LIDSOL · Francisco-Galindo · Oct 8, 2025 · Oct 14, 2025 · Oct 15, 2025 · Nov 4, 2025
diff --git a/api/contest.go b/api/contest.go
@@ -2,20 +2,43 @@ package api
 
 import (
 	"encoding/json"
+	"fmt"
 	"log"
 	"net/http"
 
+	"lidsol.org/papeador/security"
 	"lidsol.org/papeador/store"
 )
 
+type ContestRequestContent struct {
+	store.Contest
+	Username string `json:"username"`
+	JWT string `json:"jwt"`
+}
+
 func (api *ApiContext) createContest(w http.ResponseWriter, r *http.Request) {
-	var in store.Contest
+	var in ContestRequestContent
 	if err := json.NewDecoder(r.Body).Decode(&in); err != nil {
 		http.Error(w, err.Error(), http.StatusBadRequest)
 		return
 	}
 
-	if err := api.Store.CreateContest(r.Context(), &in); err != nil {
+	fmt.Printf("E: %v\n", in)
+	fmt.Printf("E: %v\n", in.Username)
+	ok, err := security.ValidateJWT(in.JWT, in.Username)
+	if err != nil {
+		log.Println("WHATAADF")
+		http.Error(w, err.Error(), http.StatusInternalServerError)
+		return
+	}
+	if !ok {
+		http.Error(w, "Token inválida", http.StatusUnauthorized)
+		return
+	}
+
+	contData := store.Contest{ContestID: in.ContestID, ContestName: in.ContestName}
+
+	if err := api.Store.CreateContest(r.Context(), &contData); err != nil {
 		if err == store.ErrAlreadyExists {
 			http.Error(w, "El nombre del contest ya esta registrado", http.StatusConflict)
 			log.Println("El nombre del contest ya esta registrado")

diff --git a/api/user.go b/api/user.go
@@ -2,9 +2,11 @@ package api
 
 import (
 	"encoding/json"
+	"fmt"
 	"log"
 	"net/http"
 
+	"lidsol.org/papeador/security"
 	"lidsol.org/papeador/store"
 )
 
@@ -16,11 +18,24 @@ func (api *ApiContext) createUser(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
+	fmt.Printf("E: %v\n", in)
 	if err := api.Store.CreateUser(r.Context(), &in); err != nil {
 		if err == store.ErrAlreadyExists {
 			http.Error(w, "El usuario ya está registrado", http.StatusConflict)
 			log.Println("El usuario ya está registrado")
 			return
+		} else if err == security.ErrInvalidUsername {
+			http.Error(w, "El nombre de usuario solo puede contener caracteres, número y guiones", http.StatusUnprocessableEntity)
+			log.Println("La nombre de usuario que se intentó registrar es inválido")
+			return
+		} else if err == security.ErrInvalidPassword {
+			http.Error(w, "La contraseña debe contener al menos de 12 a 64 caracteres, una mayúscula, una minúscula, un número y un caracter especial, sin espacios", http.StatusUnprocessableEntity)
+			log.Println("La contraseña que se intentó registrar es insegura")
+			return
+		} else if err == security.ErrInvalidEmail {
+			http.Error(w, "El correo que se intenta registrar es inválido", http.StatusUnprocessableEntity)
+			log.Println("El correo que se intentó registrar es inválido")
+			return
 		}
 		http.Error(w, err.Error(), http.StatusInternalServerError)
 		log.Println(err)
@@ -29,4 +44,4 @@ func (api *ApiContext) createUser(w http.ResponseWriter, r *http.Request) {
 	w.Header().Set("Content-Type", "application/json")
 	w.WriteHeader(http.StatusCreated)
 	json.NewEncoder(w).Encode(in)
-}
+}
diff --git a/go.mod b/go.mod
@@ -1,19 +1,24 @@
 module lidsol.org/papeador
 
-go 1.23.0
+go 1.24.0
 
 toolchain go1.24.3
 
-require modernc.org/sqlite v1.38.2
+require (
+	github.com/golang-jwt/jwt/v5 v5.3.0
+	golang.org/x/crypto v0.43.0
+	modernc.org/sqlite v1.38.2
+)
 
 require (
+	github.com/cristalhq/jwt/v5 v5.4.0 // indirect
 	github.com/dustin/go-humanize v1.0.1 // indirect
 	github.com/google/uuid v1.6.0 // indirect
 	github.com/mattn/go-isatty v0.0.20 // indirect
 	github.com/ncruces/go-strftime v0.1.9 // indirect
 	github.com/remyoudompheng/bigfft v0.0.0-20230129092748-24d4a6f8daec // indirect
 	golang.org/x/exp v0.0.0-20250620022241-b7579e27df2b // indirect
-	golang.org/x/sys v0.34.0 // indirect
+	golang.org/x/sys v0.37.0 // indirect
 	modernc.org/libc v1.66.3 // indirect
 	modernc.org/mathutil v1.7.1 // indirect
 	modernc.org/memory v1.11.0 // indirect

