Files
atahango/api/handlers/auth_handler.go.bak
Beyhan Oğur bbbf76b184 first commit
2026-04-26 21:35:24 +03:00

268 lines
7.6 KiB
Go

package handlers
import (
"fmt"
"net/http"
"net/url"
"strings"
"gauth-central/config"
"gauth-central/internal/models"
"gauth-central/internal/services"
"gauth-central/pkg/utils"
"github.com/gin-gonic/gin"
"github.com/markbates/goth/gothic"
)
type AuthHandler struct {
authService *services.AuthService
}
func NewAuthHandler(authService *services.AuthService) *AuthHandler {
return &AuthHandler{authService: authService}
}
type RegisterRequest struct {
UserName string `json:"username" binding:"required,min=3"`
Email string `json:"email" binding:"required,email"`
Password string `json:"password" binding:"required,min=6"`
}
type LoginRequest struct {
Email string `json:"email" binding:"required,email"`
Password string `json:"password" binding:"required"`
}
type RefreshRequest struct {
RefreshToken string `json:"refreshToken" binding:"required"`
}
// Register godoc
// @Summary Register a new user
// @Description Register with username, email and password
// @Tags auth
// @Accept json
// @Produce json
// @Param request body RegisterRequest true "Register Request"
// @Success 201 {object} map[string]interface{}
// @Failure 400 {object} map[string]string
// @Router /auth/register [post]
func (h *AuthHandler) Register(c *gin.Context) {
var req RegisterRequest
if err := c.ShouldBindJSON(&req); err != nil {
c.JSON(http.StatusBadRequest, gin.H{"error": err.Error()})
return
}
// Register creates user with email_verified=false; tokens only after email verification
user, _, _, verifyToken, err := h.authService.Register(req.UserName, req.Email, req.Password)
if err != nil {
c.JSON(http.StatusBadRequest, gin.H{"error": err.Error()})
return
}
// Send verification email asynchronously
go func() {
if err := utils.SendVerificationEmail(user.Email, verifyToken); err != nil {
fmt.Printf("Failed to send verification email to %s: %v\n", user.Email, err)
} else {
fmt.Printf("Verification email sent to %s\n", user.Email)
}
}()
roles := user.Roles
if roles == nil {
roles = []models.Role{}
}
c.JSON(http.StatusCreated, gin.H{
"message": "User created. Please verify your email.",
"user_id": user.ID,
"username": user.UserName,
"email": user.Email,
"avatar": user.Avatar,
"roles": roles,
"email_verified": false,
"verification_token": verifyToken, // Returned for dev convenience, usually hidden in prod
})
}
// Login godoc
// @Summary Login user
// @Description Login with email and password to get JWT token
// @Tags auth
// @Accept json
// @Produce json
// @Param request body LoginRequest true "Login Request"
// @Success 200 {object} map[string]string
// @Failure 400 {object} map[string]string
// @Failure 401 {object} map[string]string
// @Router /auth/login [post]
func (h *AuthHandler) Login(c *gin.Context) {
var req LoginRequest
if err := c.ShouldBindJSON(&req); err != nil {
c.JSON(http.StatusBadRequest, gin.H{"error": err.Error()})
return
}
user, accessToken, refreshToken, err := h.authService.Login(req.Email, req.Password)
if err != nil {
c.JSON(http.StatusUnauthorized, gin.H{"error": err.Error()})
return
}
// Ensure roles is always returned, even if empty
roles := user.Roles
if roles == nil {
roles = []models.Role{}
}
c.JSON(http.StatusOK, gin.H{
"user_id": user.ID,
"username": user.UserName,
"email": user.Email,
"avatar": user.Avatar,
"roles": roles,
"accessToken": accessToken,
"refreshToken": refreshToken,
})
}
// BeginAuth godoc
// @Summary Start OAuth2 flow
// @Description Redirect to OAuth2 provider
// @Tags oauth
// @Param provider path string true "Provider (google, github)"
// @Router /auth/{provider} [get]
func (h *AuthHandler) BeginAuth(c *gin.Context) {
// Try to complete user auth if we've already got a session
