fix: move implementation to "internal" package

2025-05-29 13:23:13 +02:00
parent 9bb0cc475d
commit 0c40680d76
72 changed files with 245 additions and 230 deletions
--- a/internal/handler/auth.go
+++ b/internal/handler/auth.go
@@ -0,0 +1,377 @@
+package handler
+
+import (
+	"spend-sparrow/internal/handler/middleware"
+	"spend-sparrow/internal/log"
+	"spend-sparrow/internal/service"
+	"spend-sparrow/internal/template/auth"
+	"spend-sparrow/internal/types"
+	"spend-sparrow/internal/utils"
+
+	"errors"
+	"net/http"
+	"net/url"
+	"time"
+)
+
+type Auth interface {
+	Handle(router *http.ServeMux)
+}
+
+type AuthImpl struct {
+	service service.Auth
+	render  *Render
+}
+
+func NewAuth(service service.Auth, render *Render) Auth {
+	return AuthImpl{
+		service: service,
+		render:  render,
+	}
+}
+
+func (handler AuthImpl) Handle(router *http.ServeMux) {
+	router.Handle("GET /auth/signin", handler.handleSignInPage())
+	router.Handle("POST /api/auth/signin", handler.handleSignIn())
+
+	router.Handle("/auth/signup", handler.handleSignUpPage())
+	router.Handle("/auth/verify", handler.handleSignUpVerifyPage())
+	router.Handle("/api/auth/verify-resend", handler.handleVerifyResendComp())
+	router.Handle("/auth/verify-email", handler.handleSignUpVerifyResponsePage())
+	router.Handle("/api/auth/signup", handler.handleSignUp())
+
+	router.Handle("POST /api/auth/signout", handler.handleSignOut())
+
+	router.Handle("/auth/delete-account", handler.handleDeleteAccountPage())
+	router.Handle("/api/auth/delete-account", handler.handleDeleteAccountComp())
+
+	router.Handle("GET /auth/change-password", handler.handleChangePasswordPage())
+	router.Handle("POST /api/auth/change-password", handler.handleChangePasswordComp())
+
+	router.Handle("GET /auth/forgot-password", handler.handleForgotPasswordPage())
+	router.Handle("POST /api/auth/forgot-password", handler.handleForgotPasswordComp())
+	router.Handle("POST /api/auth/forgot-password-actual", handler.handleForgotPasswordResponseComp())
+}
+
+var (
+	securityWaitDuration = 250 * time.Millisecond
+)
+
+func (handler AuthImpl) handleSignInPage() http.HandlerFunc {
+	return func(w http.ResponseWriter, r *http.Request) {
+		user := middleware.GetUser(r)
+		if user != nil {
+			if !user.EmailVerified {
+				utils.DoRedirect(w, r, "/auth/verify")
+			} else {
+				utils.DoRedirect(w, r, "/")
+			}
+			return
+		}
+
+		comp := auth.SignInOrUpComp(true)
+
+		handler.render.RenderLayout(r, w, comp, nil)
+	}
+}
+
+func (handler AuthImpl) handleSignIn() http.HandlerFunc {
+	return func(w http.ResponseWriter, r *http.Request) {
+		user, err := utils.WaitMinimumTime(securityWaitDuration, func() (*types.User, error) {
+			session := middleware.GetSession(r)
+			email := r.FormValue("email")
+			password := r.FormValue("password")
+
+			session, user, err := handler.service.SignIn(session, email, password)
+			if err != nil {
+				return nil, err
+			}
+
+			cookie := middleware.CreateSessionCookie(session.Id)
+			http.SetCookie(w, &cookie)
+
+			return user, nil
+		})
+
+		if err != nil {
+			if errors.Is(err, service.ErrInvalidCredentials) {
+				utils.TriggerToastWithStatus(w, r, "error", "Invalid email or password", http.StatusUnauthorized)
+			} else {
+				utils.TriggerToastWithStatus(w, r, "error", "An error occurred", http.StatusInternalServerError)
+			}
+			return
+		}
+
+		if user.EmailVerified {
+			utils.DoRedirect(w, r, "/")
+		} else {
+			utils.DoRedirect(w, r, "/auth/verify")
+		}
+	}
+}
+
+func (handler AuthImpl) handleSignUpPage() http.HandlerFunc {
+	return func(w http.ResponseWriter, r *http.Request) {
+		user := middleware.GetUser(r)
+
+		if user != nil {
+			if !user.EmailVerified {
+				utils.DoRedirect(w, r, "/auth/verify")
