weirdcat/easywish
1
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
d6e2d02bffe56eac1bc49454702dcf92215d86d2
easywish/backend/internal/controllers/auth.go
Nikolai Papin d6e2d02bff refactor: transitioned auth controller to use the new controller structure; 
feat: setup DI for controllers;
refactor: marked old utils and routes package parts as deprecated
2025-07-17 21:42:47 +03:00

288 lines
8.0 KiB
Go
Raw Blame History

// Copyright (c) 2025 Nikolai Papin
//
// This file is part of Easywish
//
// This program is free software: you can redistribute it and/or modify
// it under the terms of the GNU General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
//
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See
// the GNU General Public License for more details.
//
// You should have received a copy of the GNU General Public License
// along with this program. If not, see <https://www.gnu.org/licenses/>.
package controllers
import (
errs "easywish/internal/errors"
"easywish/internal/models"
"easywish/internal/services"
"easywish/internal/utils"
"easywish/internal/utils/enums"
"errors"
"net/http"
"github.com/gin-gonic/gin"
"go.uber.org/zap"
)
func NewAuthController(log *zap.Logger, auth services.AuthService) Controller {
return &controllerImpl{
Path: "/auth",
Middleware: []gin.HandlerFunc{},
Methods: []ControllerMethod{
// @Summary Register an account
// @Tags Auth
// @Accept json
// @Produce json
// @Param request body models.RegistrationBeginRequest true " "
// @Success 200 "Account is created and awaiting verification"
// @Failure 409 "Username or email is already taken"
// @Failure 429 "Too many recent registration attempts for this email"
// @Router /auth/registrationBegin [post]
{
HttpMethod: POST,
Path: "/registrationBegin",
Authorization: enums.GuestRole,
Middleware: []gin.HandlerFunc{},
Function: func(c *gin.Context) {
request, err := GetRequest[models.RegistrationBeginRequest](c); if err != nil {
return
}
_, err = auth.RegistrationBegin(request.Body); if err != nil {
if errors.Is(err, errs.ErrUsernameTaken) || errors.Is(err, errs.ErrEmailTaken) {
c.Status(http.StatusConflict)
} else {
c.Status(http.StatusInternalServerError)
}
return
}
c.Status(http.StatusOK)
return
},
},
// @Summary Confirm with code, finish creating the account
// @Tags Auth
// @Accept json
// @Produce json
// @Param request body models.RegistrationCompleteRequest true " "
// @Success 200 {object} models.RegistrationCompleteResponse " "
// @Failure 403 "Invalid email or verification code"
// @Router /auth/registrationComplete [post]
{
HttpMethod: POST,
Path: "/registrationComplete",
Authorization: enums.GuestRole,
Middleware: []gin.HandlerFunc{},
Function: func(c *gin.Context) {
request, err := GetRequest[models.RegistrationCompleteRequest](c); if err != nil {
return
}
response, err := auth.RegistrationComplete(request.User, request.Body)
if err != nil {
if errors.Is(err, errs.ErrForbidden) {
c.Status(http.StatusForbidden)
} else if errors.Is(err, errs.ErrUnauthorized) {
c.Status(http.StatusUnauthorized)
} else {
c.Status(http.StatusInternalServerError)
}
return
}
c.JSON(http.StatusOK, response)
},
},
// @Summary Acquire tokens via login credentials (and 2FA code if needed)
// @Tags Auth
// @Accept json
// @Produce json
// @Param request body models.LoginRequest true " "
// @Success 200 {object} models.LoginResponse " "
// @Failure 403 "Invalid login credentials"
// @Router /auth/login [post]
{
HttpMethod: POST,
Path: "/login",
Authorization: enums.GuestRole,
Middleware: []gin.HandlerFunc{},
Function: func(c *gin.Context) {
request, err := GetRequest[models.LoginRequest](c); if err != nil {
