refactor: transitioned auth controller to use the new controller structure;
feat: setup DI for controllers; refactor: marked old utils and routes package parts as deprecated
This commit is contained in:
@@ -19,7 +19,6 @@ package controllers
|
||||
|
||||
import (
|
||||
errs "easywish/internal/errors"
|
||||
"easywish/internal/middleware"
|
||||
"easywish/internal/models"
|
||||
"easywish/internal/services"
|
||||
"easywish/internal/utils"
|
||||
@@ -31,249 +30,258 @@ import (
|
||||
"go.uber.org/zap"
|
||||
)
|
||||
|
||||
type AuthController interface {
|
||||
RegistrationBegin(c *gin.Context)
|
||||
RegistrationComplete(c *gin.Context)
|
||||
Login(c *gin.Context)
|
||||
Refresh(c *gin.Context)
|
||||
PasswordResetBegin(c *gin.Context)
|
||||
PasswordResetComplete(c *gin.Context)
|
||||
ChangePassword(c *gin.Context)
|
||||
Router
|
||||
}
|
||||
|
||||
type authControllerImpl struct {
|
||||
log *zap.Logger
|
||||
auth services.AuthService
|
||||
}
|
||||
|
||||
func NewAuthController(_log *zap.Logger, _auth services.AuthService) AuthController {
|
||||
return &authControllerImpl{log: _log, auth: _auth}
|
||||
}
|
||||
|
||||
// @Summary Acquire tokens via login credentials (and 2FA code if needed)
|
||||
// @Tags Auth
|
||||
// @Accept json
|
||||
// @Produce json
|
||||
// @Param request body models.LoginRequest true " "
|
||||
// @Success 200 {object} models.LoginResponse " "
|
||||
// @Failure 403 "Invalid login credentials"
|
||||
// @Router /auth/login [post]
|
||||
func (a *authControllerImpl) Login(c *gin.Context) {
|
||||
request, ok := utils.GetRequest[models.LoginRequest](c)
|
||||
if !ok {
|
||||
c.Status(http.StatusBadRequest)
|
||||
return
|
||||
}
|
||||
|
||||
response, err := a.auth.Login(request.User, request.Body)
|
||||
|
||||
if err != nil {
|
||||
if errors.Is(err, errs.ErrForbidden) {
|
||||
c.Status(http.StatusForbidden)
|
||||
} else {
|
||||
c.Status(http.StatusInternalServerError)
|
||||
}
|
||||
return
|
||||
}
|
||||
|
||||
c.JSON(http.StatusOK, response)
|
||||
}
|
||||
|
||||
// @Summary Request password reset email
|
||||
// @Tags Auth
|
||||
// @Accept json
|
||||
// @Produce json
|
||||
// @Param request body models.PasswordResetBeginRequest true " "
|
||||
// @Router /auth/passwordResetBegin [post]
|
||||
// @Success 200 "Reset code sent to the email if it is attached to an account"
|
||||
// @Failure 429 "Too many recent requests for this email"
|
||||
func (a *authControllerImpl) PasswordResetBegin(c *gin.Context) {
|
||||
request, ok := utils.GetRequest[models.PasswordResetBeginRequest](c)
|
||||
if !ok {
|
||||
c.Status(http.StatusBadRequest)
|
||||
return
|
||||
}
|
||||
|
||||
response, err := a.auth.PasswordResetBegin(request.Body)
|
||||
if err != nil {
|
||||
if errors.Is(err, errs.ErrTooManyRequests) {
|
||||
c.Status(http.StatusTooManyRequests)
|
||||
} else {
|
||||
c.Status(http.StatusInternalServerError)
|
||||
}
|
||||
return
|
||||
}
|
||||
|
||||
c.JSON(http.StatusOK, response)
|
||||
}
|
||||
|
||||
// @Summary Complete password reset via email code
|
||||
// @Tags Auth
|
||||
// @Accept json
|
||||
// @Produce json
|
||||
// @Param request body models.PasswordResetCompleteRequest true " "
|
||||
// @Router /auth/passwordResetComplete [post]
|
||||
// @Success 200 {object} models.PasswordResetCompleteResponse " "
|
||||
// @Success 403 "Wrong verification code or username"
|
||||
