257 lines
7.9 KiB
Go
257 lines
7.9 KiB
Go
package handlers
|
|
|
|
import (
|
|
"fmt"
|
|
"net/http"
|
|
"os"
|
|
"strconv"
|
|
"strings"
|
|
"time"
|
|
|
|
"git.keircn.com/keiran/termbox/internal/db"
|
|
"git.keircn.com/keiran/termbox/internal/email"
|
|
"github.com/golang-jwt/jwt/v5"
|
|
"github.com/labstack/echo/v4"
|
|
)
|
|
|
|
var emailService *email.Service
|
|
|
|
func InitEmailService() {
|
|
emailService = email.NewService()
|
|
}
|
|
|
|
func generateToken(userID int, username string) (string, error) {
|
|
claims := jwt.MapClaims{
|
|
"user_id": userID,
|
|
"username": username,
|
|
"exp": time.Now().Add(time.Hour * 24 * 7).Unix(),
|
|
}
|
|
|
|
token := jwt.NewWithClaims(jwt.SigningMethodHS256, claims)
|
|
return token.SignedString([]byte(os.Getenv("JWT_SECRET")))
|
|
}
|
|
|
|
func HandleRoot(c echo.Context) error {
|
|
return c.String(http.StatusOK, "Hello, World!")
|
|
}
|
|
|
|
func HandleRegister(c echo.Context) error {
|
|
if err := db.CleanupUnverifiedUsers(c.Request().Context()); err != nil {
|
|
return c.JSON(http.StatusInternalServerError, map[string]string{"error": "Failed to cleanup old accounts"})
|
|
}
|
|
|
|
var req db.CreateUserRequest
|
|
if err := c.Bind(&req); err != nil {
|
|
return c.JSON(http.StatusBadRequest, map[string]string{"error": "Invalid request body"})
|
|
}
|
|
|
|
if req.Username == "" || req.Email == "" || req.Password == "" {
|
|
return c.JSON(http.StatusBadRequest, map[string]string{"error": "Username, email, and password are required"})
|
|
}
|
|
|
|
user, err := db.CreateUser(c.Request().Context(), req)
|
|
if err != nil {
|
|
if strings.Contains(err.Error(), "duplicate") || strings.Contains(err.Error(), "unique") {
|
|
return c.JSON(http.StatusConflict, map[string]string{"error": "Username or email already exists"})
|
|
}
|
|
return c.JSON(http.StatusInternalServerError, map[string]string{"error": "Failed to create user: " + err.Error()})
|
|
}
|
|
|
|
verificationCode, err := db.CreateVerificationCode(c.Request().Context(), user.ID)
|
|
if err != nil {
|
|
return c.JSON(http.StatusInternalServerError, map[string]string{"error": "Failed to create verification code"})
|
|
}
|
|
|
|
err = emailService.SendVerificationCode(c.Request().Context(), user.Email, user.Username, verificationCode.Code)
|
|
if err != nil {
|
|
return c.JSON(http.StatusInternalServerError, map[string]string{"error": "Failed to send verification email"})
|
|
}
|
|
|
|
return c.JSON(http.StatusCreated, map[string]any{
|
|
"message": "User created successfully. Please check your email for verification code.",
|
|
"user": user,
|
|
})
|
|
}
|
|
|
|
func HandleVerifyCode(c echo.Context) error {
|
|
var req db.VerifyCodeRequest
|
|
if err := c.Bind(&req); err != nil {
|
|
return c.JSON(http.StatusBadRequest, map[string]string{"error": "Invalid request body"})
|
|
}
|
|
|
|
if req.Email == "" || req.Code == "" {
|
|
return c.JSON(http.StatusBadRequest, map[string]string{"error": "Email and code are required"})
|
|
}
|
|
|
|
err := db.VerifyCode(c.Request().Context(), req.Email, req.Code)
|
|
if err != nil {
|
|
return c.JSON(http.StatusBadRequest, map[string]string{"error": err.Error()})
|
|
}
|
|
|
|
return c.JSON(http.StatusOK, map[string]string{"message": "Account verified successfully"})
|
|
}
|
|
|
|
func validateToken(tokenString string) (*jwt.MapClaims, error) {
|
|
token, err := jwt.Parse(tokenString, func(token *jwt.Token) (interface{}, error) {
|
|
if _, ok := token.Method.(*jwt.SigningMethodHMAC); !ok {
|
|
return nil, fmt.Errorf("unexpected signing method")
|
|
}
|
|
return []byte(os.Getenv("JWT_SECRET")), nil
|
|
})
|
|
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
if claims, ok := token.Claims.(jwt.MapClaims); ok && token.Valid {
|
|
return &claims, nil
|
|
}
|
|
|
|
return nil, fmt.Errorf("invalid token")
|
|
}
|
|
|
|
func AuthMiddleware(next echo.HandlerFunc) echo.HandlerFunc {
|
|
return func(c echo.Context) error {
|
|
authHeader := c.Request().Header.Get("Authorization")
|
|
if authHeader == "" {
|
|
return c.JSON(http.StatusUnauthorized, map[string]string{"error": "Authorization header required"})
|
|
}
|
|
|
|
bearerToken := strings.Split(authHeader, " ")
|
|
if len(bearerToken) != 2 || bearerToken[0] != "Bearer" {
|
|
return c.JSON(http.StatusUnauthorized, map[string]string{"error": "Invalid authorization format"})
|
|
}
|
|
|
|
claims, err := validateToken(bearerToken[1])
|
|
