2025-12-03 19:29:37 +00:00
|
|
|
package handlers
|
|
|
|
|
|
|
|
|
|
import (
|
2025-12-26 16:11:57 +00:00
|
|
|
"fmt"
|
2025-12-03 19:29:37 +00:00
|
|
|
"net/http"
|
|
|
|
|
"strings"
|
|
|
|
|
"time"
|
|
|
|
|
|
2026-01-07 18:39:21 +00:00
|
|
|
"veza-backend-api/internal/config"
|
2025-12-03 19:29:37 +00:00
|
|
|
"veza-backend-api/internal/core/auth"
|
|
|
|
|
"veza-backend-api/internal/dto"
|
P0: stabilisation backend/chat/stream + nouvelle base migrations v1
Backend Go:
- Remplacement complet des anciennes migrations par la base V1 alignée sur ORIGIN.
- Durcissement global du parsing JSON (BindAndValidateJSON + RespondWithAppError).
- Sécurisation de config.go, CORS, statuts de santé et monitoring.
- Implémentation des transactions P0 (RBAC, duplication de playlists, social toggles).
- Ajout d’un job worker structuré (emails, analytics, thumbnails) + tests associés.
- Nouvelle doc backend : AUDIT_CONFIG, BACKEND_CONFIG, AUTH_PASSWORD_RESET, JOB_WORKER_*.
Chat server (Rust):
- Refonte du pipeline JWT + sécurité, audit et rate limiting avancé.
- Implémentation complète du cycle de message (read receipts, delivered, edit/delete, typing).
- Nettoyage des panics, gestion d’erreurs robuste, logs structurés.
- Migrations chat alignées sur le schéma UUID et nouvelles features.
Stream server (Rust):
- Refonte du moteur de streaming (encoding pipeline + HLS) et des modules core.
- Transactions P0 pour les jobs et segments, garanties d’atomicité.
- Documentation détaillée de la pipeline (AUDIT_STREAM_*, DESIGN_STREAM_PIPELINE, TRANSACTIONS_P0_IMPLEMENTATION).
Documentation & audits:
- TRIAGE.md et AUDIT_STABILITY.md à jour avec l’état réel des 3 services.
- Cartographie complète des migrations et des transactions (DB_MIGRATIONS_*, DB_TRANSACTION_PLAN, AUDIT_DB_TRANSACTIONS, TRANSACTION_TESTS_PHASE3).
- Scripts de reset et de cleanup pour la lab DB et la V1.
Ce commit fige l’ensemble du travail de stabilisation P0 (UUID, backend, chat et stream) avant les phases suivantes (Coherence Guardian, WS hardening, etc.).
2025-12-06 10:14:38 +00:00
|
|
|
apperrors "veza-backend-api/internal/errors"
|
2025-12-16 16:23:49 +00:00
|
|
|
|
2025-12-03 19:29:37 +00:00
|
|
|
// "veza-backend-api/internal/response" // Removed this import
|
|
|
|
|
"veza-backend-api/internal/services"
|
|
|
|
|
|
|
|
|
|
"github.com/gin-gonic/gin"
|
|
|
|
|
"github.com/google/uuid"
|
|
|
|
|
"go.uber.org/zap"
|
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
// Login gère la connexion des utilisateurs
|
2025-12-06 16:34:18 +00:00
|
|
|
// @Summary User Login
|
2026-01-07 18:39:21 +00:00
|
|
|
// @Description Authenticate user and return access token. Refresh token is set in httpOnly cookie.
|
2025-12-06 16:34:18 +00:00
|
|
|
// @Tags Auth
|
|
|
|
|
// @Accept json
|
|
|
|
|
// @Produce json
|
|
|
|
|
// @Param request body dto.LoginRequest true "Login Credentials"
|
2026-01-07 18:39:21 +00:00
|
|
|
// @Success 200 {object} dto.LoginResponse "Access token returned in body, refresh token in httpOnly cookie"
|
2025-12-06 16:34:18 +00:00
|
|
|
// @Failure 400 {object} handlers.APIResponse "Validation or Bad Request"
|
|
|
|
|
// @Failure 401 {object} handlers.APIResponse "Invalid credentials"
|
|
|
|
|
// @Failure 500 {object} handlers.APIResponse "Internal Error"
|
|
|
|
|
// @Router /auth/login [post]
|
2026-01-07 18:39:21 +00:00
|
|
|
func Login(authService *auth.AuthService, sessionService *services.SessionService, twoFactorService *services.TwoFactorService, logger *zap.Logger, cfg *config.Config) gin.HandlerFunc {
|
2025-12-03 19:29:37 +00:00
|
|
|
return func(c *gin.Context) {
|
P0: stabilisation backend/chat/stream + nouvelle base migrations v1
Backend Go:
- Remplacement complet des anciennes migrations par la base V1 alignée sur ORIGIN.
- Durcissement global du parsing JSON (BindAndValidateJSON + RespondWithAppError).
- Sécurisation de config.go, CORS, statuts de santé et monitoring.
- Implémentation des transactions P0 (RBAC, duplication de playlists, social toggles).
- Ajout d’un job worker structuré (emails, analytics, thumbnails) + tests associés.
- Nouvelle doc backend : AUDIT_CONFIG, BACKEND_CONFIG, AUTH_PASSWORD_RESET, JOB_WORKER_*.
Chat server (Rust):
- Refonte du pipeline JWT + sécurité, audit et rate limiting avancé.
- Implémentation complète du cycle de message (read receipts, delivered, edit/delete, typing).
- Nettoyage des panics, gestion d’erreurs robuste, logs structurés.
- Migrations chat alignées sur le schéma UUID et nouvelles features.
Stream server (Rust):
- Refonte du moteur de streaming (encoding pipeline + HLS) et des modules core.
- Transactions P0 pour les jobs et segments, garanties d’atomicité.
- Documentation détaillée de la pipeline (AUDIT_STREAM_*, DESIGN_STREAM_PIPELINE, TRANSACTIONS_P0_IMPLEMENTATION).
Documentation & audits:
- TRIAGE.md et AUDIT_STABILITY.md à jour avec l’état réel des 3 services.
- Cartographie complète des migrations et des transactions (DB_MIGRATIONS_*, DB_TRANSACTION_PLAN, AUDIT_DB_TRANSACTIONS, TRANSACTION_TESTS_PHASE3).
- Scripts de reset et de cleanup pour la lab DB et la V1.
Ce commit fige l’ensemble du travail de stabilisation P0 (UUID, backend, chat et stream) avant les phases suivantes (Coherence Guardian, WS hardening, etc.).
2025-12-06 10:14:38 +00:00
|
|
|
commonHandler := NewCommonHandler(logger)
|
2025-12-03 19:29:37 +00:00
|
|
|
var req dto.LoginRequest
|
P0: stabilisation backend/chat/stream + nouvelle base migrations v1
Backend Go:
- Remplacement complet des anciennes migrations par la base V1 alignée sur ORIGIN.
- Durcissement global du parsing JSON (BindAndValidateJSON + RespondWithAppError).
- Sécurisation de config.go, CORS, statuts de santé et monitoring.
- Implémentation des transactions P0 (RBAC, duplication de playlists, social toggles).
- Ajout d’un job worker structuré (emails, analytics, thumbnails) + tests associés.
- Nouvelle doc backend : AUDIT_CONFIG, BACKEND_CONFIG, AUTH_PASSWORD_RESET, JOB_WORKER_*.
Chat server (Rust):
- Refonte du pipeline JWT + sécurité, audit et rate limiting avancé.
- Implémentation complète du cycle de message (read receipts, delivered, edit/delete, typing).
- Nettoyage des panics, gestion d’erreurs robuste, logs structurés.
- Migrations chat alignées sur le schéma UUID et nouvelles features.
Stream server (Rust):
- Refonte du moteur de streaming (encoding pipeline + HLS) et des modules core.
- Transactions P0 pour les jobs et segments, garanties d’atomicité.
- Documentation détaillée de la pipeline (AUDIT_STREAM_*, DESIGN_STREAM_PIPELINE, TRANSACTIONS_P0_IMPLEMENTATION).
Documentation & audits:
- TRIAGE.md et AUDIT_STABILITY.md à jour avec l’état réel des 3 services.
- Cartographie complète des migrations et des transactions (DB_MIGRATIONS_*, DB_TRANSACTION_PLAN, AUDIT_DB_TRANSACTIONS, TRANSACTION_TESTS_PHASE3).
- Scripts de reset et de cleanup pour la lab DB et la V1.
Ce commit fige l’ensemble du travail de stabilisation P0 (UUID, backend, chat et stream) avant les phases suivantes (Coherence Guardian, WS hardening, etc.).
2025-12-06 10:14:38 +00:00
|
|
|
if appErr := commonHandler.BindAndValidateJSON(c, &req); appErr != nil {
|
|
|
|
|
RespondWithAppError(c, appErr)
|
2025-12-03 19:29:37 +00:00
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// req.RememberMe is a bool, not *bool, so no need to check for nil or indirect
|
2025-12-06 16:21:59 +00:00
|
|
|
rememberMe := req.RememberMe
|
|
|
|
|
|
feat: Visual masterpiece - true light mode & premium UI
🎨 **True Light/Dark Mode**
- Implemented proper light mode with inverted color scheme
- Smooth theme transitions (0.3s ease)
- Light mode colors: white backgrounds, dark text, vibrant accents
- System theme detection with proper class application
🌈 **Enhanced Theme System**
- 4 color themes work in both light and dark modes
- Cyber (cyan/magenta), Ocean (blue/teal), Forest (green/lime), Sunset (orange/purple)
- Theme-specific glassmorphism effects
- Proper contrast in light mode
✨ **Premium Animations**
- Float, glow-pulse, slide-in, scale-in, rotate-in animations
- Smooth page transitions
- Hover effects with depth (lift, glow, scale)
- Micro-interactions on all interactive elements
🎯 **Visual Polish**
- Enhanced glassmorphism for light/dark modes
- Custom scrollbar with theme colors
- Beautiful text selection
- Focus indicators for accessibility
- Premium utility classes
🔧 **Technical Improvements**
- Updated UIStore to properly apply light/dark classes
- Added data-theme attribute for CSS targeting
- Smooth scroll behavior
- Optimized transitions
The app is now a visual masterpiece with perfect light/dark mode support!
