Dockerfile

@@ -1,10 +1,16 @@
 FROM golang:1.23.3@sha256:73f06be4578c9987ce560087e2e2ea6485fb605e3910542cadd8fa09fc5f3e31 AS builder_go
 WORKDIR /me-fit
-RUN go install github.com/a-h/templ/cmd/templ@latest && go install github.com/vektra/mockery/v2@latest && go install honnef.co/go/tools/cmd/staticcheck@latest
+RUN curl -sSfL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | sh -s -- -b $(go env GOPATH)/bin v1.62.2
+RUN go install github.com/a-h/templ/cmd/templ@latest
+RUN go install github.com/vektra/mockery/v2@latest
 COPY go.mod go.sum ./
 RUN go mod download
 COPY . ./
-RUN templ generate &&  mockery --log-level warn && staticcheck ./... && go test ./... && go build -o /me-fit/me-fit .
+RUN templ generate
+RUN mockery --log-level warn
+RUN go test ./...
+RUN golangci-lint run ./...
+RUN go build -o /me-fit/me-fit .
 
 
 FROM node:22.11.0@sha256:5c76d05034644fa8ecc9c2aa84e0a83cd981d0ef13af5455b87b9adf5b216561 AS builder_node

db/auth.go

@@ -1,6 +1,7 @@
 package db
 
 import (
+	"log/slog"
 	"me-fit/types"
 	"me-fit/utils"
 
@@ -13,9 +14,8 @@ import (
 )
 
 var (
-	ErrUserNotFound    = errors.New("User not found")
+	ErrNotFound   = errors.New("value not found")
-	ErrUserExists      = errors.New("User already exists")
+	ErrUserExists = errors.New("user already exists")
-	ErrSessionNotFound = errors.New("Session not found")
 )
 
 type User struct {
@@ -56,20 +56,45 @@ func NewSession(id string, userId uuid.UUID, createdAt time.Time) *Session {
 	}
 }
 
+type Token struct {
+	UserId    uuid.UUID
+	Token     string
+	Type      string
+	CreatedAt time.Time
+	ExpiresAt time.Time
+}
+
+var (
+	TokenTypeEmailVerify   = "email_verify"
+	TokenTypePasswordReset = "password_reset"
+)
+
+func NewToken(userId uuid.UUID, token string, tokenType string, createdAt time.Time, expiresAt time.Time) *Token {
+	return &Token{
+		UserId:    userId,
+		Token:     token,
+		Type:      tokenType,
+		CreatedAt: createdAt,
+		ExpiresAt: expiresAt,
+	}
+}
+
 type AuthDb interface {
 	InsertUser(user *User) error
-	GetUser(email string) (*User, error)
+	UpdateUser(user *User) error
-	GetUserById(userId uuid.UUID) (*User, error)
+	GetUserByEmail(email string) (*User, error)
+	GetUser(userId uuid.UUID) (*User, error)
 	DeleteUser(userId uuid.UUID) error
-	UpdateUserPassword(userId uuid.UUID, newHash []byte) error
 
-	InsertEmailVerificationToken(userId uuid.UUID, token string) error
+	InsertToken(token *Token) error
-	GetEmailVerificationToken(userId uuid.UUID) (string, error)
+	GetToken(token string) (*Token, error)
+	GetTokensByUserIdAndType(userId uuid.UUID, tokenType string) ([]*Token, error)
+	DeleteToken(token string) error
 
 	InsertSession(session *Session) error
 	GetSession(sessionId string) (*Session, error)
-	DeleteOldSessions(userId uuid.UUID) error
 	DeleteSession(sessionId string) error
+	DeleteOldSessions(userId uuid.UUID) error
 }
 
 type AuthDbSqlite struct {
@@ -98,7 +123,22 @@ func (db AuthDbSqlite) InsertUser(user *User) error {
 	return nil
 }
 
-func (db AuthDbSqlite) GetUser(email string) (*User, error) {
+func (db AuthDbSqlite) UpdateUser(user *User) error {
+	_, err := db.db.Exec(`
+		UPDATE user 
+		SET email_verified = ?, email_verified_at = ?, password = ?
+		WHERE user_uuid = ?`,
+		user.EmailVerified, user.EmailVerifiedAt, user.Password, user.Id)
+
+	if err != nil {
+		utils.LogError("SQL error UpdateUser", err)
+		return types.ErrInternal
+	}
+
+	return nil
+}
+
+func (db AuthDbSqlite) GetUserByEmail(email string) (*User, error) {
 	var (
 		userId          uuid.UUID
 		emailVerified   bool
@@ -115,7 +155,7 @@ func (db AuthDbSqlite) GetUser(email string) (*User, error) {
 		WHERE email = ?`, email).Scan(&userId, &emailVerified, &emailVerifiedAt, &password, &salt, &createdAt)
 	if err != nil {
 		if err == sql.ErrNoRows {
-			return nil, ErrUserNotFound
+			return nil, ErrNotFound
 		} else {
 			utils.LogError("SQL error GetUser", err)
 			return nil, types.ErrInternal
@@ -125,7 +165,7 @@ func (db AuthDbSqlite) GetUser(email string) (*User, error) {
 	return NewUser(userId, email, emailVerified, emailVerifiedAt, isAdmin, password, salt, createdAt), nil
 }
 
-func (db AuthDbSqlite) GetUserById(userId uuid.UUID) (*User, error) {
+func (db AuthDbSqlite) GetUser(userId uuid.UUID) (*User, error) {
 	var (
 		email           string
 		emailVerified   bool
@@ -142,7 +182,7 @@ func (db AuthDbSqlite) GetUserById(userId uuid.UUID) (*User, error) {
 		WHERE user_uuid = ?`, userId).Scan(&email, &emailVerified, &emailVerifiedAt, &password, &salt, &createdAt)
 	if err != nil {
 		if err == sql.ErrNoRows {
-			return nil, ErrUserNotFound
+			return nil, ErrNotFound
 		} else {
 			utils.LogError("SQL error GetUser", err)
 			return nil, types.ErrInternal
@@ -162,28 +202,28 @@ func (db AuthDbSqlite) DeleteUser(userId uuid.UUID) error {
 
