Add user creation and password update

Author: arran4

Dockerfile

@@ -11,7 +11,7 @@ ENV GBM_CSS_COLUMNS=""
 ENV GBM_NAMESPACE=""
 ENV FAVICON_CACHE_DIR=/data/favicons
 ENV FAVICON_CACHE_SIZE=20971520
-ENV JSON_DB_PATH=/db/gobookmarks
+ENV LOCAL_GIT_PATH=/db/gobookmarks
 ENV GOBM_ENV_FILE=/etc/gobookmarks/gobookmarks.env
 ENV GOBM_CONFIG_FILE=/etc/gobookmarks/config.json
 EXPOSE 8080

README.md

@@ -81,7 +81,7 @@ Configuration values can be supplied as environment variables, via a JSON config
 | `FAVICON_CACHE_SIZE` | Maximum size in bytes of the favicon cache before old icons are removed. Defaults to `20971520`. |
 | `GITHUB_SERVER` | Base URL for GitHub (set for GitHub Enterprise). |
 | `GITLAB_SERVER` | Base URL for GitLab (self-hosted). |
-| `JSON_DB_PATH` | Directory used for the local JSON provider. |
+| `LOCAL_GIT_PATH` | Directory used for the local git provider. |
 | `GOBM_ENV_FILE` | Path to a file of `KEY=VALUE` pairs loaded before the environment. Defaults to `/etc/gobookmarks/gobookmarks.env`. |
 | `GOBM_CONFIG_FILE` | Path to the JSON config file. If unset the program uses `$XDG_CONFIG_HOME/gobookmarks/config.json` or `$HOME/.config/gobookmarks/config.json` for normal users and `/etc/gobookmarks/config.json` when run as root. |
 
@@ -126,10 +126,12 @@ and both service files run the daemon as `gobookmarks`.
 ### Docker
 
 The Docker image continues to work as before.  Mount `/data` if you need
-persistent storage and mount `/db` for the JSON provider. Pass the same environment variables as listed above. The JSON provider stores data under
-`$JSON_DB_PATH/<sha256(username)>/` with a `.password` file containing the bcrypt hash,
-`bookmarks.txt`, `branches.txt`, `tags.txt` and a tar archive per branch.
-Login with this provider via `/login/json` using the username and password that match the stored bcrypt hash.
+persistent storage and mount `/db` for the git provider. Pass the same environment variables as listed above. The git provider stores data under
+`$LOCAL_GIT_PATH/<sha256(username)>/` as a git repository with a `.password` file containing the bcrypt hash.
+Create an account via `/signup/git`. This stores the password hash under
+`$LOCAL_GIT_PATH/<sha256(username)>/.password` and creates the repository. Log in
+later via `/login/git` using the same credentials. Passwords can be updated with
+the provider's SetPassword method.
 Favicons are cached on disk under `/data/favicons` by default. Set
 `FAVICON_CACHE_DIR` to an empty string to disable disk caching.
 You can also mount a config file and env file:

authHandlers.go

@@ -2,18 +2,13 @@ package gobookmarks
 
 import (
 	"context"
-	"crypto/sha256"
-	"encoding/hex"
 	"errors"
 	"fmt"
 	"github.com/gorilla/mux"
 	"github.com/gorilla/securecookie"
 	"github.com/gorilla/sessions"
-	"golang.org/x/crypto/bcrypt"
 	"log"
 	"net/http"
-	"os"
-	"path/filepath"
 )
 
 func UserLogoutAction(w http.ResponseWriter, r *http.Request) error {
@@ -125,19 +120,24 @@ func Oauth2CallbackPage(w http.ResponseWriter, r *http.Request) error {
 	return nil
 }
 
-func JSONLoginAction(w http.ResponseWriter, r *http.Request) error {
+func GitLoginAction(w http.ResponseWriter, r *http.Request) error {
 	session, err := getSession(w, r)
 	if err != nil {
 		return fmt.Errorf("session error: %w", err)
 	}
 	user := r.FormValue("username")
 	pass := r.FormValue("password")
-	data, err := os.ReadFile(userPasswordPath(user))
-	if err != nil || bcrypt.CompareHashAndPassword(data, []byte(pass)) != nil {
-		http.Redirect(w, r, "/login/json?error=invalid", http.StatusSeeOther)
+	p := GetProvider("git")
+	ph, ok := p.(PasswordHandler)
+	if !ok {
+		return fmt.Errorf("password handler not available")
+	}
+	okPass, err := ph.CheckPassword(r.Context(), user, pass)
+	if err != nil || !okPass {
+		http.Redirect(w, r, "/login/git?error=invalid", http.StatusSeeOther)
 		return nil
 	}
-	session.Values["Provider"] = "json"
+	session.Values["Provider"] = "git"
 	session.Values["GithubUser"] = &User{Login: user}
 	session.Values["Token"] = nil
 	session.Values["version"] = version
@@ -147,34 +147,27 @@ func JSONLoginAction(w http.ResponseWriter, r *http.Request) error {
 	return nil
 }
 
