keiran/termbox
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

add authenticated middleware for sending termails

Browse Source
This commit is contained in:
Keiran 2025-08-06 06:32:45 +01:00
parent 424fae88c9
commit 71283b2248
2 changed files with 146 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
cmd/termbox_server/main.go
View File

@ -26,5 +26,12 @@ func main() {
e.POST("/auth/verify", handlers.HandleVerifyCode) e.POST("/auth/verify", handlers.HandleVerifyCode)
e.POST("/auth/login", handlers.HandleLogin) e.POST("/auth/login", handlers.HandleLogin)
protected := e.Group("/termail")
protected.Use(handlers.AuthMiddleware)
protected.POST("/send", handlers.HandleSendTermail)
protected.GET("/inbox", handlers.HandleGetInbox)
protected.POST("/:id/read", handlers.HandleMarkTermailRead)
protected.DELETE("/:id", handlers.HandleDeleteTermail)
log.Fatal(e.Start(":8080")) log.Fatal(e.Start(":8080"))
} }

139
internal/handlers/handlers.go
View File

@ -1,8 +1,10 @@
package handlers package handlers
import ( import (
"fmt"
"net/http" "net/http"
"os" "os"
"strconv"
"strings" "strings"
"time" "time"
@ -89,6 +91,143 @@ func HandleVerifyCode(c echo.Context) error {
return c.JSON(http.StatusOK, map[string]string{"message": "Account verified successfully"}) return c.JSON(http.StatusOK, map[string]string{"message": "Account verified successfully"})
} }
func validateToken(tokenString string) (*jwt.MapClaims, error) {
token, err := jwt.Parse(tokenString, func(token *jwt.Token) (interface{}, error) {
if _, ok := token.Method.(*jwt.SigningMethodHMAC); !ok {
return nil, fmt.Errorf("unexpected signing method")
}
return []byte(os.Getenv("JWT_SECRET")), nil
})
if err != nil {
return nil, err
}
if claims, ok := token.Claims.(jwt.MapClaims); ok && token.Valid {
return &claims, nil
}
return nil, fmt.Errorf("invalid token")
}
func AuthMiddleware(next echo.HandlerFunc) echo.HandlerFunc {
return func(c echo.Context) error {
authHeader := c.Request().Header.Get("Authorization")
if authHeader == "" {
return c.JSON(http.StatusUnauthorized, map[string]string{"error": "Authorization header required"})
}
bearerToken := strings.Split(authHeader, " ")
if len(bearerToken) != 2 || bearerToken[0] != "Bearer" {
return c.JSON(http.StatusUnauthorized, map[string]string{"error": "Invalid authorization format"})
}
claims, err := validateToken(bearerToken[1])
if err != nil {
return c.JSON(http.StatusUnauthorized, map[string]string{"error": "Invalid token"})
}
c.Set("user_id", int((*claims)["user_id"].(float64)))
c.Set("username", (*claims)["username"].(string))
return next(c)
}
}
func HandleSendTermail(c echo.Context) error {
var req db.SendTermailRequest
if err := c.Bind(&req); err != nil {
return c.JSON(http.StatusBadRequest, map[string]string{"error": "Invalid request body"})
}
if req.ReceiverUsername == "" || req.Subject == "" || req.Content == "" {
return c.JSON(http.StatusBadRequest, map[string]string{"error": "Receiver username, subject, and content are required"})
}
senderID := c.Get("user_id").(int)
termail, err := db.SendTermail(c.Request().Context(), senderID, req)
if err != nil {
if strings.Contains(err.Error(), "user not found") {
return c.JSON(http.StatusNotFound, map[string]string{"error": err.Error()})
}
return c.JSON(http.StatusInternalServerError, map[string]string{"error": "Failed to send termail"})
}
return c.JSON(http.StatusCreated, map[string]any{
"message": "Termail sent successfully",
"termail": termail,
})
}
func HandleGetInbox(c echo.Context) error {
userID := c.Get("user_id").(int)
limit := 10
if l := c.QueryParam("limit"); l != "" {
if parsed, err := strconv.Atoi(l); err == nil {
limit = parsed
}
}
offset := 0
if o := c.QueryParam("offset"); o != "" {
if parsed, err := strconv.Atoi(o); err == nil {
offset = parsed
}
}
search := c.QueryParam("search")
var termails []db.Termail
var err error
if search != "" {
termails, err = db.SearchTermails(c.Request().Context(), userID, search, limit, offset)
} else {
termails, err = db.GetInbox(c.Request().Context(), userID, limit, offset)
}
if err != nil {
return c.JSON(http.StatusInternalServerError, map[string]string{"error": "Failed to fetch inbox"})
}
return c.JSON(http.StatusOK, map[string]any{
"termails": termails,
"count": len(termails),
})
}
func HandleMarkTermailRead(c echo.Context) error {
userID := c.Get("user_id").(int)
termailID, err := strconv.Atoi(c.Param("id"))
if err != nil {
return c.JSON(http.StatusBadRequest, map[string]string{"error": "Invalid termail ID"})
}
err = db.MarkTermailAsRead(c.Request().Context(), termailID, userID)
if err != nil {
return c.JSON(http.StatusInternalServerError, map[string]string{"error": "Failed to mark termail as read"})
}
return c.JSON(http.StatusOK, map[string]string{"message": "Termail marked as read"})
}
func HandleDeleteTermail(c echo.Context) error {
userID := c.Get("user_id").(int)
termailID, err := strconv.Atoi(c.Param("id"))
if err != nil {
return c.JSON(http.StatusBadRequest, map[string]string{"error": "Invalid termail ID"})
}
err = db.DeleteTermail(c.Request().Context(), termailID, userID)
if err != nil {
if strings.Contains(err.Error(), "not found") {
return c.JSON(http.StatusNotFound, map[string]string{"error": err.Error()})
}
return c.JSON(http.StatusInternalServerError, map[string]string{"error": "Failed to delete termail"})
}
return c.JSON(http.StatusOK, map[string]string{"message": "Termail deleted"})
}
func HandleLogin(c echo.Context) error { func HandleLogin(c echo.Context) error {
var req db.LoginRequest var req db.LoginRequest
if err := c.Bind(&req); err != nil { if err := c.Bind(&req); err != nil {