feat: Refactor User entity and datasource to use email and password hashing with salt

2025-03-10 08:05:48 +00:00
parent f567d086ec
commit 3193204dac
9 changed files with 110 additions and 56 deletions
@@ -13,8 +13,9 @@ type UserDBO struct {
 	CreatedAt    time.Time `gorm:"not null"`
 	UpdatedAt    time.Time `gorm:"not null"`
 	LastEditorID ulid.ULID
-	Username     string
-	Password     string
+	Email        string
+	PasswordHash string
+	Salt         string
 	Role         string
 	CompanyID    int
 	HourlyRate   float64
@@ -61,20 +61,23 @@ func (r *TimeEntryDatasource) Create(ctx context.Context, timeEntry *entities.Ti
 }

 func (r *TimeEntryDatasource) Update(ctx context.Context, timeEntry *entities.TimeEntry) error {
-	timeEntryDBO := dbo.TimeEntryDBO{
-		ID:          timeEntry.ID,
-		CreatedAt:   timeEntry.CreatedAt,
-		UpdatedAt:   timeEntry.UpdatedAt,
-		UserID:      timeEntry.UserID,
-		ProjectID:   timeEntry.ProjectID,
-		ActivityID:  timeEntry.ActivityID,
-		Start:       timeEntry.Start,
-		End:         timeEntry.End,
-		Description: timeEntry.Description,
-		Billable:    timeEntry.Billable,
+	var existingEntry dbo.TimeEntryDBO
+	if err := r.db.WithContext(ctx).First(&existingEntry, "id = ?", timeEntry.ID).Error; err != nil {
+		return entities.ErrTimeEntryNotFound
 	}

-	return r.db.WithContext(ctx).Save(&timeEntryDBO).Error
+	updateData := map[string]any{
+		"user_id":     timeEntry.UserID,
+		"project_id":  timeEntry.ProjectID,
+		"activity_id": timeEntry.ActivityID,
+		"start":       timeEntry.Start,
+		"end":         timeEntry.End,
+		"description": timeEntry.Description,
+		"billable":    timeEntry.Billable,
+		"updated_at":  gorm.Expr("NOW()"), // Optional: Automatisches Update-Datum
+	}
+
+	return r.db.WithContext(ctx).Model(&dbo.TimeEntryDBO{}).Where("id = ?", timeEntry.ID).Updates(updateData).Error
 }

 func (r *TimeEntryDatasource) Delete(ctx context.Context, id ulid.ULID) error {
@@ -30,8 +30,8 @@ func (r *UserDatasource) Get(ctx context.Context, id ulid.ULID) (*entities.User,
 			CreatedAt: userDBO.CreatedAt,
 			UpdatedAt: userDBO.UpdatedAt,
 		},
-		Username:   userDBO.Username,
-		Password:   userDBO.Password,
+		Email:      userDBO.Email,
+		Salt:       userDBO.Salt,
 		Role:       userDBO.Role,
 		CompanyID:  userDBO.CompanyID,
 		HourlyRate: userDBO.HourlyRate,
@@ -40,43 +40,57 @@ func (r *UserDatasource) Get(ctx context.Context, id ulid.ULID) (*entities.User,
 	return user, nil
 }

-func (r *UserDatasource) Create(ctx context.Context, user *entities.User) error {
+func (r *UserDatasource) Create(ctx context.Context, user *entities.User, passwordHash string, salt string) error {
+
+	old := r.db.WithContext(ctx).First(&dbo.UserDBO{}, "email = ?", user.Email)
+	if old.Error == nil {
+		return entities.ErrUserAlreadyExists
+	}
+
 	userDBO := dbo.UserDBO{
-		ID:         user.ID,
-		CreatedAt:  user.CreatedAt,
-		UpdatedAt:  user.UpdatedAt,
-		Username:   user.Username,
-		Password:   user.Password,
-		Role:       user.Role,
-		CompanyID:  user.CompanyID,
-		HourlyRate: user.HourlyRate,
+		ID:           user.ID,
+		CreatedAt:    user.CreatedAt,
+		UpdatedAt:    user.UpdatedAt,
+		Email:        user.Email,
+		PasswordHash: passwordHash,
+		Salt:         salt,
+		Role:         user.Role,
+		CompanyID:    user.CompanyID,
+		HourlyRate:   user.HourlyRate,
 	}

 	return r.db.WithContext(ctx).Create(&userDBO).Error
 }

-func (r *UserDatasource) Update(ctx context.Context, user *entities.User) error {
-	userDBO := dbo.UserDBO{
-		ID:         user.ID,
-		CreatedAt:  user.CreatedAt,
-		UpdatedAt:  user.UpdatedAt,
-		Username:   user.Username,
-		Password:   user.Password,
-		Role:       user.Role,
-		CompanyID:  user.CompanyID,
-		HourlyRate: user.HourlyRate,
+func (r *UserDatasource) Update(ctx context.Context, user *entities.User, passwordHash *string) error {
+	var existingUser dbo.UserDBO
+	if err := r.db.WithContext(ctx).First(&existingUser, "id = ?", user.ID).Error; err != nil {
+		return entities.ErrUserNotFound
 	}

-	return r.db.WithContext(ctx).Save(&userDBO).Error
+	// Nur relevante Felder aktualisieren
+	updateData := map[string]interface{}{
+		"email":       user.Email,
+		"role":        user.Role,
+		"company_id":  user.CompanyID,
+		"hourly_rate": user.HourlyRate,
+		"updated_at":  gorm.Expr("NOW()"), // Optional: Automatisch das Update-Datum setzen
+	}
+
+	if passwordHash != nil {
+		updateData["password_hash"] = *passwordHash
+	}
+
+	return r.db.WithContext(ctx).Model(&dbo.UserDBO{}).Where("id = ?", user.ID).Updates(updateData).Error
 }

 func (r *UserDatasource) Delete(ctx context.Context, id ulid.ULID) error {
 	return r.db.WithContext(ctx).Delete(&dbo.UserDBO{}, "id = ?", id).Error
 }

-func (r *UserDatasource) GetByUsername(ctx context.Context, username string) (*entities.User, error) {
+func (r *UserDatasource) GetByEmail(ctx context.Context, email string) (*entities.User, error) {
 	var userDBO dbo.UserDBO
-	if err := r.db.WithContext(ctx).Where("username = ?", username).First(&userDBO).Error; err != nil {
+	if err := r.db.WithContext(ctx).Where("email = ?", email).First(&userDBO).Error; err != nil {
 		return nil, err
 	}

@@ -86,8 +100,8 @@ func (r *UserDatasource) GetByUsername(ctx context.Context, username string) (*e
 			CreatedAt: userDBO.CreatedAt,
 			UpdatedAt: userDBO.UpdatedAt,
 		},
-		Username:   userDBO.Username,
-		Password:   userDBO.Password,
+		Email:      userDBO.Email,
+		Salt:       userDBO.Salt,
 		Role:       userDBO.Role,
 		CompanyID:  userDBO.CompanyID,
 		HourlyRate: userDBO.HourlyRate,