-func JSONSignupAction(w http.ResponseWriter, r *http.Request) error {
+func GitSignupAction(w http.ResponseWriter, r *http.Request) error {
 	user := r.FormValue("username")
 	pass := r.FormValue("password")
-	p := userPasswordPath(user)
-	if _, err := os.Stat(p); err == nil {
-		http.Redirect(w, r, "/login/json?error=exists", http.StatusSeeOther)
-		return nil
-	} else if !os.IsNotExist(err) {
-		return fmt.Errorf("stat: %w", err)
-	}
-	if err := os.MkdirAll(filepath.Dir(p), 0700); err != nil {
-		return fmt.Errorf("mkdir: %w", err)
-	}
-	hash, err := bcrypt.GenerateFromPassword([]byte(pass), bcrypt.DefaultCost)
-	if err != nil {
-		return fmt.Errorf("hash: %w", err)
+	prov := GetProvider("git")
+	ph, ok := prov.(PasswordHandler)
+	if !ok {
+		return fmt.Errorf("password handler not available")
+	}
+	if err := ph.CreateUser(r.Context(), user, pass); err != nil {
+		if errors.Is(err, ErrUserExists) {
+			http.Redirect(w, r, "/login/git?error=exists", http.StatusSeeOther)
+			return nil
+		}
+		return err
 	}
-	if err := os.WriteFile(p, hash, 0600); err != nil {
-		return fmt.Errorf("write: %w", err)
+	if err := prov.CreateRepo(r.Context(), user, nil, RepoName); err != nil {
+		return err
 	}
 	return nil
 }
 
-func userPasswordPath(user string) string {
-	uh := sha256.Sum256([]byte(user))
-	return filepath.Join(JSONDBPath, hex.EncodeToString(uh[:]), ".password")
-}
-
 func UserAdderMiddleware(next http.Handler) http.Handler {
 	return http.HandlerFunc(func(writer http.ResponseWriter, request *http.Request) {
 		// Get the session.

bookmarkActionHandlers.go

@@ -18,9 +18,6 @@ func BookmarksEditSaveAction(w http.ResponseWriter, r *http.Request) error {
 	ref := r.PostFormValue("ref")
 	sha := r.PostFormValue("sha")
 	repoName := RepoName
-	if r.PostFormValue("repoName") != "" {
-		repoName = r.PostFormValue("repoName")
-	}
 
 	login := ""
 	if githubUser != nil {
@@ -30,7 +27,7 @@ func BookmarksEditSaveAction(w http.ResponseWriter, r *http.Request) error {
 	_, curSha, err := GetBookmarks(r.Context(), login, ref, token)
 	if err != nil {
 		if errors.Is(err, ErrRepoNotFound) {
-			return renderCreateRepoPrompt(w, r, repoName, text, branch, ref, sha, nil)
+			return renderCreateRepoPrompt(w, r, text, branch, ref, sha, nil)
 		}
 		return fmt.Errorf("GetBookmarks: %w", err)
 	}
@@ -44,9 +41,8 @@ func BookmarksEditSaveAction(w http.ResponseWriter, r *http.Request) error {
 			return fmt.Errorf("create repo: %w", ErrNoProvider)
 		}
 		if err := p.CreateRepo(r.Context(), login, token, repoName); err != nil {
-			return renderCreateRepoPrompt(w, r, repoName, text, branch, ref, sha, err)
+			return renderCreateRepoPrompt(w, r, text, branch, ref, sha, err)
 		}
-		RepoName = repoName
 		if err := CreateBookmarks(r.Context(), login, token, branch, text); err != nil {
 			return fmt.Errorf("createBookmark error: %w", err)
 		}
@@ -55,7 +51,7 @@ func BookmarksEditSaveAction(w http.ResponseWriter, r *http.Request) error {
 
 	if err := UpdateBookmarks(r.Context(), login, token, ref, branch, text, curSha); err != nil {
 		if errors.Is(err, ErrRepoNotFound) {
-			return renderCreateRepoPrompt(w, r, repoName, text, branch, ref, sha, nil)
+			return renderCreateRepoPrompt(w, r, text, branch, ref, sha, nil)
 		}
 		return fmt.Errorf("updateBookmark error: %w", err)
 	}
@@ -117,18 +113,16 @@ func CategoryEditSaveAction(w http.ResponseWriter, r *http.Request) error {
 	return nil
 }
 