diff --git a/go.sum b/go.sum
@@ -1,5 +1,9 @@
+github.com/cristalhq/jwt/v5 v5.4.0 h1:Wxi1TocFHaijyV608j7v7B9mPc4ZNjvWT3LKBO0d4QI=
+github.com/cristalhq/jwt/v5 v5.4.0/go.mod h1:+b/BzaCWEpFDmXxspJ5h4SdJ1N/45KMjKOetWzmHvDA=
 github.com/dustin/go-humanize v1.0.1 h1:GzkhY7T5VNhEkwH0PVJgjz+fX1rhBrR7pRT3mDkpeCY=
 github.com/dustin/go-humanize v1.0.1/go.mod h1:Mu1zIs6XwVuF/gI1OepvI0qD18qycQx+mFykh5fBlto=
+github.com/golang-jwt/jwt/v5 v5.3.0 h1:pv4AsKCKKZuqlgs5sUmn4x8UlGa0kEVt/puTpKx9vvo=
+github.com/golang-jwt/jwt/v5 v5.3.0/go.mod h1:fxCRLWMO43lRc8nhHWY6LGqRcf+1gQWArsqaEUEa5bE=
 github.com/google/pprof v0.0.0-20250317173921-a4b03ec1a45e h1:ijClszYn+mADRFY17kjQEVQ1XRhq2/JR1M3sGqeJoxs=
 github.com/google/pprof v0.0.0-20250317173921-a4b03ec1a45e/go.mod h1:boTsfXsheKC2y+lKOCMpSfarhxDeIzfZG1jqGcPl3cA=
 github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0=
@@ -10,15 +14,17 @@ github.com/ncruces/go-strftime v0.1.9 h1:bY0MQC28UADQmHmaF5dgpLmImcShSi2kHU9XLdh
 github.com/ncruces/go-strftime v0.1.9/go.mod h1:Fwc5htZGVVkseilnfgOVb9mKy6w1naJmn9CehxcKcls=
 github.com/remyoudompheng/bigfft v0.0.0-20230129092748-24d4a6f8daec h1:W09IVJc94icq4NjY3clb7Lk8O1qJ8BdBEF8z0ibU0rE=
 github.com/remyoudompheng/bigfft v0.0.0-20230129092748-24d4a6f8daec/go.mod h1:qqbHyh8v60DhA7CoWK5oRCqLrMHRGoxYCSS9EjAz6Eo=
+golang.org/x/crypto v0.43.0 h1:dduJYIi3A3KOfdGOHX8AVZ/jGiyPa3IbBozJ5kNuE04=
+golang.org/x/crypto v0.43.0/go.mod h1:BFbav4mRNlXJL4wNeejLpWxB7wMbc79PdRGhWKncxR0=
 golang.org/x/exp v0.0.0-20250620022241-b7579e27df2b h1:M2rDM6z3Fhozi9O7NWsxAkg/yqS/lQJ6PmkyIV3YP+o=
 golang.org/x/exp v0.0.0-20250620022241-b7579e27df2b/go.mod h1:3//PLf8L/X+8b4vuAfHzxeRUl04Adcb341+IGKfnqS8=
 golang.org/x/mod v0.25.0 h1:n7a+ZbQKQA/Ysbyb0/6IbB1H/X41mKgbhfv7AfG/44w=
 golang.org/x/mod v0.25.0/go.mod h1:IXM97Txy2VM4PJ3gI61r1YEk/gAj6zAHN3AdZt6S9Ww=
 golang.org/x/sync v0.15.0 h1:KWH3jNZsfyT6xfAfKiz6MRNmd46ByHDYaZ7KSkCtdW8=
 golang.org/x/sync v0.15.0/go.mod h1:1dzgHSNfp02xaA81J2MS99Qcpr2w7fw1gpm99rleRqA=
 golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.34.0 h1:H5Y5sJ2L2JRdyv7ROF1he/lPdvFsd0mJHFw2ThKHxLA=
-golang.org/x/sys v0.34.0/go.mod h1:BJP2sWEmIv4KK5OTEluFJCKSidICx8ciO85XgH3Ak8k=
+golang.org/x/sys v0.37.0 h1:fdNQudmxPjkdUTPnLn5mdQv7Zwvbvpaxqs831goi9kQ=
+golang.org/x/sys v0.37.0/go.mod h1:OgkHotnGiDImocRcuBABYBEXf8A9a87e/uXjp9XT3ks=
 golang.org/x/tools v0.34.0 h1:qIpSLOxeCYGg9TrcJokLBG4KFA6d795g0xkBkiESGlo=
 golang.org/x/tools v0.34.0/go.mod h1:pAP9OwEaY1CAW3HOmg3hLZC5Z0CCmzjAF2UQMSqNARg=
 modernc.org/cc/v4 v4.26.2 h1:991HMkLjJzYBIfha6ECZdjrIYz2/1ayr+FL8GN+CNzM=