+			} else {
+				utils.DoRedirect(w, r, "/")
+			}
+			return
+		}
+
+		signUpComp := auth.SignInOrUpComp(false)
+		handler.render.RenderLayout(r, w, signUpComp, nil)
+	}
+}
+
+func (handler AuthImpl) handleSignUpVerifyPage() http.HandlerFunc {
+	return func(w http.ResponseWriter, r *http.Request) {
+		user := middleware.GetUser(r)
+		if user == nil {
+			utils.DoRedirect(w, r, "/auth/signin")
+			return
+		}
+
+		if user.EmailVerified {
+			utils.DoRedirect(w, r, "/")
+			return
+		}
+
+		signIn := auth.VerifyComp()
+		handler.render.RenderLayout(r, w, signIn, user)
+	}
+}
+
+func (handler AuthImpl) handleVerifyResendComp() http.HandlerFunc {
+	return func(w http.ResponseWriter, r *http.Request) {
+		user := middleware.GetUser(r)
+		if user == nil {
+			utils.DoRedirect(w, r, "/auth/signin")
+			return
+		}
+
+		go handler.service.SendVerificationMail(user.Id, user.Email)
+
+		_, err := w.Write([]byte("<p class=\"mt-8\">Verification email sent</p>"))
+		if err != nil {
+			log.Error("Could not write response: %v", err)
+		}
+	}
+}
+
+func (handler AuthImpl) handleSignUpVerifyResponsePage() http.HandlerFunc {
+	return func(w http.ResponseWriter, r *http.Request) {
+		token := r.URL.Query().Get("token")
+
+		err := handler.service.VerifyUserEmail(token)
+
+		isVerified := err == nil
+		comp := auth.VerifyResponseComp(isVerified)
+
+		var status int
+		if isVerified {
+			status = http.StatusOK
+		} else {
+			status = http.StatusBadRequest
+		}
+
+		handler.render.RenderLayoutWithStatus(r, w, comp, nil, status)
+	}
+}
+
+func (handler AuthImpl) handleSignUp() http.HandlerFunc {
+	return func(w http.ResponseWriter, r *http.Request) {
+		var email = r.FormValue("email")
+		var password = r.FormValue("password")
+
+		_, err := utils.WaitMinimumTime(securityWaitDuration, func() (interface{}, error) {
+			log.Info("Signing up %v", email)
+			user, err := handler.service.SignUp(email, password)
+			if err != nil {
+				return nil, err
+			}
+
+			log.Info("Sending verification email to %v", user.Email)
+			go handler.service.SendVerificationMail(user.Id, user.Email)
+			return nil, nil
+		})
+
+		if err != nil {
+			switch {
+			case errors.Is(err, types.ErrInternal):
+				utils.TriggerToastWithStatus(w, r, "error", "An error occurred", http.StatusInternalServerError)
+				return
+			case errors.Is(err, service.ErrInvalidEmail):
+				utils.TriggerToastWithStatus(w, r, "error", "The email provided is invalid", http.StatusBadRequest)
+				return
+			case errors.Is(err, service.ErrInvalidPassword):
+				utils.TriggerToastWithStatus(w, r, "error", service.ErrInvalidPassword.Error(), http.StatusBadRequest)
+				return
+			}
+			// If err is "service.ErrAccountExists", then just continue
+		}
+
+		utils.TriggerToastWithStatus(w, r, "success", "An activation link has been send to your email", http.StatusOK)
+	}
+}
+
+func (handler AuthImpl) handleSignOut() http.HandlerFunc {
+	return func(w http.ResponseWriter, r *http.Request) {
+		session := middleware.GetSession(r)
+
+		if session != nil {
+			err := handler.service.SignOut(session.Id)
+			if err != nil {
+				http.Error(w, "An error occurred", http.StatusInternalServerError)
+				return
+			}
+		}
+
+		c := http.Cookie{
+			Name:     "id",
+			Value:    "",
+			MaxAge:   -1,
+			Secure:   true,
+			HttpOnly: true,
+			SameSite: http.SameSiteStrictMode,
+			Path:     "/",
+		}
+
+		http.SetCookie(w, &c)
+		utils.DoRedirect(w, r, "/")
+	}
+}
+
+func (handler AuthImpl) handleDeleteAccountPage() http.HandlerFunc {
+	return func(w http.ResponseWriter, r *http.Request) {
+		user := middleware.GetUser(r)
+		if user == nil {
+			utils.DoRedirect(w, r, "/auth/signin")
+			return
+		}
+
