package handler import ( "me-fit/service" "me-fit/template" "me-fit/template/auth" "me-fit/types" "me-fit/utils" "database/sql" "errors" "net/http" "time" ) type HandlerAuth interface { handle(router *http.ServeMux) } type HandlerAuthImpl struct { db *sql.DB service service.AuthService serverSettings *types.ServerSettings } func NewHandlerAuth(db *sql.DB, service service.AuthService, serverSettings *types.ServerSettings) HandlerAuth { return HandlerAuthImpl{ db: db, service: service, serverSettings: serverSettings, } } func (handler HandlerAuthImpl) handle(router *http.ServeMux) { // Don't use auth middleware for these routes, as it makes redirecting very difficult, if the mail is not yet verified router.Handle("/auth/signin", handler.handleSignInPage()) router.Handle("/auth/signup", handler.handleSignUpPage()) router.Handle("/auth/verify", handler.handleSignUpVerifyPage()) // Hint for the user to verify their email router.Handle("/auth/delete-account", handler.handleDeleteAccountPage()) router.Handle("/auth/verify-email", service.HandleSignUpVerifyResponsePage(handler.db)) // The link contained in the email router.Handle("/auth/change-password", handler.handleChangePasswordPage()) router.Handle("/auth/reset-password", handler.handleResetPasswordPage()) router.Handle("/api/auth/signup", handler.handleSignUp()) router.Handle("/api/auth/signin", handler.handleSignIn()) router.Handle("/api/auth/signout", handler.handleSignOut()) router.Handle("/api/auth/delete-account", handler.HandleDeleteAccountComp()) router.Handle("/api/auth/verify-resend", handler.HandleVerifyResendComp()) router.Handle("/api/auth/change-password", handler.HandleChangePasswordComp()) router.Handle("/api/auth/reset-password", service.HandleResetPasswordComp(handler.db, handler.serverSettings)) router.Handle("/api/auth/reset-password-actual", service.HandleActualResetPasswordComp(handler.db)) } var ( securityWaitDuration = 250 * time.Millisecond ) func (handler HandlerAuthImpl) handleSignInPage() http.HandlerFunc { return func(w http.ResponseWriter, r *http.Request) { user, err := handler.service.GetUserFromSessionId(utils.GetSessionID(r)) if err != nil { userComp := service.UserInfoComp(nil) signIn := auth.SignInOrUpComp(true) err := template.Layout(signIn, userComp, handler.serverSettings.Environment).Render(r.Context(), w) if err != nil { utils.LogError("Failed to render sign in page", err) http.Error(w, "Internal Server Error", http.StatusInternalServerError) } } if !user.EmailVerified { utils.DoRedirect(w, r, "/auth/verify") } else { utils.DoRedirect(w, r, "/") } } } func (handler HandlerAuthImpl) handleSignIn() http.HandlerFunc { return func(w http.ResponseWriter, r *http.Request) { user, err := utils.WaitMinimumTime(securityWaitDuration, func() (*service.User, error) { var email = r.FormValue("email") var password = r.FormValue("password") session, err := handler.service.SignIn(email, password) if err != nil { return nil, err } cookie := http.Cookie{ Name: "id", Value: session.Id, MaxAge: 60 * 60 * 8, // 8 hours Secure: true, HttpOnly: true, SameSite: http.SameSiteStrictMode, Path: "/", } http.SetCookie(w, &cookie) return session.User, nil }) if err != nil { if err == service.ErrInvaidCredentials { utils.TriggerToast(w, r, "error", "Invalid email or password") http.Error(w, "Invalid email or password", http.StatusUnauthorized) } else { utils.LogError("Error signing in", err) http.Error(w, "An error occurred", http.StatusInternalServerError) } return } if user.EmailVerified { utils.DoRedirect(w, r, "/") } else { utils.DoRedirect(w, r, "/auth/verify") } } } func (handler HandlerAuthImpl) handleSignUpPage() http.HandlerFunc { return func(w http.ResponseWriter, r *http.Request) { user, err := handler.service.GetUserFromSessionId(utils.GetSessionID(r)) if err != nil { userComp := service.UserInfoComp(nil) signUpComp := auth.SignInOrUpComp(false) err := template.Layout(signUpComp, userComp, handler.serverSettings.Environment).Render(r.Context(), w) if err != nil { utils.LogError("Failed to render sign up page", err) http.Error(w, "Internal Server Error", http.StatusInternalServerError) } } if !user.EmailVerified { utils.DoRedirect(w, r, "/auth/verify") } else { utils.DoRedirect(w, r, "/") } } } func (handler HandlerAuthImpl) handleSignUp() http.HandlerFunc { return func(w http.ResponseWriter, r *http.Request) { var email = r.FormValue("email") var password = r.FormValue("password") _, err := utils.WaitMinimumTime(securityWaitDuration, func() (interface{}, error) { user, err := handler.service.SignUp(email, password) if err != nil { return nil, err } go handler.service.SendVerificationMail(user.Id, user.Email) return nil, nil }) if err != nil { if errors.Is(err, types.ErrInternal) { utils.TriggerToast(w, r, "error", "An error occurred") return } else if errors.Is(err, service.ErrInvalidEmail) { utils.TriggerToast(w, r, "error", "The email provided is invalid") return } // If the "service.ErrAccountExists", then just continue } utils.TriggerToast(w, r, "success", "A link to activate your account has been emailed to the address provided.") } } func (handler