budgeteer/server/session.go

package server

import (
	"context"
	"fmt"
	"net/http"

	"git.javil.eu/jacob1123/budgeteer"
	"git.javil.eu/jacob1123/budgeteer/postgres"
	"github.com/gin-gonic/gin"
	"github.com/google/uuid"
)

const (
	HeaderName = "Authorization"
	Bearer     = "Bearer "
	ParamName  = "token"
)

func MustGetToken(c *gin.Context) budgeteer.Token { //nolint:ireturn
	token := c.MustGet(ParamName)
	if token, ok := token.(budgeteer.Token); ok {
		return token
	}

	panic("Token is not a valid Token")
}

func (h *Handler) verifyLogin(c *gin.Context) (budgeteer.Token, *ErrorResponse) { //nolint:ireturn
	tokenString := c.GetHeader(HeaderName)
	if len(tokenString) <= len(Bearer) {
		return nil, &ErrorResponse{"no authorization header supplied"}
	}

	tokenString = tokenString[7:]
	token, err := h.TokenVerifier.VerifyToken(tokenString)
	if err != nil {
		return nil, &ErrorResponse{fmt.Sprintf("verify token '%s': %s", tokenString, err)}
	}

	return token, nil
}

func (h *Handler) verifyLoginWithForbidden(c *gin.Context) {
	token, err := h.verifyLogin(c)
	if err != nil {
		// c.Header("WWW-Authenticate", "Bearer")
		c.AbortWithStatusJSON(http.StatusForbidden, err)
		return
	}

	c.Set(ParamName, token)
	c.Next()
}

func (h *Handler) verifyLoginWithRedirect(c *gin.Context) {
	token, err := h.verifyLogin(c)
	if err != nil {
		c.Redirect(http.StatusTemporaryRedirect, "/login")
		c.Abort()
		return
	}

	c.Set(ParamName, token)
	c.Next()
}

type loginInformation struct {
	Password string `json:"password"`
	User     string `json:"user"`
}

func (h *Handler) loginPost(c *gin.Context) {
	var login loginInformation
	err := c.BindJSON(&login)
	if err != nil {
		return
	}

	user, err := h.Service.GetUserByUsername(c.Request.Context(), login.User)
	if err != nil {
		c.AbortWithError(http.StatusUnauthorized, err)
		return
	}

	if err = h.CredentialsVerifier.Verify(login.Password, user.Password); err != nil {
		c.AbortWithError(http.StatusUnauthorized, err)
		return
	}

	token, err := h.TokenVerifier.CreateToken(&user)
	if err != nil {
		c.AbortWithError(http.StatusUnauthorized, err)
	}

	go h.UpdateLastLogin(user.ID)

	budgets, err := h.Service.GetBudgetsForUser(c.Request.Context(), user.ID)
	if err != nil {
		return
	}

	c.JSON(http.StatusOK, LoginResponse{token, user, budgets})
}

type LoginResponse struct {
	Token   string
	User    postgres.User
	Budgets []postgres.Budget
}

type registerInformation struct {
	Password string `json:"password"`
	Email    string `json:"email"`
	Name     string `json:"name"`
}

func (h *Handler) registerPost(c *gin.Context) {
	var register registerInformation
	err := c.BindJSON(&register)
	if err != nil {
		c.AbortWithStatusJSON(http.StatusBadRequest, ErrorResponse{"error parsing body"})
		return
	}

	if register.Email == "" || register.Password == "" || register.Name == "" {
		c.AbortWithStatusJSON(http.StatusBadRequest, ErrorResponse{"e-mail, password and name are required"})
		return
	}

	_, err = h.Service.GetUserByUsername(c.Request.Context(), register.Email)
	if err == nil {
		c.AbortWithStatusJSON(http.StatusBadRequest, ErrorResponse{"email is already taken"})
		return
	}

	hash, err := h.CredentialsVerifier.Hash(register.Password)
	if err != nil {
		c.AbortWithError(http.StatusBadRequest, err)
		return
	}

	createUser := postgres.CreateUserParams{
		Name:     register.Name,
		Password: hash,
		Email:    register.Email,
	}
	user, err := h.Service.CreateUser(c.Request.Context(), createUser)
	if err != nil {
		c.AbortWithError(http.StatusInternalServerError, err)
	}

	token, err := h.TokenVerifier.CreateToken(&user)
	if err != nil {
		c.AbortWithError(http.StatusUnauthorized, err)
	}

	go h.UpdateLastLogin(user.ID)

	budgets, err := h.Service.GetBudgetsForUser(c.Request.Context(), user.ID)
	if err != nil {
		return
	}

	c.JSON(http.StatusOK, LoginResponse{token, user, budgets})
}

func (h *Handler) UpdateLastLogin(userID uuid.UUID) {
	_, err := h.Service.UpdateLastLogin(context.Background(), userID)
	if err != nil {
		fmt.Printf("Error updating last login: %s", err)
	}
}