mirror of
https://github.com/aykhans/slash-e.git
synced 2025-07-03 20:21:40 +00:00
refactor: migration auth api to v1
This commit is contained in:
Steven
110
api/v1/auth.go
Normal file
110
api/v1/auth.go
Normal file
@ -0,0 +1,110 @@
|
||||
package v1
|
||||
|
||||
import (
|
||||
"encoding/json"
|
||||
"fmt"
|
||||
"net/http"
|
||||
|
||||
"github.com/boojack/shortify/api"
|
||||
"github.com/boojack/shortify/server/auth"
|
||||
"github.com/boojack/shortify/store"
|
||||
"github.com/labstack/echo/v4"
|
||||
"golang.org/x/crypto/bcrypt"
|
||||
)
|
||||
|
||||
var (
|
||||
userIDContextKey = "user-id"
|
||||
)
|
||||
|
||||
func getUserIDContextKey() string {
|
||||
return userIDContextKey
|
||||
}
|
||||
|
||||
type SignUpRequest struct {
|
||||
Username string `json:"username"`
|
||||
Password string `json:"password"`
|
||||
}
|
||||
|
||||
type SignInRequest struct {
|
||||
Username string `json:"username"`
|
||||
Password string `json:"password"`
|
||||
}
|
||||
|
||||
func (s *APIV1Service) registerAuthRoutes(g *echo.Group, secret string) {
|
||||
g.POST("/auth/signin", func(c echo.Context) error {
|
||||
ctx := c.Request().Context()
|
||||
signin := &SignInRequest{}
|
||||
if err := json.NewDecoder(c.Request().Body).Decode(signin); err != nil {
|
||||
return echo.NewHTTPError(http.StatusBadRequest, "Malformatted signin request").SetInternal(err)
|
||||
}
|
||||
|
||||
user, err := s.Store.GetUserV1(ctx, &store.FindUser{
|
||||
Username: &signin.Username,
|
||||
})
|
||||
if err != nil {
|
||||
return echo.NewHTTPError(http.StatusInternalServerError, fmt.Sprintf("Failed to find user by username %s", signin.Username)).SetInternal(err)
|
||||
}
|
||||
if user == nil {
|
||||
return echo.NewHTTPError(http.StatusUnauthorized, fmt.Sprintf("User not found with username %s", signin.Username))
|
||||
} else if user.RowStatus == store.Archived {
|
||||
return echo.NewHTTPError(http.StatusForbidden, fmt.Sprintf("User has been archived with username %s", signin.Username))
|
||||
}
|
||||
|
||||
// Compare the stored hashed password, with the hashed version of the password that was received.
|
||||
if err := bcrypt.CompareHashAndPassword([]byte(user.PasswordHash), []byte(signin.Password)); err != nil {
|
||||
// If the two passwords don't match, return a 401 status.
|
||||
return echo.NewHTTPError(http.StatusUnauthorized, "Incorrect password").SetInternal(err)
|
||||
}
|
||||
|
||||
if err := auth.GenerateTokensAndSetCookies(c, user, secret); err != nil {
|
||||
return echo.NewHTTPError(http.StatusInternalServerError, "Failed to generate tokens").SetInternal(err)
|
||||
}
|
||||
return c.JSON(http.StatusOK, user)
|
||||
})
|
||||
|
||||
g.POST("/auth/signup", func(c echo.Context) error {
|
||||
ctx := c.Request().Context()
|
||||
signup := &SignUpRequest{}
|
||||
if err := json.NewDecoder(c.Request().Body).Decode(signup); err != nil {
|
||||
return echo.NewHTTPError(http.StatusBadRequest, "Malformatted signup request").SetInternal(err)
|
||||
}
|
||||
|
||||
user := &store.User{
|
||||
Username: signup.Username,
|
||||
Nickname: signup.Username,
|
||||
}
|
||||
passwordHash, err := bcrypt.GenerateFromPassword([]byte(signup.Password), bcrypt.DefaultCost)
|
||||
if err != nil {
|
||||
return echo.NewHTTPError(http.StatusInternalServerError, "Failed to generate password hash").SetInternal(err)
|
||||
}
|
||||
user.PasswordHash = string(passwordHash)
|
||||
|
||||
existingUsers, err := s.Store.FindUserList(ctx, &api.UserFind{})
|
||||
if err != nil {
|
||||
return echo.NewHTTPError(http.StatusInternalServerError, "Failed to find existing users").SetInternal(err)
|
||||
}
|
||||
// The first user to sign up is an admin by default.