 	_, err = tx.Exec("DELETE FROM workout WHERE user_id = ?", userId)
 	if err != nil {
-		tx.Rollback()
+		_ = tx.Rollback()
 		utils.LogError("Could not delete workouts", err)
 		return types.ErrInternal
 	}
 
 	_, err = tx.Exec("DELETE FROM user_token WHERE user_uuid = ?", userId)
 	if err != nil {
-		tx.Rollback()
+		_ = tx.Rollback()
 		utils.LogError("Could not delete user tokens", err)
 		return types.ErrInternal
 	}
 
 	_, err = tx.Exec("DELETE FROM session WHERE user_uuid = ?", userId)
 	if err != nil {
-		tx.Rollback()
+		_ = tx.Rollback()
 		utils.LogError("Could not delete sessions", err)
 		return types.ErrInternal
 	}
 
 	_, err = tx.Exec("DELETE FROM user WHERE user_uuid = ?", userId)
 	if err != nil {
-		tx.Rollback()
+		_ = tx.Rollback()
 		utils.LogError("Could not delete user", err)
 		return types.ErrInternal
 	}
@@ -197,19 +237,10 @@ func (db AuthDbSqlite) DeleteUser(userId uuid.UUID) error {
 	return nil
 }
 
-func (db AuthDbSqlite) UpdateUserPassword(userId uuid.UUID, newHash []byte) error {
+func (db AuthDbSqlite) InsertToken(token *Token) error {
-	_, err := db.db.Exec("UPDATE user SET password = ? WHERE user_uuid = ?", newHash, userId)
-	if err != nil {
-		utils.LogError("Could not update password", err)
-		return types.ErrInternal
-	}
-	return nil
-}
-
-func (db AuthDbSqlite) InsertEmailVerificationToken(userId uuid.UUID, token string) error {
 	_, err := db.db.Exec(`
-		INSERT INTO user_token (user_uuid, type, token, created_at) 
+		INSERT INTO user_token (user_uuid, type, token, created_at, expires_at)
-		VALUES (?, 'email_verify', ?, datetime())`, userId, token)
+		VALUES (?, ?, ?, ?, ?)`, token.UserId, token.Type, token.Token, token.CreatedAt, token.ExpiresAt)
 
 	if err != nil {
 		utils.LogError("Could not insert token", err)
@@ -219,21 +250,102 @@ func (db AuthDbSqlite) InsertEmailVerificationToken(userId uuid.UUID, token stri
 	return nil
 }
 
-func (db AuthDbSqlite) GetEmailVerificationToken(userId uuid.UUID) (string, error) {
+func (db AuthDbSqlite) GetToken(token string) (*Token, error) {
-	var token string
+	var (
+		userId       uuid.UUID
+		tokenType    string
+		createdAtStr string
+		expiresAtStr string
+		createdAt    time.Time
+		expiresAt    time.Time
+	)
 
 	err := db.db.QueryRow(`
-		SELECT token 
+		SELECT user_uuid, type, created_at, expires_at 
 		FROM user_token 
-		WHERE user_uuid = ? 
+		WHERE token = ? 
-		AND type = 'email_verify'`, userId).Scan(&token)
+		AND type = 'email_verify'`, token).Scan(&userId, &tokenType, &createdAtStr, &expiresAtStr)
 
-	if err != nil && err != sql.ErrNoRows {
+	if err != nil {
-		utils.LogError("Could not get token", err)
+		if err == sql.ErrNoRows {
-		return "", types.ErrInternal
+			slog.Info("Token '" + token + "' not found")
+			return nil, ErrNotFound
+		} else {
+			utils.LogError("Could not get token", err)
+			return nil, types.ErrInternal
+		}
 	}
 
-	return token, nil
+	createdAt, err = time.Parse(time.RFC3339, createdAtStr)
+	if err != nil {
+		utils.LogError("Could not parse token.created_at", err)
+		return nil, types.ErrInternal
+	}
+
+	expiresAt, err = time.Parse(time.RFC3339, expiresAtStr)
+	if err != nil {
+		utils.LogError("Could not parse token.expires_at", err)
+		return nil, types.ErrInternal
+	}
+
+	return NewToken(userId, token, tokenType, createdAt, expiresAt), nil
+}
+
+func (db AuthDbSqlite) GetTokensByUserIdAndType(userId uuid.UUID, tokenType string) ([]*Token, error) {
+
+	query, err := db.db.Query(`
+		SELECT token, created_at, expires_at 
+		FROM user_token 
+		WHERE user_uuid = ?
+		AND type = ?`, userId, tokenType)
+
+	if err != nil {
+		utils.LogError("Could not get token", err)
+		return nil, types.ErrInternal
+	}
+
+	var tokens []*Token
+
+	for query.Next() {
+		var (
+			token        string
+			createdAtStr string
+			expiresAtStr string
+			createdAt    time.Time
+			expiresAt    time.Time
+		)
+
+		err := query.Scan(&token, &createdAtStr, &expiresAtStr)
+		if err != nil {
+			utils.LogError("Could not scan token", err)
+			return nil, types.ErrInternal
+		}
+
+		createdAt, err = time.Parse(time.RFC3339, createdAtStr)
+		if err != nil {
+			utils.LogError("Could not parse token.created_at", err)
+			return nil, types.ErrInternal
+		}
+
+		expiresAt, err = time.Parse(time.RFC3339, expiresAtStr)
+		if err != nil {
+			utils.LogError("Could not parse token.expires_at", err)
+			return nil, types.ErrInternal
+		}
+
+		tokens = append(tokens, NewToken(userId, token, tokenType, createdAt, expiresAt))
+	}
+
+	return tokens, nil
+}
+
+func (db AuthDbSqlite) DeleteToken(token string) error {
+	_, err := db.db.Exec("DELETE FROM user_token WHERE token = ?", token)
+	if err != nil {
+		utils.LogError("Could not delete token", err)
+		return types.ErrInternal
+	}
+	return nil
 }
 
