package handler import ( "context" "me-fit/service" "me-fit/template" "me-fit/template/auth" mail "me-fit/template/mail" "me-fit/types" "me-fit/utils" "strings" "database/sql" "net/http" "net/url" ) type AuthHandler struct { db *sql.DB service *service.AuthService } func (a *AuthHandler) authUi() http.Handler { router := http.NewServeMux() router.Handle("/auth/signin", handleSignInPage(a.db)) router.Handle("/auth/signup", handleSignUpPage(a.db)) router.Handle("/auth/verify", handleSignUpVerifyPage(a.db)) // Hint for the user to verify their email router.Handle("/auth/delete-account", handleDeleteAccountPage(a.db)) router.Handle("/auth/verify-email", handleSignUpVerifyResponsePage(a.db)) // The link contained in the email router.Handle("/auth/change-password", handleChangePasswordPage(a.db)) router.Handle("/auth/reset-password", handleResetPasswordPage(a.db)) router.Handle("/", handleNotFound(a.db)) return router } func (a *AuthHandler) authApi() http.Handler { router := http.NewServeMux() router.Handle("/api/auth/signup", handleSignUp(a.db)) router.Handle("/api/auth/signin", a.handleSignIn()) router.Handle("/api/auth/signout", handleSignOut(a.db)) router.Handle("/api/auth/delete-account", handleDeleteAccount(a.db)) router.Handle("/api/auth/verify-resend", handleVerifyResend(a.db)) router.Handle("/api/auth/change-password", handleChangePassword(a.db)) router.Handle("/api/auth/reset-password", handleResetPassword(a.db)) router.Handle("/api/auth/reset-password-actual", handleActualResetPassword(a.db)) return router } func handleSignInPage(db *sql.DB) http.HandlerFunc { return func(w http.ResponseWriter, r *http.Request) { user := service.GetUserFromRequest(db, r) if user == nil { userComp := service.UserInfoComp(nil) signIn := auth.SignInOrUpComp(true) err := template.Layout(signIn, userComp).Render(r.Context(), w) if err != nil { utils.LogError("Failed to render sign in page", err) http.Error(w, "Internal Server Error", http.StatusInternalServerError) } } else if !user.EmailVerified { utils.DoRedirect(w, r, "/auth/verify") } else { utils.DoRedirect(w, r, "/") } } } func handleSignUpPage(db *sql.DB) http.HandlerFunc { return func(w http.ResponseWriter, r *http.Request) { user := service.GetUserFromRequest(db, r) if user == nil { userComp := service.UserInfoComp(nil) signUpComp := auth.SignInOrUpComp(false) err := template.Layout(signUpComp, userComp).Render(r.Context(), w) if err != nil { utils.LogError("Failed to render sign up page", err) http.Error(w, "Internal Server Error", http.StatusInternalServerError) } } else if !user.EmailVerified { utils.DoRedirect(w, r, "/auth/verify") } else { utils.DoRedirect(w, r, "/") } } } func handleSignUpVerifyPage(db *sql.DB) http.HandlerFunc { return func(w http.ResponseWriter, r *http.Request) { user := service.GetUserFromRequest(db, r) if user == nil { utils.DoRedirect(w, r, "/auth/signin") } else if user.EmailVerified { utils.DoRedirect(w, r, "/") } else { userComp := service.UserInfoComp(user) signIn := auth.VerifyComp() err := template.Layout(signIn, userComp).Render(r.Context(), w) if err != nil { utils.LogError("Failed to render verify page", err) http.Error(w, "Internal Server Error", http.StatusInternalServerError) } } } } func handleDeleteAccountPage(db *sql.DB) http.HandlerFunc { return func(w http.ResponseWriter, r *http.Request) { // An unverified email should be able to delete their account user := service.GetUserFromRequest(db, r) if user == nil { utils.DoRedirect(w, r, "/auth/signin") } else { userComp := service.UserInfoComp(user) comp := auth.DeleteAccountComp() err := template.Layout(comp, userComp).Render(r.Context(), w) if err != nil { utils.LogError("Failed to render delete account page", err) http.Error(w, "Internal Server Error", http.StatusInternalServerError) } } } } func handleSignUpVerifyResponsePage(db *sql.DB) http.HandlerFunc { return func(w http.ResponseWriter, r *http.Request) { token := r.URL.Query().Get("token") if token == "" { utils.DoRedirect(w, r, "/auth/verify") return } err := service.ValidateEmail(db, token) if err != nil { utils.LogError("Could not validate email", err) http.Error(w, "Internal Server Error", http.StatusInternalServerError) return } utils.DoRedirect(w, r, "/") } } func handleChangePasswordPage(db *sql.DB) http.HandlerFunc { return func(w http.ResponseWriter, r *http.Request) { isPasswordReset := r.URL.Query().Has("token") user := service.GetUserFromRequest(db, r) if user == nil && !isPasswordReset { utils.DoRedirect(w, r, "/auth/signin") } else { userComp := service.UserInfoComp(user) comp := auth.ChangePasswordComp(isPasswordReset) err := template.Layout(comp, userComp).Render(r.Context(), w) if err != nil { utils.LogError("Failed to render change password