268 lines
7.4 KiB
Go
268 lines
7.4 KiB
Go
package handlers
|
|
|
|
import (
|
|
"fmt"
|
|
"net/http"
|
|
|
|
"gauth-central/internal/models"
|
|
"gauth-central/internal/services"
|
|
"gauth-central/pkg/utils"
|
|
|
|
"github.com/gin-gonic/gin"
|
|
"github.com/markbates/goth/gothic"
|
|
)
|
|
|
|
type AuthHandler struct {
|
|
authService *services.AuthService
|
|
}
|
|
|
|
func NewAuthHandler(authService *services.AuthService) *AuthHandler {
|
|
return &AuthHandler{authService: authService}
|
|
}
|
|
|
|
type RegisterRequest struct {
|
|
UserName string `json:"username" binding:"required,min=3"`
|
|
Email string `json:"email" binding:"required,email"`
|
|
Password string `json:"password" binding:"required,min=6"`
|
|
}
|
|
|
|
type LoginRequest struct {
|
|
Email string `json:"email" binding:"required,email"`
|
|
Password string `json:"password" binding:"required"`
|
|
}
|
|
|
|
type RefreshRequest struct {
|
|
RefreshToken string `json:"refresh_token" binding:"required"`
|
|
}
|
|
|
|
// Register godoc
|
|
// @Summary Register a new user
|
|
// @Description Register with username, email and password
|
|
// @Tags auth
|
|
// @Accept json
|
|
// @Produce json
|
|
// @Param request body RegisterRequest true "Register Request"
|
|
// @Success 201 {object} map[string]interface{}
|
|
// @Failure 400 {object} map[string]string
|
|
// @Router /auth/register [post]
|
|
func (h *AuthHandler) Register(c *gin.Context) {
|
|
var req RegisterRequest
|
|
if err := c.ShouldBindJSON(&req); err != nil {
|
|
c.JSON(http.StatusBadRequest, gin.H{"error": err.Error()})
|
|
return
|
|
}
|
|
|
|
// Register creates user with email_verified=false; tokens only after email verification
|
|
user, _, _, verifyToken, err := h.authService.Register(req.UserName, req.Email, req.Password)
|
|
if err != nil {
|
|
c.JSON(http.StatusBadRequest, gin.H{"error": err.Error()})
|
|
return
|
|
}
|
|
|
|
// Send verification email asynchronously
|
|
go func() {
|
|
if err := utils.SendVerificationEmail(user.Email, verifyToken); err != nil {
|
|
fmt.Printf("Failed to send verification email to %s: %v\n", user.Email, err)
|
|
} else {
|
|
fmt.Printf("Verification email sent to %s\n", user.Email)
|
|
}
|
|
}()
|
|
|
|
roles := user.Roles
|
|
if roles == nil {
|
|
roles = []models.Role{}
|
|
}
|
|
|
|
c.JSON(http.StatusCreated, gin.H{
|
|
"message": "User created. Please verify your email.",
|
|
"user_id": user.ID,
|
|
"username": user.UserName,
|
|
"email": user.Email,
|
|
"avatar": user.Avatar,
|
|
"roles": roles,
|
|
"email_verified": false,
|
|
"verification_token": verifyToken, // Returned for dev convenience, usually hidden in prod
|
|
})
|
|
}
|
|
|
|
// Login godoc
|
|
// @Summary Login user
|
|
// @Description Login with email and password to get JWT token
|
|
// @Tags auth
|
|
// @Accept json
|
|
// @Produce json
|
|
// @Param request body LoginRequest true "Login Request"
|
|
// @Success 200 {object} map[string]string
|
|
// @Failure 400 {object} map[string]string
|
|
// @Failure 401 {object} map[string]string
|
|
// @Router /auth/login [post]
|
|
func (h *AuthHandler) Login(c *gin.Context) {
|
|
var req LoginRequest
|
|
if err := c.ShouldBindJSON(&req); err != nil {
|
|
c.JSON(http.StatusBadRequest, gin.H{"error": err.Error()})
|
|
return
|
|
}
|
|
|
|
user, accessToken, refreshToken, err := h.authService.Login(req.Email, req.Password)
|
|
if err != nil {
|
|
c.JSON(http.StatusUnauthorized, gin.H{"error": err.Error()})
|
|
return
|
|
}
|
|
|
|
// Ensure roles is always returned, even if empty
|
|
roles := user.Roles
|
|
if roles == nil {
|
|
roles = []models.Role{}
|
|
}
|
|
|
|
c.JSON(http.StatusOK, gin.H{
|
|
"user_id": user.ID,
|
|
"username": user.UserName,
|
|
"email": user.Email,
|
|
"avatar": user.Avatar,
|
|
"roles": roles,
|
|
"access_token": accessToken,
|
|
"refresh_token": refreshToken,
|
|
})
|
|
}
|
|
|
|
// BeginAuth godoc
|
|
// @Summary Start OAuth2 flow
|
|
// @Description Redirect to OAuth2 provider
|
|
// @Tags oauth
|
|
// @Param provider path string true "Provider (google, github)"
|
|
// @Router /auth/{provider} [get]
|
|
func (h *AuthHandler) BeginAuth(c *gin.Context) {
|
|