 func (db AuthDbSqlite) InsertSession(session *Session) error {
@@ -264,7 +376,7 @@ func (db AuthDbSqlite) GetSession(sessionId string) (*Session, error) {
 			WHERE session_id = ?`, sessionId).Scan(&userId, &sessionCreatedAt)
 
 	if err != nil {
-		return nil, ErrSessionNotFound
+		return nil, ErrNotFound
 	}
 
 	return NewSession(sessionId, userId, sessionCreatedAt), nil

db/auth_test.go

@@ -37,8 +37,8 @@ func TestUser(t *testing.T) {
 
 		underTest := AuthDbSqlite{db: db}
 
-		_, err := underTest.GetUser("someNonExistentEmail")
+		_, err := underTest.GetUserByEmail("someNonExistentEmail")
-		assert.Equal(t, ErrUserNotFound, err)
+		assert.Equal(t, ErrNotFound, err)
 	})
 
 	t.Run("should insert and get user", func(t *testing.T) {
@@ -54,7 +54,7 @@ func TestUser(t *testing.T) {
 		err := underTest.InsertUser(expected)
 		assert.Nil(t, err)
 
-		actual, err := underTest.GetUser(expected.Email)
+		actual, err := underTest.GetUserByEmail(expected.Email)
 		assert.Nil(t, err)
 
 		assert.Equal(t, expected, actual)
@@ -81,32 +81,35 @@ func TestUser(t *testing.T) {
 func TestEmailVerification(t *testing.T) {
 	t.Parallel()
 
-	t.Run("should return empty string if no token is safed", func(t *testing.T) {
+	t.Run("should return NotFound", func(t *testing.T) {
 		t.Parallel()
 		db := setupDb(t)
 
 		underTest := AuthDbSqlite{db: db}
 
-		token, err := underTest.GetEmailVerificationToken(uuid.New())
+		token, err := underTest.GetToken("someNonExistentToken")
 
-		assert.Nil(t, err)
+		assert.Equal(t, ErrNotFound, err)
-		assert.Equal(t, "", token)
+		assert.Nil(t, token)
 	})
 	t.Run("should insert and return token", func(t *testing.T) {
 		t.Parallel()
 		db := setupDb(t)
 
 		underTest := AuthDbSqlite{db: db}
+		tokenStr := "some secure token"
+		createdAt := time.Date(2020, 1, 5, 13, 0, 0, 0, time.UTC)
 
-		userId := uuid.New()
+		expectedToken := NewToken(uuid.New(), tokenStr, TokenTypeEmailVerify, createdAt, createdAt.Add(24*time.Hour))
-		expectedToken := "someToken"
 
-		err := underTest.InsertEmailVerificationToken(userId, expectedToken)
+		err := underTest.InsertToken(expectedToken)
 		assert.Nil(t, err)
 
-		actualToken, err := underTest.GetEmailVerificationToken(userId)
+		actualToken, err := underTest.GetToken(tokenStr)
 		assert.Nil(t, err)
 
+		t.Logf("expectedToken: %v", expectedToken)
+		t.Logf("actualToken: %v", actualToken)
 		assert.Equal(t, expectedToken, actualToken)
 	})
 }

handler/auth.go

@@ -7,9 +7,9 @@ import (
 	"me-fit/types"
 	"me-fit/utils"
 
-	"database/sql"
 	"errors"
 	"net/http"
+	"net/url"
 	"time"
 )
 
@@ -18,14 +18,12 @@ type HandlerAuth interface {
 }
 
 type HandlerAuthImpl struct {
-	db             *sql.DB
 	service        service.AuthService
 	serverSettings *types.ServerSettings
 }
 
-func NewHandlerAuth(db *sql.DB, service service.AuthService, serverSettings *types.ServerSettings) HandlerAuth {
+func NewHandlerAuth(service service.AuthService, serverSettings *types.ServerSettings) HandlerAuth {
 	return HandlerAuthImpl{
-		db:             db,
 		service:        service,
 		serverSettings: serverSettings,
 	}
@@ -37,7 +35,7 @@ func (handler HandlerAuthImpl) Handle(router *http.ServeMux) {
 	router.Handle("/auth/signup", handler.handleSignUpPage())
 	router.Handle("/auth/verify", handler.handleSignUpVerifyPage()) // Hint for the user to verify their email
 	router.Handle("/auth/delete-account", handler.handleDeleteAccountPage())
-	router.Handle("/auth/verify-email", service.HandleSignUpVerifyResponsePage(handler.db)) // The link contained in the email
+	router.Handle("/auth/verify-email", handler.HandleSignUpVerifyResponsePage()) // The link contained in the email
 	router.Handle("/auth/change-password", handler.handleChangePasswordPage())
 	router.Handle("/auth/reset-password", handler.handleResetPasswordPage())
 	router.Handle("/api/auth/signup", handler.handleSignUp())
@@ -46,8 +44,8 @@ func (handler HandlerAuthImpl) Handle(router *http.ServeMux) {
 	router.Handle("/api/auth/delete-account", handler.HandleDeleteAccountComp())
 	router.Handle("/api/auth/verify-resend", handler.HandleVerifyResendComp())
 	router.Handle("/api/auth/change-password", handler.HandleChangePasswordComp())
-	router.Handle("/api/auth/reset-password", service.HandleResetPasswordComp(handler.db, handler.serverSettings))
+	router.Handle("/api/auth/reset-password", handler.HandleForgotPasswordComp())
-	router.Handle("/api/auth/reset-password-actual", service.HandleActualResetPasswordComp(handler.db))
+	router.Handle("/api/auth/reset-password-actual", handler.HandleForgotPasswordResponseComp())
 }
 
 var (
@@ -331,7 +329,10 @@ func (handler HandlerAuthImpl) HandleVerifyResendComp() http.HandlerFunc {
 
 		go handler.service.SendVerificationMail(user.Id, user.Email)
 