func (a *authControllerImpl) PasswordResetComplete(c *gin.Context) {
|
||||
|
||||
request, ok := utils.GetRequest[models.PasswordResetCompleteRequest](c)
|
||||
if !ok {
|
||||
c.Status(http.StatusBadRequest)
|
||||
return
|
||||
}
|
||||
|
||||
response, err := a.auth.PasswordResetComplete(request.Body)
|
||||
if err != nil {
|
||||
if errors.Is(err, errs.ErrForbidden) {
|
||||
c.Status(http.StatusForbidden)
|
||||
} else {
|
||||
c.Status(http.StatusInternalServerError)
|
||||
}
|
||||
return
|
||||
}
|
||||
|
||||
c.JSON(http.StatusOK, response)
|
||||
}
|
||||
|
||||
|
||||
// @Summary Receive new tokens via refresh token
|
||||
// @Tags Auth
|
||||
// @Accept json
|
||||
// @Produce json
|
||||
// @Param request body models.RefreshRequest true " "
|
||||
// @Router /auth/refresh [post]
|
||||
// @Success 200 {object} models.RefreshResponse " "
|
||||
// @Failure 401 "Invalid refresh token"
|
||||
func (a *authControllerImpl) Refresh(c *gin.Context) {
|
||||
|
||||
request, ok := utils.GetRequest[models.RefreshRequest](c)
|
||||
if !ok {
|
||||
c.Status(http.StatusBadRequest)
|
||||
return
|
||||
}
|
||||
|
||||
response, err := a.auth.Refresh(request.Body)
|
||||
if err != nil {
|
||||
if utils.ErrorIsOneOf(
|
||||
err,
|
||||
errs.ErrTokenExpired,
|
||||
errs.ErrTokenInvalid,
|
||||
errs.ErrInvalidToken,
|
||||
errs.ErrWrongTokenType,
|
||||
errs.ErrSessionNotFound,
|
||||
errs.ErrSessionTerminated,
|
||||
) {
|
||||
c.JSON(http.StatusUnauthorized, gin.H{"error": "Invalid token"})
|
||||
} else {
|
||||
c.JSON(http.StatusInternalServerError, err.Error())
|
||||
}
|
||||
return
|
||||
}
|
||||
|
||||
c.JSON(http.StatusOK, response)
|
||||
}
|
||||
|
||||
// @Summary Register an account
|
||||
// @Tags Auth
|
||||
// @Accept json
|
||||
// @Produce json
|
||||
// @Param request body models.RegistrationBeginRequest true " "
|
||||
// @Success 200 "Account is created and awaiting verification"
|
||||
// @Failure 409 "Username or email is already taken"
|
||||
// @Failure 429 "Too many recent registration attempts for this email"
|
||||
// @Router /auth/registrationBegin [post]
|
||||
func (a *authControllerImpl) RegistrationBegin(c *gin.Context) {
|
||||
|
||||
request, ok := utils.GetRequest[models.RegistrationBeginRequest](c)
|
||||
if !ok {
|
||||
c.Status(http.StatusBadRequest)
|
||||
return
|
||||
}
|
||||
|
||||
_, err := a.auth.RegistrationBegin(request.Body)
|
||||
|
||||
if err != nil {
|
||||
if errors.Is(err, errs.ErrUsernameTaken) || errors.Is(err, errs.ErrEmailTaken) {
|
||||
c.Status(http.StatusConflict)
|
||||
} else {
|
||||
c.Status(http.StatusInternalServerError)
|
||||
}
|
||||
return
|
||||
}
|
||||
|
||||
c.Status(http.StatusOK)
|
||||
return
|
||||
}
|
||||
|
||||
// @Summary Confirm with code, finish creating the account
|
||||
// @Tags Auth
|
||||
// @Accept json
|
||||
// @Produce json
|
||||
// @Param request body models.RegistrationCompleteRequest true " "
|
||||
// @Success 200 {object} models.RegistrationCompleteResponse " "
|
||||
// @Failure 403 "Invalid email or verification code"
|
||||
// @Router /auth/registrationComplete [post]
|
||||
func (a *authControllerImpl) RegistrationComplete(c *gin.Context) {
|
||||
request, ok := utils.GetRequest[models.RegistrationCompleteRequest](c)
|
||||
if !ok {
|
||||
c.Status(http.StatusBadRequest)
|
||||
return
|
||||
}
|
||||
|
||||
response, err := a.auth.RegistrationComplete(request.User, request.Body)