// Try to complete user auth if we've already got a session
|
|
// but context is not set correctly for gin with gothic usually
|
|
provider := c.Param("provider")
|
|
q := c.Request.URL.Query()
|
|
q.Add("provider", provider)
|
|
c.Request.URL.RawQuery = q.Encode()
|
|
|
|
gothic.BeginAuthHandler(c.Writer, c.Request)
|
|
}
|
|
|
|
// Callback godoc
|
|
// @Summary OAuth2 Callback
|
|
// @Description Handle callback from OAuth2 provider
|
|
// @Tags oauth
|
|
// @Param provider path string true "Provider (google, github)"
|
|
// @Success 200 {object} map[string]string
|
|
// @Failure 401 {object} map[string]string
|
|
// @Router /auth/{provider}/callback [get]
|
|
func (h *AuthHandler) Callback(c *gin.Context) {
|
|
provider := c.Param("provider")
|
|
q := c.Request.URL.Query()
|
|
q.Add("provider", provider)
|
|
c.Request.URL.RawQuery = q.Encode()
|
|
|
|
gothUser, err := gothic.CompleteUserAuth(c.Writer, c.Request)
|
|
if err != nil {
|
|
c.JSON(http.StatusUnauthorized, gin.H{"error": err.Error()})
|
|
return
|
|
}
|
|
|
|
user, accessToken, refreshToken, err := h.authService.FindOrCreateSocialUser(gothUser, provider)
|
|
if err != nil {
|
|
c.JSON(http.StatusInternalServerError, gin.H{"error": err.Error()})
|
|
return
|
|
}
|
|
|
|
// Ensure roles is always returned
|
|
roles := user.Roles
|
|
if roles == nil {
|
|
roles = []models.Role{}
|
|
}
|
|
|
|
c.JSON(http.StatusOK, gin.H{
|
|
"access_token": accessToken,
|
|
"refresh_token": refreshToken,
|
|
"user": gin.H{
|
|
"id": user.ID,
|
|
"username": user.UserName,
|
|
"email": user.Email,
|
|
"avatar": user.Avatar,
|
|
"email_verified": user.EmailVerified,
|
|
"roles": roles,
|
|
"social_accounts": user.SocialAccounts,
|
|
},
|
|
})
|
|
}
|
|
|
|
// Refresh godoc
|
|
// @Summary Refresh Access Token
|
|
// @Description usage: send refresh_token to get new access_token
|
|
// @Tags auth
|
|
// @Accept json
|
|
// @Produce json
|
|
// @Param request body RefreshRequest true "Refresh Request"
|
|
// @Success 200 {object} map[string]string
|
|
// @Failure 400 {object} map[string]string
|
|
// @Failure 401 {object} map[string]string
|
|
// @Router /auth/refresh [post]
|
|
func (h *AuthHandler) Refresh(c *gin.Context) {
|
|
var req RefreshRequest
|
|
if err := c.ShouldBindJSON(&req); err != nil {
|
|
c.JSON(http.StatusBadRequest, gin.H{"error": err.Error()})
|
|
return
|
|
}
|
|
|
|
accessToken, refreshToken, err := h.authService.RefreshToken(req.RefreshToken)
|
|
if err != nil {
|
|
c.JSON(http.StatusUnauthorized, gin.H{"error": err.Error()})
|
|
return
|
|
}
|
|
|
|
c.JSON(http.StatusOK, gin.H{
|
|
"access_token": accessToken,
|
|
"refresh_token": refreshToken,
|
|
})
|
|
}
|
|
|
|
// VerifyEmail godoc
|
|
// @Summary Verify email address
|
|
// @Description Verify email with token sent after email/password registration
|
|
// @Tags auth
|
|
// @Param token query string true "Verification token"
|
|
// @Success 200 {object} map[string]string
|
|
// @Failure 400 {object} map[string]string
|
|
// @Router /auth/verify-email [get]
|
|
func (h *AuthHandler) VerifyEmail(c *gin.Context) {
|
|
token := c.Query("token")
|
|
if token == "" {
|
|
c.JSON(http.StatusBadRequest, gin.H{"error": "token is required"})
|
|
return
|
|
}
|
|
if err := h.authService.VerifyEmail(token); err != nil {
|
|
c.JSON(http.StatusBadRequest, gin.H{"error": err.Error()})
|
|
return
|
|
}
|
|
c.JSON(http.StatusOK, gin.H{"message": "Email verified successfully"})
|
|
}
|
|
|
|
// Me godoc
|
|
// @Summary Get Current User Profile
|
|
// @Description Get details of the currently authenticated user
|
|
// @Tags auth
|
|
// @Security ApiKeyAuth
|
|
// @Produce json
|
|
// @Success 200 {object} models.User
|
|
// @Failure 401 {object} map[string]string
|
|
// @Router /auth/me [get]
|
|
func (h *AuthHandler) Me(c *gin.Context) {
|
|
userID := c.GetString("user_id")
|
|
if userID == "" {
|
|
c.JSON(http.StatusUnauthorized, gin.H{"error": "Unauthorized"})
|
|
return
|
|
}
|
|
|
|
user, err := h.authService.GetUserByID(userID)
|
|
if err != nil {
|
|
c.JSON(http.StatusUnauthorized, gin.H{"error": err.Error()})
|
|
return
|
|
}
|
|
|
|
c.JSON(http.StatusOK, user)
|
|
}
|