wip(api,cli): refactor models.User

Author: heiytor

api/services/auth.go

@@ -20,6 +20,7 @@ import (
 	"github.com/shellhub-io/shellhub/pkg/api/jwttoken"
 	"github.com/shellhub-io/shellhub/pkg/api/requests"
 	"github.com/shellhub-io/shellhub/pkg/clock"
+	"github.com/shellhub-io/shellhub/pkg/hash"
 	"github.com/shellhub-io/shellhub/pkg/models"
 	"github.com/shellhub-io/shellhub/pkg/uuid"
 	log "github.com/sirupsen/logrus"
@@ -226,7 +227,7 @@ func (s *service) AuthLocalUser(ctx context.Context, req *requests.AuthLocalUser
 		return nil, lockout, "", NewErrAuthUnathorized(nil)
 	}
 
-	if !user.Password.Compare(req.Password) {
+	if !hash.CompareWith(req.Password, user.PasswordDigest) {
 		lockout, _, err := s.cache.StoreLoginAttempt(ctx, sourceIP, user.ID)
 		if err != nil {
 			log.WithError(err).
@@ -285,9 +286,9 @@ func (s *service) AuthLocalUser(ctx context.Context, req *requests.AuthLocalUser
 
 	// Updates last_login and the hash algorithm to bcrypt if still using SHA256
 	changes := &models.UserChanges{LastLogin: clock.Now(), PreferredNamespace: &tenantID}
-	if !strings.HasPrefix(user.Password.Hash, "$") {
-		if neo, _ := models.HashUserPassword(req.Password); neo.Hash != "" {
-			changes.Password = neo.Hash
+	if !strings.HasPrefix(user.PasswordDigest, "$") {
+		if passwordDigest, _ := hash.Do(req.Password); passwordDigest != "" {
+			changes.Password = passwordDigest
 		}
 	}
 
@@ -309,12 +310,12 @@ func (s *service) AuthLocalUser(ctx context.Context, req *requests.AuthLocalUser
 		User:          user.Username,
 		Name:          user.Name,
 		Email:         user.Email,
-		RecoveryEmail: user.RecoveryEmail,
+		RecoveryEmail: user.Preferences.SecurityEmail,
 		MFA:           user.MFA.Enabled,
 		Tenant:        tenantID,
 		Role:          role,
 		Token:         token,
-		MaxNamespaces: user.MaxNamespaces,
+		MaxNamespaces: user.Preferences.MaxNamespaces,
 	}
 
 	return res, 0, "", nil
@@ -393,12 +394,12 @@ func (s *service) CreateUserToken(ctx context.Context, req *requests.CreateUserT
 		User:          user.Username,
 		Name:          user.Name,
 		Email:         user.Email,
-		RecoveryEmail: user.RecoveryEmail,
+		RecoveryEmail: user.Preferences.SecurityEmail,
 		MFA:           user.MFA.Enabled,
 		Tenant:        tenantID,
 		Role:          role,
 		Token:         token,
-		MaxNamespaces: user.MaxNamespaces,
+		MaxNamespaces: user.Preferences.MaxNamespaces,
 	}, nil
 }
 

api/services/namespace.go

@@ -32,15 +32,15 @@ func (s *service) CreateNamespace(ctx context.Context, req *requests.NamespaceCr
 
 	// When MaxNamespaces is less than zero, it means that the user has no limit
 	// of namespaces. If the value is zero, it means he has no right to create a new namespace
-	if user.MaxNamespaces == 0 {
-		return nil, NewErrNamespaceCreationIsForbidden(user.MaxNamespaces, nil)
-	} else if user.MaxNamespaces > 0 {
+	if user.Preferences.MaxNamespaces == 0 {
+		return nil, NewErrNamespaceCreationIsForbidden(user.Preferences.MaxNamespaces, nil)
+	} else if user.Preferences.MaxNamespaces > 0 {
 		info, err := s.store.UserGetInfo(ctx, req.UserID)
 		switch {
 		case err != nil:
 			return nil, err
-		case len(info.OwnedNamespaces) >= user.MaxNamespaces:
-			return nil, NewErrNamespaceLimitReached(user.MaxNamespaces, nil)
+		case len(info.OwnedNamespaces) >= user.Preferences.MaxNamespaces:
+			return nil, NewErrNamespaceLimitReached(user.Preferences.MaxNamespaces, nil)
 		}
 	}
 