2026-01-11 01:32:21 +00:00
|
|
|
if logger != nil {
|
|
|
|
|
logger.Info("Login handler processing request",
|
|
|
|
|
zap.String("email", req.Email),
|
|
|
|
|
zap.Bool("remember_me", rememberMe),
|
|
|
|
|
)
|
|
|
|
|
}
|
|
|
|
|
|
2025-12-16 16:23:49 +00:00
|
|
|
// MOD-P1-004: Ajouter timeout context pour opération DB critique (login)
|
|
|
|
|
ctx, cancel := WithTimeout(c.Request.Context(), 5*time.Second)
|
|
|
|
|
defer cancel()
|
|
|
|
|
user, tokens, err := authService.Login(ctx, req.Email, req.Password, rememberMe)
|
2025-12-03 19:29:37 +00:00
|
|
|
if err != nil {
|
feat: Visual masterpiece - true light mode & premium UI
🎨 **True Light/Dark Mode**
- Implemented proper light mode with inverted color scheme
- Smooth theme transitions (0.3s ease)
- Light mode colors: white backgrounds, dark text, vibrant accents
- System theme detection with proper class application
🌈 **Enhanced Theme System**
- 4 color themes work in both light and dark modes
- Cyber (cyan/magenta), Ocean (blue/teal), Forest (green/lime), Sunset (orange/purple)
- Theme-specific glassmorphism effects
- Proper contrast in light mode
✨ **Premium Animations**
- Float, glow-pulse, slide-in, scale-in, rotate-in animations
- Smooth page transitions
- Hover effects with depth (lift, glow, scale)
- Micro-interactions on all interactive elements
🎯 **Visual Polish**
- Enhanced glassmorphism for light/dark modes
- Custom scrollbar with theme colors
- Beautiful text selection
- Focus indicators for accessibility
- Premium utility classes
🔧 **Technical Improvements**
- Updated UIStore to properly apply light/dark classes
- Added data-theme attribute for CSS targeting
- Smooth scroll behavior
- Optimized transitions
The app is now a visual masterpiece with perfect light/dark mode support!
2026-01-11 01:32:21 +00:00
|
|
|
// MOD-P1-002: Improved error handling
|
|
|
|
|
errMsg := err.Error()
|
|
|
|
|
|
|
|
|
|
if strings.Contains(strings.ToLower(errMsg), "email not verified") {
|
2025-12-16 16:23:49 +00:00
|
|
|
RespondWithAppError(c, apperrors.New(apperrors.ErrCodeForbidden, "Email not verified"))
|
2025-12-03 19:29:37 +00:00
|
|
|
return
|
|
|
|
|
}
|
feat: Visual masterpiece - true light mode & premium UI
🎨 **True Light/Dark Mode**
- Implemented proper light mode with inverted color scheme
- Smooth theme transitions (0.3s ease)
- Light mode colors: white backgrounds, dark text, vibrant accents
- System theme detection with proper class application
🌈 **Enhanced Theme System**
- 4 color themes work in both light and dark modes
- Cyber (cyan/magenta), Ocean (blue/teal), Forest (green/lime), Sunset (orange/purple)
- Theme-specific glassmorphism effects
- Proper contrast in light mode
✨ **Premium Animations**
- Float, glow-pulse, slide-in, scale-in, rotate-in animations
- Smooth page transitions
- Hover effects with depth (lift, glow, scale)
- Micro-interactions on all interactive elements
🎯 **Visual Polish**
- Enhanced glassmorphism for light/dark modes
- Custom scrollbar with theme colors
- Beautiful text selection
- Focus indicators for accessibility
- Premium utility classes
🔧 **Technical Improvements**
- Updated UIStore to properly apply light/dark classes
- Added data-theme attribute for CSS targeting
- Smooth scroll behavior
- Optimized transitions
The app is now a visual masterpiece with perfect light/dark mode support!
2026-01-11 01:32:21 +00:00
|
|
|
|
|
|
|
|
if strings.Contains(strings.ToLower(errMsg), "account is locked") {
|
|
|
|
|
// Return 423 Locked or 403 Forbidden
|
|
|
|
|
// Using c.JSON to specific 423 for clarity
|
|
|
|
|
c.JSON(http.StatusLocked, gin.H{
|
|
|
|
|
"success": false,
|
|
|
|
|
"error": gin.H{
|
|
|
|
|
"code": 423,
|
|
|
|
|
"message": "Account is locked. Please try again later.",
|
|
|
|
|
},
|
|
|
|
|
})
|
2025-12-03 19:29:37 +00:00
|
|
|
return
|
|
|
|
|
}
|
feat: Visual masterpiece - true light mode & premium UI
🎨 **True Light/Dark Mode**
- Implemented proper light mode with inverted color scheme
- Smooth theme transitions (0.3s ease)
- Light mode colors: white backgrounds, dark text, vibrant accents
- System theme detection with proper class application
🌈 **Enhanced Theme System**
- 4 color themes work in both light and dark modes
- Cyber (cyan/magenta), Ocean (blue/teal), Forest (green/lime), Sunset (orange/purple)
- Theme-specific glassmorphism effects
- Proper contrast in light mode
✨ **Premium Animations**
- Float, glow-pulse, slide-in, scale-in, rotate-in animations
- Smooth page transitions
- Hover effects with depth (lift, glow, scale)
- Micro-interactions on all interactive elements
🎯 **Visual Polish**
- Enhanced glassmorphism for light/dark modes
- Custom scrollbar with theme colors
- Beautiful text selection
- Focus indicators for accessibility
- Premium utility classes
🔧 **Technical Improvements**
- Updated UIStore to properly apply light/dark classes
- Added data-theme attribute for CSS targeting
- Smooth scroll behavior
- Optimized transitions
The app is now a visual masterpiece with perfect light/dark mode support!
2026-01-11 01:32:21 +00:00
|
|
|
|
|
|
|
|
// Check for invalid credentials (case insensitive)
|
|
|
|
|
if strings.Contains(strings.ToLower(errMsg), "invalid credentials") ||
|
|
|
|
|
strings.Contains(strings.ToLower(errMsg), "user not found") ||
|
|
|
|
|
strings.Contains(strings.ToLower(errMsg), "record not found") {
|
|
|
|
|
fmt.Println("DEBUG: Using c.JSON(401)")
|
|
|
|
|
// Try direct JSON response to rule out helper issues
|
|
|
|
|
c.JSON(http.StatusUnauthorized, gin.H{
|
|
|
|
|
"success": false,
|
|
|
|
|
"error": gin.H{
|
|
|
|
|
"code": 401,
|
|
|
|
|
"message": "Invalid credentials",
|
|
|
|
|
},
|
|
|
|
|
})
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Fallback: log and return 500
|
|
|
|
|
if logger != nil {
|
|
|
|
|
logger.Error("Login error fell through to 500", zap.Error(err))
|
|
|
|
|
}
|
2025-12-16 16:23:49 +00:00
|
|
|
RespondWithAppError(c, apperrors.Wrap(apperrors.ErrCodeInternal, "Failed to authenticate", err))
|
2025-12-03 19:29:37 +00:00
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
2025-12-23 00:40:28 +00:00
|
|
|
// BE-API-001: Check if 2FA is enabled for user
|
|
|
|
|
var requires2FA bool
|
|
|
|
|
if twoFactorService != nil {
|
|
|
|
|
requires2FA, err = twoFactorService.GetTwoFactorStatus(ctx, user.ID)
|
|
|
|
|
if err != nil {
|
|
|
|
|
logger.Warn("Failed to check 2FA status", zap.Error(err), zap.String("user_id", user.ID.String()))
|
|
|
|
|
// Continue without 2FA check if error
|
|
|
|
|
requires2FA = false
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// If 2FA is required, return flag without tokens
|
|
|
|
|
if requires2FA {
|
|
|
|
|
RespondSuccess(c, http.StatusOK, dto.LoginResponse{
|
|
|
|
|
User: dto.UserResponse{
|
2025-12-23 00:44:54 +00:00
|
|
|
ID: user.ID,
|
|
|
|
|
Email: user.Email,
|
|
|
|
|
Username: user.Username,
|
2025-12-23 00:40:28 +00:00
|
|
|
},
|
|
|
|
|
Requires2FA: true,
|
|
|
|
|
})
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
2025-12-03 19:29:37 +00:00
|
|
|
if sessionService != nil {
|
|
|
|
|
ipAddress := c.ClientIP()
|
|
|
|
|
userAgent := c.GetHeader("User-Agent")
|
|
|
|
|
if userAgent == "" {
|
|
|
|
|
userAgent = "Unknown"
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
expiresIn := 30 * 24 * time.Hour
|
|
|
|
|
if rememberMe {
|
|
|
|
|
expiresIn = 90 * 24 * time.Hour
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
sessionReq := &services.SessionCreateRequest{
|
|
|
|
|
UserID: user.ID,
|
|
|
|
|
Token: tokens.AccessToken,
|
|
|
|
|
IPAddress: ipAddress,
|
|
|
|
|
UserAgent: userAgent,
|
|
|
|
|
ExpiresIn: expiresIn,
|
|
|
|
|
}
|
|
|
|
|
|
2025-12-16 16:23:49 +00:00
|
|
|
// MOD-P1-004: Ajouter timeout context pour opération DB (session)
|
|
|
|
|
sessionCtx, sessionCancel := WithTimeout(c.Request.Context(), 3*time.Second)
|
|
|
|
|
defer sessionCancel()
|
|
|
|
|
if _, err := sessionService.CreateSession(sessionCtx, sessionReq); err != nil {
|
2025-12-03 19:29:37 +00:00
|
|
|
if logger != nil {