|
||||
|
||||
if err != nil {
|
||||
if errors.Is(err, errs.ErrForbidden) {
|
||||
c.Status(http.StatusForbidden)
|
||||
} else if errors.Is(err, errs.ErrUnauthorized) {
|
||||
c.Status(http.StatusUnauthorized)
|
||||
} else {
|
||||
c.Status(http.StatusInternalServerError)
|
||||
}
|
||||
return
|
||||
}
|
||||
|
||||
c.JSON(http.StatusOK, response)
|
||||
}
|
||||
|
||||
// @Summary Set new password using the old password
|
||||
// @Tags Auth
|
||||
// @Accept json
|
||||
// @Produce json
|
||||
// @Security JWT
|
||||
// @Param request body models.ChangePasswordRequest true " "
|
||||
// @Success 200 "Password successfully changed"
|
||||
// @Failure 403 "Invalid old password"
|
||||
// @Router /auth/changePassword [post]
|
||||
func (a *authControllerImpl) ChangePassword(c *gin.Context) {
|
||||
request, ok := utils.GetRequest[models.ChangePasswordRequest](c)
|
||||
if !ok {
|
||||
c.Status(http.StatusBadRequest)
|
||||
return
|
||||
}
|
||||
|
||||
response, err := a.auth.ChangePassword(request.Body, request.User)
|
||||
|
||||
if err != nil {
|
||||
if errors.Is(err, errs.ErrForbidden) {
|
||||
c.Status(http.StatusForbidden)
|
||||
} else {
|
||||
c.Status(http.StatusInternalServerError)
|
||||
}
|
||||
return
|
||||
}
|
||||
|
||||
c.JSON(http.StatusOK, response)
|
||||
}
|
||||
|
||||
func (a *authControllerImpl) RegisterRoutes(group *gin.RouterGroup) {
|
||||
group.POST("/registrationBegin", middleware.RequestMiddleware[models.RegistrationBeginRequest](enums.GuestRole), a.RegistrationBegin)
|
||||
group.POST("/registrationComplete", middleware.RequestMiddleware[models.RegistrationCompleteRequest](enums.GuestRole), a.RegistrationComplete)
|
||||
group.POST("/login", middleware.RequestMiddleware[models.LoginRequest](enums.GuestRole), a.Login)
|
||||
group.POST("/refresh", middleware.RequestMiddleware[models.RefreshRequest](enums.GuestRole), a.Refresh)
|
||||
group.POST("/passwordResetBegin", middleware.RequestMiddleware[models.PasswordResetBeginRequest](enums.GuestRole), a.PasswordResetBegin)
|
||||
group.POST("/passwordResetComplete", middleware.RequestMiddleware[models.PasswordResetCompleteRequest](enums.GuestRole), a.PasswordResetComplete)
|
||||
group.POST("/changePassword", middleware.RequestMiddleware[models.ChangePasswordRequest](enums.UserRole), a.ChangePassword)
|
||||
func NewAuthController(log *zap.Logger, auth services.AuthService) Controller {
|
||||
return &controllerImpl{
|
||||
Path: "/auth",
|
||||
Middleware: []gin.HandlerFunc{},
|
||||
Methods: []ControllerMethod{
|
||||
|
||||
// @Summary Register an account
|
||||
// @Tags Auth
|
||||
// @Accept json
|
||||
// @Produce json
|
||||
// @Param request body models.RegistrationBeginRequest true " "
|
||||
// @Success 200 "Account is created and awaiting verification"
|
||||
// @Failure 409 "Username or email is already taken"
|
||||
// @Failure 429 "Too many recent registration attempts for this email"
|
||||
// @Router /auth/registrationBegin [post]
|
||||
{
|
||||
HttpMethod: POST,
|
||||
Path: "/registrationBegin",
|
||||
Authorization: enums.GuestRole,
|
||||
Middleware: []gin.HandlerFunc{},
|
||||
Function: func(c *gin.Context) {
|
||||
|
||||
request, err := GetRequest[models.RegistrationBeginRequest](c); if err != nil {
|
||||
return
|
||||
}
|
||||
|
||||
_, err = auth.RegistrationBegin(request.Body); if err != nil {
|
||||