api/services/setup.go

@@ -14,6 +14,7 @@ import (
 	"github.com/shellhub-io/shellhub/pkg/api/authorizer"
 	"github.com/shellhub-io/shellhub/pkg/api/requests"
 	"github.com/shellhub-io/shellhub/pkg/clock"
+	"github.com/shellhub-io/shellhub/pkg/hash"
 	"github.com/shellhub-io/shellhub/pkg/models"
 	"github.com/shellhub-io/shellhub/pkg/uuid"
 )
@@ -30,36 +31,26 @@ func (s *service) Setup(ctx context.Context, req requests.Setup) error {
 		return NewErrSetupForbidden(err)
 	}
 
-	data := models.UserData{
-		Name:          req.Name,
-		Email:         req.Email,
-		Username:      req.Username,
-		RecoveryEmail: "",
-	}
-
-	if ok, err := s.validator.Struct(data); !ok || err != nil {
-		return NewErrUserInvalid(nil, err)
-	}
-
-	password, err := models.HashUserPassword(req.Password)
+	passwordDigest, err := hash.Do(req.Password)
 	if err != nil {
 		return NewErrUserPasswordInvalid(err)
 	}
 
-	if ok, err := s.validator.Struct(password); !ok || err != nil {
-		return NewErrUserPasswordInvalid(err)
-	}
-
 	user := &models.User{
-		Origin:   models.UserOriginLocal,
-		UserData: data,
-		Password: password,
+		Origin:         models.UserOriginLocal,
+		Name:           req.Name,
+		Email:          req.Email,
+		Username:       req.Username,
+		PasswordDigest: passwordDigest,
 		// NOTE: user's created from the setup screen doesn't need to be confirmed.
-		Status:        models.UserStatusConfirmed,
-		CreatedAt:     clock.Now(),
-		MaxNamespaces: -1,
+		Status:    models.UserStatusConfirmed,
+		CreatedAt: clock.Now(),
 		Preferences: models.UserPreferences{
-			AuthMethods: []models.UserAuthMethod{models.UserAuthMethodLocal},
+			PreferredNamespace: "",
+			AuthMethods:        []models.UserAuthMethod{models.UserAuthMethodLocal},
+			SecurityEmail:      "",
+			MaxNamespaces:      -1,
+			EmailMarketing:     false,
 		},
 	}
 

api/services/user.go

@@ -5,6 +5,7 @@ import (
 	"strings"
 
 	"github.com/shellhub-io/shellhub/pkg/api/requests"
+	"github.com/shellhub-io/shellhub/pkg/hash"
 	"github.com/shellhub-io/shellhub/pkg/models"
 )
 
@@ -46,12 +47,12 @@ func (s *service) UpdateUser(ctx context.Context, req *requests.UpdateUser) ([]s
 
 	if req.Password != "" {
 		// TODO: test
-		if !user.Password.Compare(req.CurrentPassword) {
+		if !hash.CompareWith(req.CurrentPassword, user.PasswordDigest) {
 			return []string{}, NewErrUserPasswordNotMatch(nil)
 		}
 
-		neo, _ := models.HashUserPassword(req.Password)
-		changes.Password = neo.Hash
+		passwordDigest, _ := hash.Do(req.Password)
+		changes.Password = passwordDigest
 	}
 
 	if err := s.store.UserUpdate(ctx, req.UserID, changes); err != nil {
@@ -70,16 +71,16 @@ func (s *service) UpdatePasswordUser(ctx context.Context, id, currentPassword, n
 		return NewErrUserNotFound(id, err)
 	}
 
-	if !user.Password.Compare(currentPassword) {
+	if !hash.CompareWith(currentPassword, user.PasswordDigest) {
 		return NewErrUserPasswordNotMatch(nil)
 	}
 
-	neo, err := models.HashUserPassword(newPassword)
+	passwordDigest, err := hash.Do(newPassword)
 	if err != nil {
 		return NewErrUserPasswordInvalid(err)
 	}
 
