package main import ( "errors" "net/http" "time" "greenlight.debuggingjon.dev/internal/data" "greenlight.debuggingjon.dev/internal/validator" ) func (app *application) createAuthenticationTokenHandler(w http.ResponseWriter, r *http.Request) { // Parse the email and password from the request body. var input struct { Email string `json:"email"` Password string `json:"password"` } err := app.readJSON(w, r, &input) if err != nil { app.badRequestResponse(w, r, err) return } // Validate the email and password provided by the client. v := validator.New() data.ValidateEmail(v, input.Email) data.ValidatePasswordPlaintext(v, input.Password) if !v.Valid() { app.failedValidationResponse(w, r, v.Errors) return } // Lookup the user record based on the email address. If no matching user was // found, then we call the app.invalidCredentialsResponse() helper to send a 401 user, err := app.models.Users.GetByEmail(input.Email) if err != nil { switch { case errors.Is(err, data.ErrRecordNotFound): app.invalidCredentialsResponse(w, r) default: app.serverErrorResponse(w, r, err) } return } // Check if the provided password matches the actual password for the user. match, err := user.Password.Matches(input.Password) if err != nil { app.serverErrorResponse(w, r, err) return } // If the passwords don't match, then we call the app.invalidCredentialsResponse() // helper again and return. if !match { app.invalidCredentialsResponse(w, r) return } // Otherwise, if the password is correct, we generate a new token with a 24-hour // expiry time and the scope 'authentication'. token, err := app.models.Tokens.New(user.ID, 24*time.Hour, data.ScopeAuthentication) if err != nil { app.serverErrorResponse(w, r, err) return } // Encode the token to JSON and send it in the response along with a 201 Created // status code. err = app.writeJSON(w, http.StatusCreated, envelope{"authentication_token": token}, nil) if err != nil { app.serverErrorResponse(w, r, err) } } // Generate a password reset token and send it to the user's email address. func (app *application) createPasswordResetTokenHandler(w http.ResponseWriter, r *http.Request) { // Parse and validate the user's email address. var input struct { Email string `json:"email"` } err := app.readJSON(w, r, &input) if err != nil { app.badRequestResponse(w, r, err) return } v := validator.New() if data.ValidateEmail(v, input.Email); !v.Valid() { app.failedValidationResponse(w, r, v.Errors) return } // Try to retrieve the corresponding user record for the email address. If it can't // be found, return an error message to the client. user, err := app.models.Users.GetByEmail(input.Email) if err != nil { switch { case errors.Is(err, data.ErrRecordNotFound): v.AddError("email", "no matching email address found") app.failedValidationResponse(w, r, v.Errors) default: app.serverErrorResponse(w, r, err) } return } // Return an error message if the user is not activated. if !user.Activated { v.AddError("email", "user account must be activated") app.failedValidationResponse(w, r, v.Errors) return } // Otherwise, create a new password reset token with a 45-minute expiry time. token, err := app.models.Tokens.New(user.ID, 45*time.Minute, data.ScopePasswordReset) if err != nil { app.serverErrorResponse(w, r, err) return } // Email the user with their password reset token. app.background(func() { data := map[string]any{ "passwordResetToken": token.Plaintext, } // Since email addresses MAY be case sensitive, notice that we are sending this // email using the address stored in our database for the user --- not to the // input.Email address provided by the client in this request. err = app.mailer.Send(user.Email, "token_password_reset.tmpl", data) if err != nil { app.logger.PrintError(err, nil) } }) // Send a 202 Accepted response and confirmation message to the client. env := envelope{"message": "an email will be sent to you containing password reset instructions"} err = app.writeJSON(w, http.StatusAccepted, env, nil) if err != nil { app.serverErrorResponse(w, r, err) } }