diff --git a/manifest.scm b/manifest.scm
@@ -1 +1 @@
-(specifications->manifest (list "sqlite" "go"))
+(specifications->manifest (list "sqlite" "go" "podman" "pkg-config" "btrfs-progs-static" "gpgme" "go-github-com-containerd-btrfs-v2" "bat"))
diff --git a/security/ensure.go b/security/ensure.go
@@ -0,0 +1,59 @@
+package security
+
+import (
+	"net/mail"
+	"regexp"
+	"strings"
+	"errors"
+)
+
+var (
+	lower 	= regexp.MustCompile(`[a-z]`)
+	upper 	= regexp.MustCompile(`[A-Z]`)
+	digit 	= regexp.MustCompile(`\d`)
+	special = regexp.MustCompile(`[!@#\$%\^&\*\(\)\-\_\=\+\[\]\{\};:'",.<>\/\?\\\|` + "`~]")
+	space 	= regexp.MustCompile(`\s`)
+	uname 	= regexp.MustCompile(`^[A-Za-z0-9_-]{3,20}$`)
+
+	ErrInvalidUsername 	= errors.New("invalid username")
+	ErrInvalidPassword 	= errors.New("invalid password")
+	ErrInvalidEmail 	= errors.New("invalid email")
+)
+
+func IsValidUsername(username string) error {
+
+	if !uname.MatchString(username) {
+		return ErrInvalidUsername
+	}
+
+	return nil
+}
+
+func IsValidPassword(password string) error {
+	valid_length := len(password) >= 12 && len(password) <= 64
+
+	if !valid_length {
+		return ErrInvalidPassword
+	}
+
+	if !(lower.MatchString(password) && 
+		 upper.MatchString(password) && 
+		 digit.MatchString(password) && 
+		 special.MatchString(password) && 
+		 !space.MatchString(password)) {
+			 return ErrInvalidPassword
+	}
+
+	return nil
+}
+
+func ValidateEmail(email string) (string, error) {
+	email = strings.TrimSpace(email)
+	_, err := mail.ParseAddress(email)
+
+	if err != nil {
+		return "", ErrInvalidEmail
+	}
+
+	return strings.ToLower(email), nil
+}
diff --git a/security/hash.go b/security/hash.go
@@ -0,0 +1,39 @@
+package security
+
+import (
+	"crypto/rand"
+	"golang.org/x/crypto/argon2"
+)
+
+type Params struct {
+    Memory      uint32
+    Iterations  uint32
+    Parallelism uint8
+    SaltLength  uint32
+    KeyLength   uint32
+}
+
+func HashPassword(password string, p *Params) (hash []byte, err error) {
+    // Generate a cryptographically secure random salt.
+    salt, err := generateSalt(p.SaltLength)
+    if err != nil {
+        return nil, err
+    }
+
+    // Pass the plaintext password, salt and parameters to the argon2.IDKey
+    // function. This will generate a hash of the password using the Argon2id
+    // variant.
+    hash = argon2.IDKey([]byte(password), salt, p.Iterations, p.Memory, p.Parallelism, p.KeyLength)
+
+    return hash, nil
+}
+
+func generateSalt( n uint32) ([]byte, error) {
+	b := make([]byte, n)
+    _, err := rand.Read(b)
+    if err != nil {
+        return nil, err
+    }
+
+    return b, nil
+}
diff --git a/security/jwt.go b/security/jwt.go
@@ -0,0 +1,66 @@
+package security
+
+import (
+	"encoding/json"
+	"os"
+	"strings"
+	"time"
+
+	"github.com/cristalhq/jwt/v5"
+)
+
+var secretKey []byte = []byte(os.Getenv("JWT_KEY"))
+
+func GenerateJWT(username string) (string, error) {
+
+	signer, err := jwt.NewSignerHS(jwt.HS256, secretKey)
+	if err != nil {
+		return "", err
+	}
+
+	claims := &jwt.RegisteredClaims{
+		Audience:  []string{"admin"},
+		ID:        "asdf",
+		Subject:   strings.Clone(username),
+		ExpiresAt: jwt.NewNumericDate(time.Now().Add(time.Second * 100)),
+	}
+
+	builder := jwt.NewBuilder(signer)
+
+	token, err := builder.Build(claims)
+	if err != nil {
+		return "", err
+	}
+
+	return token.String(), nil
+}
+
+func ValidateJWT(tokenStr, username string) (bool, error) {
+	verifier, err := jwt.NewVerifierHS(jwt.HS256, secretKey)
+	if err != nil {
+		return false, err
+	}
+
+	tokenBytes := []byte(tokenStr)
+	newToken, err := jwt.Parse(tokenBytes, verifier)
+	if err != nil {
+		return false, err
+	}
+
+	err = verifier.Verify(newToken)
+	if err != nil {
+		return false, err
+	}
+
+	var newClaims jwt.RegisteredClaims
+	errClaims := json.Unmarshal(newToken.Claims(), &newClaims)
+	if errClaims != nil {
+		return false, err
+	}
+
+	if newClaims.IsSubject(username) {
+		return true, nil
+	}
+
+	return false, nil
+}
Original file line number	Diff line number	Diff line change
		@@ -1 +1 @@
		(specifications->manifest (list "sqlite" "go"))
		(specifications->manifest (list "sqlite" "go" "podman" "pkg-config" "btrfs-progs-static" "gpgme" "go-github-com-containerd-btrfs-v2" "bat"))