-	if err := s.store.UserUpdate(ctx, id, &models.UserChanges{Password: neo.Hash}); err != nil {
+	if err := s.store.UserUpdate(ctx, id, &models.UserChanges{Password: passwordDigest}); err != nil {
 		return NewErrUserUpdate(user, err)
 	}
 

cli/services/users.go

@@ -3,28 +3,19 @@ package services
 import (
 	"context"
 	"slices"
+	"strings"
 
 	"github.com/shellhub-io/shellhub/cli/pkg/inputs"
-	"github.com/shellhub-io/shellhub/pkg/clock"
+	"github.com/shellhub-io/shellhub/pkg/hash"
 	"github.com/shellhub-io/shellhub/pkg/models"
+	"golang.org/x/text/cases"
+	"golang.org/x/text/language"
 )
 
 // UserCreate adds a new user based on the provided user's data. This method validates data and
 // checks for conflicts.
 func (s *service) UserCreate(ctx context.Context, input *inputs.UserCreate) (*models.User, error) {
-	// TODO: convert username and email to lower case.
-	userData := models.UserData{
-		Name:     input.Username,
-		Email:    input.Email,
-		Username: input.Username,
-	}
-
-	// TODO: validate this at cmd layer
-	if ok, err := s.validator.Struct(userData); !ok || err != nil {
-		return nil, ErrUserDataInvalid
-	}
-
-	if conflicts, has, _ := s.store.UserConflicts(ctx, &models.UserConflicts{Email: userData.Email, Username: userData.Username}); has {
+	if conflicts, has, err := s.store.UserConflicts(ctx, &models.UserConflicts{Email: input.Email}); err != nil || has {
 		containsEmail := slices.Contains(conflicts, "email")
 		containsUsername := slices.Contains(conflicts, "username")
 
@@ -40,34 +31,32 @@ func (s *service) UserCreate(ctx context.Context, input *inputs.UserCreate) (*mo
 		}
 	}
 
-	password, err := models.HashUserPassword(input.Password)
+	passwordDigest, err := hash.Do(input.Password)
 	if err != nil {
 		return nil, ErrUserPasswordInvalid
 	}
 
-	// TODO: validate this at cmd layer
-	if ok, err := s.validator.Struct(password); !ok || err != nil {
-		return nil, ErrUserPasswordInvalid
-	}
-
 	user := &models.User{
-		Origin:        models.UserOriginLocal,
-		UserData:      userData,
-		Password:      password,
-		Status:        models.UserStatusConfirmed,
-		CreatedAt:     clock.Now(),
-		MaxNamespaces: MaxNumberNamespacesCommunity,
+		Origin:         models.UserOriginLocal,
+		ExternalID:     "",
+		Status:         models.UserStatusConfirmed,
+		Name:           cases.Title(language.AmericanEnglish).String(strings.ToLower(input.Username)),
+		Email:          strings.ToLower(input.Email),
+		Username:       strings.ToLower(input.Username),
+		PasswordDigest: passwordDigest,
 		Preferences: models.UserPreferences{
-			AuthMethods: []models.UserAuthMethod{models.UserAuthMethodLocal},
+			PreferredNamespace: "",
+			AuthMethods:        []models.UserAuthMethod{models.UserAuthMethodLocal},
+			SecurityEmail:      "",
+			MaxNamespaces:      -1,
+			EmailMarketing:     false,
 		},
 	}
 
 	if _, err := s.store.UserCreate(ctx, user); err != nil {
 		return nil, ErrCreateNewUser
 	}
 
-	s.store.SystemSet(ctx, "setup", true) //nolint:errcheck
-
 	return user, nil
 }
 
@@ -117,17 +106,12 @@ func (s *service) UserUpdate(ctx context.Context, input *inputs.UserUpdate) erro
 		return ErrUserNotFound
 	}
 
-	password, err := models.HashUserPassword(input.Password)
+	passwordDigest, err := hash.Do(input.Password)
 	if err != nil {
 		return ErrUserPasswordInvalid
 	}
 
-	// TODO: validate this at cmd layer
-	if ok, err := s.validator.Struct(password); !ok || err != nil {
-		return ErrUserPasswordInvalid
-	}
-
-	if err := s.store.UserUpdate(ctx, user.ID, &models.UserChanges{Password: password.Hash}); err != nil {
+	if err := s.store.UserUpdate(ctx, user.ID, &models.UserChanges{Password: passwordDigest}); err != nil {
 		return ErrFailedUpdateUser
 	}