rogueserver/api/account.go

package api

import (
	"bytes"
	"crypto/rand"
	"database/sql"
	"encoding/base64"
	"fmt"
	"os"
	"regexp"
	"strconv"
	"time"

	"github.com/Flashfyre/pokerogue-server/db"
	"golang.org/x/crypto/argon2"
)

const (
	UUIDSize      = 16
	ArgonTime     = 1
	ArgonMemory   = 256 * 1024
	ArgonThreads  = 4
	ArgonKeySize  = 32
	ArgonSaltSize = 16
)

var isValidUsername = regexp.MustCompile(`^\w{1,16}$`).MatchString

type AccountInfoResponse struct {
	Username        string `json:"username"`
	LastSessionSlot int    `json:"lastSessionSlot"`
}

// /account/info - get account info
func handleAccountInfo(username string, uuid []byte) (AccountInfoResponse, error) {
	var latestSave time.Time
	latestSaveID := -1
	for id := range sessionSlotCount {
		fileName := "session"
		if id != 0 {
			fileName += strconv.Itoa(id)
		}

		stat, err := os.Stat(fmt.Sprintf("userdata/%x/%s.pzs", uuid, fileName))
		if err != nil {
			continue
		}

		if stat.ModTime().After(latestSave) {
			latestSave = stat.ModTime()
			latestSaveID = id
		}
	}

	return AccountInfoResponse{Username: username, LastSessionSlot: latestSaveID}, nil
}

type AccountRegisterRequest GenericAuthRequest

// /account/register - register account
func handleAccountRegister(request AccountRegisterRequest) error {
	if !isValidUsername(request.Username) {
		return fmt.Errorf("invalid username")
	}

	if len(request.Password) < 6 {
		return fmt.Errorf("invalid password")
	}

	uuid := make([]byte, UUIDSize)
	_, err := rand.Read(uuid)
	if err != nil {
		return fmt.Errorf("failed to generate uuid: %s", err)
	}

	salt := make([]byte, ArgonSaltSize)
	_, err = rand.Read(salt)
	if err != nil {
		return fmt.Errorf(fmt.Sprintf("failed to generate salt: %s", err))
	}

	err = db.AddAccountRecord(uuid, request.Username, argon2.IDKey([]byte(request.Password), salt, ArgonTime, ArgonMemory, ArgonThreads, ArgonKeySize), salt)
	if err != nil {
		return fmt.Errorf("failed to add account record: %s", err)
	}

	return nil
}

type AccountLoginRequest GenericAuthRequest
type AccountLoginResponse GenericAuthResponse

// /account/login - log into account
func handleAccountLogin(request AccountLoginRequest) (AccountLoginResponse, error) {
	if !isValidUsername(request.Username) {
		return AccountLoginResponse{}, fmt.Errorf("invalid username")
	}

	if len(request.Password) < 6 {
		return AccountLoginResponse{}, fmt.Errorf("invalid password")
	}

	key, salt, err := db.FetchAccountKeySaltFromUsername(request.Username)
	if err != nil {
		if err == sql.ErrNoRows {
			return AccountLoginResponse{}, fmt.Errorf("account doesn't exist")
		}

		return AccountLoginResponse{}, err
	}

	if !bytes.Equal(key, argon2.IDKey([]byte(request.Password), salt, ArgonTime, ArgonMemory, ArgonThreads, ArgonKeySize)) {
		return AccountLoginResponse{}, fmt.Errorf("password doesn't match")
	}

	token := make([]byte, 32)
	_, err = rand.Read(token)
	if err != nil {
		return AccountLoginResponse{}, fmt.Errorf("failed to generate token: %s", err)
	}

	err = db.AddAccountSession(request.Username, token)
	if err != nil {
		return AccountLoginResponse{}, fmt.Errorf("failed to add account session")
	}

	return AccountLoginResponse{Token: base64.StdEncoding.EncodeToString(token)}, nil
}