-		w.Write([]byte("<p class=\"mt-8\">Verification email sent</p>"))
+		_, err = w.Write([]byte("<p class=\"mt-8\">Verification email sent</p>"))
+		if err != nil {
+			utils.LogError("Could not write response", err)
+		}
 	}
 }
 
@@ -356,3 +357,63 @@ func (handler HandlerAuthImpl) HandleChangePasswordComp() http.HandlerFunc {
 		utils.TriggerToast(w, r, "success", "Password changed")
 	}
 }
+
+func (handler HandlerAuthImpl) HandleSignUpVerifyResponsePage() http.HandlerFunc {
+	return func(w http.ResponseWriter, r *http.Request) {
+
+		token := r.URL.Query().Get("token")
+
+		err := handler.service.VerifyUserEmail(token)
+
+		if err != nil {
+			utils.DoRedirect(w, r, "/auth/signin")
+		} else {
+			utils.DoRedirect(w, r, "/")
+		}
+	}
+}
+
+func (handler HandlerAuthImpl) HandleForgotPasswordComp() http.HandlerFunc {
+	return func(w http.ResponseWriter, r *http.Request) {
+
+		email := r.FormValue("email")
+		if email == "" {
+			utils.TriggerToast(w, r, "error", "Please enter an email")
+			return
+		}
+
+		err := handler.service.ForgotPassword(email)
+		if err != nil {
+			utils.TriggerToast(w, r, "error", "Internal Server Error")
+		} else {
+			utils.TriggerToast(w, r, "info", "If the email exists, an email has been sent")
+		}
+	}
+}
+
+func (handler HandlerAuthImpl) HandleForgotPasswordResponseComp() http.HandlerFunc {
+	return func(w http.ResponseWriter, r *http.Request) {
+
+		pageUrl, err := url.Parse(r.Header.Get("HX-Current-URL"))
+		if err != nil {
+			utils.LogError("Could not get current URL", err)
+			utils.TriggerToast(w, r, "error", "Internal Server Error")
+			return
+		}
+
+		token := pageUrl.Query().Get("token")
+		if token == "" {
+			utils.TriggerToast(w, r, "error", "No token")
+			return
+		}
+
+		newPass := r.FormValue("new-password")
+
+		err = handler.service.ForgotPasswordResponse(token, newPass)
+		if err != nil {
+			utils.TriggerToast(w, r, "error", err.Error())
+		} else {
+			utils.TriggerToast(w, r, "success", "Password changed")
+		}
+	}
+}

handler/index_and_404.go

@@ -6,7 +6,6 @@ import (
 	"me-fit/types"
 	"me-fit/utils"
 
-	"database/sql"
 	"net/http"
 
 	"github.com/a-h/templ"
@@ -17,14 +16,12 @@ type IndexHandler interface {
 }
 
 type IndexHandlerImpl struct {
-	db             *sql.DB
 	service        service.AuthService
 	serverSettings *types.ServerSettings
 }
 
-func NewIndexHandler(db *sql.DB, service service.AuthService, serverSettings *types.ServerSettings) IndexHandler {
+func NewIndexHandler(service service.AuthService, serverSettings *types.ServerSettings) IndexHandler {
 	return IndexHandlerImpl{
-		db:             db,
 		service:        service,
 		serverSettings: serverSettings,
 	}

handler/workout.go

@@ -7,7 +7,6 @@ import (
 	"me-fit/types"
 	"me-fit/utils"
 
-	"database/sql"
 	"log/slog"
 	"net/http"
 	"strconv"
@@ -19,15 +18,13 @@ type WorkoutHandler interface {
 }
 
 type WorkoutHandlerImpl struct {
-	db             *sql.DB
 	service        service.WorkoutService
 	auth           service.AuthService
 	serverSettings *types.ServerSettings
 }
 
-func NewWorkoutHandler(db *sql.DB, service service.WorkoutService, auth service.AuthService, serverSettings *types.ServerSettings) WorkoutHandler {
+func NewWorkoutHandler(service service.WorkoutService, auth service.AuthService, serverSettings *types.ServerSettings) WorkoutHandler {
 	return WorkoutHandlerImpl{
-		db:             db,
 		service:        service,
 		auth:           auth,
 		serverSettings: serverSettings,
@@ -109,7 +106,12 @@ func (handler WorkoutHandlerImpl) handleGetWorkout() http.HandlerFunc {
 			wos = append(wos, workout.Workout{Id: wo.RowId, Date: wo.Date, Type: wo.Type, Sets: wo.Sets, Reps: wo.Reps})
 		}
 
-		workout.WorkoutListComp(wos).Render(r.Context(), w)
+		err = workout.WorkoutListComp(wos).Render(r.Context(), w)
+		if err != nil {
+			utils.LogError("Could not render workoutlist", err)
+			utils.TriggerToast(w, r, "error", "Internal Server Error")
+			http.Error(w, err.Error(), http.StatusInternalServerError)
+		}
 	}
 }
 

main.go

@@ -115,9 +115,9 @@ func createHandler(d *sql.DB, serverSettings *types.ServerSettings) http.Handler
 	authService := service.NewAuthServiceImpl(authDb, randomService, clockService, mailService, serverSettings)
 	workoutService := service.NewWorkoutServiceImpl(workoutDb, randomService, clockService, mailService, serverSettings)
 