page", err) http.Error(w, "Internal Server Error", http.StatusInternalServerError) } } } } func handleResetPasswordPage(db *sql.DB) http.HandlerFunc { return func(w http.ResponseWriter, r *http.Request) { user := service.GetUserFromRequest(db, r) if user != nil { utils.DoRedirect(w, r, "/auth/signin") } else { userComp := service.UserInfoComp(nil) comp := auth.ResetPasswordComp() err := template.Layout(comp, userComp).Render(r.Context(), w) if err != nil { utils.LogError("Failed to render change password page", err) http.Error(w, "Internal Server Error", http.StatusInternalServerError) } } } } func handleSignUp(db *sql.DB) http.HandlerFunc { return func(w http.ResponseWriter, r *http.Request) { var email = r.FormValue("email") var password = r.FormValue("password") sessionId, err := service.SignUp(db, email, password) if err != nil { http.Error(w, err.Error(), http.StatusBadRequest) return } http.SetCookie(w, createSessionCookie(*sessionId)) utils.DoRedirect(w, r, "/auth/verify") } } func createSessionCookie(sessionId types.SessionId) *http.Cookie { cookie := http.Cookie{ Name: "id", Value: string(sessionId), MaxAge: 60 * 60 * 8, // 8 hours Secure: true, HttpOnly: true, SameSite: http.SameSiteStrictMode, Path: "/", } return &cookie } func (a *AuthHandler) handleSignIn() http.HandlerFunc { return func(w http.ResponseWriter, r *http.Request) { var email = r.FormValue("email") var password = r.FormValue("password") sessionId, err := a.service.SignIn(email, password) if err != nil { utils.TriggerToast(w, r, "error", err.Error()) return } http.SetCookie(w, createSessionCookie(*sessionId)) utils.DoRedirect(w, r, "/auth/verify") } } func handleSignOut(db *sql.DB) http.HandlerFunc { return func(w http.ResponseWriter, r *http.Request) { user := service.GetUserFromRequest(db, r) err := service.SignOut(db, user) if err != nil { http.Error(w, err.Error(), http.StatusInternalServerError) utils.TriggerToast(w, r, "error", "Internal Server Error") return } c := http.Cookie{ Name: "id", Value: "", MaxAge: -1, Secure: true, HttpOnly: true, SameSite: http.SameSiteStrictMode, Path: "/", } http.SetCookie(w, &c) utils.DoRedirect(w, r, "/") } } func handleDeleteAccount(db *sql.DB) http.HandlerFunc { return func(w http.ResponseWriter, r *http.Request) { user := service.GetUserFromRequest(db, r) if user == nil { utils.DoRedirect(w, r, "/auth/signin") return } password := r.FormValue("password") err := service.DeleteAccount(db, user, password) if err != nil { utils.LogError("Could not delete account", err) utils.TriggerToast(w, r, "error", err.Error()) } utils.DoRedirect(w, r, "/") } } func handleVerifyResend(db *sql.DB) http.HandlerFunc { return func(w http.ResponseWriter, r *http.Request) { user := service.GetUserFromRequest(db, r) if user == nil || user.EmailVerified { utils.DoRedirect(w, r, "/auth/signin") return } go service.SendVerificationEmail(db, user.Id.String(), user.Email) w.Write([]byte("

Verification email sent

")) } } func handleChangePassword(db *sql.DB) http.HandlerFunc { return func(w http.ResponseWriter, r *http.Request) { user := service.GetUserFromRequest(db, r) if user == nil { utils.DoRedirect(w, r, "/auth/signin") return } currPass := r.FormValue("current-password") newPass := r.FormValue("new-password") err := service.ChangePassword(db, user, currPass, newPass) if err != nil { utils.TriggerToast(w, r, "error", err.Error()) return } utils.TriggerToast(w, r, "success", "Password changed") } } func handleResetPassword(db *sql.DB) http.HandlerFunc { return func(w http.ResponseWriter, r *http.Request) { email := r.FormValue("email") token, err := service.ResetPassword(db, email) if err != nil { utils.TriggerToast(w, r, "error", err.Error()) return } if token != "" { var string strings.Builder err = mail.ResetPassword(token).Render(context.Background(), &string) if err != nil { utils.LogError("Could not render reset password email", err) utils.TriggerToast(w, r, "error", "Internal Server Error") return } utils.SendMail(email, "Reset Password", string.String()) } utils.TriggerToast(w, r, "info", "If the email exists, an email has been sent") } } func handleActualResetPassword(db *sql.DB) http.HandlerFunc { return func(w http.ResponseWriter, r *http.Request) { pageUrl, err := url.Parse(r.Header.Get("HX-Current-URL")) if err != nil { utils.LogError("Could not get current URL", err) utils.TriggerToast(w, r, "error", "Internal Server Error") return } token := pageUrl.Query().Get("token") if token == "" { utils.TriggerToast(w, r, "error", "No token") return } newPass := r.FormValue("new-password") service.ActualResetPassword(db, token, newPass) if err != nil { utils.TriggerToast(w, r, "error", err.Error()) return } utils.TriggerToast(w, r, "success", "Password changed") } }