// /account/logout - log out of account
func handleAccountLogout(token []byte) error {
	if len(token) != 32 {
		return fmt.Errorf("invalid token")
	}

	err := db.RemoveSessionFromToken(token)
	if err != nil {
		if err == sql.ErrNoRows {
			return fmt.Errorf("token not found")
		}

		return fmt.Errorf("failed to remove account session")
	}

	return nil
}
Add changes so far 11 months ago			`package api`

			`import (`
More changes 11 months ago			`"bytes"`
			`"crypto/rand"`
			`"database/sql"`
Add changes so far 11 months ago			`"encoding/base64"`
			`"fmt"`
Add hasGameSession to account info response 10 months ago			`"os"`
More changes 11 months ago			`"regexp"`
Add session save slots 8 months ago			`"strconv"`
			`"time"`
Add changes so far 11 months ago
			`"github.com/Flashfyre/pokerogue-server/db"`
More changes 11 months ago			`"golang.org/x/crypto/argon2"`
Add changes so far 11 months ago			`)`

More changes 11 months ago			`const (`
Various styling changes 7 months ago			`UUIDSize = 16`
			`ArgonTime = 1`
			`ArgonMemory = 256 * 1024`
			`ArgonThreads = 4`
			`ArgonKeySize = 32`
			`ArgonSaltSize = 16`
More changes 11 months ago			`)`

Fix minimum username length 11 months ago			var isValidUsername = regexp.MustCompile(`^\w{1,16}$`).MatchString
More changes 11 months ago
Add session save slots 8 months ago			`type AccountInfoResponse struct {`
			Username string `json:"username"`
			LastSessionSlot int `json:"lastSessionSlot"`
Add changes so far 11 months ago			`}`

Various changes 7 months ago			`// /account/info - get account info`
Major refactor of API 7 months ago			`func handleAccountInfo(username string, uuid []byte) (AccountInfoResponse, error) {`
Various styling changes 7 months ago			`var latestSave time.Time`
			`latestSaveID := -1`
Add session save slots 8 months ago			`for id := range sessionSlotCount {`
			`fileName := "session"`
			`if id != 0 {`
			`fileName += strconv.Itoa(id)`
			`}`

			`stat, err := os.Stat(fmt.Sprintf("userdata/%x/%s.pzs", uuid, fileName))`
			`if err != nil {`
			`continue`
			`}`

Various styling changes 7 months ago			`if stat.ModTime().After(latestSave) {`
			`latestSave = stat.ModTime()`
			`latestSaveID = id`
Add session save slots 8 months ago			`}`
			`}`
Add hasGameSession to account info response 10 months ago
Major refactor of API 7 months ago			`return AccountInfoResponse{Username: username, LastSessionSlot: latestSaveID}, nil`
Add changes so far 11 months ago			`}`

			`type AccountRegisterRequest GenericAuthRequest`

Various changes 7 months ago			`// /account/register - register account`
Pass struct to handleAccountLogin and handleAccountRegister 7 months ago			`func handleAccountRegister(request AccountRegisterRequest) error {`
			`if !isValidUsername(request.Username) {`
Major refactor of API 7 months ago			`return fmt.Errorf("invalid username")`
Add changes so far 11 months ago			`}`

Pass struct to handleAccountLogin and handleAccountRegister 7 months ago			`if len(request.Password) < 6 {`
Major refactor of API 7 months ago			`return fmt.Errorf("invalid password")`
More changes 11 months ago			`}`

Various styling changes 7 months ago			`uuid := make([]byte, UUIDSize)`
Major refactor of API 7 months ago			`_, err := rand.Read(uuid)`
More changes 11 months ago			`if err != nil {`
Major refactor of API 7 months ago			`return fmt.Errorf("failed to generate uuid: %s", err)`
More changes 11 months ago			`}`

Various styling changes 7 months ago			`salt := make([]byte, ArgonSaltSize)`
More changes 11 months ago			`_, err = rand.Read(salt)`
			`if err != nil {`
Major refactor of API 7 months ago			`return fmt.Errorf(fmt.Sprintf("failed to generate salt: %s", err))`
More changes 11 months ago			`}`