|
|
|
|
|
logger.Warn("Failed to create session after login",
|
|
|
|
|
zap.String("user_id", user.ID.String()),
|
|
|
|
|
zap.String("ip_address", ipAddress),
|
|
|
|
|
zap.Error(err),
|
|
|
|
|
)
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2026-01-07 18:39:21 +00:00
|
|
|
// SECURITY: Set refresh token in httpOnly cookie
|
|
|
|
|
refreshTokenExpires := 30 * 24 * time.Hour // 30 jours par défaut
|
|
|
|
|
if rememberMe {
|
|
|
|
|
refreshTokenExpires = 90 * 24 * time.Hour // 90 jours si remember me
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Utiliser http.Cookie pour supporter SameSite avec configuration depuis env
|
|
|
|
|
refreshTokenCookie := &http.Cookie{
|
|
|
|
|
Name: "refresh_token",
|
|
|
|
|
Value: tokens.RefreshToken,
|
|
|
|
|
Path: cfg.CookiePath,
|
|
|
|
|
Domain: cfg.CookieDomain,
|
|
|
|
|
MaxAge: int(refreshTokenExpires.Seconds()),
|
|
|
|
|
HttpOnly: cfg.CookieHttpOnly,
|
|
|
|
|
Secure: cfg.ShouldUseSecureCookies(),
|
|
|
|
|
SameSite: cfg.GetCookieSameSite(),
|
|
|
|
|
}
|
|
|
|
|
http.SetCookie(c.Writer, refreshTokenCookie)
|
|
|
|
|
|
2026-01-16 00:02:03 +00:00
|
|
|
// SECURITY: Set access token in httpOnly cookie
|
|
|
|
|
accessTokenExpires := authService.JWTService.GetConfig().AccessTokenTTL
|
|
|
|
|
accessTokenCookie := &http.Cookie{
|
|
|
|
|
Name: "access_token",
|
|
|
|
|
Value: tokens.AccessToken,
|
|
|
|
|
Path: cfg.CookiePath,
|
|
|
|
|
Domain: cfg.CookieDomain,
|
|
|
|
|
MaxAge: int(accessTokenExpires.Seconds()),
|
|
|
|
|
HttpOnly: cfg.CookieHttpOnly,
|
|
|
|
|
Secure: cfg.ShouldUseSecureCookies(),
|
|
|
|
|
SameSite: cfg.GetCookieSameSite(),
|
|
|
|
|
}
|
|
|
|
|
http.SetCookie(c.Writer, accessTokenCookie)
|
|
|
|
|
|
2026-01-07 18:39:21 +00:00
|
|
|
// Retourner uniquement l'access token dans le body (pas le refresh token)
|
2025-12-06 16:21:59 +00:00
|
|
|
RespondSuccess(c, http.StatusOK, dto.LoginResponse{
|
2025-12-03 19:29:37 +00:00
|
|
|
User: dto.UserResponse{
|
2025-12-23 00:44:54 +00:00
|
|
|
ID: user.ID,
|
|
|
|
|
Email: user.Email,
|
|
|
|
|
Username: user.Username,
|
2025-12-03 19:29:37 +00:00
|
|
|
},
|
|
|
|
|
Token: dto.TokenResponse{
|
2026-01-07 18:39:21 +00:00
|
|
|
AccessToken: tokens.AccessToken,
|
|
|
|
|
// RefreshToken: tokens.RefreshToken, // ❌ Ne plus retourner dans le body
|
|
|
|
|
ExpiresIn: int(authService.JWTService.GetConfig().AccessTokenTTL.Seconds()),
|
2025-12-03 19:29:37 +00:00
|
|
|
},
|
|
|
|
|
})
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Register gère l'inscription des utilisateurs
|
2025-12-06 16:34:18 +00:00
|
|
|
// @Summary User Registration
|
|
|
|
|
// @Description Register a new user account
|
|
|
|
|
// @Tags Auth
|
|
|
|
|
// @Accept json
|
|
|
|
|
// @Produce json
|
|
|
|
|
// @Param request body dto.RegisterRequest true "Registration Data"
|
|
|
|
|
// @Success 201 {object} dto.RegisterResponse
|
|
|
|
|
// @Failure 400 {object} handlers.APIResponse "Validation Error"
|
|
|
|
|
// @Failure 409 {object} handlers.APIResponse "User already exists"
|
|
|
|
|
// @Failure 500 {object} handlers.APIResponse "Internal Error"
|
|
|
|
|
// @Router /auth/register [post]
|
2026-01-07 18:39:21 +00:00
|
|
|
func Register(authService *auth.AuthService, sessionService *services.SessionService, logger *zap.Logger, cfg *config.Config) gin.HandlerFunc {
|
2025-12-03 19:29:37 +00:00
|
|
|
return func(c *gin.Context) {
|
2025-12-27 00:50:39 +00:00
|
|
|
// FIX #6: Utiliser logger.Debug() pour les logs de debug au lieu de logger.Info()
|
|
|
|
|
logger.Debug("Register handler called", zap.String("path", c.Request.URL.Path), zap.String("method", c.Request.Method))
|
P0: stabilisation backend/chat/stream + nouvelle base migrations v1
Backend Go:
- Remplacement complet des anciennes migrations par la base V1 alignée sur ORIGIN.
- Durcissement global du parsing JSON (BindAndValidateJSON + RespondWithAppError).
- Sécurisation de config.go, CORS, statuts de santé et monitoring.
- Implémentation des transactions P0 (RBAC, duplication de playlists, social toggles).
- Ajout d’un job worker structuré (emails, analytics, thumbnails) + tests associés.
- Nouvelle doc backend : AUDIT_CONFIG, BACKEND_CONFIG, AUTH_PASSWORD_RESET, JOB_WORKER_*.
Chat server (Rust):
- Refonte du pipeline JWT + sécurité, audit et rate limiting avancé.
- Implémentation complète du cycle de message (read receipts, delivered, edit/delete, typing).
- Nettoyage des panics, gestion d’erreurs robuste, logs structurés.
- Migrations chat alignées sur le schéma UUID et nouvelles features.
Stream server (Rust):
- Refonte du moteur de streaming (encoding pipeline + HLS) et des modules core.
- Transactions P0 pour les jobs et segments, garanties d’atomicité.
- Documentation détaillée de la pipeline (AUDIT_STREAM_*, DESIGN_STREAM_PIPELINE, TRANSACTIONS_P0_IMPLEMENTATION).
Documentation & audits:
- TRIAGE.md et AUDIT_STABILITY.md à jour avec l’état réel des 3 services.
- Cartographie complète des migrations et des transactions (DB_MIGRATIONS_*, DB_TRANSACTION_PLAN, AUDIT_DB_TRANSACTIONS, TRANSACTION_TESTS_PHASE3).
- Scripts de reset et de cleanup pour la lab DB et la V1.
Ce commit fige l’ensemble du travail de stabilisation P0 (UUID, backend, chat et stream) avant les phases suivantes (Coherence Guardian, WS hardening, etc.).
2025-12-06 10:14:38 +00:00
|
|
|
commonHandler := NewCommonHandler(logger)
|
2025-12-03 19:29:37 +00:00
|
|
|
var req dto.RegisterRequest
|
2025-12-27 00:50:39 +00:00
|
|
|
logger.Debug("Before BindAndValidateJSON")
|
P0: stabilisation backend/chat/stream + nouvelle base migrations v1
Backend Go:
- Remplacement complet des anciennes migrations par la base V1 alignée sur ORIGIN.
- Durcissement global du parsing JSON (BindAndValidateJSON + RespondWithAppError).
- Sécurisation de config.go, CORS, statuts de santé et monitoring.
- Implémentation des transactions P0 (RBAC, duplication de playlists, social toggles).
- Ajout d’un job worker structuré (emails, analytics, thumbnails) + tests associés.
- Nouvelle doc backend : AUDIT_CONFIG, BACKEND_CONFIG, AUTH_PASSWORD_RESET, JOB_WORKER_*.
Chat server (Rust):
- Refonte du pipeline JWT + sécurité, audit et rate limiting avancé.
- Implémentation complète du cycle de message (read receipts, delivered, edit/delete, typing).
- Nettoyage des panics, gestion d’erreurs robuste, logs structurés.
- Migrations chat alignées sur le schéma UUID et nouvelles features.
Stream server (Rust):
- Refonte du moteur de streaming (encoding pipeline + HLS) et des modules core.
- Transactions P0 pour les jobs et segments, garanties d’atomicité.
- Documentation détaillée de la pipeline (AUDIT_STREAM_*, DESIGN_STREAM_PIPELINE, TRANSACTIONS_P0_IMPLEMENTATION).
Documentation & audits:
- TRIAGE.md et AUDIT_STABILITY.md à jour avec l’état réel des 3 services.
- Cartographie complète des migrations et des transactions (DB_MIGRATIONS_*, DB_TRANSACTION_PLAN, AUDIT_DB_TRANSACTIONS, TRANSACTION_TESTS_PHASE3).
- Scripts de reset et de cleanup pour la lab DB et la V1.
Ce commit fige l’ensemble du travail de stabilisation P0 (UUID, backend, chat et stream) avant les phases suivantes (Coherence Guardian, WS hardening, etc.).
2025-12-06 10:14:38 +00:00
|
|
|
if appErr := commonHandler.BindAndValidateJSON(c, &req); appErr != nil {
|
2025-12-27 00:50:39 +00:00
|
|
|
logger.Debug("BindAndValidateJSON failed", zap.Error(appErr))
|
P0: stabilisation backend/chat/stream + nouvelle base migrations v1
Backend Go:
- Remplacement complet des anciennes migrations par la base V1 alignée sur ORIGIN.
- Durcissement global du parsing JSON (BindAndValidateJSON + RespondWithAppError).
- Sécurisation de config.go, CORS, statuts de santé et monitoring.
- Implémentation des transactions P0 (RBAC, duplication de playlists, social toggles).
- Ajout d’un job worker structuré (emails, analytics, thumbnails) + tests associés.
- Nouvelle doc backend : AUDIT_CONFIG, BACKEND_CONFIG, AUTH_PASSWORD_RESET, JOB_WORKER_*.
Chat server (Rust):
- Refonte du pipeline JWT + sécurité, audit et rate limiting avancé.
