chore(auth): more refactoring

2024-09-19 21:33:20 +02:00
parent bb9381433b
commit f83a404206
3 changed files with 334 additions and 286 deletions
--- a/handler/auth.go
+++ b/handler/auth.go
@@ -2,6 +2,10 @@ package handler

 import (
 	"me-fit/service"
+	"me-fit/template"
+	"me-fit/template/auth"
+	"me-fit/types"
+	"me-fit/utils"

 	"database/sql"
 	"net/http"
@@ -10,13 +14,13 @@ import (
 func authUi(db *sql.DB) http.Handler {
 	router := http.NewServeMux()

-	router.Handle("/auth/signin", service.HandleSignInPage(db))
-	router.Handle("/auth/signup", service.HandleSignUpPage(db))
-	router.Handle("/auth/verify", service.HandleSignUpVerifyPage(db)) // Hint for the user to verify their email
-	router.Handle("/auth/delete-account", service.HandleDeleteAccountPage(db))
-	router.Handle("/auth/verify-email", service.HandleSignUpVerifyResponsePage(db)) // The link contained in the email
-	router.Handle("/auth/change-password", service.HandleChangePasswordPage(db))
-	router.Handle("/auth/reset-password", service.HandleResetPasswordPage(db))
+	router.Handle("/auth/signin", handleSignInPage(db))
+	router.Handle("/auth/signup", handleSignUpPage(db))
+	router.Handle("/auth/verify", handleSignUpVerifyPage(db)) // Hint for the user to verify their email
+	router.Handle("/auth/delete-account", handleDeleteAccountPage(db))
+	router.Handle("/auth/verify-email", handleSignUpVerifyResponsePage(db)) // The link contained in the email
+	router.Handle("/auth/change-password", handleChangePasswordPage(db))
+	router.Handle("/auth/reset-password", handleResetPasswordPage(db))
 	router.Handle("/", handleNotFound(db))

 	return router
@@ -25,8 +29,8 @@ func authUi(db *sql.DB) http.Handler {
 func authApi(db *sql.DB) http.Handler {
 	router := http.NewServeMux()

-	router.Handle("/api/auth/signup", service.HandleSignUpComp(db))
-	router.Handle("/api/auth/signin", service.HandleSignInComp(db))
+	router.Handle("/api/auth/signup", handleSignUp(db))
+	router.Handle("/api/auth/signin", handleSignIn(db))
 	router.Handle("/api/auth/signout", service.HandleSignOutComp(db))
 	router.Handle("/api/auth/delete-account", service.HandleDeleteAccountComp(db))
 	router.Handle("/api/auth/verify-resend", service.HandleVerifyResendComp(db))
@@ -36,3 +40,189 @@ func authApi(db *sql.DB) http.Handler {