-func renderCreateRepoPrompt(w http.ResponseWriter, r *http.Request, repoName, text, branch, ref, sha string, err error) error {
+func renderCreateRepoPrompt(w http.ResponseWriter, r *http.Request, text, branch, ref, sha string, err error) error {
 	data := struct {
 		*CoreData
-		RepoName string
-		Text     string
-		Branch   string
-		Ref      string
-		Sha      string
-		Error    string
+		Text   string
+		Branch string
+		Ref    string
+		Sha    string
+		Error  string
 	}{
 		CoreData: r.Context().Value(ContextValues("coreData")).(*CoreData),
-		RepoName: repoName,
 		Text:     text,
 		Branch:   branch,
 		Ref:      ref,

cmd/gobookmarks/main.go

@@ -71,7 +71,7 @@ func main() {
 			}
 			return 0
 		}(),
-		JSONDBPath: os.Getenv("JSON_DB_PATH"),
+		LocalGitPath: os.Getenv("LOCAL_GIT_PATH"),
 	}
 
 	configPath := DefaultConfigPath()
@@ -88,7 +88,7 @@ func main() {
 	var glServerFlag stringFlag
 	var faviconDirFlag stringFlag
 	var faviconSizeFlag stringFlag
-	var jsonPathFlag stringFlag
+	var localGitPathFlag stringFlag
 	var columnFlag boolFlag
 	var versionFlag bool
 	var dumpConfig bool
@@ -104,7 +104,7 @@ func main() {
 	flag.Var(&faviconSizeFlag, "favicon-cache-size", "max size of favicon cache in bytes")
 	flag.Var(&ghServerFlag, "github-server", "GitHub base URL")
 	flag.Var(&glServerFlag, "gitlab-server", "GitLab base URL")
-	flag.Var(&jsonPathFlag, "json-db-path", "JSON database path")
+	flag.Var(&localGitPathFlag, "local-git-path", "directory for local git provider")
 	flag.Var(&columnFlag, "css-columns", "use CSS columns")
 	flag.BoolVar(&versionFlag, "version", false, "show version")
 	flag.BoolVar(&dumpConfig, "dump-config", false, "print merged config and exit")
@@ -163,8 +163,8 @@ func main() {
 	if glServerFlag.set {
 		cfg.GitlabServer = glServerFlag.value
 	}
-	if jsonPathFlag.set {
-		cfg.JSONDBPath = jsonPathFlag.value
+	if localGitPathFlag.set {
+		cfg.LocalGitPath = localGitPathFlag.value
 	}
 
 	if dumpConfig {
@@ -191,8 +191,8 @@ func main() {
 	} else {
 		FaviconCacheSize = DefaultFaviconCacheSize
 	}
-	if cfg.JSONDBPath != "" {
-		JSONDBPath = cfg.JSONDBPath
+	if cfg.LocalGitPath != "" {
+		LocalGitPath = cfg.LocalGitPath
 	}
 	githubID := cfg.GithubClientID
 	githubSecret := cfg.GithubSecret
@@ -254,9 +254,9 @@ func main() {
 	r.HandleFunc("/history/commits", runTemplate("historyCommits.gohtml")).Methods("GET").MatcherFunc(RequiresAnAccount())
 
 	r.HandleFunc("/login", runTemplate("loginPage.gohtml")).Methods("GET")
-	r.HandleFunc("/login/json", runTemplate("jsonLoginPage.gohtml")).Methods("GET")
-	r.HandleFunc("/login/json", runHandlerChain(JSONLoginAction, redirectToHandler("/"))).Methods("POST")
-	r.HandleFunc("/signup/json", runHandlerChain(JSONSignupAction, redirectToHandler("/login/json"))).Methods("POST")
+	r.HandleFunc("/login/git", runTemplate("gitLoginPage.gohtml")).Methods("GET")
+	r.HandleFunc("/login/git", runHandlerChain(GitLoginAction, redirectToHandler("/"))).Methods("POST")
+	r.HandleFunc("/signup/git", runHandlerChain(GitSignupAction, redirectToHandler("/login/git"))).Methods("POST")
 	r.HandleFunc("/login/{provider}", runHandlerChain(LoginWithProvider)).Methods("GET")
 	r.HandleFunc("/logout", runHandlerChain(UserLogoutAction, runTemplate("logoutPage.gohtml"))).Methods("GET")
 	r.HandleFunc("/oauth2Callback", runHandlerChain(Oauth2CallbackPage, redirectToHandler("/"))).Methods("GET")

config.go

@@ -23,7 +23,7 @@ type Config struct {
 	GitlabServer     string `json:"gitlab_server"`
 	FaviconCacheDir  string `json:"favicon_cache_dir"`
 	FaviconCacheSize int64  `json:"favicon_cache_size"`
-	JSONDBPath       string `json:"json_db_path"`
+	LocalGitPath     string `json:"local_git_path"`
 }
 