-	indexHandler := handler.NewIndexHandler(d, authService, serverSettings)
+	indexHandler := handler.NewIndexHandler(authService, serverSettings)
-	authHandler := handler.NewHandlerAuth(d, authService, serverSettings)
+	authHandler := handler.NewHandlerAuth(authService, serverSettings)
-	workoutHandler := handler.NewWorkoutHandler(d, workoutService, authService, serverSettings)
+	workoutHandler := handler.NewWorkoutHandler(workoutService, authService, serverSettings)
 
 	indexHandler.Handle(router)
 

service/auth.go

@@ -3,18 +3,14 @@ package service
 import (
 	"context"
 	"crypto/subtle"
-	"database/sql"
 	"errors"
-	"log/slog"
-	"net/http"
 	"net/mail"
-	"net/url"
 	"strings"
 	"time"
 
 	"me-fit/db"
 	"me-fit/template/auth"
-	tempMail "me-fit/template/mail"
+	mailTemplate "me-fit/template/mail"
 	"me-fit/types"
 	"me-fit/utils"
 
@@ -63,9 +59,12 @@ type AuthService interface {
 	SignIn(email string, password string) (*Session, error)
 	SignUp(email string, password string) (*User, error)
 	SendVerificationMail(userId uuid.UUID, email string)
+	VerifyUserEmail(token string) error
 	SignOut(sessionId string) error
 	DeleteAccount(user *User) error
 	ChangePassword(user *User, currPass, newPass string) error
+	ForgotPassword(email string) error
+	ForgotPasswordResponse(token string, newPass string) error
 
 	GetUserFromSessionId(sessionId string) (*User, error)
 }
@@ -89,9 +88,9 @@ func NewAuthServiceImpl(dbAuth db.AuthDb, randomGenerator RandomService, clock C
 }
 
 func (service AuthServiceImpl) SignIn(email string, password string) (*Session, error) {
-	user, err := service.dbAuth.GetUser(email)
+	user, err := service.dbAuth.GetUserByEmail(email)
 	if err != nil {
-		if errors.Is(err, db.ErrUserNotFound) {
+		if errors.Is(err, db.ErrNotFound) {
 			return nil, ErrInvaidCredentials
 		} else {
 			return nil, types.ErrInternal
@@ -119,6 +118,7 @@ func (service AuthServiceImpl) createSession(userId uuid.UUID) (*db.Session, err
 	}
 
 	err = service.dbAuth.DeleteOldSessions(userId)
+
 	if err != nil {
 		return nil, types.ErrInternal
 	}
@@ -170,27 +170,34 @@ func (service AuthServiceImpl) SignUp(email string, password string) (*User, err
 }
 
 func (service AuthServiceImpl) SendVerificationMail(userId uuid.UUID, email string) {
-	var token string
 
-	token, err := service.dbAuth.GetEmailVerificationToken(userId)
+	tokens, err := service.dbAuth.GetTokensByUserIdAndType(userId, db.TokenTypeEmailVerify)
 	if err != nil {
 		return
 	}
 
-	if token == "" {
+	var token *db.Token
-		token, err := service.randomGenerator.String(32)
+
+	if len(tokens) > 0 {
+		token = tokens[0]
+	}
+
+	if token == nil {
+		newTokenStr, err := service.randomGenerator.String(32)
 		if err != nil {
 			return
 		}
 
-		err = service.dbAuth.InsertEmailVerificationToken(userId, token)
+		token = db.NewToken(userId, newTokenStr, db.TokenTypeEmailVerify, service.clock.Now(), service.clock.Now().Add(24*time.Hour))
+
+		err = service.dbAuth.InsertToken(token)
 		if err != nil {
 			return
 		}
 	}
 
 	var w strings.Builder
-	err = tempMail.Register(service.serverSettings.BaseUrl, token).Render(context.Background(), &w)
+	err = mailTemplate.Register(service.serverSettings.BaseUrl, token.Token).Render(context.Background(), &w)
 	if err != nil {
 		utils.LogError("Could not render welcome email", err)
 		return
@@ -199,6 +206,44 @@ func (service AuthServiceImpl) SendVerificationMail(userId uuid.UUID, email stri
 	service.mailService.SendMail(email, "Welcome to ME-FIT", w.String())
 }
 
+func (service AuthServiceImpl) VerifyUserEmail(tokenStr string) error {
+
+	if tokenStr == "" {
+		return types.ErrInternal
+	}
+
+	token, err := service.dbAuth.GetToken(tokenStr)
+	if err != nil {
+		return types.ErrInternal
+	}
+
+	user, err := service.dbAuth.GetUser(token.UserId)
+	if err != nil {
+		return types.ErrInternal
+	}
+
+	if token.Type != db.TokenTypeEmailVerify {
+		return types.ErrInternal
+	}
+
+	now := service.clock.Now()
+
+	if token.ExpiresAt.Before(now) {
+		return types.ErrInternal
+	}
+
+	user.EmailVerified = true
+	user.EmailVerifiedAt = &now
+
+	err = service.dbAuth.UpdateUser(user)
+	if err != nil {
+		return types.ErrInternal
+	}
+
+	_ = service.dbAuth.DeleteToken(token.Token)
+	return nil
+}
+
 func (service AuthServiceImpl) SignOut(sessionId string) error {
 
 	return service.dbAuth.DeleteSession(sessionId)
@@ -214,7 +259,7 @@ func (service AuthServiceImpl) GetUserFromSessionId(sessionId string) (*User, er
 		return nil, types.ErrInternal
 	}
 