if errors.Is(err, errs.ErrUsernameTaken) || errors.Is(err, errs.ErrEmailTaken) {
|
||||
c.Status(http.StatusConflict)
|
||||
} else {
|
||||
c.Status(http.StatusInternalServerError)
|
||||
}
|
||||
return
|
||||
}
|
||||
|
||||
c.Status(http.StatusOK)
|
||||
return
|
||||
},
|
||||
},
|
||||
|
||||
// @Summary Confirm with code, finish creating the account
|
||||
// @Tags Auth
|
||||
// @Accept json
|
||||
// @Produce json
|
||||
// @Param request body models.RegistrationCompleteRequest true " "
|
||||
// @Success 200 {object} models.RegistrationCompleteResponse " "
|
||||
// @Failure 403 "Invalid email or verification code"
|
||||
// @Router /auth/registrationComplete [post]
|
||||
{
|
||||
HttpMethod: POST,
|
||||
Path: "/registrationComplete",
|
||||
Authorization: enums.GuestRole,
|
||||
Middleware: []gin.HandlerFunc{},
|
||||
Function: func(c *gin.Context) {
|
||||
|
||||
request, err := GetRequest[models.RegistrationCompleteRequest](c); if err != nil {
|
||||
return
|
||||
}
|
||||
|
||||
response, err := auth.RegistrationComplete(request.User, request.Body)
|
||||
|
||||
if err != nil {
|
||||
if errors.Is(err, errs.ErrForbidden) {
|
||||
c.Status(http.StatusForbidden)
|
||||
} else if errors.Is(err, errs.ErrUnauthorized) {
|
||||
c.Status(http.StatusUnauthorized)
|
||||
} else {
|
||||
c.Status(http.StatusInternalServerError)
|
||||
}
|
||||
return
|
||||
}
|
||||
|
||||
c.JSON(http.StatusOK, response)
|
||||
},
|
||||
},
|
||||
|
||||
// @Summary Acquire tokens via login credentials (and 2FA code if needed)
|
||||
// @Tags Auth
|
||||
// @Accept json
|
||||
// @Produce json
|
||||
// @Param request body models.LoginRequest true " "
|
||||
// @Success 200 {object} models.LoginResponse " "
|
||||
// @Failure 403 "Invalid login credentials"
|
||||
// @Router /auth/login [post]
|
||||
{
|
||||
HttpMethod: POST,
|
||||
Path: "/login",
|
||||
Authorization: enums.GuestRole,
|
||||
Middleware: []gin.HandlerFunc{},
|
||||
Function: func(c *gin.Context) {
|
||||
request, err := GetRequest[models.LoginRequest](c); if err != nil {
|
||||
return
|
||||
}
|
||||
|
||||
response, err := auth.Login(request.User, request.Body)
|
||||
|
||||
if err != nil {
|
||||
if errors.Is(err, errs.ErrForbidden) {
|
||||
c.Status(http.StatusForbidden)
|
||||
} else {
|
||||
c.Status(http.StatusInternalServerError)
|
||||
}
|
||||
return
|
||||
}
|
||||
|
||||
c.JSON(http.StatusOK, response)
|
||||
},
|
||||
},
|
||||
|
||||
// @Summary Receive new tokens via refresh token
|
||||
// @Tags Auth
|
||||
// @Accept json
|
||||
// @Produce json
|
||||
// @Param request body models.RefreshRequest true " "
|
||||
// @Router /auth/refresh [post]
|
||||
// @Success 200 {object} models.RefreshResponse " "
|
||||
// @Failure 401 "Invalid refresh token"
|
||||
{
|
||||
HttpMethod: POST,
|
||||
Path: "/refresh",
|
||||
Authorization: enums.GuestRole,
|
||||
Middleware: []gin.HandlerFunc{},
|
||||
Function: func(c *gin.Context) {
|
||||
|
||||
request, err := GetRequest[models.RefreshRequest](c); if err != nil {
|
||||
return
|
||||
}
|
||||
|
||||
response, err := auth.Refresh(request.Body)
|
||||
if err != nil {
|
||||
if utils.ErrorIsOneOf(
|
||||
err,
|
||||
errs.ErrTokenExpired,
|
||||
errs.ErrTokenInvalid,
|
||||
errs.ErrInvalidToken,
|
||||
errs.ErrWrongTokenType,
|
||||
errs.ErrSessionNotFound,
|
||||
errs.ErrSessionTerminated,
|
||||
) {
|
||||
c.JSON(http.StatusUnauthorized, gin.H{"error": "Invalid token"})