 // LoadConfigFile loads configuration from the given path if it exists.
@@ -78,8 +78,8 @@ func MergeConfig(dst *Config, src Config) {
 	if src.FaviconCacheSize != 0 {
 		dst.FaviconCacheSize = src.FaviconCacheSize
 	}
-	if src.JSONDBPath != "" {
-		dst.JSONDBPath = src.JSONDBPath
+	if src.LocalGitPath != "" {
+		dst.LocalGitPath = src.LocalGitPath
 	}
 }
 

data_test.go

@@ -151,13 +151,12 @@ func TestExecuteTemplates(t *testing.T) {
 		}{baseData.CoreData, "boom"}},
 		{"createRepo", "createRepo.gohtml", struct {
 			*CoreData
-			RepoName string
-			Text     string
-			Branch   string
-			Ref      string
-			Sha      string
-			Error    string
-		}{baseData.CoreData, "MyBookmarks", "text", "main", "ref", "sha", ""}},
+			Text   string
+			Branch string
+			Ref    string
+			Sha    string
+			Error  string
+		}{baseData.CoreData, "text", "main", "ref", "sha", ""}},
 	}
 
 	for _, tt := range pages {

errors.go

@@ -15,3 +15,9 @@ var ErrSignedOut = errors.New("signed out")
 
 // ErrNoProvider indicates that no provider was selected for the request.
 var ErrNoProvider = errors.New("no provider selected")
+
+// ErrUserExists indicates that a user already exists when attempting signup.
+var ErrUserExists = errors.New("user already exists")
+
+// ErrUserNotFound indicates that a user does not exist when attempting to set a password.
+var ErrUserNotFound = errors.New("user not found")

go.mod

@@ -7,28 +7,43 @@ toolchain go1.23.8
 require (
 	github.com/PuerkitoBio/goquery v1.8.1
 	github.com/arran4/gorillamuxlogic v1.0.1
-	github.com/google/go-cmp v0.5.9
+	github.com/go-git/go-git/v5 v5.16.2
+	github.com/google/go-cmp v0.7.0
 	github.com/google/go-github/v55 v55.0.0
 	github.com/gorilla/mux v1.8.0
 	github.com/gorilla/securecookie v1.1.1
 	github.com/gorilla/sessions v1.2.1
 	github.com/xanzy/go-gitlab v0.115.0
+	golang.org/x/crypto v0.37.0
 	golang.org/x/image v0.28.0
 	golang.org/x/oauth2 v0.12.0
 )
 
 require (
-	github.com/ProtonMail/go-crypto v0.0.0-20230217124315-7d5c6f04bbb8 // indirect
+	dario.cat/mergo v1.0.0 // indirect
+	github.com/Microsoft/go-winio v0.6.2 // indirect
+	github.com/ProtonMail/go-crypto v1.1.6 // indirect
 	github.com/andybalholm/cascadia v1.3.1 // indirect
-	github.com/cloudflare/circl v1.3.7 // indirect
-	github.com/golang/protobuf v1.5.3 // indirect
+	github.com/cloudflare/circl v1.6.1 // indirect
+	github.com/cyphar/filepath-securejoin v0.4.1 // indirect
+	github.com/emirpasic/gods v1.18.1 // indirect
+	github.com/go-git/gcfg v1.5.1-0.20230307220236-3a3c6141e376 // indirect
+	github.com/go-git/go-billy/v5 v5.6.2 // indirect
+	github.com/golang/groupcache v0.0.0-20241129210726-2c02b8208cf8 // indirect
+	github.com/golang/protobuf v1.5.4 // indirect
 	github.com/google/go-querystring v1.1.0 // indirect
 	github.com/hashicorp/go-cleanhttp v0.5.2 // indirect
 	github.com/hashicorp/go-retryablehttp v0.7.7 // indirect
-	golang.org/x/crypto v0.36.0 // indirect
-	golang.org/x/net v0.38.0 // indirect
-	golang.org/x/sys v0.31.0 // indirect
+	github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99 // indirect
+	github.com/kevinburke/ssh_config v1.2.0 // indirect
+	github.com/pjbgf/sha1cd v0.3.2 // indirect
+	github.com/sergi/go-diff v1.3.2-0.20230802210424-5b0b94c5c0d3 // indirect
+	github.com/skeema/knownhosts v1.3.1 // indirect
+	github.com/xanzy/ssh-agent v0.3.3 // indirect
+	golang.org/x/net v0.39.0 // indirect
+	golang.org/x/sys v0.32.0 // indirect
 	golang.org/x/time v0.3.0 // indirect
 	google.golang.org/appengine v1.6.7 // indirect
 	google.golang.org/protobuf v1.33.0 // indirect
+	gopkg.in/warnings.v0 v0.1.2 // indirect
 )