struct { type UpdateTowerDTO struct {
DeviceID *string `json:"device_id,omitempty" validate:"omitempty,min=3"` DeviceID *string `json:"device_id,omitempty" validate:"omitempty,min=3"`
TowerCode *string `json:"tower_code,omitempty" validate:"omitempty"` TowerCode *string `json:"tower_code,omitempty" validate:"omitempty,alphanum"`
Longitude *float64 `json:"longitude,omitempty" validate:"omitempty,longitude"` Longitude *float64 `json:"longitude,omitempty" validate:"omitempty,longitude"`
Latitude *float64 `json:"latitude,omitempty" validate:"omitempty,latitude"` Latitude *float64 `json:"latitude,omitempty" validate:"omitempty,latitude"`
} }

44
usecase/auth_usecase.go
View File

@ -20,7 +20,7 @@ import (
) )
type AuthUsecase interface { type AuthUsecase interface {
Login(login dto.UserLoginDTO) (string,string, string ,error) Login(login dto.UserLoginDTO) (string, error)
Logout(token string) error Logout(token string) error
} }
@ -38,20 +38,20 @@ func NewAuthUsecase(userRepo repository.UsersRepo, cfg *config.Config) AuthUseca
} }
} }
func (u *authUsecase) Login(login dto.UserLoginDTO) (string, string, string, error) { func (u *authUsecase) Login(login dto.UserLoginDTO) (string, error) {
err := u.validate.Struct(login) err := u.validate.Struct(login)
if err != nil { if err != nil {
return "","","", err return "", err
} }
payload, err := json.Marshal(login) payload, err := json.Marshal(login)
if err != nil { if err != nil {
return "","","", err return "", err
} }
req, err := http.NewRequest("POST", u.cfg.LoginAPI, bytes.NewBuffer(payload)) req, err := http.NewRequest("POST", u.cfg.LoginAPI, bytes.NewBuffer(payload))
if err != nil { if err != nil {
return "","","", err return "", err
} }
req.Header.Set("Content-Type", "application/json") req.Header.Set("Content-Type", "application/json")
@ -60,69 +60,69 @@ func (u *authUsecase) Login(login dto.UserLoginDTO) (string, string, string, err
client := &http.Client{} client := &http.Client{}
resp, err := client.Do(req) resp, err := client.Do(req)
if err != nil { if err != nil {
return "","","", err return "", err
} }
defer resp.Body.Close() defer resp.Body.Close()
if resp.StatusCode != http.StatusOK { if resp.StatusCode != http.StatusOK {
return "","","", errors.New("wrong password or username") return "", errors.New("wrong password or username")
} }
body, err := ioutil.ReadAll(resp.Body) body, err := ioutil.ReadAll(resp.Body)
if err != nil { if err != nil {
return "","","", err return "", err
} }
var authResponse res.AuthResponses var authResponse res.AuthResponses
err = json.Unmarshal(body, &authResponse) err = json.Unmarshal(body, &authResponse)
if err != nil { if err != nil {
return "","","", err return "", err
} }
token := authResponse.Token token := authResponse.Token
meReq, err := http.NewRequest("POST", u.cfg.AuthMeAPI, nil) meReq, err := http.NewRequest("POST", u.cfg.AuthMeAPI, nil)
if err != nil { if err != nil {
return "","","", err return "", err
} }
meReq.Header.Set("Authorization", "Bearer "+token) meReq.Header.Set("Authorization", "Bearer "+token)
meReq.Header.Set("Accept", "application/json") meReq.Header.Set("Accept", "application/json")
meResp, err := client.Do(meReq) meResp, err := client.Do(meReq)
if err != nil { if err != nil {
return "","","", err return "",err
} }
defer meResp.Body.Close() defer meResp.Body.Close()
if meResp.StatusCode != http.StatusOK { if meResp.StatusCode != http.StatusOK {
return "","","", errors.New("failed to validate token: " + meResp.Status) return "", errors.New("failed to validate token: " + meResp.Status)
} }
meBody, err := ioutil.ReadAll(meResp.Body) meBody, err := ioutil.ReadAll(meResp.Body)
if err != nil { if err != nil {
return "","","", err return "", err
} }
var meResponse res.AuthMeResponse var meResponse res.AuthMeResponse
err = json.Unmarshal(meBody, &meResponse) err = json.Unmarshal(meBody, &meResponse)
if err != nil { if err != nil {
return "","","", err return "", err
} }
departemen := meResponse.Data.Departemen departemen := meResponse.Data.Departemen
if departemen != "Teknisi" { if departemen != "Teknisi" {
return "","","", errors.New("user is not a technician") return "", errors.New("user is not a technician")
} }
role , err := u.userRepo.GetRoleByDepartment(departemen) role , err := u.userRepo.GetRoleByDepartment(departemen)
if err != nil { if err != nil {
return "","","", err return "", err
} }
password, err := utils.HashPassword(login.Password) password, err := utils.HashPassword(login.Password)
if err != nil { if err != nil {
return "error while hasing password: ","", "", err return "error while hasing password: ", err
} }
isUserExist, err := u.userRepo.GetUserByUsername(login.Username) isUserExist, err := u.userRepo.GetUserByUsername(login.Username)
@ -130,12 +130,12 @@ func (u *authUsecase) Login(login dto.UserLoginDTO) (string, string, string, err
if isUserExist.ID != uuid.Nil { if isUserExist.ID != uuid.Nil {
// Validate the password // Validate the password
if !utils.CheckPasswordHash(login.Password, isUserExist.Password) { if !utils.CheckPasswordHash(login.Password, isUserExist.Password) {
return "","","", errors.New("incorrect password") return "", errors.New("incorrect password")
} }
return token, role.Name, isUserExist.Name, nil return token, nil
}else if err != nil && err != gorm.ErrRecordNotFound { }else if err != nil && err != gorm.ErrRecordNotFound {
return "ERROR WHILE SEARCHING USERNAME","", "", err return "ERROR WHILE SEARCHING USERNAME", err
} }
@ -151,10 +151,10 @@ func (u *authUsecase) Login(login dto.UserLoginDTO) (string, string, string, err
err = u.userRepo.Post(user) err = u.userRepo.Post(user)
if err != nil { if err != nil {
return "","","", err return "", err
} }
return token, user.Role.Name, user.Name, nil return token,nil
} }
func (u *authUsecase) Logout(token string) error { func (u *authUsecase) Logout(token string) error {