first commit
This commit is contained in:
267
api/handlers/auth_handler.go.bak
Normal file
267
api/handlers/auth_handler.go.bak
Normal file
@@ -0,0 +1,267 @@
|
||||
package handlers
|
||||
|
||||
import (
|
||||
"fmt"
|
||||
"net/http"
|
||||
"net/url"
|
||||
"strings"
|
||||
|
||||
"gauth-central/config"
|
||||
"gauth-central/internal/models"
|
||||
"gauth-central/internal/services"
|
||||
"gauth-central/pkg/utils"
|
||||
|
||||
"github.com/gin-gonic/gin"
|
||||
"github.com/markbates/goth/gothic"
|
||||
)
|
||||
|
||||
type AuthHandler struct {
|
||||
authService *services.AuthService
|
||||
}
|
||||
|
||||
func NewAuthHandler(authService *services.AuthService) *AuthHandler {
|
||||
return &AuthHandler{authService: authService}
|
||||
}
|
||||
|
||||
type RegisterRequest struct {
|
||||
UserName string `json:"username" binding:"required,min=3"`
|
||||
Email string `json:"email" binding:"required,email"`
|
||||
Password string `json:"password" binding:"required,min=6"`
|
||||
}
|
||||
|
||||
type LoginRequest struct {
|
||||
Email string `json:"email" binding:"required,email"`
|
||||
Password string `json:"password" binding:"required"`
|
||||
}
|
||||
|
||||
type RefreshRequest struct {
|
||||
RefreshToken string `json:"refreshToken" binding:"required"`
|
||||
}
|
||||
|
||||
// Register godoc
|
||||
// @Summary Register a new user
|
||||
// @Description Register with username, email and password
|
||||
// @Tags auth
|
||||
// @Accept json
|
||||
// @Produce json
|
||||
// @Param request body RegisterRequest true "Register Request"
|
||||
// @Success 201 {object} map[string]interface{}
|
||||
// @Failure 400 {object} map[string]string
|
||||
// @Router /auth/register [post]
|
||||
func (h *AuthHandler) Register(c *gin.Context) {
|
||||
var req RegisterRequest
|
||||
if err := c.ShouldBindJSON(&req); err != nil {
|
||||
c.JSON(http.StatusBadRequest, gin.H{"error": err.Error()})
|
||||
return
|
||||
}
|
||||
|
||||
// Register creates user with email_verified=false; tokens only after email verification
|
||||
user, _, _, verifyToken, err := h.authService.Register(req.UserName, req.Email, req.Password)
|
||||
if err != nil {
|
||||
c.JSON(http.StatusBadRequest, gin.H{"error": err.Error()})
|
||||
return
|
||||
}
|
||||
|
||||
// Send verification email asynchronously
|
||||
go func() {
|
||||
if err := utils.SendVerificationEmail(user.Email, verifyToken); err != nil {
|
||||
fmt.Printf("Failed to send verification email to %s: %v\n", user.Email, err)
|
||||
} else {
|
||||
fmt.Printf("Verification email sent to %s\n", user.Email)
|
||||
}
|
||||
}()
|
||||
|
||||
roles := user.Roles
|
||||
if roles == nil {
|
||||
roles = []models.Role{}
|
||||
}
|
||||
|
||||
c.JSON(http.StatusCreated, gin.H{
|
||||
"message": "User created. Please verify your email.",
|
||||
"user_id": user.ID,
|
||||
"username": user.UserName,
|
||||
"email": user.Email,
|
||||
"avatar": user.Avatar,
|
||||
"roles": roles,
|
||||
"email_verified": false,
|
||||
"verification_token": verifyToken, // Returned for dev convenience, usually hidden in prod
|
||||
})
|
||||
}
|
||||
|
||||
// Login godoc
|
||||
// @Summary Login user
|
||||