// but context is not set correctly for gin with gothic usually
provider := c.Param("provider")
q := c.Request.URL.Query()
q.Add("provider", provider)
c.Request.URL.RawQuery = q.Encode()
gothic.BeginAuthHandler(c.Writer, c.Request)
}
// Callback godoc
// @Summary OAuth2 Callback
// @Description Handle callback from OAuth2 provider
// @Tags oauth
// @Param provider path string true "Provider (google, github)"
// @Success 200 {object} map[string]string
// @Failure 401 {object} map[string]string
// @Router /auth/{provider}/callback [get]
func (h *AuthHandler) Callback(c *gin.Context) {
provider := c.Param("provider")
q := c.Request.URL.Query()
q.Add("provider", provider)
c.Request.URL.RawQuery = q.Encode()
gothUser, err := gothic.CompleteUserAuth(c.Writer, c.Request)
if err != nil {
c.JSON(http.StatusUnauthorized, gin.H{"error": err.Error()})
return
}
_, accessToken, refreshToken, err := h.authService.FindOrCreateSocialUser(gothUser, provider)
if err != nil {
c.JSON(http.StatusInternalServerError, gin.H{"error": err.Error()})
return
}
// Always redirect to frontend with tokens in URL fragment
redirectBase := strings.TrimSpace(config.AppConfig.OAuthRedirectURL)
if redirectBase == "" {
// Default to localhost frontend if not configured
redirectBase = "http://localhost:3000/auth/callback"
}
// Construct redirect URL with tokens in fragment (hash) format
redirectURL := fmt.Sprintf(
"%s#accessToken=%s&refreshToken=%s&provider=%s",
strings.TrimRight(redirectBase, "#"),
url.QueryEscape(accessToken),
url.QueryEscape(refreshToken),
url.QueryEscape(provider),
)
c.Redirect(http.StatusFound, redirectURL)
}
// Refresh godoc
// @Summary Refresh Access Token
// @Description usage: send refreshToken to get new accessToken
// @Tags auth
// @Accept json
// @Produce json
// @Param request body RefreshRequest true "Refresh Request"
// @Success 200 {object} map[string]string
// @Failure 400 {object} map[string]string
// @Failure 401 {object} map[string]string
// @Router /auth/refresh [post]
func (h *AuthHandler) Refresh(c *gin.Context) {
var req RefreshRequest
if err := c.ShouldBindJSON(&req); err != nil {
c.JSON(http.StatusBadRequest, gin.H{"error": err.Error()})
return
}
accessToken, refreshToken, err := h.authService.RefreshToken(req.RefreshToken)
if err != nil {
c.JSON(http.StatusUnauthorized, gin.H{"error": err.Error()})
return
}
c.JSON(http.StatusOK, gin.H{
"accessToken": accessToken,
"refreshToken": refreshToken,
})
}
// VerifyEmail godoc
// @Summary Verify email address
// @Description Verify email with token sent after email/password registration
// @Tags auth
// @Param token query string true "Verification token"
// @Success 200 {object} map[string]string
// @Failure 400 {object} map[string]string
// @Router /auth/verify-email [get]
func (h *AuthHandler) VerifyEmail(c *gin.Context) {
token := c.Query("token")
if token == "" {
c.JSON(http.StatusBadRequest, gin.H{"error": "token is required"})
return
}
if err := h.authService.VerifyEmail(token); err != nil {
c.JSON(http.StatusBadRequest, gin.H{"error": err.Error()})
return
}
c.JSON(http.StatusOK, gin.H{"message": "Email verified successfully"})
}
// Me godoc
// @Summary Get Current User Profile
// @Description Get details of the currently authenticated user
// @Tags auth
// @Security ApiKeyAuth
// @Produce json
// @Success 200 {object} models.User
// @Failure 401 {object} map[string]string
// @Router /auth/me [get]
func (h *AuthHandler) Me(c *gin.Context) {
userID := c.GetString("user_id")
if userID == "" {
c.JSON(http.StatusUnauthorized, gin.H{"error": "Unauthorized"})
return
}
user, err := h.authService.GetUserByID(userID)
if err != nil {
c.JSON(http.StatusUnauthorized, gin.H{"error": err.Error()})
return
}
c.JSON(http.StatusOK, user)
}