 	return router
 }
+
+func handleSignInPage(db *sql.DB) http.HandlerFunc {
+	return func(w http.ResponseWriter, r *http.Request) {
+		user := service.GetUserFromRequest(db, r)
+
+		if user == nil {
+			userComp := service.UserInfoComp(nil)
+			signIn := auth.SignInOrUpComp(true)
+			err := template.Layout(signIn, userComp).Render(r.Context(), w)
+
+			if err != nil {
+				utils.LogError("Failed to render sign in page", err)
+				http.Error(w, "Internal Server Error", http.StatusInternalServerError)
+			}
+
+		} else if !user.EmailVerified {
+			utils.DoRedirect(w, r, "/auth/verify")
+		} else {
+			utils.DoRedirect(w, r, "/")
+		}
+	}
+}
+
+func handleSignUpPage(db *sql.DB) http.HandlerFunc {
+	return func(w http.ResponseWriter, r *http.Request) {
+		user := service.GetUserFromRequest(db, r)
+
+		if user == nil {
+			userComp := service.UserInfoComp(nil)
+			signUpComp := auth.SignInOrUpComp(false)
+			err := template.Layout(signUpComp, userComp).Render(r.Context(), w)
+
+			if err != nil {
+				utils.LogError("Failed to render sign up page", err)
+				http.Error(w, "Internal Server Error", http.StatusInternalServerError)
+			}
+
+		} else if !user.EmailVerified {
+			utils.DoRedirect(w, r, "/auth/verify")
+		} else {
+			utils.DoRedirect(w, r, "/")
+		}
+	}
+}
+
+func handleSignUpVerifyPage(db *sql.DB) http.HandlerFunc {
+	return func(w http.ResponseWriter, r *http.Request) {
+		user := service.GetUserFromRequest(db, r)
+		if user == nil {
+			utils.DoRedirect(w, r, "/auth/signin")
+		} else if user.EmailVerified {
+			utils.DoRedirect(w, r, "/")
+		} else {
+			userComp := service.UserInfoComp(user)
+			signIn := auth.VerifyComp()
+			err := template.Layout(signIn, userComp).Render(r.Context(), w)
+			if err != nil {
+				utils.LogError("Failed to render verify page", err)
+				http.Error(w, "Internal Server Error", http.StatusInternalServerError)
+			}
+		}
+	}
+}
+
+func handleDeleteAccountPage(db *sql.DB) http.HandlerFunc {
+	return func(w http.ResponseWriter, r *http.Request) {
+		// An unverified email should be able to delete their account
+		user := service.GetUserFromRequest(db, r)
+		if user == nil {
+			utils.DoRedirect(w, r, "/auth/signin")
+		} else {
+			userComp := service.UserInfoComp(user)
+			comp := auth.DeleteAccountComp()
+			err := template.Layout(comp, userComp).Render(r.Context(), w)
+			if err != nil {
+				utils.LogError("Failed to render delete account page", err)
+				http.Error(w, "Internal Server Error", http.StatusInternalServerError)
+			}
+		}
+	}
+}
+
+func handleSignUpVerifyResponsePage(db *sql.DB) http.HandlerFunc {
+	return func(w http.ResponseWriter, r *http.Request) {
+
+		token := r.URL.Query().Get("token")
+		if token == "" {
+			utils.DoRedirect(w, r, "/auth/verify")
+			return
+		}
+
+		err := service.ValidateEmail(db, token)
+		if err != nil {
+			utils.LogError("Could not validate email", err)
+			http.Error(w, "Internal Server Error", http.StatusInternalServerError)
+			return
+		}
+
+		utils.DoRedirect(w, r, "/")
+	}
+}
+
+func handleChangePasswordPage(db *sql.DB) http.HandlerFunc {
+	return func(w http.ResponseWriter, r *http.Request) {
+
+		isPasswordReset := r.URL.Query().Has("token")
+
+		user := service.GetUserFromRequest(db, r)
+		if user == nil && !isPasswordReset {
+			utils.DoRedirect(w, r, "/auth/signin")
+		} else {
+			userComp := service.UserInfoComp(user)
+			comp := auth.ChangePasswordComp(isPasswordReset)
+			err := template.Layout(comp, userComp).Render(r.Context(), w)
+			if err != nil {
+				utils.LogError("Failed to render change password page", err)
+				http.Error(w, "Internal Server Error", http.StatusInternalServerError)
+			}
+		}
+	}
+}
+
+func handleResetPasswordPage(db *sql.DB) http.HandlerFunc {
+	return func(w http.ResponseWriter, r *http.Request) {
+
+		user := service.GetUserFromRequest(db, r)
+		if user != nil {
+			utils.DoRedirect(w, r, "/auth/signin")
+		} else {
+			userComp := service.UserInfoComp(nil)
+			comp := auth.ResetPasswordComp()
+			err := template.Layout(comp, userComp).Render(r.Context(), w)
+			if err != nil {
+				utils.LogError("Failed to render change password page", err)
+				http.Error(w, "Internal Server Error", http.StatusInternalServerError)
+			}
+		}
+	}
+}
+
+func handleSignUp(db *sql.DB) http.HandlerFunc {
+	return func(w http.ResponseWriter, r *http.Request) {
+		var email = r.FormValue("email")
+		var password = r.FormValue("password")
+
+		sessionId, err := service.SignUp(db, email, password)
+		if err != nil {
+			http.Error(w, err.Error(), http.StatusBadRequest)
+			return
+		}
+
+		http.SetCookie(w, createSessionCookie(*sessionId))
+
+		utils.DoRedirect(w, r, "/auth/verify")
+	}
+}
+
+func createSessionCookie(sessionId types.SessionId) *http.Cookie {
+	cookie := http.Cookie{
+		Name:     "id",
+		Value:    string(sessionId),
+		MaxAge:   60 * 60 * 8, // 8 hours
+		Secure:   true,
+		HttpOnly: true,
+		SameSite: http.SameSiteStrictMode,
+		Path:     "/",
+	}
+
+	return &cookie
+}
+
+func handleSignIn(db *sql.DB) http.HandlerFunc {
+	return func(w http.ResponseWriter, r *http.Request) {
+		var email = r.FormValue("email")
+		var password = r.FormValue("password")
+
+		sessionId, err := service.SignIn(db, email, password)
+		if err != nil {
+			utils.TriggerToast(w, r, "error", "Invalid username or password")
+		}
+
+		http.SetCookie(w, createSessionCookie(*sessionId))
+
+		utils.DoRedirect(w, r, "/auth/verify")
+	}
+}