From 81ec1a64697055b31b9c078821aa94f9eff99db7 Mon Sep 17 00:00:00 2001
From: SimonFJ20 <simonfromjakobsen@gmail.com>
Date: Wed, 12 Mar 2025 11:01:09 +0100
Subject: [PATCH] add token

---
 backend/src/controllers/auth.c | 13 +++++-----
 backend/src/main.c             |  9 ++++---
 backend/src/session.c          | 28 +++++++++++++++++++++
 backend/src/session.h          |  8 +++++-
 backend/src/str_util.c         | 45 ++++++++++++++++++++++++++++------
 backend/src/str_util.h         |  2 ++
 6 files changed, 86 insertions(+), 19 deletions(-)
 create mode 100644 backend/src/session.c

diff --git a/backend/src/controllers/auth.c b/backend/src/controllers/auth.c
index 08f2a4d..4fb2a34 100644
--- a/backend/src/controllers/auth.c
+++ b/backend/src/controllers/auth.c
@@ -6,7 +6,6 @@
 
 void route_post_auth_login(HttpCtx* ctx)
 {
-
     Cx* cx = http_ctx_user_ctx(ctx);
 
     const char* body_str = http_ctx_req_body(ctx);
@@ -21,8 +20,7 @@ void route_post_auth_login(HttpCtx* ctx)
         RESPOND_BAD_REQUEST(ctx, "bad request");
         goto l0_return;
     }
-    if (strlen(req.email) == 0
-        || strlen(req.password) > MAX_HASH_INPUT_LEN) {
+    if (strlen(req.email) == 0 || strlen(req.password) > MAX_HASH_INPUT_LEN) {
 
         RESPOND_BAD_REQUEST(ctx, "bad request");
         goto l0_return;
@@ -33,8 +31,7 @@ void route_post_auth_login(HttpCtx* ctx)
     if (db_res == DbRes_NotFound) {
         RESPOND_BAD_REQUEST(ctx, "user with email not found");
         goto l0_return;
-    }
-    else if (db_res == DbRes_Error) {
+    } else if (db_res == DbRes_Error) {
         RESPOND_SERVER_ERROR(ctx);
         goto l0_return;
     }
@@ -44,9 +41,11 @@ void route_post_auth_login(HttpCtx* ctx)
         goto l2_return;
     }
 
-    session_vec_push(&cx->sessions, (Session) {.user_id = user.id});
+    session_vec_remove_user_id(&cx->sessions, user.id);
+    char* token = str_random(64);
+    session_vec_add(&cx->sessions, user.id, token);
 
-    RESPOND_JSON(ctx, 200, "{\"ok\":true}");
+    RESPOND_JSON(ctx, 200, "{\"ok\":true,\"token\":\"%s\"}", token);
 l2_return:
     user_destroy(&user);
 l0_return:
diff --git a/backend/src/main.c b/backend/src/main.c
index 43fa331..ede6a88 100644
--- a/backend/src/main.c
+++ b/backend/src/main.c
@@ -8,18 +8,21 @@
 #include "str_util.h"
 #include <sqlite3.h>
 #include <stdio.h>
+#include <stdlib.h>
 #include <string.h>
+#include <time.h>
 
 void test(void);
 
-
 HttpServer* server;
 
 int main(void)
 {
-    #ifdef RUN_TESTS
+    srand((unsigned int)time(NULL));
+
+#ifdef RUN_TESTS
     test();
-    #endif
+#endif
 
     Db* db = db_sqlite_new();
 
diff --git a/backend/src/session.c b/backend/src/session.c
new file mode 100644
index 0000000..0897011
--- /dev/null
+++ b/backend/src/session.c
@@ -0,0 +1,28 @@
+#include "session.h"
+#include <stdlib.h>
+
+void session_destroy(Session* session)
+{
+    free(session->token);
+}
+
+void session_vec_remove_user_id(SessionVec* vec, int64_t user_id)
+{
+    for (size_t i = 0; i < vec->size; ++i) {
+        if (vec->data[i].user_id == user_id) {
+            session_destroy(&vec->data[i]);
+            vec->data[i] = (Session) { 0, NULL };
+        }
+    }
+}
+
+void session_vec_add(SessionVec* vec, int64_t user_id, char* token)
+{
+    for (size_t i = 0; i < vec->size; ++i) {
+        if (vec->data[i].user_id == 0) {
+            vec->data[i] = (Session) { user_id, token };
+            return;
+        }
+    }
+    session_vec_push(vec, (Session) { user_id, token });
+}
diff --git a/backend/src/session.h b/backend/src/session.h
index 279439a..0c98d4b 100644
--- a/backend/src/session.h
+++ b/backend/src/session.h
@@ -1,10 +1,16 @@
 #pragma once
 
-#include <stdint.h>
 #include "collection.h"
+#include <stdint.h>
 
 typedef struct {
     int64_t user_id;
+    char* token;
 } Session;
 
+void session_destroy(Session* session);
+
 DEFINE_VEC(Session, SessionVec, session_vec, 16)
+
+void session_vec_remove_user_id(SessionVec* vec, int64_t user_id);
+void session_vec_add(SessionVec* vec, int64_t user_id, char* token);
diff --git a/backend/src/str_util.c b/backend/src/str_util.c
index 2727b2d..b82eeb1 100644
--- a/backend/src/str_util.c
+++ b/backend/src/str_util.c
@@ -164,13 +164,42 @@ bool str_hash_equal(const char* hash, const char* input)
     return hashdata_is_equal(data, input);
 }
 
-void str_util_test(void) {
-    char* hash = str_hash("1234");
-    if (!str_hash_equal(hash, "1234")) {
-        PANIC("hash should be equal");
+char* str_random(size_t length)
+{
+    char* string = calloc(length + 1, sizeof(char));
+    size_t string_i = 0;
+    for (size_t i = 0; i < length; ++i) {
+        int r = rand() % (10 + 26 + 26);
+        if (r < 10) {
+            string[string_i++] = (char)r + '0';
+        } else if (r < 10 + 26) {
+            string[string_i++] = (char)(r - 10) + 'A';
+        } else {
+            string[string_i++] = (char)(r - 10 - 26) + 'a';
+        }
+    }
+    return string;
+}
+
+void str_util_test(void)
+{
+    {
+        char* hash = str_hash("1234");
+        if (!str_hash_equal(hash, "1234")) {
+            PANIC("hash should be equal");
+        }
+        if (str_hash_equal(hash, "4321")) {
+            PANIC("hash should not be equal");
+        }
+        free(hash);
+    }
+    {
+        char* token_1 = str_random(16);
+        char* token_2 = str_random(16);
+        if (strcmp(token_1, token_2) == 0) {
+            PANIC("tokens should not be equal");
+        }
+        free(token_1);
+        free(token_2);
     }
-    if (str_hash_equal(hash, "4321")) {
-        PANIC("hash should not be equal");
-    }
-    free(hash);
 }
diff --git a/backend/src/str_util.h b/backend/src/str_util.h
index 44bebfc..5552ad3 100644
--- a/backend/src/str_util.h
+++ b/backend/src/str_util.h
@@ -38,4 +38,6 @@ DEFINE_VEC(char*, RawStrVec, rawstr_vec, 8)
 char* str_hash(const char* input);
 bool str_hash_equal(const char* hash, const char* input);
 
+char* str_random(size_t length);
+
 void str_util_test(void);