-	user, err := service.dbAuth.GetUserById(session.UserId)
+	user, err := service.dbAuth.GetUser(session.UserId)
 	if err != nil {
 		return nil, types.ErrInternal
 	}
@@ -228,48 +273,6 @@ func (service AuthServiceImpl) GetUserFromSessionId(sessionId string) (*User, er
 
 // TODO
 
-func HandleSignUpVerifyResponsePage(db *sql.DB) http.HandlerFunc {
-	return func(w http.ResponseWriter, r *http.Request) {
-
-		token := r.URL.Query().Get("token")
-
-		if token == "" {
-			utils.DoRedirect(w, r, "/auth/verify")
-			return
-		}
-
-		result, err := db.Exec(`
-			UPDATE user
-			SET email_verified = true, email_verified_at = datetime()
-			WHERE user_uuid = (
-				SELECT user_uuid
-				FROM user_token
-				WHERE type = "email_verify"
-				AND token = ?
-			);
-		`, token)
-
-		if err != nil {
-			utils.LogError("Could not update user on verify response", err)
-			http.Error(w, "Internal Server Error", http.StatusInternalServerError)
-			return
-		}
-
-		i, err := result.RowsAffected()
-		if err != nil {
-			utils.LogError("Could not get rows affected on verify response", err)
-			http.Error(w, "Internal Server Error", http.StatusInternalServerError)
-			return
-		}
-
-		if i == 0 {
-			utils.DoRedirect(w, r, "/")
-		} else {
-			utils.DoRedirect(w, r, "/auth/signin")
-		}
-	}
-}
-
 func UserInfoComp(user *User) templ.Component {
 
 	if user != nil {
@@ -306,14 +309,16 @@ func (service AuthServiceImpl) ChangePassword(user *User, currPass, newPass stri
 		return err
 	}
 
-	userDb, err := service.dbAuth.GetUserById(user.Id)
+	userDb, err := service.dbAuth.GetUser(user.Id)
 	if err != nil {
 		return err
 	}
 
 	newHash := GetHashPassword(newPass, userDb.Salt)
 
-	err = service.dbAuth.UpdateUserPassword(user.Id, newHash)
+	userDb.Password = newHash
+
+	err = service.dbAuth.UpdateUser(userDb)
 	if err != nil {
 		return err
 	}
@@ -321,115 +326,71 @@ func (service AuthServiceImpl) ChangePassword(user *User, currPass, newPass stri
 	return nil
 }
 
-func HandleActualResetPasswordComp(db *sql.DB) http.HandlerFunc {
+func (service AuthServiceImpl) ForgotPassword(email string) error {
-	return func(w http.ResponseWriter, r *http.Request) {
 
-		pageUrl, err := url.Parse(r.Header.Get("HX-Current-URL"))
+	tokenStr, err := service.randomGenerator.String(32)
-		if err != nil {
+	if err != nil {
-			utils.LogError("Could not get current URL", err)
+		return err
-			utils.TriggerToast(w, r, "error", "Internal Server Error")
-			return
-		}
-
-		token := pageUrl.Query().Get("token")
-		if token == "" {
-			utils.TriggerToast(w, r, "error", "No token")
-			return
-		}
-
-		newPass := r.FormValue("new-password")
-
-		if !isPasswordValid(newPass) {
-			utils.TriggerToast(w, r, "error", ErrInvalidPassword.Error())
-			return
-		}
-
-		var (
-			userId uuid.UUID
-			salt   []byte
-		)
-
-		err = db.QueryRow(`
-			SELECT u.user_uuid, salt
-			FROM user_token t
-			INNER JOIN user u ON t.user_uuid = u.user_uuid
-			WHERE t.token = ? 
-			AND t.type = 'password_reset'
-			AND t.expires_at > datetime()
-			`, token).Scan(&userId, &salt)
-		if err != nil {
-			slog.Warn("Could not get user from token: " + err.Error())
-			utils.TriggerToast(w, r, "error", "Invalid token")
-			return
-		}
-
-		_, err = db.Exec("DELETE FROM user_token WHERE token = ? AND type = 'password_reset'", token)
-		if err != nil {
-			utils.LogError("Could not delete token", err)
-			utils.TriggerToast(w, r, "error", "Internal Server Error")
-			return
-		}
-
-		passHash := GetHashPassword(newPass, salt)
-
-		_, err = db.Exec("UPDATE user SET password = ? WHERE user_uuid = ?", passHash, userId)
-		if err != nil {
-			utils.LogError("Could not update password", err)
-			utils.TriggerToast(w, r, "error", "Internal Server Error")
-			return
-		}
-
-		utils.TriggerToast(w, r, "success", "Password changed")
 	}
+
+	user, err := service.dbAuth.GetUserByEmail(email)
+	if err != nil {
+		if err == db.ErrNotFound {
+			return nil
+		} else {
+			return types.ErrInternal
+		}
+	}
+
+	token := db.NewToken(user.Id, tokenStr, db.TokenTypePasswordReset, service.clock.Now(), service.clock.Now().Add(15*time.Minute))
+
+	err = service.dbAuth.InsertToken(token)
+	if err != nil {
+		return types.ErrInternal
+	}
+
+	var mail strings.Builder
+	err = mailTemplate.ResetPassword(service.serverSettings.BaseUrl, token.Token).Render(context.Background(), &mail)
+	if err != nil {
+		utils.LogError("Could not render reset password email", err)
+		return types.ErrInternal
+	}
+	go service.mailService.SendMail(email, "Reset Password", mail.String())
+
+	return nil
 }
 