- Implémentation complète du cycle de message (read receipts, delivered, edit/delete, typing).
- Nettoyage des panics, gestion d’erreurs robuste, logs structurés.
- Migrations chat alignées sur le schéma UUID et nouvelles features.
Stream server (Rust):
- Refonte du moteur de streaming (encoding pipeline + HLS) et des modules core.
- Transactions P0 pour les jobs et segments, garanties d’atomicité.
- Documentation détaillée de la pipeline (AUDIT_STREAM_*, DESIGN_STREAM_PIPELINE, TRANSACTIONS_P0_IMPLEMENTATION).
Documentation & audits:
- TRIAGE.md et AUDIT_STABILITY.md à jour avec l’état réel des 3 services.
- Cartographie complète des migrations et des transactions (DB_MIGRATIONS_*, DB_TRANSACTION_PLAN, AUDIT_DB_TRANSACTIONS, TRANSACTION_TESTS_PHASE3).
- Scripts de reset et de cleanup pour la lab DB et la V1.
Ce commit fige l’ensemble du travail de stabilisation P0 (UUID, backend, chat et stream) avant les phases suivantes (Coherence Guardian, WS hardening, etc.).
2025-12-06 10:14:38 +00:00
|
|
|
RespondWithAppError(c, appErr)
|
2025-12-03 19:29:37 +00:00
|
|
|
return
|
|
|
|
|
}
|
2025-12-27 00:50:39 +00:00
|
|
|
logger.Debug("After BindAndValidateJSON success", zap.String("email", req.Email), zap.String("username", req.Username))
|
2025-12-03 19:29:37 +00:00
|
|
|
|
2025-12-27 00:50:39 +00:00
|
|
|
logger.Debug("Handler register start", zap.String("email", req.Email), zap.String("username", req.Username))
|
2025-12-16 16:23:49 +00:00
|
|
|
// MOD-P1-004: Ajouter timeout context pour opération DB critique (register)
|
|
|
|
|
ctx, cancel := WithTimeout(c.Request.Context(), 5*time.Second)
|
|
|
|
|
defer cancel()
|
2025-12-27 00:50:39 +00:00
|
|
|
logger.Debug("Calling auth service register", zap.String("email", req.Email))
|
2025-12-26 15:33:13 +00:00
|
|
|
user, tokens, err := authService.Register(ctx, req.Email, req.Username, req.Password)
|
2025-12-27 00:50:39 +00:00
|
|
|
logger.Debug("Auth service register returned", zap.Error(err), zap.Bool("user_nil", user == nil), zap.Bool("tokens_nil", tokens == nil))
|
2025-12-03 19:29:37 +00:00
|
|
|
if err != nil {
|
2025-12-16 16:23:49 +00:00
|
|
|
// MOD-P1-002: Utiliser RespondWithAppError au lieu de gin.H{"error"}
|
2025-12-03 19:29:37 +00:00
|
|
|
switch {
|
|
|
|
|
case services.IsUserAlreadyExistsError(err):
|
2025-12-16 16:23:49 +00:00
|
|
|
RespondWithAppError(c, apperrors.New(apperrors.ErrCodeConflict, "User already exists"))
|
2025-12-03 19:29:37 +00:00
|
|
|
case services.IsInvalidEmail(err):
|
2025-12-16 16:23:49 +00:00
|
|
|
RespondWithAppError(c, apperrors.NewValidationError("Invalid email format"))
|
2025-12-03 19:29:37 +00:00
|
|
|
case services.IsWeakPassword(err):
|
2025-12-16 16:23:49 +00:00
|
|
|
RespondWithAppError(c, apperrors.NewValidationError("Password does not meet requirements"))
|
2025-12-03 19:29:37 +00:00
|
|
|
default:
|
2025-12-26 22:25:40 +00:00
|
|
|
// Log l'erreur complète pour diagnostic
|
|
|
|
|
commonHandler.logger.Error("Registration failed - FULL ERROR",
|
|
|
|
|
zap.Error(err),
|
|
|
|
|
zap.String("error_type", fmt.Sprintf("%T", err)),
|
|
|
|
|
zap.String("error_string", err.Error()),
|
|
|
|
|
zap.String("email", req.Email),
|
|
|
|
|
zap.String("username", req.Username),
|
|
|
|
|
)
|
2025-12-16 16:23:49 +00:00
|
|
|
RespondWithAppError(c, apperrors.Wrap(apperrors.ErrCodeInternal, "Failed to create user", err))
|
2025-12-03 19:29:37 +00:00
|
|
|
}
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
2025-12-26 16:11:57 +00:00
|
|
|
// MVP: Créer une session en base pour permettre l'utilisation immédiate du token
|
|
|
|
|
// (comme dans Login)
|
|
|
|
|
if sessionService != nil {
|
2025-12-27 00:50:39 +00:00
|
|
|
logger.Debug("Creating session after registration", zap.String("user_id", user.ID.String()))
|
2025-12-26 16:11:57 +00:00
|
|
|
ipAddress := c.ClientIP()
|
|
|
|
|
userAgent := c.GetHeader("User-Agent")
|
|
|
|
|
if userAgent == "" {
|
|
|
|
|
userAgent = "Unknown"
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Session par défaut: 30 jours
|
|
|
|
|
expiresIn := 30 * 24 * time.Hour
|
|
|
|
|
|
|
|
|
|
sessionCtx, sessionCancel := WithTimeout(c.Request.Context(), 3*time.Second)
|
|
|
|
|
defer sessionCancel()
|
|
|
|
|
|
|
|
|
|
sessionReq := &services.SessionCreateRequest{
|
|
|
|
|
UserID: user.ID,
|
|
|
|
|
Token: tokens.AccessToken,
|
|
|
|
|
IPAddress: ipAddress,
|
|
|
|
|
UserAgent: userAgent,
|
|
|
|
|
ExpiresIn: expiresIn,
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if _, err := sessionService.CreateSession(sessionCtx, sessionReq); err != nil {
|
|
|
|
|
logger.Warn("Failed to create session after registration",
|
|
|
|
|
zap.String("user_id", user.ID.String()),
|
|
|
|
|
zap.String("ip_address", ipAddress),
|
|
|
|
|
zap.Error(err),
|
|
|
|
|
)
|
|
|
|
|
// Non-bloquant: on continue même si la session n'est pas créée
|
|
|
|
|
// L'utilisateur pourra se reconnecter pour créer une session
|
|
|
|
|
} else {
|
2025-12-27 00:50:39 +00:00
|
|
|
logger.Debug("Session created successfully after registration", zap.String("user_id", user.ID.String()))
|
2025-12-26 16:11:57 +00:00
|
|
|
}
|
|
|
|
|
} else {
|
|
|
|
|
logger.Warn("SessionService not available - skipping session creation after registration")
|
|
|
|
|
}
|
|
|
|
|
|
2026-01-07 18:39:21 +00:00
|
|
|
// SECURITY: Set refresh token in httpOnly cookie
|
|
|
|
|
refreshTokenExpires := 30 * 24 * time.Hour // 30 jours par défaut
|
|
|
|
|
|
|
|
|
|
// Utiliser http.Cookie pour supporter SameSite avec configuration depuis env
|
|
|
|
|
refreshTokenCookie := &http.Cookie{
|
|
|
|
|
Name: "refresh_token",
|
|
|
|
|
Value: tokens.RefreshToken,
|
|
|
|
|
Path: cfg.CookiePath,
|
|
|
|
|
Domain: cfg.CookieDomain,
|
|
|
|
|
MaxAge: int(refreshTokenExpires.Seconds()),
|
|
|
|
|
HttpOnly: cfg.CookieHttpOnly,
|
|
|
|
|
Secure: cfg.ShouldUseSecureCookies(),
|
|
|
|
|
SameSite: cfg.GetCookieSameSite(),
|
|
|
|
|
}
|
|
|
|
|
http.SetCookie(c.Writer, refreshTokenCookie)
|
|
|
|
|
|
2026-01-16 00:02:03 +00:00
|
|
|
// SECURITY: Set access token in httpOnly cookie
|
|
|
|
|
accessTokenExpires := authService.JWTService.GetConfig().AccessTokenTTL
|
|
|
|
|
accessTokenCookie := &http.Cookie{
|
|
|
|
|
Name: "access_token",
|
|
|
|
|
Value: tokens.AccessToken,
|
|
|
|
|
Path: cfg.CookiePath,
|
|
|
|
|
Domain: cfg.CookieDomain,
|
|
|
|
|
MaxAge: int(accessTokenExpires.Seconds()),
|
|
|
|
|
HttpOnly: cfg.CookieHttpOnly,
|
|
|
|
|
Secure: cfg.ShouldUseSecureCookies(),
|
|
|
|
|
SameSite: cfg.GetCookieSameSite(),
|
|
|
|
|
}
|
|
|
|
|
http.SetCookie(c.Writer, accessTokenCookie)
|
|
|
|
|
|
2026-01-07 18:39:21 +00:00
|
|
|
// Construire la réponse avec uniquement l'access token (pas le refresh token)
|
2025-12-26 15:33:13 +00:00
|
|
|
response := dto.RegisterResponse{
|
2025-12-03 19:29:37 +00:00
|
|
|
User: dto.UserResponse{
|
|
|
|
|
ID: user.ID,
|
|
|
|
|
Email: user.Email,
|
|
|
|
|
Username: user.Username,
|
|
|
|
|
},
|
2025-12-26 15:33:13 +00:00
|
|
|
Token: dto.TokenResponse{
|
2026-01-07 18:39:21 +00:00
|
|
|
AccessToken: tokens.AccessToken,
|
|
|
|
|
// RefreshToken: tokens.RefreshToken, // ❌ Ne plus retourner dans le body
|
|
|
|
|
ExpiresIn: tokens.ExpiresIn,
|
2025-12-26 15:33:13 +00:00
|
|
|
},
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
RespondSuccess(c, http.StatusCreated, response)
|
2025-12-03 19:29:37 +00:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Refresh gère le rafraîchissement d'un access token
|
2025-12-06 16:34:18 +00:00
|
|
|
// @Summary Refresh Token
|
|
|
|
|
// @Description Get a new access token using a refresh token
|
|
|
|
|
// @Tags Auth
|
|
|
|
|
// @Accept json
|
|
|
|
|
// @Produce json
|
|
|
|
|
// @Param request body dto.RefreshRequest true "Refresh Token"
|
|
|
|
|
// @Success 200 {object} dto.TokenResponse
|
|
|
|
|
// @Failure 400 {object} handlers.APIResponse "Validation Error"
|
|
|
|
|
// @Failure 401 {object} handlers.APIResponse "Invalid/Expired Refresh Token"
|
|
|
|
|
// @Failure 500 {object} handlers.APIResponse "Internal Error"
|
|
|
|
|
// @Router /auth/refresh [post]
|
2026-01-07 18:39:21 +00:00
|
|
|
func Refresh(authService *auth.AuthService, sessionService *services.SessionService, logger *zap.Logger, cfg *config.Config) gin.HandlerFunc {
|
2025-12-03 19:29:37 +00:00
|
|
|
return func(c *gin.Context) {
|
P0: stabilisation backend/chat/stream + nouvelle base migrations v1
Backend Go:
- Remplacement complet des anciennes migrations par la base V1 alignée sur ORIGIN.