// @Description Login with email and password to get JWT token
|
||||
// @Tags auth
|
||||
// @Accept json
|
||||
// @Produce json
|
||||
// @Param request body LoginRequest true "Login Request"
|
||||
// @Success 200 {object} map[string]string
|
||||
// @Failure 400 {object} map[string]string
|
||||
// @Failure 401 {object} map[string]string
|
||||
// @Router /auth/login [post]
|
||||
func (h *AuthHandler) Login(c *gin.Context) {
|
||||
var req LoginRequest
|
||||
if err := c.ShouldBindJSON(&req); err != nil {
|
||||
c.JSON(http.StatusBadRequest, gin.H{"error": err.Error()})
|
||||
return
|
||||
}
|
||||
|
||||
user, accessToken, refreshToken, err := h.authService.Login(req.Email, req.Password)
|
||||
if err != nil {
|
||||
c.JSON(http.StatusUnauthorized, gin.H{"error": err.Error()})
|
||||
return
|
||||
}
|
||||
|
||||
// Ensure roles is always returned, even if empty
|
||||
roles := user.Roles
|
||||
if roles == nil {
|
||||
roles = []models.Role{}
|
||||
}
|
||||
|
||||
c.JSON(http.StatusOK, gin.H{
|
||||
"user_id": user.ID,
|
||||
"username": user.UserName,
|
||||
"email": user.Email,
|
||||
"avatar": user.Avatar,
|
||||
"roles": roles,
|
||||
"accessToken": accessToken,
|
||||
"refreshToken": refreshToken,
|
||||
})
|
||||
}
|
||||
|
||||
// BeginAuth godoc
|
||||
// @Summary Start OAuth2 flow
|
||||
// @Description Redirect to OAuth2 provider
|
||||
// @Tags oauth
|
||||
// @Param provider path string true "Provider (google, github)"
|
||||
// @Router /auth/{provider} [get]
|
||||
func (h *AuthHandler) BeginAuth(c *gin.Context) {
|
||||
// Try to complete user auth if we've already got a session
|
||||
// but context is not set correctly for gin with gothic usually
|
||||
provider := c.Param("provider")
|
||||
q := c.Request.URL.Query()
|
||||
q.Add("provider", provider)
|
||||
c.Request.URL.RawQuery = q.Encode()
|
||||
|
||||
gothic.BeginAuthHandler(c.Writer, c.Request)
|
||||
}
|
||||
|
||||
// Callback godoc
|
||||
// @Summary OAuth2 Callback
|
||||
// @Description Handle callback from OAuth2 provider
|
||||
// @Tags oauth
|
||||
// @Param provider path string true "Provider (google, github)"
|
||||
// @Success 200 {object} map[string]string
|
||||
// @Failure 401 {object} map[string]string
|
||||
// @Router /auth/{provider}/callback [get]
|
||||
func (h *AuthHandler) Callback(c *gin.Context) {
|
||||
provider := c.Param("provider")
|
||||
q := c.Request.URL.Query()
|
||||
q.Add("provider", provider)
|
||||
c.Request.URL.RawQuery = q.Encode()
|
||||
|
||||
gothUser, err := gothic.CompleteUserAuth(c.Writer, c.Request)
|
||||
if err != nil {
|
||||
c.JSON(http.StatusUnauthorized, gin.H{"error": err.Error()})
|
||||
return
|
||||
}
|
||||
|
||||
_, accessToken, refreshToken, err := h.authService.FindOrCreateSocialUser(gothUser, provider)
|
||||
if err != nil {
|
||||
c.JSON(http.StatusInternalServerError, gin.H{"error": err.Error()})
|
||||
return
|
||||
}
|
||||
|
||||
// Always redirect to frontend with tokens in URL fragment
|
||||
redirectBase := strings.TrimSpace(config.AppConfig.OAuthRedirectURL)
|
||||
if redirectBase == "" {
|
||||
// Default to localhost frontend if not configured