-func HandleResetPasswordComp(db *sql.DB, serverSettings *types.ServerSettings) http.HandlerFunc {
+func (service AuthServiceImpl) ForgotPasswordResponse(tokenStr string, newPass string) error {
-	mailService := NewMailServiceImpl(serverSettings)
-	return func(w http.ResponseWriter, r *http.Request) {
 
-		email := r.FormValue("email")
+	if !isPasswordValid(newPass) {
-		if email == "" {
+		return ErrInvalidPassword
-			utils.TriggerToast(w, r, "error", "Please enter an email")
-			return
-		}
-
-		token, err := NewRandomServiceImpl().String(32)
-		if err != nil {
-			return
-		}
-
-		res, err := db.Exec(`
-			INSERT INTO user_token (user_uuid, type, token, created_at, expires_at)
-			SELECT user_uuid, 'password_reset', ?, datetime(), datetime('now', '+15 minute')
-			FROM user
-			WHERE email = ?
-			`, token, email)
-		if err != nil {
-			utils.LogError("Could not insert token", err)
-			utils.TriggerToast(w, r, "error", "Internal Server Error")
-			return
-		}
-
-		i, err := res.RowsAffected()
-		if err != nil {
-			utils.LogError("Could not get rows affected", err)
-			utils.TriggerToast(w, r, "error", "Internal Server Error")
-			return
-		}
-
-		if i != 0 {
-			var mail strings.Builder
-			err = tempMail.ResetPassword(serverSettings.BaseUrl, token).Render(context.Background(), &mail)
-			if err != nil {
-				utils.LogError("Could not render reset password email", err)
-				utils.TriggerToast(w, r, "error", "Internal Server Error")
-				return
-			}
-			mailService.SendMail(email, "Reset Password", mail.String())
-		}
-
-		utils.TriggerToast(w, r, "info", "If the email exists, an email has been sent")
 	}
+
+	token, err := service.dbAuth.GetToken(tokenStr)
+	if err != nil {
+		return err
+	}
+
+	err = service.dbAuth.DeleteToken(tokenStr)
+	if err != nil {
+		return err
+	}
+
+	user, err := service.dbAuth.GetUser(token.UserId)
+	if err != nil {
+		utils.LogError("Could not get user from token", err)
+		return types.ErrInternal
+	}
+
+	passHash := GetHashPassword(newPass, user.Salt)
+
+	user.Password = passHash
+	err = service.dbAuth.UpdateUser(user)
+	if err != nil {
+		return err
+	}
+
+	return nil
 }
 
 func GetHashPassword(password string, salt []byte) []byte {

service/auth_test.go

@@ -36,7 +36,7 @@ func TestSignIn(t *testing.T) {
 		dbSession := db.NewSession("sessionId", user.Id, time.Date(2020, 1, 1, 0, 0, 0, 0, time.UTC))
 
 		mockAuthDb := mocks.NewMockAuthDb(t)
-		mockAuthDb.EXPECT().GetUser("test@test.de").Return(user, nil)
+		mockAuthDb.EXPECT().GetUserByEmail("test@test.de").Return(user, nil)
 		mockAuthDb.EXPECT().DeleteOldSessions(user.Id).Return(nil)
 		mockAuthDb.EXPECT().InsertSession(dbSession).Return(nil)
 		mockRandom := mocks.NewMockRandomService(t)
@@ -71,7 +71,7 @@ func TestSignIn(t *testing.T) {
 		)
 
 		mockAuthDb := mocks.NewMockAuthDb(t)
-		mockAuthDb.EXPECT().GetUser(user.Email).Return(user, nil)
+		mockAuthDb.EXPECT().GetUserByEmail(user.Email).Return(user, nil)
 		mockRandom := mocks.NewMockRandomService(t)
 		mockClock := mocks.NewMockClockService(t)
 		mockMail := mocks.NewMockMailService(t)
@@ -86,7 +86,7 @@ func TestSignIn(t *testing.T) {
 		t.Parallel()
 
 		mockAuthDb := mocks.NewMockAuthDb(t)
-		mockAuthDb.EXPECT().GetUser("test").Return(nil, db.ErrUserNotFound)
+		mockAuthDb.EXPECT().GetUserByEmail("test").Return(nil, db.ErrNotFound)
 		mockRandom := mocks.NewMockRandomService(t)
 		mockClock := mocks.NewMockClockService(t)
 		mockMail := mocks.NewMockMailService(t)
@@ -100,7 +100,7 @@ func TestSignIn(t *testing.T) {
 		t.Parallel()
 
 		mockAuthDb := mocks.NewMockAuthDb(t)
-		mockAuthDb.EXPECT().GetUser("test").Return(nil, errors.New("Some undefined error"))
+		mockAuthDb.EXPECT().GetUserByEmail("test").Return(nil, errors.New("Some undefined error"))
 		mockRandom := mocks.NewMockRandomService(t)
 		mockClock := mocks.NewMockClockService(t)
 		mockMail := mocks.NewMockMailService(t)
@@ -227,7 +227,9 @@ func TestSendVerificationMail(t *testing.T) {
 	t.Run("should use stored token and send mail", func(t *testing.T) {
 		t.Parallel()
 
-		token := "someRandomTokenToUse"
+		token := db.NewToken(uuid.New(), "someRandomTokenToUse", db.TokenTypeEmailVerify, time.Date(2020, 1, 1, 0, 0, 0, 0, time.UTC), time.Date(2020, 1, 2, 0, 0, 0, 0, time.UTC))
+		tokens := []*db.Token{token}
+
 		email := "some@email.de"
 		userId := uuid.New()
 
@@ -236,9 +238,11 @@ func TestSendVerificationMail(t *testing.T) {
 		mockClock := mocks.NewMockClockService(t)
 		mockMail := mocks.NewMockMailService(t)
 