Pass struct to handleAccountLogin and handleAccountRegister 7 months ago			`err = db.AddAccountRecord(uuid, request.Username, argon2.IDKey([]byte(request.Password), salt, ArgonTime, ArgonMemory, ArgonThreads, ArgonKeySize), salt)`
More changes 11 months ago			`if err != nil {`
Major refactor of API 7 months ago			`return fmt.Errorf("failed to add account record: %s", err)`
More changes 11 months ago			`}`

Major refactor of API 7 months ago			`return nil`
Add changes so far 11 months ago			`}`

			`type AccountLoginRequest GenericAuthRequest`
			`type AccountLoginResponse GenericAuthResponse`

Various changes 7 months ago			`// /account/login - log into account`
Pass struct to handleAccountLogin and handleAccountRegister 7 months ago			`func handleAccountLogin(request AccountLoginRequest) (AccountLoginResponse, error) {`
			`if !isValidUsername(request.Username) {`
Major refactor of API 7 months ago			`return AccountLoginResponse{}, fmt.Errorf("invalid username")`
More changes 11 months ago			`}`

Pass struct to handleAccountLogin and handleAccountRegister 7 months ago			`if len(request.Password) < 6 {`
Major refactor of API 7 months ago			`return AccountLoginResponse{}, fmt.Errorf("invalid password")`
More changes 11 months ago			`}`

Pass struct to handleAccountLogin and handleAccountRegister 7 months ago			`key, salt, err := db.FetchAccountKeySaltFromUsername(request.Username)`
More changes 11 months ago			`if err != nil {`
			`if err == sql.ErrNoRows {`
Major refactor of API 7 months ago			`return AccountLoginResponse{}, fmt.Errorf("account doesn't exist")`
More changes 11 months ago			`}`

Major refactor of API 7 months ago			`return AccountLoginResponse{}, err`
More changes 11 months ago			`}`

Pass struct to handleAccountLogin and handleAccountRegister 7 months ago			`if !bytes.Equal(key, argon2.IDKey([]byte(request.Password), salt, ArgonTime, ArgonMemory, ArgonThreads, ArgonKeySize)) {`
Major refactor of API 7 months ago			`return AccountLoginResponse{}, fmt.Errorf("password doesn't match")`
More changes 11 months ago			`}`

Fix generated token size 11 months ago			`token := make([]byte, 32)`
More changes 11 months ago			`_, err = rand.Read(token)`
			`if err != nil {`
Major refactor of API 7 months ago			`return AccountLoginResponse{}, fmt.Errorf("failed to generate token: %s", err)`
More changes 11 months ago			`}`

Pass struct to handleAccountLogin and handleAccountRegister 7 months ago			`err = db.AddAccountSession(request.Username, token)`
More changes 11 months ago			`if err != nil {`
Major refactor of API 7 months ago			`return AccountLoginResponse{}, fmt.Errorf("failed to add account session")`
More changes 11 months ago			`}`

Major refactor of API 7 months ago			`return AccountLoginResponse{Token: base64.StdEncoding.EncodeToString(token)}, nil`
Add changes so far 11 months ago			`}`

Update endpoint comments 11 months ago			`// /account/logout - log out of account`
Major refactor of API 7 months ago			`func handleAccountLogout(token []byte) error {`
More changes 11 months ago			`if len(token) != 32 {`
Major refactor of API 7 months ago			`return fmt.Errorf("invalid token")`
More changes 11 months ago			`}`

Major refactor of API 7 months ago			`err := db.RemoveSessionFromToken(token)`
More changes 11 months ago			`if err != nil {`
			`if err == sql.ErrNoRows {`
Major refactor of API 7 months ago			`return fmt.Errorf("token not found")`
More changes 11 months ago			`}`

Major refactor of API 7 months ago			`return fmt.Errorf("failed to remove account session")`
More changes 11 months ago			`}`
Add changes so far 11 months ago
Major refactor of API 7 months ago			`return nil`
Add changes so far 11 months ago			`}`