Rename http package to server

server/session.go

@@ -0,0 +1,158 @@
+package server
+
+import (
+	"context"
+	"fmt"
+	"net/http"
+
+	"git.javil.eu/jacob1123/budgeteer"
+	"git.javil.eu/jacob1123/budgeteer/postgres"
+	"github.com/gin-gonic/gin"
+	"github.com/google/uuid"
+)
+
+func (h *Handler) verifyLogin(c *gin.Context) (budgeteer.Token, error) {
+	tokenString := c.GetHeader("Authorization")
+	if len(tokenString) < 8 {
+		return nil, fmt.Errorf("no authorization header supplied")
+	}
+
+	tokenString = tokenString[7:]
+	token, err := h.TokenVerifier.VerifyToken(tokenString)
+	if err != nil {
+		return nil, fmt.Errorf("verify token '%s': %w", tokenString, err)
+	}
+
+	return token, nil
+}
+
+func (h *Handler) verifyLoginWithForbidden(c *gin.Context) {
+	token, err := h.verifyLogin(c)
+	if err != nil {
+		//c.Header("WWW-Authenticate", "Bearer")
+		c.AbortWithError(http.StatusForbidden, err)
+		return
+	}
+
+	c.Set("token", token)
+	c.Next()
+}
+
+func (h *Handler) verifyLoginWithRedirect(c *gin.Context) {
+	token, err := h.verifyLogin(c)
+	if err != nil {
+		c.Redirect(http.StatusTemporaryRedirect, "/login")
+		c.Abort()
+		return
+	}
+
+	c.Set("token", token)
+	c.Next()
+}
+
+type loginInformation struct {
+	Password string `json:"password"`
+	User     string `json:"user"`
+}
+
+func (h *Handler) loginPost(c *gin.Context) {
+	var login loginInformation
+	err := c.BindJSON(&login)
+	if err != nil {
+		return
+	}
+
+	user, err := h.Service.GetUserByUsername(c.Request.Context(), login.User)
+	if err != nil {
+		c.AbortWithError(http.StatusUnauthorized, err)
+		return
+	}
+
+	if err = h.CredentialsVerifier.Verify(login.Password, user.Password); err != nil {
+		c.AbortWithError(http.StatusUnauthorized, err)
+		return
+	}
+
+	token, err := h.TokenVerifier.CreateToken(&user)
+	if err != nil {
+		c.AbortWithError(http.StatusUnauthorized, err)
+	}
+
+	go h.UpdateLastLogin(user.ID)
+
+	budgets, err := h.Service.GetBudgetsForUser(c.Request.Context(), user.ID)
+	if err != nil {
+		return
+	}
+
+	c.JSON(http.StatusOK, LoginResponse{token, user, budgets})
+}
+
+type LoginResponse struct {
+	Token   string
+	User    postgres.User
+	Budgets []postgres.Budget
+}
+
+type registerInformation struct {
+	Password string `json:"password"`
+	Email    string `json:"email"`
+	Name     string `json:"name"`
+}
+
+func (h *Handler) registerPost(c *gin.Context) {
+	var register registerInformation
+	err := c.BindJSON(&register)
+	if err != nil {
+		c.AbortWithError(http.StatusBadRequest, fmt.Errorf("parse body: %w", err))
+		return
+	}
+
+	if register.Email == "" || register.Password == "" || register.Name == "" {
+		c.AbortWithError(http.StatusBadRequest, fmt.Errorf("e-mail, password and name are required"))
+		return
+	}
+
+	_, err = h.Service.GetUserByUsername(c.Request.Context(), register.Email)
+	if err == nil {
+		c.AbortWithError(http.StatusBadRequest, fmt.Errorf("email is already taken"))
+		return
+	}
+
+	hash, err := h.CredentialsVerifier.Hash(register.Password)
+	if err != nil {
+		c.AbortWithError(http.StatusBadRequest, err)
+		return
+	}
+
+	createUser := postgres.CreateUserParams{
+		Name:     register.Name,
+		Password: hash,
+		Email:    register.Email,
+	}
+	user, err := h.Service.CreateUser(c.Request.Context(), createUser)
+	if err != nil {
+		c.AbortWithError(http.StatusInternalServerError, err)
+	}
+
+	token, err := h.TokenVerifier.CreateToken(&user)
+	if err != nil {
+		c.AbortWithError(http.StatusUnauthorized, err)
+	}
+
+	go h.UpdateLastLogin(user.ID)
+
+	budgets, err := h.Service.GetBudgetsForUser(c.Request.Context(), user.ID)
+	if err != nil {
+		return
+	}
+
+	c.JSON(http.StatusOK, LoginResponse{token, user, budgets})
+}
+
+func (h *Handler) UpdateLastLogin(userID uuid.UUID) {
+	_, err := h.Service.UpdateLastLogin(context.Background(), userID)
+	if err != nil {
+		fmt.Printf("Error updating last login: %s", err)
+	}
+}