package handler import ( "me-fit/handler/middleware" "me-fit/log" "me-fit/service" "me-fit/template/auth" "me-fit/types" "me-fit/utils" "errors" "net/http" "net/url" "time" ) type Auth interface { Handle(router *http.ServeMux) } type AuthImpl struct { service service.Auth render *Render } func NewAuth(service service.Auth, render *Render) Auth { return AuthImpl{ service: service, render: render, } } func (handler AuthImpl) Handle(router *http.ServeMux) { router.Handle("GET /auth/signin", handler.handleSignInPage()) router.Handle("POST /api/auth/signin", handler.handleSignIn()) router.Handle("/auth/signup", handler.handleSignUpPage()) router.Handle("/auth/verify", handler.handleSignUpVerifyPage()) router.Handle("/api/auth/verify-resend", handler.handleVerifyResendComp()) router.Handle("/auth/verify-email", handler.handleSignUpVerifyResponsePage()) router.Handle("/api/auth/signup", handler.handleSignUp()) router.Handle("POST /api/auth/signout", handler.handleSignOut()) router.Handle("/auth/delete-account", handler.handleDeleteAccountPage()) router.Handle("/api/auth/delete-account", handler.handleDeleteAccountComp()) router.Handle("GET /auth/change-password", handler.handleChangePasswordPage()) router.Handle("POST /api/auth/change-password", handler.handleChangePasswordComp()) router.Handle("GET /auth/forgot-password", handler.handleForgotPasswordPage()) router.Handle("POST /api/auth/forgot-password", handler.handleForgotPasswordComp()) router.Handle("POST /api/auth/forgot-password-actual", handler.handleForgotPasswordResponseComp()) } var ( securityWaitDuration = 250 * time.Millisecond ) func (handler AuthImpl) handleSignInPage() http.HandlerFunc { return func(w http.ResponseWriter, r *http.Request) { user := middleware.GetUser(r) if user != nil { if !user.EmailVerified { utils.DoRedirect(w, r, "/auth/verify") } else { utils.DoRedirect(w, r, "/") } return } comp := auth.SignInOrUpComp(true) handler.render.RenderLayout(r, w, comp, nil) } } func (handler AuthImpl) handleSignIn() http.HandlerFunc { return func(w http.ResponseWriter, r *http.Request) { user, err := utils.WaitMinimumTime(securityWaitDuration, func() (*types.User, error) { session := middleware.GetSession(r) email := r.FormValue("email") password := r.FormValue("password") session, user, err := handler.service.SignIn(session, email, password) if err != nil { return nil, err } cookie := middleware.CreateSessionCookie(session.Id) http.SetCookie(w, &cookie) return user, nil }) if err != nil { if err == service.ErrInvalidCredentials { utils.TriggerToast(w, r, "error", "Invalid email or password", http.StatusUnauthorized) } else { utils.TriggerToast(w, r, "error", "An error occurred", http.StatusInternalServerError) } return } if user.EmailVerified { utils.DoRedirect(w, r, "/") } else { utils.DoRedirect(w, r, "/auth/verify") } } } func (handler AuthImpl) handleSignUpPage() http.HandlerFunc { return func(w http.ResponseWriter, r *http.Request) { user := middleware.GetUser(r) if user != nil { if !user.EmailVerified { utils.DoRedirect(w, r, "/auth/verify") } else { utils.DoRedirect(w, r, "/") } return } signUpComp := auth.SignInOrUpComp(false) handler.render.RenderLayout(r, w, signUpComp, nil) } } func (handler AuthImpl) handleSignUpVerifyPage() http.HandlerFunc { return func(w http.ResponseWriter, r *http.Request) { user := middleware.GetUser(r) if user == nil { utils.DoRedirect(w, r, "/auth/signin") return } if user.EmailVerified { utils.DoRedirect(w, r, "/") return } signIn := auth.VerifyComp() handler.render.RenderLayout(r, w, signIn, user) } } func (handler AuthImpl) handleVerifyResendComp() http.HandlerFunc { return func(w http.ResponseWriter, r *http.Request) { user := middleware.GetUser(r) if user == nil { utils.DoRedirect(w, r, "/auth/signin") return } go handler.service.SendVerificationMail(user.Id, user.Email) _, err := w.Write([]byte("

Verification email sent

")) if err != nil { log.Error("Could not write response: %v", err) } } } func (handler AuthImpl) handleSignUpVerifyResponsePage() http.HandlerFunc { return func(w http.ResponseWriter, r *http.Request) { token := r.URL.Query().Get("token") err := handler.service.VerifyUserEmail(token) isVerified := err == nil comp := auth.VerifyResponseComp(isVerified) var status int if isVerified { status = http.StatusOK } else { status = http.StatusBadRequest } handler.render.RenderLayoutWithStatus(r, w, comp, nil, status) } } func (handler AuthImpl) handleSignUp() http.HandlerFunc { return func(w http.ResponseWriter, r *http.Request) { var email = r.FormValue("email") var password = r.FormValue("password") _, err := utils.WaitMinimumTime(securityWaitDuration, func() (interface{}, error) { log.Info("Signing up %v", email) user, err := handler.service.SignUp(email, password) if err != nil { return nil, err } log.Info("Sending verification email to %v", user.Email) go handler.service.SendVerificationMail(user.Id, user.Email) return nil, nil }) if err != nil { if errors.Is(err, types.ErrInternal) { utils.TriggerToast(w, r, "error", "An error occurred", http.StatusInternalServerError) return } else if errors.Is(err, service.ErrInvalidEmail) { utils.TriggerToast(w, r, "error", "The email provided is invalid", http.StatusBadRequest) return } else if errors.Is(err, service.ErrInvalidPassword) { utils.TriggerToast(w, r, "error", service.ErrInvalidPassword.Error(), http.StatusBadRequest) return } // If err is "service.ErrAccountExists", then just continue } utils.TriggerToast(w, r, "success", "An activation link has been send to your email", http.StatusOK) } } func (handler AuthImpl) handleSignOut() http.HandlerFunc { return func(w http.ResponseWriter, r *http.Request) { session := middleware.GetSession(r) if session != nil { err := handler.service.SignOut(session.Id) if err != nil { http.Error(w, "An error occurred", http.StatusInternalServerError) return } } c := http.Cookie{ Name: "id", Value: "", MaxAge: -1, Secure: true, HttpOnly: true, SameSite: http.SameSiteStrictMode, Path: "/", } http.SetCookie(w, &c) utils.DoRedirect(w, r, "/") } } func (handler AuthImpl) handleDeleteAccountPage() http.HandlerFunc { return func(w http.ResponseWriter, r *http.Request) { user := middleware.GetUser(r) if user == nil { utils.DoRedirect(w, r, "/auth/signin") return } comp := auth.DeleteAccountComp() handler.render.RenderLayout(r, w, comp, user) } } func (handler AuthImpl) handleDeleteAccountComp() http.HandlerFunc { return func(w http.ResponseWriter, r *http.Request) { user := middleware.GetUser(r) if user == nil { utils.DoRedirect(w, r, "/auth/signin") return } password := r.FormValue("password") err := handler.service.DeleteAccount(user, password) if err != nil { if err == service.ErrInvalidCredentials { utils.TriggerToast(w, r, "error", "Password not correct", http.StatusBadRequest) } else { utils.TriggerToast(w, r, "error", "Internal Server Error", http.StatusInternalServerError) } return } utils.DoRedirect(w, r, "/") } } func (handler AuthImpl) handleChangePasswordPage() http.HandlerFunc { return func(w http.ResponseWriter, r *http.Request) { isPasswordReset := r.URL.Query().Has("token") user := middleware.GetUser(r) if user == nil && !isPasswordReset { utils.DoRedirect(w, r, "/auth/signin") return } comp := auth.ChangePasswordComp(isPasswordReset) handler.render.RenderLayout(r, w, comp, user) } } func (handler AuthImpl) handleChangePasswordComp() http.HandlerFunc { return func(w http.ResponseWriter, r *http.Request) { session := middleware.GetSession(r) user := middleware.GetUser(r) if session == nil || user == nil { utils.TriggerToast(w, r, "error", "Unathorized", http.StatusUnauthorized) return } currPass := r.FormValue("current-password") newPass := r.FormValue("new-password") err := handler.service.ChangePassword(user, session.Id, currPass, newPass) if err != nil { utils.TriggerToast(w, r, "error", "Password not correct", http.StatusBadRequest) return } utils.TriggerToast(w, r, "success", "Password changed", http.StatusOK) } } func (handler AuthImpl) handleForgotPasswordPage() http.HandlerFunc { return func(w http.ResponseWriter, r *http.Request) { user := middleware.GetUser(r) if user != nil { utils.DoRedirect(w, r, "/") return } comp := auth.ResetPasswordComp() handler.render.RenderLayout(r, w, comp, user) } } func (handler AuthImpl) handleForgotPasswordComp() http.HandlerFunc { return func(w http.ResponseWriter, r *http.Request) { email := r.FormValue("email") if email == "" { utils.TriggerToast(w, r, "error", "Please enter an email", http.StatusBadRequest) return } _, err := utils.WaitMinimumTime(securityWaitDuration, func() (interface{}, error) { err := handler.service.SendForgotPasswordMail(email) return nil, err }) if err != nil { utils.TriggerToast(w, r, "error", "Internal Server Error", http.StatusInternalServerError) } else { utils.TriggerToast(w, r, "info", "If the address exists, an email has been sent.", http.StatusOK) } } } func (handler AuthImpl) handleForgotPasswordResponseComp() http.HandlerFunc { return func(w http.ResponseWriter, r *http.Request) { pageUrl, err := url.Parse(r.Header.Get("HX-Current-URL")) if err != nil { log.Error("Could not get current URL: %v", err) utils.TriggerToast(w, r, "error", "Internal Server Error", http.StatusInternalServerError) return } token := pageUrl.Query().Get("token") newPass := r.FormValue("new-password") err = handler.service.ForgotPassword(token, newPass) if err != nil { utils.TriggerToast(w, r, "error", err.Error(), http.StatusInternalServerError) } else { utils.TriggerToast(w, r, "success", "Password changed", http.StatusOK) } } }