|
||||
redirectBase = "http://localhost:3000/auth/callback"
|
||||
}
|
||||
|
||||
// Construct redirect URL with tokens in fragment (hash) format
|
||||
redirectURL := fmt.Sprintf(
|
||||
"%s#accessToken=%s&refreshToken=%s&provider=%s",
|
||||
strings.TrimRight(redirectBase, "#"),
|
||||
url.QueryEscape(accessToken),
|
||||
url.QueryEscape(refreshToken),
|
||||
url.QueryEscape(provider),
|
||||
)
|
||||
c.Redirect(http.StatusFound, redirectURL)
|
||||
}
|
||||
|
||||
// Refresh godoc
|
||||
// @Summary Refresh Access Token
|
||||
// @Description usage: send refreshToken to get new accessToken
|
||||
// @Tags auth
|
||||
// @Accept json
|
||||
// @Produce json
|
||||
// @Param request body RefreshRequest true "Refresh Request"
|
||||
// @Success 200 {object} map[string]string
|
||||
// @Failure 400 {object} map[string]string
|
||||
// @Failure 401 {object} map[string]string
|
||||
// @Router /auth/refresh [post]
|
||||
func (h *AuthHandler) Refresh(c *gin.Context) {
|
||||
var req RefreshRequest
|
||||
if err := c.ShouldBindJSON(&req); err != nil {
|
||||
c.JSON(http.StatusBadRequest, gin.H{"error": err.Error()})
|
||||
return
|
||||
}
|
||||
|
||||
accessToken, refreshToken, err := h.authService.RefreshToken(req.RefreshToken)
|
||||
if err != nil {
|
||||
c.JSON(http.StatusUnauthorized, gin.H{"error": err.Error()})
|
||||
return
|
||||
}
|
||||
|
||||
c.JSON(http.StatusOK, gin.H{
|
||||
"accessToken": accessToken,
|
||||
"refreshToken": refreshToken,
|
||||
})
|
||||
}
|
||||
|
||||
// VerifyEmail godoc
|
||||
// @Summary Verify email address
|
||||
// @Description Verify email with token sent after email/password registration
|
||||
// @Tags auth
|
||||
// @Param token query string true "Verification token"
|
||||
// @Success 200 {object} map[string]string
|
||||
// @Failure 400 {object} map[string]string
|
||||
// @Router /auth/verify-email [get]
|
||||
func (h *AuthHandler) VerifyEmail(c *gin.Context) {
|
||||
token := c.Query("token")
|
||||
if token == "" {
|
||||
c.JSON(http.StatusBadRequest, gin.H{"error": "token is required"})
|
||||
return
|
||||
}
|
||||
if err := h.authService.VerifyEmail(token); err != nil {
|
||||
c.JSON(http.StatusBadRequest, gin.H{"error": err.Error()})
|
||||
return
|
||||
}
|
||||
c.JSON(http.StatusOK, gin.H{"message": "Email verified successfully"})
|
||||
}
|
||||
|
||||
// Me godoc
|
||||
// @Summary Get Current User Profile
|
||||
// @Description Get details of the currently authenticated user
|
||||
// @Tags auth
|
||||
// @Security ApiKeyAuth
|
||||
// @Produce json
|
||||
// @Success 200 {object} models.User
|
||||
// @Failure 401 {object} map[string]string
|
||||
// @Router /auth/me [get]
|
||||
func (h *AuthHandler) Me(c *gin.Context) {
|
||||
userID := c.GetString("user_id")
|
||||
if userID == "" {
|
||||
c.JSON(http.StatusUnauthorized, gin.H{"error": "Unauthorized"})
|
||||
return
|
||||
}
|
||||
|
||||
user, err := h.authService.GetUserByID(userID)
|
||||
if err != nil {
|
||||
c.JSON(http.StatusUnauthorized, gin.H{"error": err.Error()})
|
||||
return
|
||||
}
|
||||
|
||||
c.JSON(http.StatusOK, user)
|
||||
}
|
||||
Reference in New Issue
Block a user