-		mockAuthDb.EXPECT().GetEmailVerificationToken(userId).Return(token, nil)
+		mockAuthDb.EXPECT().GetTokensByUserIdAndType(userId, db.TokenTypeEmailVerify).Return(tokens, nil)
 
-		mockMail.EXPECT().SendMail(email, "Welcome to ME-FIT", mock.MatchedBy(func(message string) bool { return strings.Contains(message, token) })).Return(nil)
+		mockMail.EXPECT().SendMail(email, "Welcome to ME-FIT", mock.MatchedBy(func(message string) bool {
+			return strings.Contains(message, token.Token)
+		})).Return()
 
 		underTest := NewAuthServiceImpl(mockAuthDb, mockRandom, mockClock, mockMail, &types.ServerSettings{})
 

service/mail.go

@@ -2,12 +2,15 @@ package service
 
 import (
 	"fmt"
-	"me-fit/types"
 	"net/smtp"
+
+	"me-fit/types"
+	"me-fit/utils"
 )
 
 type MailService interface {
-	SendMail(to string, subject string, message string) error
+	// Sending an email is a fire and forget operation. Thus no error handling
+	SendMail(to string, subject string, message string)
 }
 
 type MailServiceImpl struct {
@@ -18,9 +21,9 @@ func NewMailServiceImpl(serverSettings *types.ServerSettings) MailServiceImpl {
 	return MailServiceImpl{serverSettings: serverSettings}
 }
 
-func (m MailServiceImpl) SendMail(to string, subject string, message string) error {
+func (m MailServiceImpl) SendMail(to string, subject string, message string) {
 	if m.serverSettings.Smtp == nil {
-		return nil
+		return
 	}
 
 	s := m.serverSettings.Smtp
@@ -29,5 +32,8 @@ func (m MailServiceImpl) SendMail(to string, subject string, message string) err
 
 	msg := fmt.Sprintf("From: %v <%v>\nTo: %v\nSubject: %v\nMIME-version: 1.0;\nContent-Type: text/html; charset=\"UTF-8\";\n\n%v", s.FromName, s.FromMail, to, subject, message)
 
-	return smtp.SendMail(s.Host+":"+s.Port, auth, s.FromMail, []string{to}, []byte(msg))
+	err := smtp.SendMail(s.Host+":"+s.Port, auth, s.FromMail, []string{to}, []byte(msg))
+	if err != nil {
+		utils.LogError("Error sending mail: %v", err)
+	}
 }

template/layout.templ

@@ -1,48 +1,48 @@
 package template
 
 templ Layout(slot templ.Component, user templ.Component, environment string) {
-<!DOCTYPE html>
+	<!DOCTYPE html>
-<html lang="en">
+	<html lang="en">
-
+		<head>
-<head>
+			<meta charset="utf-8"/>
-	<meta charset="utf-8" />
+			<title>ME-FIT</title>
-	<title>ME-FIT</title>
+			<link rel="icon" href="/static/favicon.svg"/>
-	<link rel="icon" href="/static/favicon.svg" />
+			<link rel="stylesheet" href="/static/css/tailwind.css"/>
-	<link rel="stylesheet" href="/static/css/tailwind.css" />
+			<meta name="viewport" content="width=device-width, initial-scale=1"/>
-	<meta name="viewport" content="width=device-width, initial-scale=1" />
+			if environment == "prod" {
-	if environment == "prod" {
+				<script defer src="https://umami.me-fit.eu/script.js" data-website-id="3c8efb09-44e4-4372-8a1e-c3bc675cd89a"></script>
-	<script defer src="https://umami.me-fit.eu/script.js" data-website-id="3c8efb09-44e4-4372-8a1e-c3bc675cd89a"></script>
-	}
-	<meta name="htmx-config" content='{
-		"includeIndicatorStyles": false,
-		"selfRequestsOnly": true,
-		"allowScriptTags": false
-	}' />
-	<script src="/static/js/htmx.min.js"></script>
-	<script src="/static/js/toast.js"></script>
-</head>
-
-<body>
-	<div class="h-screen flex flex-col">
-		<div class="flex justify-end items-center gap-2 py-1 px-2 h-12 md:gap-10 md:px-10 md:py-2 shadow">
-			<a href="/" class="flex-1 flex gap-2">
-				<img src="/static/favicon.svg" alt="ME-FIT logo" />
-				<span>ME-FIT</span>
-			</a>
-			@user
-		</div>
-		<div class="flex-1">
-			if slot != nil {
-			@slot
 			}
-		</div>
+			<meta
-	</div>
+				name="htmx-config"
-	<div class="toast" id="toasts">
+				content='{
-		<div class="hidden alert" id="toast">
+					"includeIndicatorStyles": false,
-			New message arrived.
+					"selfRequestsOnly": true,
-		</div>
+					"allowScriptTags": false
-	</div>
+				}'
-</body>
+			/>
-
+			<script src="/static/js/htmx.min.js"></script>
-</html>
+			<script src="/static/js/toast.js"></script>
+		</head>
+		<body>
+			<div class="h-screen flex flex-col">
+				<div class="flex justify-end items-center gap-2 py-1 px-2 h-12 md:gap-10 md:px-10 md:py-2 shadow">
+					<a href="/" class="flex-1 flex gap-2">
+						<img src="/static/favicon.svg" alt="ME-FIT logo"/>
+						<span>ME-FIT</span>
+					</a>
+					@user
+				</div>
+				<div class="flex-1">
+					if slot != nil {
+						@slot
+					}
+				</div>
+			</div>
+			<div class="toast" id="toasts">
+				<div class="hidden alert" id="toast">
+					New message arrived.
+				</div>
+			</div>
+		</body>
+	</html>
 }