diff --git a/internal/auth/login.go b/internal/auth/login.go new file mode 100644 index 0000000..cab16a6 --- /dev/null +++ b/internal/auth/login.go @@ -0,0 +1,81 @@ +package auth + +import ( + "encoding/json" + "log" + "net/http" + + "gitea.local/admin/hspguard/internal/util" + "gitea.local/admin/hspguard/internal/web" +) + +type LoginParams struct { + Email string `json:"email"` + Password string `json:"password"` +} + +func (h *AuthHandler) login(w http.ResponseWriter, r *http.Request) { + var params LoginParams + + decoder := json.NewDecoder(r.Body) + if err := decoder.Decode(¶ms); err != nil { + web.Error(w, "failed to parse request body", http.StatusBadRequest) + return + } + + if params.Email == "" || params.Password == "" { + web.Error(w, "missing required fields", http.StatusBadRequest) + return + } + + log.Printf("DEBUG: looking for user with following params: %#v\n", params) + + user, err := h.repo.FindUserEmail(r.Context(), params.Email) + if err != nil { + web.Error(w, "user with provided email does not exists", http.StatusBadRequest) + return + } + + if !util.VerifyPassword(params.Password, user.PasswordHash) { + web.Error(w, "username or/and password are incorrect", http.StatusBadRequest) + return + } + + access, refresh, err := h.signTokens(&user) + if err != nil { + web.Error(w, "failed to generate tokens", http.StatusInternalServerError) + return + } + + if err := h.repo.UpdateLastLogin(r.Context(), user.ID); err != nil { + web.Error(w, "failed to update user's last login", http.StatusInternalServerError) + return + } + + encoder := json.NewEncoder(w) + + type Response struct { + AccessToken string `json:"access"` + RefreshToken string `json:"refresh"` + // fields required for UI in account selector, e.g. email, full name and avatar + FullName string `json:"full_name"` + Email string `json:"email"` + Id string `json:"id"` + ProfilePicture *string `json:"profile_picture"` + // Avatar + } + + w.Header().Set("Content-Type", "application/json") + + if err := encoder.Encode(Response{ + AccessToken: access, + RefreshToken: refresh, + FullName: user.FullName, + Email: user.Email, + Id: user.ID.String(), + ProfilePicture: user.ProfilePicture, + // Avatar + }); err != nil { + web.Error(w, "failed to encode response", http.StatusInternalServerError) + } +} diff --git a/internal/auth/profile.go b/internal/auth/profile.go new file mode 100644 index 0000000..ce39697 --- /dev/null +++ b/internal/auth/profile.go @@ -0,0 +1,31 @@ +package auth + +import ( + "encoding/json" + "net/http" + + "gitea.local/admin/hspguard/internal/types" + "gitea.local/admin/hspguard/internal/util" + "gitea.local/admin/hspguard/internal/web" + "github.com/google/uuid" +) + +func (h *AuthHandler) getProfile(w http.ResponseWriter, r *http.Request) { + userId, ok := util.GetRequestUserId(r.Context()) + if !ok { + web.Error(w, "failed to get user id from auth session", http.StatusInternalServerError) + return + } + + user, err := h.repo.FindUserId(r.Context(), uuid.MustParse(userId)) + if err != nil { + web.Error(w, "user with provided id does not exist", http.StatusUnauthorized) + return + } + + w.Header().Set("Content-Type", "application/json") + + if err := json.NewEncoder(w).Encode(types.NewUserDTO(&user)); err != nil { + web.Error(w, "failed to encode user profile", http.StatusInternalServerError) + } +} diff --git a/internal/auth/refresh.go b/internal/auth/refresh.go new file mode 100644 index 0000000..1f23c69 --- /dev/null +++ b/internal/auth/refresh.go @@ -0,0 +1,79 @@ +package auth + +import ( + "encoding/json" + "fmt" + "net/http" + "strings" + "time" + + "gitea.local/admin/hspguard/internal/util" + "gitea.local/admin/hspguard/internal/web" + "github.com/google/uuid" +) + +func (h *AuthHandler) refreshToken(w http.ResponseWriter, r *http.Request) { + authHeader := r.Header.Get("Authorization") + if authHeader == "" { + web.Error(w, "unauthorized", http.StatusUnauthorized) + return + } + + parts := strings.Split(authHeader, "Bearer ") + if len(parts) != 2 { + web.Error(w, "invalid auth header format", http.StatusUnauthorized) + return + } + + tokenStr := parts[1] + token, userClaims, err := util.VerifyToken(tokenStr, h.cfg.Jwt.PublicKey) + if err != nil || !token.Valid { + http.Error(w, fmt.Sprintf("invalid token: %v", err), http.StatusUnauthorized) + return + } + + expire, err := userClaims.GetExpirationTime() + if err != nil { + web.Error(w, "failed to retrieve enough info from the token", http.StatusInternalServerError) + return + } + + if time.Now().After(expire.Time) { + web.Error(w, "token is expired", http.StatusUnauthorized) + return + } + + userId, err := uuid.Parse(userClaims.Subject) + if err != nil { + web.Error(w, "failed to parsej user id from token", http.StatusInternalServerError) + return + } + + user, err := h.repo.FindUserId(r.Context(), userId) + if err != nil { + web.Error(w, "user with provided email does not exists", http.StatusBadRequest) + return + } + + access, refresh, err := h.signTokens(&user) + if err != nil { + web.Error(w, "failed to generate tokens", http.StatusInternalServerError) + return + } + + type Response struct { + AccessToken string `json:"access"` + RefreshToken string `json:"refresh"` + } + + encoder := json.NewEncoder(w) + + w.Header().Set("Content-Type", "application/json") + + if err := encoder.Encode(Response{ + AccessToken: access, + RefreshToken: refresh, + }); err != nil { + web.Error(w, "failed to encode response", http.StatusInternalServerError) + } +}