+		comp := auth.DeleteAccountComp()
+		handler.render.RenderLayout(r, w, comp, user)
+	}
+}
+
+func (handler AuthImpl) handleDeleteAccountComp() http.HandlerFunc {
+	return func(w http.ResponseWriter, r *http.Request) {
+		user := middleware.GetUser(r)
+		if user == nil {
+			utils.DoRedirect(w, r, "/auth/signin")
+			return
+		}
+
+		password := r.FormValue("password")
+
+		err := handler.service.DeleteAccount(user, password)
+		if err != nil {
+			if errors.Is(err, service.ErrInvalidCredentials) {
+				utils.TriggerToastWithStatus(w, r, "error", "Password not correct", http.StatusBadRequest)
+			} else {
+				utils.TriggerToastWithStatus(w, r, "error", "Internal Server Error", http.StatusInternalServerError)
+			}
+			return
+		}
+
+		utils.DoRedirect(w, r, "/")
+	}
+}
+
+func (handler AuthImpl) handleChangePasswordPage() http.HandlerFunc {
+	return func(w http.ResponseWriter, r *http.Request) {
+		isPasswordReset := r.URL.Query().Has("token")
+
+		user := middleware.GetUser(r)
+
+		if user == nil && !isPasswordReset {
+			utils.DoRedirect(w, r, "/auth/signin")
+			return
+		}
+
+		comp := auth.ChangePasswordComp(isPasswordReset)
+		handler.render.RenderLayout(r, w, comp, user)
+	}
+}
+
+func (handler AuthImpl) handleChangePasswordComp() http.HandlerFunc {
+	return func(w http.ResponseWriter, r *http.Request) {
+		session := middleware.GetSession(r)
+		user := middleware.GetUser(r)
+		if session == nil || user == nil {
+			utils.TriggerToastWithStatus(w, r, "error", "Unathorized", http.StatusUnauthorized)
+			return
+		}
+
+		currPass := r.FormValue("current-password")
+		newPass := r.FormValue("new-password")
+
+		err := handler.service.ChangePassword(user, session.Id, currPass, newPass)
+		if err != nil {
+			utils.TriggerToastWithStatus(w, r, "error", err.Error(), http.StatusBadRequest)
+			return
+		}
+
+		utils.TriggerToastWithStatus(w, r, "success", "Password changed", http.StatusOK)
+	}
+}
+
+func (handler AuthImpl) handleForgotPasswordPage() http.HandlerFunc {
+	return func(w http.ResponseWriter, r *http.Request) {
+		user := middleware.GetUser(r)
+		if user != nil {
+			utils.DoRedirect(w, r, "/")
+			return
+		}
+
+		comp := auth.ResetPasswordComp()
+		handler.render.RenderLayout(r, w, comp, user)
+	}
+}
+
+func (handler AuthImpl) handleForgotPasswordComp() http.HandlerFunc {
+	return func(w http.ResponseWriter, r *http.Request) {
+		email := r.FormValue("email")
+		if email == "" {
+			utils.TriggerToastWithStatus(w, r, "error", "Please enter an email", http.StatusBadRequest)
+			return
+		}
+
+		_, err := utils.WaitMinimumTime(securityWaitDuration, func() (interface{}, error) {
+			err := handler.service.SendForgotPasswordMail(email)
+			return nil, err
+		})
+
+		if err != nil {
+			utils.TriggerToastWithStatus(w, r, "error", "Internal Server Error", http.StatusInternalServerError)
+		} else {
+			utils.TriggerToastWithStatus(w, r, "info", "If the address exists, an email has been sent.", http.StatusOK)
+		}
+	}
+}
+
+func (handler AuthImpl) handleForgotPasswordResponseComp() http.HandlerFunc {
+	return func(w http.ResponseWriter, r *http.Request) {
+		pageUrl, err := url.Parse(r.Header.Get("Hx-Current-Url"))
+		if err != nil {
+			log.Error("Could not get current URL: %v", err)
+			utils.TriggerToastWithStatus(w, r, "error", "Internal Server Error", http.StatusInternalServerError)
+			return
+		}
+
+		token := pageUrl.Query().Get("token")
+		newPass := r.FormValue("new-password")
+
+		err = handler.service.ForgotPassword(token, newPass)
+		if err != nil {
+			utils.TriggerToastWithStatus(w, r, "error", err.Error(), http.StatusBadRequest)
+		} else {
+			utils.TriggerToastWithStatus(w, r, "success", "Password changed", http.StatusOK)
+		}
+	}
+}