- Durcissement global du parsing JSON (BindAndValidateJSON + RespondWithAppError).
- Sécurisation de config.go, CORS, statuts de santé et monitoring.
- Implémentation des transactions P0 (RBAC, duplication de playlists, social toggles).
- Ajout d’un job worker structuré (emails, analytics, thumbnails) + tests associés.
- Nouvelle doc backend : AUDIT_CONFIG, BACKEND_CONFIG, AUTH_PASSWORD_RESET, JOB_WORKER_*.
Chat server (Rust):
- Refonte du pipeline JWT + sécurité, audit et rate limiting avancé.
- Implémentation complète du cycle de message (read receipts, delivered, edit/delete, typing).
- Nettoyage des panics, gestion d’erreurs robuste, logs structurés.
- Migrations chat alignées sur le schéma UUID et nouvelles features.
Stream server (Rust):
- Refonte du moteur de streaming (encoding pipeline + HLS) et des modules core.
- Transactions P0 pour les jobs et segments, garanties d’atomicité.
- Documentation détaillée de la pipeline (AUDIT_STREAM_*, DESIGN_STREAM_PIPELINE, TRANSACTIONS_P0_IMPLEMENTATION).
Documentation & audits:
- TRIAGE.md et AUDIT_STABILITY.md à jour avec l’état réel des 3 services.
- Cartographie complète des migrations et des transactions (DB_MIGRATIONS_*, DB_TRANSACTION_PLAN, AUDIT_DB_TRANSACTIONS, TRANSACTION_TESTS_PHASE3).
- Scripts de reset et de cleanup pour la lab DB et la V1.
Ce commit fige l’ensemble du travail de stabilisation P0 (UUID, backend, chat et stream) avant les phases suivantes (Coherence Guardian, WS hardening, etc.).
2025-12-06 10:14:38 +00:00
|
|
|
commonHandler := NewCommonHandler(logger)
|
feat: Visual masterpiece - true light mode & premium UI
🎨 **True Light/Dark Mode**
- Implemented proper light mode with inverted color scheme
- Smooth theme transitions (0.3s ease)
- Light mode colors: white backgrounds, dark text, vibrant accents
- System theme detection with proper class application
🌈 **Enhanced Theme System**
- 4 color themes work in both light and dark modes
- Cyber (cyan/magenta), Ocean (blue/teal), Forest (green/lime), Sunset (orange/purple)
- Theme-specific glassmorphism effects
- Proper contrast in light mode
✨ **Premium Animations**
- Float, glow-pulse, slide-in, scale-in, rotate-in animations
- Smooth page transitions
- Hover effects with depth (lift, glow, scale)
- Micro-interactions on all interactive elements
🎯 **Visual Polish**
- Enhanced glassmorphism for light/dark modes
- Custom scrollbar with theme colors
- Beautiful text selection
- Focus indicators for accessibility
- Premium utility classes
🔧 **Technical Improvements**
- Updated UIStore to properly apply light/dark classes
- Added data-theme attribute for CSS targeting
- Smooth scroll behavior
- Optimized transitions
The app is now a visual masterpiece with perfect light/dark mode support!
2026-01-11 01:32:21 +00:00
|
|
|
|
2026-01-07 18:39:21 +00:00
|
|
|
// SECURITY: Récupérer le refresh token depuis le cookie httpOnly (priorité)
|
|
|
|
|
// Fallback sur le body JSON pour compatibilité avec l'ancien système
|
|
|
|
|
var refreshToken string
|
|
|
|
|
if cookie, err := c.Cookie("refresh_token"); err == nil && cookie != "" {
|
|
|
|
|
refreshToken = cookie
|
|
|
|
|
} else {
|
|
|
|
|
// Fallback: lire depuis le body JSON (mode legacy)
|
|
|
|
|
var req dto.RefreshRequest
|
|
|
|
|
if appErr := commonHandler.BindAndValidateJSON(c, &req); appErr != nil {
|
|
|
|
|
RespondWithAppError(c, appErr)
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
refreshToken = req.RefreshToken
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if refreshToken == "" {
|
|
|
|
|
RespondWithAppError(c, apperrors.NewUnauthorizedError("Refresh token is required"))
|
2025-12-03 19:29:37 +00:00
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
2026-01-07 18:39:21 +00:00
|
|
|
tokens, err := authService.Refresh(c.Request.Context(), refreshToken)
|
2025-12-03 19:29:37 +00:00
|
|
|
if err != nil {
|
2025-12-16 16:23:49 +00:00
|
|
|
// MOD-P1-002: Utiliser RespondWithAppError au lieu de gin.H{"error"}
|
2025-12-03 19:29:37 +00:00
|
|
|
if strings.Contains(err.Error(), "invalid refresh token") ||
|
|
|
|
|
strings.Contains(err.Error(), "not found") ||
|
|
|
|
|
strings.Contains(err.Error(), "expired") ||
|
|
|
|
|
strings.Contains(err.Error(), "token version mismatch") {
|
2025-12-16 16:23:49 +00:00
|
|
|
RespondWithAppError(c, apperrors.NewUnauthorizedError("Invalid refresh token"))
|
2025-12-03 19:29:37 +00:00
|
|
|
return
|
|
|
|
|
}
|
2025-12-16 16:23:49 +00:00
|
|
|
RespondWithAppError(c, apperrors.Wrap(apperrors.ErrCodeInternal, "Failed to refresh token", err))
|
2025-12-03 19:29:37 +00:00
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
2025-12-25 14:47:33 +00:00
|
|
|
// INT-017: Créer une nouvelle session lors du refresh token
|
|
|
|
|
if sessionService != nil {
|
|
|
|
|
// Récupérer l'ID utilisateur depuis le refresh token
|
2026-01-07 18:39:21 +00:00
|
|
|
claims, err := authService.JWTService.ValidateToken(refreshToken)
|
2025-12-25 14:47:33 +00:00
|
|
|
if err == nil && claims != nil {
|
|
|
|
|
ipAddress := c.ClientIP()
|
|
|
|
|
userAgent := c.GetHeader("User-Agent")
|
|
|
|
|
if userAgent == "" {
|
|
|
|
|
userAgent = "Unknown"
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Utiliser la même durée d'expiration que le token d'accès
|
|
|
|
|
expiresIn := 30 * 24 * time.Hour
|
|
|
|
|
if authService.JWTService != nil {
|
2026-01-03 17:48:45 +00:00
|
|
|
expiresIn = authService.JWTService.GetConfig().AccessTokenTTL
|
2025-12-25 14:47:33 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
sessionReq := &services.SessionCreateRequest{
|
|
|
|
|
UserID: claims.UserID,
|
|
|
|
|
Token: tokens.AccessToken,
|
|
|
|
|
IPAddress: ipAddress,
|
|
|
|
|
UserAgent: userAgent,
|
|
|
|
|
ExpiresIn: expiresIn,
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// MOD-P1-004: Ajouter timeout context pour opération DB (session)
|
|
|
|
|
sessionCtx, sessionCancel := WithTimeout(c.Request.Context(), 3*time.Second)
|
|
|
|
|
defer sessionCancel()
|
|
|
|
|
if _, err := sessionService.CreateSession(sessionCtx, sessionReq); err != nil {
|
|
|
|
|
if logger != nil {
|
|
|
|
|
logger.Warn("Failed to create session after refresh",
|
|
|
|
|
zap.String("user_id", claims.UserID.String()),
|
|
|
|
|
zap.String("ip_address", ipAddress),
|
|
|
|
|
zap.Error(err),
|
|
|
|
|
)
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2026-01-07 18:39:21 +00:00
|
|
|
// SECURITY: Set refresh token in httpOnly cookie
|
|
|
|
|
// Utiliser la même durée que le refresh token original (30 jours par défaut)
|
|
|
|
|
refreshTokenExpires := 30 * 24 * time.Hour
|
|
|
|
|
|
|
|
|
|
// Utiliser http.Cookie pour supporter SameSite avec configuration depuis env
|
|
|
|
|
refreshTokenCookie := &http.Cookie{
|
|
|
|
|
Name: "refresh_token",
|
|
|
|
|
Value: tokens.RefreshToken,
|
|
|
|
|
Path: cfg.CookiePath,
|
|
|
|
|
Domain: cfg.CookieDomain,
|
|
|
|
|
MaxAge: int(refreshTokenExpires.Seconds()),
|
|
|
|
|
HttpOnly: cfg.CookieHttpOnly,
|
|
|
|
|
Secure: cfg.ShouldUseSecureCookies(),
|
|
|
|
|
SameSite: cfg.GetCookieSameSite(),
|
|
|
|
|
}
|
|
|
|
|
http.SetCookie(c.Writer, refreshTokenCookie)
|
|
|
|
|
|
2026-01-16 00:02:03 +00:00
|
|
|
// SECURITY: Set access token in httpOnly cookie
|
|
|
|
|
accessTokenExpires := authService.JWTService.GetConfig().AccessTokenTTL
|
|
|
|
|
accessTokenCookie := &http.Cookie{
|
|
|
|
|
Name: "access_token",
|
|
|
|
|
Value: tokens.AccessToken,
|
|
|
|
|
Path: cfg.CookiePath,
|
|
|
|
|
Domain: cfg.CookieDomain,
|
|
|
|
|
MaxAge: int(accessTokenExpires.Seconds()),
|
|
|
|
|
HttpOnly: cfg.CookieHttpOnly,
|
|
|
|
|
Secure: cfg.ShouldUseSecureCookies(),
|
|
|
|
|
SameSite: cfg.GetCookieSameSite(),
|
|
|
|
|
}
|
|
|
|
|
http.SetCookie(c.Writer, accessTokenCookie)
|
|
|
|
|
|
[BE-TEST-001] be-test: Add unit tests for auth handlers
- Created comprehensive unit tests for all authentication handlers