if err != nil {
|
|
return c.JSON(http.StatusUnauthorized, map[string]string{"error": "Invalid token"})
|
|
}
|
|
|
|
c.Set("user_id", int((*claims)["user_id"].(float64)))
|
|
c.Set("username", (*claims)["username"].(string))
|
|
return next(c)
|
|
}
|
|
}
|
|
|
|
func HandleSendTermail(c echo.Context) error {
|
|
var req db.SendTermailRequest
|
|
if err := c.Bind(&req); err != nil {
|
|
return c.JSON(http.StatusBadRequest, map[string]string{"error": "Invalid request body"})
|
|
}
|
|
|
|
if req.ReceiverUsername == "" || req.Subject == "" || req.Content == "" {
|
|
return c.JSON(http.StatusBadRequest, map[string]string{"error": "Receiver username, subject, and content are required"})
|
|
}
|
|
|
|
senderID := c.Get("user_id").(int)
|
|
termail, err := db.SendTermail(c.Request().Context(), senderID, req)
|
|
if err != nil {
|
|
if strings.Contains(err.Error(), "user not found") {
|
|
return c.JSON(http.StatusNotFound, map[string]string{"error": err.Error()})
|
|
}
|
|
return c.JSON(http.StatusInternalServerError, map[string]string{"error": "Failed to send termail"})
|
|
}
|
|
|
|
return c.JSON(http.StatusCreated, map[string]any{
|
|
"message": "Termail sent successfully",
|
|
"termail": termail,
|
|
})
|
|
}
|
|
|
|
func HandleGetInbox(c echo.Context) error {
|
|
userID := c.Get("user_id").(int)
|
|
|
|
limit := 10
|
|
if l := c.QueryParam("limit"); l != "" {
|
|
if parsed, err := strconv.Atoi(l); err == nil {
|
|
limit = parsed
|
|
}
|
|
}
|
|
|
|
offset := 0
|
|
if o := c.QueryParam("offset"); o != "" {
|
|
if parsed, err := strconv.Atoi(o); err == nil {
|
|
offset = parsed
|
|
}
|
|
}
|
|
|
|
search := c.QueryParam("search")
|
|
var termails []db.Termail
|
|
var err error
|
|
|
|
if search != "" {
|
|
termails, err = db.SearchTermails(c.Request().Context(), userID, search, limit, offset)
|
|
} else {
|
|
termails, err = db.GetInbox(c.Request().Context(), userID, limit, offset)
|
|
}
|
|
|
|
if err != nil {
|
|
return c.JSON(http.StatusInternalServerError, map[string]string{"error": "Failed to fetch inbox"})
|
|
}
|
|
|
|
return c.JSON(http.StatusOK, map[string]any{
|
|
"termails": termails,
|
|
"count": len(termails),
|
|
})
|
|
}
|
|
|
|
func HandleMarkTermailRead(c echo.Context) error {
|
|
userID := c.Get("user_id").(int)
|
|
termailID, err := strconv.Atoi(c.Param("id"))
|
|
if err != nil {
|
|
return c.JSON(http.StatusBadRequest, map[string]string{"error": "Invalid termail ID"})
|
|
}
|
|
|
|
err = db.MarkTermailAsRead(c.Request().Context(), termailID, userID)
|
|
if err != nil {
|
|
return c.JSON(http.StatusInternalServerError, map[string]string{"error": "Failed to mark termail as read"})
|
|
}
|
|
|
|
return c.JSON(http.StatusOK, map[string]string{"message": "Termail marked as read"})
|
|
}
|
|
|
|
func HandleDeleteTermail(c echo.Context) error {
|
|
userID := c.Get("user_id").(int)
|
|
termailID, err := strconv.Atoi(c.Param("id"))
|
|
if err != nil {
|
|
return c.JSON(http.StatusBadRequest, map[string]string{"error": "Invalid termail ID"})
|
|
}
|
|
|
|
err = db.DeleteTermail(c.Request().Context(), termailID, userID)
|
|
if err != nil {
|
|
if strings.Contains(err.Error(), "not found") {
|
|
return c.JSON(http.StatusNotFound, map[string]string{"error": err.Error()})
|
|
}
|
|
return c.JSON(http.StatusInternalServerError, map[string]string{"error": "Failed to delete termail"})
|
|
}
|
|
|
|
return c.JSON(http.StatusOK, map[string]string{"message": "Termail deleted"})
|
|
}
|
|
|
|
func HandleLogin(c echo.Context) error {
|
|
var req db.LoginRequest
|
|
if err := c.Bind(&req); err != nil {
|
|
return c.JSON(http.StatusBadRequest, map[string]string{"error": "Invalid request body"})
|
|
}
|
|
|
|
if req.Username == "" || req.Password == "" {
|
|
return c.JSON(http.StatusBadRequest, map[string]string{"error": "Username and password are required"})
|
|
}
|
|
|
|
user, err := db.ValidateUserCredentials(c.Request().Context(), req.Username, req.Password)
|
|
if err != nil {
|
|
return c.JSON(http.StatusUnauthorized, map[string]string{"error": "Invalid credentials or account not verified"})
|
|
}
|
|
|
|
token, err := generateToken(user.ID, user.Username)
|
|
if err != nil {
|
|
return c.JSON(http.StatusInternalServerError, map[string]string{"error": "Failed to generate token"})
|
|
}
|
|
|
|
return c.JSON(http.StatusOK, map[string]any{
|
|
"message": "Login successful",
|
|
"user": user,
|
|
"token": token,
|
|
})
|
|
}
|