HandlerAuthImpl) handleSignOut() http.HandlerFunc { return func(w http.ResponseWriter, r *http.Request) { err := handler.service.SignOut(utils.GetSessionID(r)) if err != nil { utils.TriggerToast(w, r, "error", "Internal Server Error") http.Error(w, err.Error(), http.StatusInternalServerError) return } c := http.Cookie{ Name: "id", Value: "", MaxAge: -1, Secure: true, HttpOnly: true, SameSite: http.SameSiteStrictMode, Path: "/", } http.SetCookie(w, &c) utils.DoRedirect(w, r, "/") } } func (handler HandlerAuthImpl) handleSignUpVerifyPage() http.HandlerFunc { return func(w http.ResponseWriter, r *http.Request) { user, err := handler.service.GetUserFromSessionId(utils.GetSessionID(r)) if err != nil { utils.DoRedirect(w, r, "/auth/signin") } if user.EmailVerified { utils.DoRedirect(w, r, "/") } else { userComp := service.UserInfoComp(user) signIn := auth.VerifyComp() err := template.Layout(signIn, userComp, handler.serverSettings.Environment).Render(r.Context(), w) if err != nil { utils.LogError("Failed to render verify page", err) http.Error(w, "Internal Server Error", http.StatusInternalServerError) } } } } func (handler HandlerAuthImpl) handleDeleteAccountPage() http.HandlerFunc { return func(w http.ResponseWriter, r *http.Request) { // An unverified email should be able to delete their account user, err := handler.service.GetUserFromSessionId(utils.GetSessionID(r)) if err != nil { utils.DoRedirect(w, r, "/auth/signin") } userComp := service.UserInfoComp(user) comp := auth.DeleteAccountComp() err = template.Layout(comp, userComp, handler.serverSettings.Environment).Render(r.Context(), w) if err != nil { utils.LogError("Failed to render delete account page", err) http.Error(w, "Internal Server Error", http.StatusInternalServerError) } } } func (handler HandlerAuthImpl) handleChangePasswordPage() http.HandlerFunc { return func(w http.ResponseWriter, r *http.Request) { isPasswordReset := r.URL.Query().Has("token") user, _ := handler.service.GetUserFromSessionId(utils.GetSessionID(r)) if user == nil && !isPasswordReset { utils.DoRedirect(w, r, "/auth/signin") } else { userComp := service.UserInfoComp(user) comp := auth.ChangePasswordComp(isPasswordReset) err := template.Layout(comp, userComp, handler.serverSettings.Environment).Render(r.Context(), w) if err != nil { utils.LogError("Failed to render change password page", err) http.Error(w, "Internal Server Error", http.StatusInternalServerError) } } } } func (handler HandlerAuthImpl) handleResetPasswordPage() http.HandlerFunc { return func(w http.ResponseWriter, r *http.Request) { user, err := handler.service.GetUserFromSessionId(utils.GetSessionID(r)) if err != nil { utils.DoRedirect(w, r, "/auth/signin") } userComp := service.UserInfoComp(user) comp := auth.ResetPasswordComp() err = template.Layout(comp, userComp, handler.serverSettings.Environment).Render(r.Context(), w) if err != nil { utils.LogError("Failed to render change password page", err) http.Error(w, "Internal Server Error", http.StatusInternalServerError) } } } func (handler HandlerAuthImpl) HandleResetPasswordPage() http.HandlerFunc { return func(w http.ResponseWriter, r *http.Request) { user, err := handler.service.GetUserFromSessionId(utils.GetSessionID(r)) if err != nil { utils.DoRedirect(w, r, "/auth/signin") return } userComp := service.UserInfoComp(user) comp := auth.ResetPasswordComp() err = template.Layout(comp, userComp, handler.serverSettings.Environment).Render(r.Context(), w) if err != nil { utils.LogError("Failed to render change password page", err) http.Error(w, "Internal Server Error", http.StatusInternalServerError) } } } func (handler HandlerAuthImpl) HandleDeleteAccountComp() http.HandlerFunc { return func(w http.ResponseWriter, r *http.Request) { user, err := handler.service.GetUserFromSessionId(utils.GetSessionID(r)) if err != nil { utils.DoRedirect(w, r, "/auth/signin") return } password := r.FormValue("password") _, err = handler.service.SignIn(user.Email, password) if err != nil { utils.TriggerToast(w, r, "error", "Password not correct") return } err = handler.service.DeleteAccount(user) if err != nil { utils.TriggerToast(w, r, "error", "Internal Server Error") return } utils.DoRedirect(w, r, "/") } } func (handler HandlerAuthImpl) HandleVerifyResendComp() http.HandlerFunc { return func(w http.ResponseWriter, r *http.Request) { user, err := handler.service.GetUserFromSessionId(utils.GetSessionID(r)) if err != nil { utils.DoRedirect(w, r, "/auth/signin") return } go handler.service.SendVerificationMail(user.Id, user.Email) w.Write([]byte("

Verification email sent

")) } } func (handler HandlerAuthImpl) HandleChangePasswordComp() http.HandlerFunc { return func(w http.ResponseWriter, r *http.Request) { user, err := handler.service.GetUserFromSessionId(utils.GetSessionID(r)) if err != nil { utils.DoRedirect(w, r, "/auth/signin") return } currPass := r.FormValue("current-password") newPass := r.FormValue("new-password") err = handler.service.ChangePassword(user, currPass, newPass) if err != nil { utils.TriggerToast(w, r, "error", "Password not correct") return } utils.TriggerToast(w, r, "success", "Password changed") } }