diff --git a/.dockerignore b/.dockerignore index 36ad821..ccbe03a 100644 --- a/.dockerignore +++ b/.dockerignore @@ -9,11 +9,4 @@ tmp/ .idea/ *.log coverage.out -rideaware-api -__pycache__/ -*.py[cod] -.venv/ -venv/ -dist/ -build/ -node_modules/ \ No newline at end of file +rideaware-api \ No newline at end of file diff --git a/README.md b/README.md index d8f01d3..65ce1b9 100644 --- a/README.md +++ b/README.md @@ -29,7 +29,7 @@ Ensure you have the following installed on your system: 2. **Install Go Dependencies** - ```bash + ```bash go mod tidy ``` @@ -51,10 +51,8 @@ PG_USER=your_postgres_user PG_PASSWORD=your_postgres_password # Application Configuration -# SECRET_KEY should be a random 32+ byte string; rotate on compromise. SECRET_KEY=your_secret_key_for_sessions PORT=8080 -PG_SSLMODE=require # use "disable" only for local dev # Email Configuration (Optional) SMTP_SERVER=your_smtp_server @@ -71,7 +69,7 @@ SMTP_PASSWORD=your_email_password go run main.go ``` -The application will be available at [http://localhost:8080](http://localhost:8080). +The application will be available at http://localhost:8080. #### Production Mode @@ -102,7 +100,7 @@ docker build -t rideaware-api . docker run -d -p 8080:8080 --env-file .env rideaware-api ``` -The application will be available at [http://localhost:8080](http://localhost:8080). +The application will be available at http://localhost:8080. ### Example Dockerfile diff --git a/config/database.go b/config/database.go index f6f72b3..be6ad8e 100644 --- a/config/database.go +++ b/config/database.go @@ -4,7 +4,6 @@ import ( "fmt" "log" "os" - "time" "gorm.io/driver/postgres" "gorm.io/gorm" @@ -17,6 +16,7 @@ func InitDB() *gorm.DB { user := os.Getenv("PG_USER") password := os.Getenv("PG_PASSWORD") + // Try with quoted password dsn := fmt.Sprintf(`host=%s port=%s user=%s password='%s' dbname=%s sslmode=disable`, host, port, user, password, database) @@ -24,19 +24,5 @@ func InitDB() *gorm.DB { if err != nil { log.Fatal("Failed to connect to database:", err) } - - sqlDB, err := db.DB() - if err != nil { - log.Fatal("Failed to get sql.DB from gorm:", err) - } - - sqlDB.SetMaxOpenConns(25) - sqlDB.SetMaxIdleConns(25) - sqlDB.SetConnMaxLifetime(30 * time.Minute) - - if err != nil { - log.Fatal("Database ping failed:", err) - } - return db } diff --git a/main.go b/main.go index 215c2a6..8128f9f 100644 --- a/main.go +++ b/main.go @@ -2,7 +2,6 @@ package main import ( "log" - "net/http" "os" "github.com/gin-contrib/cors" @@ -37,22 +36,8 @@ func main() { r.Use(cors.Default()) // Session middleware - secret := os.Getenv("SECRET_KEY") - if len(secret) < 32 { - log.Fatal("SECRET_KEY must be at least 32 bytes") - } - - authKey := []byte(secret) - encKey := []byte(secret[:32]) - store := cookie.NewStore(authKey, encKey) - store.Options(sessions.Options{ - Path: "/", - MaxAge: 60 * 80 * 24 * 7, // 7 days - HttpOnly: true, - Secure: os.Getenv("ENV") == "production", - SameSite: http.SameSiteLaxMode, - }) - r.Use(sessions.Sessions("rideaware-session", store)) + store := cookie.NewStore([]byte(os.Getenv("SECRET_KEY"))) + r.Use(sessions.Sessions("session", store)) // Health check endpoint r.GET("/health", func(c *gin.Context) { diff --git a/services/user_service.go b/services/user_service.go index c34d8a4..1640cb4 100644 --- a/services/user_service.go +++ b/services/user_service.go @@ -3,7 +3,6 @@ package services import ( "errors" "log" - "net/mail" "strings" "github.com/rideaware/rideaware-api/models" @@ -28,7 +27,7 @@ func (s *UserService) CreateUser(username, email, password string) (*models.User } // Basic email validation - if _, err := mail.ParseAddress(email); err != nil { + if !strings.Contains(email, "@") { return nil, errors.New("invalid email format") } @@ -58,20 +57,17 @@ func (s *UserService) CreateUser(username, email, password string) (*models.User func (s *UserService) VerifyUser(username, password string) (*models.User, error) { var user models.User - identifier := strings.TrimSpace(username) - if err := s.db.Where("username = ? OR email = ?", identifier, strings.ToLower(identifier)).First(&user).Error; err != nil { - if errors.Is(err, gorm.ErrRecordNotFound) { - return nil, errors.New("invalid username or password") - } - log.Printf("DB error during VerifyUser: %v", err) + // Allow login with either username or email + if err := s.db.Where("username = ? OR email = ?", username, username).First(&user).Error; err != nil { + log.Printf("User not found: %s", username) return nil, errors.New("invalid username or password") } if !user.CheckPassword(password) { - log.Printf("Invalid credentials") + log.Printf("Invalid password for user: %s", username) return nil, errors.New("invalid username or password") } - log.Printf("User login succeeded") + log.Printf("User verified: %s", username) return &user, nil }