|
||||
if len(existingUsers) == 0 {
|
||||
user.Role = store.RoleAdmin
|
||||
} else {
|
||||
user.Role = store.RoleUser
|
||||
}
|
||||
|
||||
user, err = s.Store.CreateUserV1(ctx, user)
|
||||
if err != nil {
|
||||
return echo.NewHTTPError(http.StatusInternalServerError, "Failed to create user").SetInternal(err)
|
||||
}
|
||||
|
||||
if err := auth.GenerateTokensAndSetCookies(c, user, secret); err != nil {
|
||||
return echo.NewHTTPError(http.StatusInternalServerError, "Failed to generate tokens").SetInternal(err)
|
||||
}
|
||||
|
||||
return c.JSON(http.StatusOK, user)
|
||||
})
|
||||
|
||||
g.POST("/auth/logout", func(c echo.Context) error {
|
||||
auth.RemoveTokensAndCookies(c)
|
||||
c.Response().WriteHeader(http.StatusOK)
|
||||
return nil
|
||||
})
|
||||
}
|
||||
@ -10,8 +10,8 @@ const (
|
||||
Archived RowStatus = "ARCHIVED"
|
||||
)
|
||||
|
||||
func (e RowStatus) String() string {
|
||||
switch e {
|
||||
func (status RowStatus) String() string {
|
||||
switch status {
|
||||
case Normal:
|
||||
return "NORMAL"
|
||||
case Archived:
|
||||
|
||||
@ -2,8 +2,10 @@ package v1
|
||||
|
||||
import (
|
||||
"fmt"
|
||||
"net/http"
|
||||
"net/mail"
|
||||
|
||||
"github.com/boojack/shortify/store"
|
||||
"github.com/labstack/echo/v4"
|
||||
)
|
||||
|
||||
@ -17,8 +19,8 @@ const (
|
||||
RoleUser Role = "USER"
|
||||
)
|
||||
|
||||
func (e Role) String() string {
|
||||
switch e {
|
||||
func (r Role) String() string {
|
||||
switch r {
|
||||
case RoleAdmin:
|
||||
return "ADMIN"
|
||||
case RoleUser:
|
||||
@ -39,7 +41,6 @@ type User struct {
|
||||
Email string `json:"email"`
|
||||
DisplayName string `json:"displayName"`
|
||||
PasswordHash string `json:"-"`
|
||||
OpenID string `json:"openId"`
|
||||
Role Role `json:"role"`
|
||||
UserSettingList []*UserSetting `json:"userSettingList"`
|
||||
}
|
||||
@ -49,7 +50,6 @@ type UserCreate struct {
|
||||
DisplayName string `json:"displayName"`
|
||||
Password string `json:"password"`
|
||||
PasswordHash string `json:"-"`
|
||||
OpenID string `json:"-"`
|
||||
Role Role `json:"-"`
|
||||
}
|
||||
|
||||
@ -77,32 +77,35 @@ type UserPatch struct {
|
||||
Email *string `json:"email"`
|
||||
DisplayName *string `json:"displayName"`
|
||||
Password *string `json:"password"`
|
||||
ResetOpenID *bool `json:"resetOpenId"`
|
||||
PasswordHash *string `json:"-"`
|
||||
OpenID *string `json:"-"`
|
||||
}
|
||||
|
||||
type UserFind struct {
|
||||
ID *int `json:"id"`
|
||||
|
||||
// Standard fields
|
||||
RowStatus *RowStatus `json:"rowStatus"`
|
||||
|
||||
// Domain specific fields
|
||||
Email *string `json:"email"`
|
||||
DisplayName *string `json:"displayName"`
|
||||
OpenID *string `json:"openId"`
|
||||
Role *Role `json:"-"`
|
||||
}
|
||||
|
||||
type UserDelete struct {
|
||||
ID int
|
||||
}
|
||||
|
||||
func (*APIV1Service) RegisterUserRoutes(g *echo.Group) {
|
||||
func (s *APIV1Service) registerUserRoutes(g *echo.Group) {
|
||||
g.GET("/user", func(c echo.Context) error {
|
||||
return c.String(200, "GET /user")
|
||||
})
|
||||
|
||||
// GET /api/user/me is used to check if the user is logged in.
|
||||
g.GET("/user/me", func(c echo.Context) error {
|
||||
ctx := c.Request().Context()
|
||||
userID, ok := c.Get(getUserIDContextKey()).(int)
|
||||
if !ok {
|
||||
return echo.NewHTTPError(http.StatusUnauthorized, "Missing auth session")
|
||||
}
|
||||
|
||||
user, err := s.Store.GetUserV1(ctx, &store.FindUser{
|
||||
ID: &userID,
|
||||
})
|
||||
if err != nil {
|
||||
return echo.NewHTTPError(http.StatusInternalServerError, "Failed to find user").SetInternal(err)
|
||||
}
|
||||
|
||||
return c.JSON(http.StatusOK, user)
|
||||
})
|
||||
}
|
||||
|
||||
// validateEmail validates the email.
|
||||
|
||||
@ -18,6 +18,7 @@ func NewAPIV1Service(profile *profile.Profile, store *store.Store) *APIV1Service
|
||||
}
|
||||
}
|
||||
|
||||
func (s *APIV1Service) Start(apiV1Group *echo.Group) {
|
||||
s.RegisterUserRoutes(apiV1Group)
|
||||
func (s *APIV1Service) Start(apiV1Group *echo.Group, secret string) {
|
||||
s.registerAuthRoutes(apiV1Group, secret)
|
||||
s.registerUserRoutes(apiV1Group)
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user