feat: authentication integration

2025-05-28 20:51:34 +02:00
parent a1ed1113d9
commit aa152a4127
26 changed files with 1371 additions and 662 deletions
--- a/internal/auth/routes.go
+++ b/internal/auth/routes.go
@ -4,6 +4,7 @@ import (
 	"encoding/json"
 	"fmt"
 	"net/http"
+	"strings"
 	"time"

 	"gitea.local/admin/hspguard/internal/config"
@ -21,6 +22,42 @@ type AuthHandler struct {
 	cfg  *config.AppConfig
 }

+func (h *AuthHandler) signTokens(user *repository.User) (string, string, error) {
+	accessClaims := types.UserClaims{
+		UserEmail: user.Email,
+		IsAdmin:   user.IsAdmin,
+		RegisteredClaims: jwt.RegisteredClaims{
+			Issuer:    h.cfg.Jwt.Issuer,
+			Subject:   user.ID.String(),
+			IssuedAt:  jwt.NewNumericDate(time.Now()),
+			ExpiresAt: jwt.NewNumericDate(time.Now().Add(15 * time.Minute)),
+		},
+	}
+
+	accessToken, err := SignJwtToken(accessClaims, h.cfg.Jwt.PrivateKey)
+	if err != nil {
+		return "", "", err
+	}
+
+	refreshClaims := types.UserClaims{
+		UserEmail: user.Email,
+		IsAdmin:   user.IsAdmin,
+		RegisteredClaims: jwt.RegisteredClaims{
+			Issuer:    h.cfg.Jwt.Issuer,
+			Subject:   user.ID.String(),
+			IssuedAt:  jwt.NewNumericDate(time.Now()),
+			ExpiresAt: jwt.NewNumericDate(time.Now().Add(30 * 24 * time.Hour)),
+		},
+	}
+
+	refreshToken, err := SignJwtToken(refreshClaims, h.cfg.Jwt.PrivateKey)
+	if err != nil {
+		return "", "", err
+	}
+
+	return accessToken, refreshToken, nil
+}
+
 func NewAuthHandler(repo *repository.Queries, cfg *config.AppConfig) *AuthHandler {
 	return &AuthHandler{
 		repo,
@ -29,8 +66,73 @@ func NewAuthHandler(repo *repository.Queries, cfg *config.AppConfig) *AuthHandle
 }

 func (h *AuthHandler) RegisterRoutes(api chi.Router) {
-	api.Get("/profile", h.getProfile)
-	api.Post("/login", h.login)
+	api.Get("/auth/profile", h.getProfile)
+	api.Post("/auth/login", h.login)
+	api.Post("/auth/refresh", h.refreshToken)
+}
+
+func (h *AuthHandler) refreshToken(w http.ResponseWriter, r *http.Request) {
+	authHeader := r.Header.Get("Authorization")
+	if authHeader == "" {
+		web.Error(w, "unauthorized", http.StatusUnauthorized)
+		return
+	}
+
+	parts := strings.Split(authHeader, "Bearer ")
+	if len(parts) != 2 {
+		web.Error(w, "invalid auth header format", http.StatusUnauthorized)
+		return
+	}
+
+	tokenStr := parts[1]
+	token, userClaims, err := VerifyToken(tokenStr, h.cfg.Jwt.PublicKey)
+	if err != nil || !token.Valid {
+		http.Error(w, fmt.Sprintf("invalid token: %v", err), http.StatusUnauthorized)
+		return
+	}
+
+	expire, err := userClaims.GetExpirationTime()
+	if err != nil {
+		web.Error(w, "failed to retrieve enough info from the token", http.StatusInternalServerError)
+		return
+	}
+
+	if time.Now().After(expire.Time) {
+		web.Error(w, "token is expired", http.StatusUnauthorized)
+		return
+	}
+
+	userId, err := uuid.Parse(userClaims.Subject)
+	if err != nil {
+		web.Error(w, "failed to parsej user id from token", http.StatusInternalServerError)
+		return
+	}
+
+	user, err := h.repo.FindUserId(r.Context(), userId)
+	if err != nil {
+		web.Error(w, "user with provided email does not exists", http.StatusBadRequest)
+		return
+	}
+
+	access, refresh, err := h.signTokens(&user)
+	if err != nil {
+		web.Error(w, "failed to generate tokens", http.StatusInternalServerError)
+		return
+	}
+
+	type Response struct {
+		AccessToken  string `json:"access"`
+		RefreshToken string `json:"refresh"`
+	}
+
+	encoder := json.NewEncoder(w)
+
+	if err := encoder.Encode(Response{
+		AccessToken:  access,
+		RefreshToken: refresh,
+	}); err != nil {
+		web.Error(w, "failed to encode response", http.StatusInternalServerError)
+	}
 }

 func (h *AuthHandler) getProfile(w http.ResponseWriter, r *http.Request) {
@ -49,6 +151,7 @@ func (h *AuthHandler) getProfile(w http.ResponseWriter, r *http.Request) {
 	w.Header().Set("Content-Type", "application/json")

 	if err := json.NewEncoder(w).Encode(map[string]any{
+		"id":              user.ID.String(),
 		"full_name":       user.FullName,
 		"email":           user.Email,
 		"phone_number":    user.PhoneNumber,
@ -92,37 +195,9 @@ func (h *AuthHandler) login(w http.ResponseWriter, r *http.Request) {
 		return
 	}

-	accessClaims := types.UserClaims{
-		UserEmail: user.Email,
-		IsAdmin:   user.IsAdmin,
-		RegisteredClaims: jwt.RegisteredClaims{
-			Issuer:    h.cfg.Jwt.Issuer,
-			Subject:   user.ID.String(),
-			IssuedAt:  jwt.NewNumericDate(time.Now()),
-			ExpiresAt: jwt.NewNumericDate(time.Now().Add(15 * time.Minute)),
-		},
-	}
-
-	accessToken, err := SignJwtToken(accessClaims, h.cfg.Jwt.PrivateKey)
+	access, refresh, err := h.signTokens(&user)
 	if err != nil {
-		web.Error(w, fmt.Sprintf("failed to generate access token: %v", err), http.StatusBadRequest)
-		return
-	}
-
-	refreshClaims := types.UserClaims{
-		UserEmail: user.Email,
-		IsAdmin:   user.IsAdmin,
-		RegisteredClaims: jwt.RegisteredClaims{
-			Issuer:    h.cfg.Jwt.Issuer,
-			Subject:   user.ID.String(),
-			IssuedAt:  jwt.NewNumericDate(time.Now()),
-			ExpiresAt: jwt.NewNumericDate(time.Now().Add(30 * 24 * time.Hour)),
-		},
-	}
-
-	refreshToken, err := SignJwtToken(refreshClaims, h.cfg.Jwt.PrivateKey)
-	if err != nil {
-		web.Error(w, fmt.Sprintf("failed to generate refresh token: %v", err), http.StatusBadRequest)
+		web.Error(w, "failed to generate tokens", http.StatusInternalServerError)
 		return
 	}

@ -142,8 +217,8 @@ func (h *AuthHandler) login(w http.ResponseWriter, r *http.Request) {
 	w.Header().Set("Content-Type", "application/json")

 	if err := encoder.Encode(Response{
-		AccessToken:    accessToken,
-		RefreshToken:   refreshToken,
+		AccessToken:    access,
+		RefreshToken:   refresh,
 		FullName:       user.FullName,
 		Email:          user.Email,
 		Id:             user.ID.String(),