151 lines
4.1 KiB
Go
151 lines
4.1 KiB
Go
package main
|
|
|
|
import (
|
|
"errors"
|
|
"net/http"
|
|
"time"
|
|
|
|
"greenlight.debuggingjon.dev/internal/data"
|
|
"greenlight.debuggingjon.dev/internal/validator"
|
|
)
|
|
|
|
func (app *application) createAuthenticationTokenHandler(w http.ResponseWriter, r *http.Request) {
|
|
// Parse the email and password from the request body.
|
|
var input struct {
|
|
Email string `json:"email"`
|
|
Password string `json:"password"`
|
|
}
|
|
|
|
err := app.readJSON(w, r, &input)
|
|
if err != nil {
|
|
app.badRequestResponse(w, r, err)
|
|
return
|
|
}
|
|
|
|
// Validate the email and password provided by the client.
|
|
v := validator.New()
|
|
|
|
data.ValidateEmail(v, input.Email)
|
|
data.ValidatePasswordPlaintext(v, input.Password)
|
|
|
|
if !v.Valid() {
|
|
app.failedValidationResponse(w, r, v.Errors)
|
|
return
|
|
}
|
|
|
|
// Lookup the user record based on the email address. If no matching user was
|
|
// found, then we call the app.invalidCredentialsResponse() helper to send a 401
|
|
user, err := app.models.Users.GetByEmail(input.Email)
|
|
if err != nil {
|
|
switch {
|
|
case errors.Is(err, data.ErrRecordNotFound):
|
|
app.invalidCredentialsResponse(w, r)
|
|
default:
|
|
app.serverErrorResponse(w, r, err)
|
|
}
|
|
return
|
|
}
|
|
|
|
// Check if the provided password matches the actual password for the user.
|
|
match, err := user.Password.Matches(input.Password)
|
|
if err != nil {
|
|
app.serverErrorResponse(w, r, err)
|
|
return
|
|
}
|
|
|
|
// If the passwords don't match, then we call the app.invalidCredentialsResponse()
|
|
// helper again and return.
|
|
if !match {
|
|
app.invalidCredentialsResponse(w, r)
|
|
return
|
|
}
|
|
|
|
// Otherwise, if the password is correct, we generate a new token with a 24-hour
|
|
// expiry time and the scope 'authentication'.
|
|
token, err := app.models.Tokens.New(user.ID, 24*time.Hour, data.ScopeAuthentication)
|
|
if err != nil {
|
|
app.serverErrorResponse(w, r, err)
|
|
return
|
|
}
|
|
|
|
// Encode the token to JSON and send it in the response along with a 201 Created
|
|
// status code.
|
|
err = app.writeJSON(w, http.StatusCreated, envelope{"authentication_token": token}, nil)
|
|
if err != nil {
|
|
app.serverErrorResponse(w, r, err)
|
|
}
|
|
}
|
|
|
|
// Generate a password reset token and send it to the user's email address.
|
|
func (app *application) createPasswordResetTokenHandler(w http.ResponseWriter, r *http.Request) {
|
|
// Parse and validate the user's email address.
|
|
|
|
var input struct {
|
|
Email string `json:"email"`
|
|
}
|
|
|
|
err := app.readJSON(w, r, &input)
|
|
if err != nil {
|
|
app.badRequestResponse(w, r, err)
|
|
return
|
|
}
|
|
|
|
v := validator.New()
|
|
|
|
if data.ValidateEmail(v, input.Email); !v.Valid() {
|
|
app.failedValidationResponse(w, r, v.Errors)
|
|
return
|
|
}
|
|
|
|
// Try to retrieve the corresponding user record for the email address. If it can't
|
|
// be found, return an error message to the client.
|
|
user, err := app.models.Users.GetByEmail(input.Email)
|
|
if err != nil {
|
|
switch {
|
|
case errors.Is(err, data.ErrRecordNotFound):
|
|
v.AddError("email", "no matching email address found")
|
|
app.failedValidationResponse(w, r, v.Errors)
|
|
default:
|
|
app.serverErrorResponse(w, r, err)
|
|
}
|
|
return
|
|
}
|
|
|
|
// Return an error message if the user is not activated.
|
|
if !user.Activated {
|
|
v.AddError("email", "user account must be activated")
|
|
app.failedValidationResponse(w, r, v.Errors)
|
|
return
|
|
}
|
|
|
|
// Otherwise, create a new password reset token with a 45-minute expiry time.
|
|
token, err := app.models.Tokens.New(user.ID, 45*time.Minute, data.ScopePasswordReset)
|
|
if err != nil {
|
|
app.serverErrorResponse(w, r, err)
|
|
return
|
|
}
|
|
|
|
// Email the user with their password reset token.
|
|
app.background(func() {
|
|
data := map[string]any{
|
|
"passwordResetToken": token.Plaintext,
|
|
}
|
|
|
|
// Since email addresses MAY be case sensitive, notice that we are sending this
|
|
// email using the address stored in our database for the user --- not to the
|
|
// input.Email address provided by the client in this request.
|
|
err = app.mailer.Send(user.Email, "token_password_reset.tmpl", data)
|
|
if err != nil {
|
|
app.logger.PrintError(err, nil)
|
|
}
|
|
})
|
|
|
|
// Send a 202 Accepted response and confirmation message to the client.
|
|
env := envelope{"message": "an email will be sent to you containing password reset instructions"}
|
|
|
|
err = app.writeJSON(w, http.StatusAccepted, env, nil)
|
|
if err != nil {
|
|
app.serverErrorResponse(w, r, err)
|
|
}
|
|
}
|