- Tests cover Login, Register, Refresh, Logout, VerifyEmail, ResendVerification, CheckUsername, and GetMe
- Tests use real AuthService with in-memory SQLite database for realistic testing
- All handlers tested with success cases, error cases, and edge cases
- Fixed ExpiresIn calculation in Login and Refresh handlers to handle TokenPair.ExpiresIn
- Test coverage includes:
- Login: success, invalid credentials, email not verified, requires 2FA, invalid request
- Register: success, user already exists, invalid email, weak password, invalid request
- Refresh: invalid request (token validation tested via integration tests)
- Logout: success, unauthorized
- VerifyEmail: missing token
- ResendVerification: success
- CheckUsername: available, taken, missing username
- GetMe: success, unauthorized
Phase: PHASE-5
Priority: P2
Progress: 121/267 (45.32%)
2025-12-24 17:14:31 +00:00
|
|
|
// Calculate ExpiresIn from tokens if available, otherwise use JWTService config
|
|
|
|
|
expiresIn := tokens.ExpiresIn
|
|
|
|
|
if expiresIn == 0 && authService.JWTService != nil {
|
2026-01-03 17:48:45 +00:00
|
|
|
expiresIn = int(authService.JWTService.GetConfig().AccessTokenTTL.Seconds())
|
[BE-TEST-001] be-test: Add unit tests for auth handlers
- Created comprehensive unit tests for all authentication handlers
- Tests cover Login, Register, Refresh, Logout, VerifyEmail, ResendVerification, CheckUsername, and GetMe
- Tests use real AuthService with in-memory SQLite database for realistic testing
- All handlers tested with success cases, error cases, and edge cases
- Fixed ExpiresIn calculation in Login and Refresh handlers to handle TokenPair.ExpiresIn
- Test coverage includes:
- Login: success, invalid credentials, email not verified, requires 2FA, invalid request
- Register: success, user already exists, invalid email, weak password, invalid request
- Refresh: invalid request (token validation tested via integration tests)
- Logout: success, unauthorized
- VerifyEmail: missing token
- ResendVerification: success
- CheckUsername: available, taken, missing username
- GetMe: success, unauthorized
Phase: PHASE-5
Priority: P2
Progress: 121/267 (45.32%)
2025-12-24 17:14:31 +00:00
|
|
|
}
|
|
|
|
|
|
2026-01-07 18:39:21 +00:00
|
|
|
// Retourner uniquement l'access token dans le body (pas le refresh token)
|
2025-12-06 16:21:59 +00:00
|
|
|
RespondSuccess(c, http.StatusOK, dto.TokenResponse{
|
2026-01-07 18:39:21 +00:00
|
|
|
AccessToken: tokens.AccessToken,
|
|
|
|
|
// RefreshToken: tokens.RefreshToken, // ❌ Ne plus retourner dans le body
|
|
|
|
|
ExpiresIn: expiresIn,
|
2025-12-03 19:29:37 +00:00
|
|
|
})
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Logout gère la déconnexion des utilisateurs
|
2025-12-06 16:34:18 +00:00
|
|
|
// @Summary Logout
|
|
|
|
|
// @Description Revoke refresh token and current session
|
|
|
|
|
// @Tags Auth
|
|
|
|
|
// @Accept json
|
|
|
|
|
// @Produce json
|
|
|
|
|
// @Security BearerAuth
|
|
|
|
|
// @Param request body object{refresh_token=string} true "Refresh Token to revoke"
|
|
|
|
|
// @Success 200 {object} handlers.APIResponse "Success message"
|
|
|
|
|
// @Failure 400 {object} handlers.APIResponse "Validation Error"
|
|
|
|
|
// @Failure 401 {object} handlers.APIResponse "Unauthorized"
|
|
|
|
|
// @Router /auth/logout [post]
|
2026-01-07 18:39:21 +00:00
|
|
|
func Logout(authService *auth.AuthService, sessionService *services.SessionService, logger *zap.Logger, cfg *config.Config) gin.HandlerFunc {
|
2025-12-03 19:29:37 +00:00
|
|
|
return func(c *gin.Context) {
|
P0: stabilisation backend/chat/stream + nouvelle base migrations v1
Backend Go:
- Remplacement complet des anciennes migrations par la base V1 alignée sur ORIGIN.
- Durcissement global du parsing JSON (BindAndValidateJSON + RespondWithAppError).
- Sécurisation de config.go, CORS, statuts de santé et monitoring.
- Implémentation des transactions P0 (RBAC, duplication de playlists, social toggles).
- Ajout d’un job worker structuré (emails, analytics, thumbnails) + tests associés.
- Nouvelle doc backend : AUDIT_CONFIG, BACKEND_CONFIG, AUTH_PASSWORD_RESET, JOB_WORKER_*.
Chat server (Rust):
- Refonte du pipeline JWT + sécurité, audit et rate limiting avancé.
- Implémentation complète du cycle de message (read receipts, delivered, edit/delete, typing).
- Nettoyage des panics, gestion d’erreurs robuste, logs structurés.
- Migrations chat alignées sur le schéma UUID et nouvelles features.
Stream server (Rust):
- Refonte du moteur de streaming (encoding pipeline + HLS) et des modules core.
- Transactions P0 pour les jobs et segments, garanties d’atomicité.
- Documentation détaillée de la pipeline (AUDIT_STREAM_*, DESIGN_STREAM_PIPELINE, TRANSACTIONS_P0_IMPLEMENTATION).
Documentation & audits:
- TRIAGE.md et AUDIT_STABILITY.md à jour avec l’état réel des 3 services.
- Cartographie complète des migrations et des transactions (DB_MIGRATIONS_*, DB_TRANSACTION_PLAN, AUDIT_DB_TRANSACTIONS, TRANSACTION_TESTS_PHASE3).
- Scripts de reset et de cleanup pour la lab DB et la V1.
Ce commit fige l’ensemble du travail de stabilisation P0 (UUID, backend, chat et stream) avant les phases suivantes (Coherence Guardian, WS hardening, etc.).
2025-12-06 10:14:38 +00:00
|
|
|
commonHandler := NewCommonHandler(logger)
|
2025-12-03 19:29:37 +00:00
|
|
|
userIDInterface, exists := c.Get("user_id")
|
|
|
|
|
if !exists {
|
P0: stabilisation backend/chat/stream + nouvelle base migrations v1
Backend Go:
- Remplacement complet des anciennes migrations par la base V1 alignée sur ORIGIN.
- Durcissement global du parsing JSON (BindAndValidateJSON + RespondWithAppError).
- Sécurisation de config.go, CORS, statuts de santé et monitoring.
- Implémentation des transactions P0 (RBAC, duplication de playlists, social toggles).
- Ajout d’un job worker structuré (emails, analytics, thumbnails) + tests associés.
- Nouvelle doc backend : AUDIT_CONFIG, BACKEND_CONFIG, AUTH_PASSWORD_RESET, JOB_WORKER_*.
Chat server (Rust):
- Refonte du pipeline JWT + sécurité, audit et rate limiting avancé.
- Implémentation complète du cycle de message (read receipts, delivered, edit/delete, typing).
- Nettoyage des panics, gestion d’erreurs robuste, logs structurés.
- Migrations chat alignées sur le schéma UUID et nouvelles features.
Stream server (Rust):
- Refonte du moteur de streaming (encoding pipeline + HLS) et des modules core.
- Transactions P0 pour les jobs et segments, garanties d’atomicité.
- Documentation détaillée de la pipeline (AUDIT_STREAM_*, DESIGN_STREAM_PIPELINE, TRANSACTIONS_P0_IMPLEMENTATION).
Documentation & audits:
- TRIAGE.md et AUDIT_STABILITY.md à jour avec l’état réel des 3 services.
- Cartographie complète des migrations et des transactions (DB_MIGRATIONS_*, DB_TRANSACTION_PLAN, AUDIT_DB_TRANSACTIONS, TRANSACTION_TESTS_PHASE3).
- Scripts de reset et de cleanup pour la lab DB et la V1.
Ce commit fige l’ensemble du travail de stabilisation P0 (UUID, backend, chat et stream) avant les phases suivantes (Coherence Guardian, WS hardening, etc.).
2025-12-06 10:14:38 +00:00
|
|
|
RespondWithAppError(c, apperrors.NewUnauthorizedError("User not authenticated"))
|
2025-12-03 19:29:37 +00:00
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
userID, ok := userIDInterface.(uuid.UUID)
|
|
|
|
|
if !ok {
|
P0: stabilisation backend/chat/stream + nouvelle base migrations v1
Backend Go:
- Remplacement complet des anciennes migrations par la base V1 alignée sur ORIGIN.
- Durcissement global du parsing JSON (BindAndValidateJSON + RespondWithAppError).
- Sécurisation de config.go, CORS, statuts de santé et monitoring.
- Implémentation des transactions P0 (RBAC, duplication de playlists, social toggles).
- Ajout d’un job worker structuré (emails, analytics, thumbnails) + tests associés.
- Nouvelle doc backend : AUDIT_CONFIG, BACKEND_CONFIG, AUTH_PASSWORD_RESET, JOB_WORKER_*.
Chat server (Rust):
- Refonte du pipeline JWT + sécurité, audit et rate limiting avancé.