return
}
response, err := auth.Login(request.User, request.Body)
if err != nil {
if errors.Is(err, errs.ErrForbidden) {
c.Status(http.StatusForbidden)
} else {
c.Status(http.StatusInternalServerError)
}
return
}
c.JSON(http.StatusOK, response)
},
},
// @Summary Receive new tokens via refresh token
// @Tags Auth
// @Accept json
// @Produce json
// @Param request body models.RefreshRequest true " "
// @Router /auth/refresh [post]
// @Success 200 {object} models.RefreshResponse " "
// @Failure 401 "Invalid refresh token"
{
HttpMethod: POST,
Path: "/refresh",
Authorization: enums.GuestRole,
Middleware: []gin.HandlerFunc{},
Function: func(c *gin.Context) {
request, err := GetRequest[models.RefreshRequest](c); if err != nil {
return
}
response, err := auth.Refresh(request.Body)
if err != nil {
if utils.ErrorIsOneOf(
err,
errs.ErrTokenExpired,
errs.ErrTokenInvalid,
errs.ErrInvalidToken,
errs.ErrWrongTokenType,
errs.ErrSessionNotFound,
errs.ErrSessionTerminated,
) {
c.JSON(http.StatusUnauthorized, gin.H{"error": "Invalid token"})
} else {
c.JSON(http.StatusInternalServerError, err.Error())
}
return
}
c.JSON(http.StatusOK, response)
},
},
// @Summary Request password reset email
// @Tags Auth
// @Accept json
// @Produce json
// @Param request body models.PasswordResetBeginRequest true " "
// @Router /auth/passwordResetBegin [post]
// @Success 200 "Reset code sent to the email if it is attached to an account"
// @Failure 429 "Too many recent requests for this email"
{
HttpMethod: POST,
Path: "/passwordResetBegin",
Authorization: enums.GuestRole,
Middleware: []gin.HandlerFunc{},
Function: func(c *gin.Context) {
request, err := GetRequest[models.PasswordResetBeginRequest](c); if err != nil {
return
}
response, err := auth.PasswordResetBegin(request.Body)
if err != nil {
if errors.Is(err, errs.ErrTooManyRequests) {
c.Status(http.StatusTooManyRequests)
} else {
c.Status(http.StatusInternalServerError)
}
return
}
c.JSON(http.StatusOK, response)
},
},
// @Summary Complete password reset via email code
// @Tags Auth
// @Accept json
// @Produce json
// @Param request body models.PasswordResetCompleteRequest true " "
// @Router /auth/passwordResetComplete [post]
// @Success 200 {object} models.PasswordResetCompleteResponse " "
// @Success 403 "Wrong verification code or username"
{
HttpMethod: POST,
Path: "/passwordResetComplete",
Authorization: enums.GuestRole,
Middleware: []gin.HandlerFunc{},
Function: func(c *gin.Context) {
request, err := GetRequest[models.PasswordResetCompleteRequest](c); if err != nil {
return
}
response, err := auth.PasswordResetComplete(request.Body)
if err != nil {
if errors.Is(err, errs.ErrForbidden) {
c.Status(http.StatusForbidden)
} else {
c.Status(http.StatusInternalServerError)
}
return
}
c.JSON(http.StatusOK, response)
},
},
// @Summary Set new password using the old password
// @Tags Auth
// @Accept json
// @Produce json
// @Security JWT
// @Param request body models.ChangePasswordRequest true " "
// @Success 200 "Password successfully changed"
// @Failure 403 "Invalid old password"
// @Router /auth/changePassword [post]
{
HttpMethod: POST,
Path: "/changePassword",
Authorization: enums.UserRole,
Middleware: []gin.HandlerFunc{},
Function: func(c *gin.Context) {
request, err := GetRequest[models.ChangePasswordRequest](c); if err != nil {
return
}
response, err := auth.ChangePassword(request.Body, request.User)
if err != nil {
if errors.Is(err, errs.ErrForbidden) {
c.Status(http.StatusForbidden)
} else {
c.Status(http.StatusInternalServerError)
}
return
}
c.JSON(http.StatusOK, response)
},
},
},
}
}
Reference in New Issue View Git Blame Copy Permalink