fix(backend): adjust login logic to throw errors when user not exists…

… on login or already exists on register
B-urb · Sep 26, 2023 · fcfc510 · fcfc510
1 parent 61540dc
commit fcfc510
Show file tree

Hide file tree

Showing 4 changed files with 41 additions and 13 deletions.
diff --git a/src/main/kotlin/com/cardmaster/plugins/CORS.kt b/src/main/kotlin/com/cardmaster/plugins/CORS.kt
@@ -1,5 +1,7 @@
 package com.cardmaster.plugins
 
+import com.cardmaster.util.UserAlreadyExistsException
+import com.cardmaster.util.UserNotFoundException
 import io.ktor.http.*
 import io.ktor.server.application.*
 import io.ktor.server.plugins.cors.routing.*
@@ -9,6 +11,12 @@ import io.ktor.server.response.*
 
 fun Application.configureCORS() {
     install(StatusPages) {
+        exception<UserNotFoundException> { call, cause ->
+            call.respond(HttpStatusCode.Unauthorized, cause.message ?: "User not found")
+        }
+        exception<UserAlreadyExistsException> { call, cause ->
+            call.respond(HttpStatusCode.Conflict, cause.message ?: "User already exists")
+        }
         exception<Throwable> { call, cause ->
             call.respondText(text = "500: $cause", status = HttpStatusCode.InternalServerError)
         }
@@ -19,7 +27,6 @@ fun Application.configureCORS() {
         allowMethod(HttpMethod.Get)
         allowHeader(HttpHeaders.AccessControlAllowOrigin)
         allowHeader(HttpHeaders.ContentType)
-        allowHeadersPrefixed("cardmaster-") //FIXME: Remove and replace with token
         allowCredentials = true
         anyHost()
     }

diff --git a/src/main/kotlin/com/cardmaster/routes/UserRoutes.kt b/src/main/kotlin/com/cardmaster/routes/UserRoutes.kt
@@ -32,8 +32,15 @@ fun Routing.userRoutes() {
         call.respond("Successfully logged in")
     }
     get("loginc") {
-        println("test")
-        if (call.sessions.get<UserSession>() != null) call.respond(HttpStatusCode.OK) else call.respond(HttpStatusCode.Unauthorized)
+        if (call.sessions.get<UserSession>() != null) {
+            call.respond(HttpStatusCode.OK)
+        } else {
+            call.respond(HttpStatusCode.Unauthorized)
+        }
+    }
+    get("logout") {
+        call.sessions.clear<UserSession>()
+        call.respond("Logged out")
     }
 
     route("user") {

diff --git a/src/main/kotlin/com/cardmaster/service/CardMasterService.kt b/src/main/kotlin/com/cardmaster/service/CardMasterService.kt
@@ -7,6 +7,8 @@ import com.cardmaster.model.PlayerGroup
 import com.cardmaster.model.User
 import com.cardmaster.model.UserSparse
 import com.cardmaster.plugins.SurrealDatabase
+import com.cardmaster.util.UserAlreadyExistsException
+import com.cardmaster.util.UserNotFoundException
 import org.koin.core.component.KoinComponent
 import org.koin.core.component.inject
 import java.time.LocalDateTime
@@ -60,12 +62,18 @@ class CardMasterService : KoinComponent {
     }
 
     fun createUser(user: User): User? {
-        val hash = dbClient.driver.query(
-            "SELECT * FROM crypto::scrypt::generate('${user.password}')",
-            emptyMap(), String::class.java
-        ).first().result.first()
-        val persistUser = user.copy(password = hash)
-        return dbClient.driver.create("user:rand()", persistUser)
+        if (dbClient.driver.query("SELECT * from user where mail = '${user.mail}'", emptyMap(), User::class.java)
+                .isEmpty()
+        ) {
+            throw UserAlreadyExistsException(user.mail)
+        } else {
+            val hash = dbClient.driver.query(
+                "SELECT * FROM crypto::scrypt::generate('${user.password}')",
+                emptyMap(), String::class.java
+            ).first().result.first()
+            val persistUser = user.copy(password = hash)
+            return dbClient.driver.create("user:rand()", persistUser)
+        }
     }
 
     fun login(user: User): String {
@@ -74,13 +82,14 @@ class CardMasterService : KoinComponent {
                 "SELECT * from user where username = '${user.username}'",
                 emptyMap(),
                 User::class.java
-            ).first().result.first()
-                ?: throw NoSuchElementException("User not found")
+            )
+        if (savedUser.first().result.isEmpty()) throw UserNotFoundException(user.username)
+        val queryUser = savedUser.first().result.first()
         val passwordCorrect = dbClient.driver.query(
-            "SELECT * FROM crypto::scrypt::compare('${savedUser.password}','${user.password}')",
+            "SELECT * FROM crypto::scrypt::compare('${queryUser.password}','${user.password}')",
             emptyMap(), String::class.java
         ).first().result.first()
-        if (passwordCorrect.toBoolean()) return savedUser.id!! else throw IllegalStateException("Password check failed")
+        if (passwordCorrect.toBoolean()) return queryUser.id!! else throw IllegalStateException("Password check failed")
     }
 
     fun createGroup(group: PlayerGroup): PlayerGroup {

diff --git a/src/main/kotlin/com/cardmaster/util/Exceptions.kt b/src/main/kotlin/com/cardmaster/util/Exceptions.kt
@@ -0,0 +1,5 @@
+package com.cardmaster.util
+
+class UserNotFoundException(val userId: String) : RuntimeException("User with ID $userId not found")
+
+class UserAlreadyExistsException(val email: String) : RuntimeException("User with Mail $email found")