- Implémentation complète du cycle de message (read receipts, delivered, edit/delete, typing).
- Nettoyage des panics, gestion d’erreurs robuste, logs structurés.
- Migrations chat alignées sur le schéma UUID et nouvelles features.
Stream server (Rust):
- Refonte du moteur de streaming (encoding pipeline + HLS) et des modules core.
- Transactions P0 pour les jobs et segments, garanties d’atomicité.
- Documentation détaillée de la pipeline (AUDIT_STREAM_*, DESIGN_STREAM_PIPELINE, TRANSACTIONS_P0_IMPLEMENTATION).
Documentation & audits:
- TRIAGE.md et AUDIT_STABILITY.md à jour avec l’état réel des 3 services.
- Cartographie complète des migrations et des transactions (DB_MIGRATIONS_*, DB_TRANSACTION_PLAN, AUDIT_DB_TRANSACTIONS, TRANSACTION_TESTS_PHASE3).
- Scripts de reset et de cleanup pour la lab DB et la V1.
Ce commit fige l’ensemble du travail de stabilisation P0 (UUID, backend, chat et stream) avant les phases suivantes (Coherence Guardian, WS hardening, etc.).
2025-12-06 10:14:38 +00:00
|
|
|
RespondWithAppError(c, apperrors.New(apperrors.ErrCodeInternal, "Invalid user ID type in context"))
|
2025-12-03 19:29:37 +00:00
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
var req struct {
|
|
|
|
|
RefreshToken string `json:"refresh_token" binding:"required"`
|
|
|
|
|
}
|
|
|
|
|
|
P0: stabilisation backend/chat/stream + nouvelle base migrations v1
Backend Go:
- Remplacement complet des anciennes migrations par la base V1 alignée sur ORIGIN.
- Durcissement global du parsing JSON (BindAndValidateJSON + RespondWithAppError).
- Sécurisation de config.go, CORS, statuts de santé et monitoring.
- Implémentation des transactions P0 (RBAC, duplication de playlists, social toggles).
- Ajout d’un job worker structuré (emails, analytics, thumbnails) + tests associés.
- Nouvelle doc backend : AUDIT_CONFIG, BACKEND_CONFIG, AUTH_PASSWORD_RESET, JOB_WORKER_*.
Chat server (Rust):
- Refonte du pipeline JWT + sécurité, audit et rate limiting avancé.
- Implémentation complète du cycle de message (read receipts, delivered, edit/delete, typing).
- Nettoyage des panics, gestion d’erreurs robuste, logs structurés.
- Migrations chat alignées sur le schéma UUID et nouvelles features.
Stream server (Rust):
- Refonte du moteur de streaming (encoding pipeline + HLS) et des modules core.
- Transactions P0 pour les jobs et segments, garanties d’atomicité.
- Documentation détaillée de la pipeline (AUDIT_STREAM_*, DESIGN_STREAM_PIPELINE, TRANSACTIONS_P0_IMPLEMENTATION).
Documentation & audits:
- TRIAGE.md et AUDIT_STABILITY.md à jour avec l’état réel des 3 services.
- Cartographie complète des migrations et des transactions (DB_MIGRATIONS_*, DB_TRANSACTION_PLAN, AUDIT_DB_TRANSACTIONS, TRANSACTION_TESTS_PHASE3).
- Scripts de reset et de cleanup pour la lab DB et la V1.
Ce commit fige l’ensemble du travail de stabilisation P0 (UUID, backend, chat et stream) avant les phases suivantes (Coherence Guardian, WS hardening, etc.).
2025-12-06 10:14:38 +00:00
|
|
|
if appErr := commonHandler.BindAndValidateJSON(c, &req); appErr != nil {
|
|
|
|
|
RespondWithAppError(c, appErr)
|
2025-12-03 19:29:37 +00:00
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if err := authService.Logout(c.Request.Context(), userID, req.RefreshToken); err != nil {
|
|
|
|
|
// Log the error but don't fail the request to prevent leaking info
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if sessionService != nil {
|
|
|
|
|
authHeader := c.GetHeader("Authorization")
|
|
|
|
|
if authHeader != "" && strings.HasPrefix(authHeader, "Bearer ") {
|
|
|
|
|
token := strings.TrimPrefix(authHeader, "Bearer ")
|
|
|
|
|
if err := sessionService.RevokeSession(c.Request.Context(), token); err != nil {
|
|
|
|
|
// Log the error but don't fail the request
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2026-01-07 18:39:21 +00:00
|
|
|
// SECURITY: Supprimer le cookie refresh_token lors du logout
|
|
|
|
|
refreshTokenCookie := &http.Cookie{
|
|
|
|
|
Name: "refresh_token",
|
|
|
|
|
Value: "",
|
|
|
|
|
Path: cfg.CookiePath,
|
|
|
|
|
Domain: cfg.CookieDomain,
|
|
|
|
|
MaxAge: -1, // Supprimer le cookie
|
|
|
|
|
HttpOnly: cfg.CookieHttpOnly,
|
|
|
|
|
Secure: cfg.ShouldUseSecureCookies(),
|
|
|
|
|
SameSite: cfg.GetCookieSameSite(),
|
|
|
|
|
}
|
|
|
|
|
http.SetCookie(c.Writer, refreshTokenCookie)
|
|
|
|
|
|
2025-12-06 16:21:59 +00:00
|
|
|
RespondSuccess(c, http.StatusOK, gin.H{"message": "Logged out successfully"})
|
2025-12-03 19:29:37 +00:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// VerifyEmail gère la vérification de l'email
|
2025-12-06 16:34:18 +00:00
|
|
|
// @Summary Verify Email
|
|
|
|
|
// @Description Verify user email address using a token
|
|
|
|
|
// @Tags Auth
|
|
|
|
|
// @Accept json
|
|
|
|
|
// @Produce json
|
|
|
|
|
// @Param token query string true "Verification Token"
|
|
|
|
|
// @Success 200 {object} handlers.APIResponse "Success message"
|
|
|
|
|
// @Failure 400 {object} handlers.APIResponse "Invalid Token"
|
|
|
|
|
// @Router /auth/verify-email [post]
|
2025-12-03 19:29:37 +00:00
|
|
|
func VerifyEmail(authService *auth.AuthService) gin.HandlerFunc {
|
|
|
|
|
return func(c *gin.Context) {
|
|
|
|
|
token := c.Query("token")
|
|
|
|
|
if token == "" {
|
2025-12-16 16:23:49 +00:00
|
|
|
// MOD-P1-002: Utiliser RespondWithAppError au lieu de gin.H{"error"}
|
|
|
|
|
RespondWithAppError(c, apperrors.NewValidationError("Token required"))
|
2025-12-03 19:29:37 +00:00
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if err := authService.VerifyEmail(c.Request.Context(), token); err != nil {
|
2025-12-16 16:23:49 +00:00
|
|
|
// MOD-P1-002: Utiliser RespondWithAppError au lieu de gin.H{"error"}
|
|
|
|
|
RespondWithAppError(c, apperrors.Wrap(apperrors.ErrCodeValidation, "Email verification failed", err))
|
2025-12-03 19:29:37 +00:00
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
2025-12-06 16:21:59 +00:00
|
|
|
RespondSuccess(c, http.StatusOK, gin.H{"message": "Email verified successfully"})
|
2025-12-03 19:29:37 +00:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// ResendVerification gère la demande de renvoi d'email de vérification
|
2025-12-06 16:34:18 +00:00
|
|
|
// @Summary Resend Verification Email
|
|
|
|
|
// @Description Resend the email verification link
|
|
|
|
|
// @Tags Auth
|
|
|
|
|
// @Accept json
|
|
|
|
|
// @Produce json
|
|
|
|
|
// @Param request body dto.ResendVerificationRequest true "Email"
|
|
|
|
|
// @Success 200 {object} handlers.APIResponse "Success message"
|
|
|
|
|
// @Failure 400 {object} handlers.APIResponse "Validation Error"
|
|
|
|
|
// @Router /auth/resend-verification [post]
|
P0: stabilisation backend/chat/stream + nouvelle base migrations v1
Backend Go:
- Remplacement complet des anciennes migrations par la base V1 alignée sur ORIGIN.
- Durcissement global du parsing JSON (BindAndValidateJSON + RespondWithAppError).
- Sécurisation de config.go, CORS, statuts de santé et monitoring.
- Implémentation des transactions P0 (RBAC, duplication de playlists, social toggles).
- Ajout d’un job worker structuré (emails, analytics, thumbnails) + tests associés.
- Nouvelle doc backend : AUDIT_CONFIG, BACKEND_CONFIG, AUTH_PASSWORD_RESET, JOB_WORKER_*.
Chat server (Rust):
- Refonte du pipeline JWT + sécurité, audit et rate limiting avancé.
- Implémentation complète du cycle de message (read receipts, delivered, edit/delete, typing).
- Nettoyage des panics, gestion d’erreurs robuste, logs structurés.
- Migrations chat alignées sur le schéma UUID et nouvelles features.
Stream server (Rust):
- Refonte du moteur de streaming (encoding pipeline + HLS) et des modules core.
- Transactions P0 pour les jobs et segments, garanties d’atomicité.
- Documentation détaillée de la pipeline (AUDIT_STREAM_*, DESIGN_STREAM_PIPELINE, TRANSACTIONS_P0_IMPLEMENTATION).
Documentation & audits:
- TRIAGE.md et AUDIT_STABILITY.md à jour avec l’état réel des 3 services.
- Cartographie complète des migrations et des transactions (DB_MIGRATIONS_*, DB_TRANSACTION_PLAN, AUDIT_DB_TRANSACTIONS, TRANSACTION_TESTS_PHASE3).
- Scripts de reset et de cleanup pour la lab DB et la V1.
Ce commit fige l’ensemble du travail de stabilisation P0 (UUID, backend, chat et stream) avant les phases suivantes (Coherence Guardian, WS hardening, etc.).