|
||||
} else {
|
||||
c.JSON(http.StatusInternalServerError, err.Error())
|
||||
}
|
||||
return
|
||||
}
|
||||
|
||||
c.JSON(http.StatusOK, response)
|
||||
},
|
||||
},
|
||||
|
||||
// @Summary Request password reset email
|
||||
// @Tags Auth
|
||||
// @Accept json
|
||||
// @Produce json
|
||||
// @Param request body models.PasswordResetBeginRequest true " "
|
||||
// @Router /auth/passwordResetBegin [post]
|
||||
// @Success 200 "Reset code sent to the email if it is attached to an account"
|
||||
// @Failure 429 "Too many recent requests for this email"
|
||||
{
|
||||
HttpMethod: POST,
|
||||
Path: "/passwordResetBegin",
|
||||
Authorization: enums.GuestRole,
|
||||
Middleware: []gin.HandlerFunc{},
|
||||
Function: func(c *gin.Context) {
|
||||
|
||||
request, err := GetRequest[models.PasswordResetBeginRequest](c); if err != nil {
|
||||
return
|
||||
}
|
||||
|
||||
response, err := auth.PasswordResetBegin(request.Body)
|
||||
if err != nil {
|
||||
if errors.Is(err, errs.ErrTooManyRequests) {
|
||||
c.Status(http.StatusTooManyRequests)
|
||||
} else {
|
||||
c.Status(http.StatusInternalServerError)
|
||||
}
|
||||
return
|
||||
}
|
||||
|
||||
c.JSON(http.StatusOK, response)
|
||||
},
|
||||
},
|
||||
|
||||
|
||||
// @Summary Complete password reset via email code
|
||||
// @Tags Auth
|
||||
// @Accept json
|
||||
// @Produce json
|
||||
// @Param request body models.PasswordResetCompleteRequest true " "
|
||||
// @Router /auth/passwordResetComplete [post]
|
||||
// @Success 200 {object} models.PasswordResetCompleteResponse " "
|
||||
// @Success 403 "Wrong verification code or username"
|
||||
{
|
||||
HttpMethod: POST,
|
||||
Path: "/passwordResetComplete",
|
||||
Authorization: enums.GuestRole,
|
||||
Middleware: []gin.HandlerFunc{},
|
||||
Function: func(c *gin.Context) {
|
||||
|
||||
request, err := GetRequest[models.PasswordResetCompleteRequest](c); if err != nil {
|
||||
return
|
||||
}
|
||||
|
||||
response, err := auth.PasswordResetComplete(request.Body)
|
||||
if err != nil {
|
||||
if errors.Is(err, errs.ErrForbidden) {
|
||||
c.Status(http.StatusForbidden)
|
||||
} else {
|
||||
c.Status(http.StatusInternalServerError)
|
||||
}
|
||||
return
|
||||
}
|
||||
|
||||
c.JSON(http.StatusOK, response)
|
||||
},
|
||||
},
|
||||
|
||||
// @Summary Set new password using the old password
|
||||
// @Tags Auth
|
||||
// @Accept json
|
||||
// @Produce json
|
||||
// @Security JWT
|
||||
// @Param request body models.ChangePasswordRequest true " "
|
||||
// @Success 200 "Password successfully changed"
|
||||
// @Failure 403 "Invalid old password"
|
||||
// @Router /auth/changePassword [post]
|
||||
{
|
||||
HttpMethod: POST,
|
||||
Path: "/changePassword",
|
||||
Authorization: enums.UserRole,
|
||||
Middleware: []gin.HandlerFunc{},
|
||||
Function: func(c *gin.Context) {
|
||||
|
||||
request, err := GetRequest[models.ChangePasswordRequest](c); if err != nil {
|
||||
return
|
||||
}
|
||||
|
||||
response, err := auth.ChangePassword(request.Body, request.User)
|
||||
|
||||
if err != nil {
|
||||
if errors.Is(err, errs.ErrForbidden) {
|
||||
c.Status(http.StatusForbidden)
|
||||
} else {
|
||||
c.Status(http.StatusInternalServerError)
|
||||
}
|
||||
return
|
||||
}
|
||||
|
||||
c.JSON(http.StatusOK, response)
|
||||
},
|
||||
},
|
||||
|
||||
},
|
||||
}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user