2025-12-06 10:14:38 +00:00
|
|
|
func ResendVerification(authService *auth.AuthService, logger *zap.Logger) gin.HandlerFunc {
|
2025-12-03 19:29:37 +00:00
|
|
|
return func(c *gin.Context) {
|
P0: stabilisation backend/chat/stream + nouvelle base migrations v1
Backend Go:
- Remplacement complet des anciennes migrations par la base V1 alignée sur ORIGIN.
- Durcissement global du parsing JSON (BindAndValidateJSON + RespondWithAppError).
- Sécurisation de config.go, CORS, statuts de santé et monitoring.
- Implémentation des transactions P0 (RBAC, duplication de playlists, social toggles).
- Ajout d’un job worker structuré (emails, analytics, thumbnails) + tests associés.
- Nouvelle doc backend : AUDIT_CONFIG, BACKEND_CONFIG, AUTH_PASSWORD_RESET, JOB_WORKER_*.
Chat server (Rust):
- Refonte du pipeline JWT + sécurité, audit et rate limiting avancé.
- Implémentation complète du cycle de message (read receipts, delivered, edit/delete, typing).
- Nettoyage des panics, gestion d’erreurs robuste, logs structurés.
- Migrations chat alignées sur le schéma UUID et nouvelles features.
Stream server (Rust):
- Refonte du moteur de streaming (encoding pipeline + HLS) et des modules core.
- Transactions P0 pour les jobs et segments, garanties d’atomicité.
- Documentation détaillée de la pipeline (AUDIT_STREAM_*, DESIGN_STREAM_PIPELINE, TRANSACTIONS_P0_IMPLEMENTATION).
Documentation & audits:
- TRIAGE.md et AUDIT_STABILITY.md à jour avec l’état réel des 3 services.
- Cartographie complète des migrations et des transactions (DB_MIGRATIONS_*, DB_TRANSACTION_PLAN, AUDIT_DB_TRANSACTIONS, TRANSACTION_TESTS_PHASE3).
- Scripts de reset et de cleanup pour la lab DB et la V1.
Ce commit fige l’ensemble du travail de stabilisation P0 (UUID, backend, chat et stream) avant les phases suivantes (Coherence Guardian, WS hardening, etc.).
2025-12-06 10:14:38 +00:00
|
|
|
commonHandler := NewCommonHandler(logger)
|
2025-12-03 19:29:37 +00:00
|
|
|
var req dto.ResendVerificationRequest
|
P0: stabilisation backend/chat/stream + nouvelle base migrations v1
Backend Go:
- Remplacement complet des anciennes migrations par la base V1 alignée sur ORIGIN.
- Durcissement global du parsing JSON (BindAndValidateJSON + RespondWithAppError).
- Sécurisation de config.go, CORS, statuts de santé et monitoring.
- Implémentation des transactions P0 (RBAC, duplication de playlists, social toggles).
- Ajout d’un job worker structuré (emails, analytics, thumbnails) + tests associés.
- Nouvelle doc backend : AUDIT_CONFIG, BACKEND_CONFIG, AUTH_PASSWORD_RESET, JOB_WORKER_*.
Chat server (Rust):
- Refonte du pipeline JWT + sécurité, audit et rate limiting avancé.
- Implémentation complète du cycle de message (read receipts, delivered, edit/delete, typing).
- Nettoyage des panics, gestion d’erreurs robuste, logs structurés.
- Migrations chat alignées sur le schéma UUID et nouvelles features.
Stream server (Rust):
- Refonte du moteur de streaming (encoding pipeline + HLS) et des modules core.
- Transactions P0 pour les jobs et segments, garanties d’atomicité.
- Documentation détaillée de la pipeline (AUDIT_STREAM_*, DESIGN_STREAM_PIPELINE, TRANSACTIONS_P0_IMPLEMENTATION).
Documentation & audits:
- TRIAGE.md et AUDIT_STABILITY.md à jour avec l’état réel des 3 services.
- Cartographie complète des migrations et des transactions (DB_MIGRATIONS_*, DB_TRANSACTION_PLAN, AUDIT_DB_TRANSACTIONS, TRANSACTION_TESTS_PHASE3).
- Scripts de reset et de cleanup pour la lab DB et la V1.
Ce commit fige l’ensemble du travail de stabilisation P0 (UUID, backend, chat et stream) avant les phases suivantes (Coherence Guardian, WS hardening, etc.).
2025-12-06 10:14:38 +00:00
|
|
|
if appErr := commonHandler.BindAndValidateJSON(c, &req); appErr != nil {
|
|
|
|
|
RespondWithAppError(c, appErr)
|
2025-12-03 19:29:37 +00:00
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if err := authService.ResendVerificationEmail(c.Request.Context(), req.Email); err != nil {
|
2025-12-16 16:23:49 +00:00
|
|
|
// MOD-P1-002: Utiliser RespondWithAppError au lieu de gin.H{"error"}
|
2025-12-03 19:29:37 +00:00
|
|
|
if strings.Contains(err.Error(), "email already verified") {
|
2025-12-16 16:23:49 +00:00
|
|
|
RespondWithAppError(c, apperrors.NewValidationError(err.Error()))
|
2025-12-03 19:29:37 +00:00
|
|
|
return
|
|
|
|
|
}
|
2025-12-16 16:23:49 +00:00
|
|
|
RespondWithAppError(c, apperrors.Wrap(apperrors.ErrCodeInternal, "Failed to resend verification email", err))
|
|
|
|
|
return
|
2025-12-03 19:29:37 +00:00
|
|
|
}
|
|
|
|
|
|
2025-12-06 16:21:59 +00:00
|
|
|
RespondSuccess(c, http.StatusOK, gin.H{"message": "Verification email sent if account exists"})
|
2025-12-03 19:29:37 +00:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// CheckUsername vérifie la disponibilité d'un nom d'utilisateur
|
2025-12-06 16:34:18 +00:00
|
|
|
// @Summary Check Username Availability
|
|
|
|
|
// @Description Check if a username is already taken
|
|
|
|
|
// @Tags Auth
|
|
|
|
|
// @Accept json
|
|
|
|
|
// @Produce json
|
|
|
|
|
// @Param username query string true "Username to check"
|
|
|
|
|
// @Success 200 {object} handlers.APIResponse{data=object{available=boolean,username=string}}
|
|
|
|
|
// @Failure 400 {object} handlers.APIResponse "Missing Username"
|
|
|
|
|
// @Router /auth/check-username [get]
|
2025-12-03 19:29:37 +00:00
|
|
|
func CheckUsername(authService *auth.AuthService) gin.HandlerFunc {
|
|
|
|
|
return func(c *gin.Context) {
|
|
|
|
|
username := c.Query("username")
|
|
|
|
|
if username == "" {
|
2025-12-16 16:23:49 +00:00
|
|
|
// MOD-P1-002: Utiliser RespondWithAppError au lieu de gin.H{"error"}
|
|
|
|
|
RespondWithAppError(c, apperrors.NewValidationError("Username is required"))
|
2025-12-03 19:29:37 +00:00
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
_, err := authService.GetUserByUsername(c.Request.Context(), username)
|
|
|
|
|
available := err != nil
|
|
|
|
|
|
2025-12-06 16:21:59 +00:00
|
|
|
RespondSuccess(c, http.StatusOK, gin.H{
|
2025-12-03 19:29:37 +00:00
|
|
|
"available": available,
|
|
|
|
|
"username": username,
|
|
|
|
|
})
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// GetMe retourne les informations de l'utilisateur connecté
|
2025-12-06 16:34:18 +00:00
|
|
|
// @Summary Get Current User
|
|
|
|
|
// @Description Get profile information of the currently logged-in user
|
|
|
|
|
// @Tags Auth
|
|
|
|
|
// @Accept json
|
|
|
|
|
// @Produce json
|
|
|
|
|
// @Security BearerAuth
|
2025-12-22 22:03:46 +00:00
|
|
|
// @Success 200 {object} handlers.APIResponse{data=object}
|
2025-12-06 16:34:18 +00:00
|
|
|
// @Failure 401 {object} handlers.APIResponse "Unauthorized"
|
2025-12-22 22:03:46 +00:00
|
|
|
// @Failure 404 {object} handlers.APIResponse "User not found"
|
2025-12-06 16:34:18 +00:00
|
|
|
// @Router /auth/me [get]
|
2025-12-22 22:03:46 +00:00
|
|
|
func GetMe(userService *services.UserService) gin.HandlerFunc {
|
2025-12-03 19:29:37 +00:00
|
|
|
return func(c *gin.Context) {
|
|
|
|
|
userID, exists := c.Get("user_id")
|
|
|
|
|
if !exists {
|
2025-12-16 16:23:49 +00:00
|
|
|
// MOD-P1-002: Utiliser RespondWithAppError au lieu de gin.H{"error"}
|
|
|
|
|
RespondWithAppError(c, apperrors.NewUnauthorizedError("Unauthorized"))
|
2025-12-03 19:29:37 +00:00
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
2025-12-22 22:03:46 +00:00
|
|
|
// Convert userID to uuid.UUID
|
|
|
|
|
userUUID, ok := userID.(uuid.UUID)
|
|
|
|
|
if !ok {
|
|
|
|
|
// Try to parse as string if it's not already a UUID
|
|
|
|
|
userIDStr, ok := userID.(string)
|
|
|
|
|
if !ok {
|
|
|
|
|
RespondWithAppError(c, apperrors.New(apperrors.ErrCodeValidation, "invalid user id type"))
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
parsedUUID, err := uuid.Parse(userIDStr)
|
|
|
|
|
if err != nil {
|
|
|
|
|
RespondWithAppError(c, apperrors.New(apperrors.ErrCodeValidation, "invalid user id format"))
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
userUUID = parsedUUID
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Fetch full user from database
|
|
|
|
|
user, err := userService.GetProfileByID(userUUID)
|
|
|
|
|
if err != nil {
|
|
|
|
|
RespondWithAppError(c, apperrors.New(apperrors.ErrCodeNotFound, "user not found"))
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Return full user object
|
|
|
|
|
RespondSuccess(c, http.StatusOK, user)
|
2025-12-03 19:29:37 +00:00
|
|
|
}
|
|
|
|
|
}
|