302 lines
8.7 KiB
Go
302 lines
8.7 KiB
Go
package auth
|
|
|
|
import (
|
|
"net/http"
|
|
"strings"
|
|
"time"
|
|
|
|
"veza-backend-api/internal/dto"
|
|
"veza-backend-api/internal/response"
|
|
"veza-backend-api/internal/services"
|
|
|
|
"github.com/gin-gonic/gin"
|
|
"github.com/google/uuid"
|
|
"go.uber.org/zap"
|
|
)
|
|
|
|
// AuthHandler gère les requêtes d'authentification pour T0151
|
|
type AuthHandler struct {
|
|
authService *AuthService // Changed to *AuthService (from the current package)
|
|
sessionService *services.SessionService
|
|
logger *zap.Logger
|
|
}
|
|
|
|
// NewAuthHandler crée une nouvelle instance d'AuthHandler
|
|
func NewAuthHandler(authService *AuthService, sessionService *services.SessionService, logger *zap.Logger) *AuthHandler { // Changed to *AuthService
|
|
return &AuthHandler{
|
|
authService: authService,
|
|
sessionService: sessionService,
|
|
logger: logger,
|
|
}
|
|
}
|
|
|
|
// Register gère l'inscription d'un nouvel utilisateur
|
|
func (h *AuthHandler) Register(c *gin.Context) {
|
|
var req dto.RegisterRequest
|
|
if err := c.ShouldBindJSON(&req); err != nil {
|
|
errorMsg := err.Error()
|
|
if strings.Contains(errorMsg, "Password") && strings.Contains(errorMsg, "min") {
|
|
errorMsg = "Le mot de passe doit contenir au moins 12 caractères"
|
|
} else if strings.Contains(errorMsg, "PasswordConfirm") && strings.Contains(errorMsg, "eqfield") {
|
|
errorMsg = "Les mots de passe ne correspondent pas"
|
|
} else if strings.Contains(errorMsg, "Email") && strings.Contains(errorMsg, "email") {
|
|
errorMsg = "Format d'email invalide"
|
|
} else if strings.Contains(errorMsg, "required") {
|
|
if strings.Contains(errorMsg, "Password") {
|
|
errorMsg = "Le mot de passe est requis"
|
|
} else if strings.Contains(errorMsg, "Email") {
|
|
errorMsg = "L'email est requis"
|
|
} else if strings.Contains(errorMsg, "PasswordConfirm") {
|
|
errorMsg = "La confirmation du mot de passe est requise"
|
|
}
|
|
}
|
|
|
|
h.logger.Warn("Invalid registration request", zap.Error(err), zap.String("error_message", errorMsg))
|
|
c.JSON(http.StatusBadRequest, gin.H{"error": errorMsg})
|
|
return
|
|
}
|
|
|
|
h.logger.Info("Received registration request", zap.Any("req", req))
|
|
user, err := h.authService.Register(c.Request.Context(), req.Email, req.Username, req.Password)
|
|
if err != nil {
|
|
if strings.Contains(err.Error(), "already exists") {
|
|
c.JSON(http.StatusConflict, gin.H{"error": err.Error()})
|
|
return
|
|
}
|
|
if strings.Contains(err.Error(), "validation") || strings.Contains(err.Error(), "invalid") {
|
|
c.JSON(http.StatusBadRequest, gin.H{"error": err.Error()})
|
|
return
|
|
}
|
|
c.JSON(http.StatusInternalServerError, gin.H{"error": "Failed to create user"})
|
|
return
|
|
}
|
|
|
|
response := dto.RegisterResponse{
|
|
User: dto.UserResponse{
|
|
ID: user.ID,
|
|
Email: user.Email,
|
|
Username: user.Username,
|
|
},
|
|
Token: dto.TokenResponse{},
|
|
}
|
|
|
|
c.JSON(http.StatusCreated, response)
|
|
}
|
|
|
|
// Login gère la connexion d'un utilisateur
|
|
func (h *AuthHandler) Login(c *gin.Context) {
|
|
var req dto.LoginRequest
|
|
if err := c.ShouldBindJSON(&req); err != nil {
|
|
c.JSON(http.StatusBadRequest, gin.H{"error": err.Error()})
|
|
return
|
|
}
|
|
|
|
user, tokens, err := h.authService.Login(c.Request.Context(), req.Email, req.Password, req.RememberMe)
|
|
if err != nil {
|
|
if strings.Contains(err.Error(), "email not verified") {
|
|
c.JSON(http.StatusForbidden, gin.H{
|
|
"error": err.Error(),
|
|
"code": "EMAIL_NOT_VERIFIED",
|
|
})
|
|
return
|
|
}
|
|
if strings.Contains(err.Error(), "invalid credentials") {
|
|
c.JSON(http.StatusUnauthorized, gin.H{"error": "Invalid credentials"})
|
|
return
|
|
}
|
|
c.JSON(http.StatusInternalServerError, gin.H{"error": "Failed to authenticate"})
|
|
return
|
|
}
|
|
|
|
if h.sessionService != nil {
|
|
ipAddress := c.ClientIP()
|
|
userAgent := c.GetHeader("User-Agent")
|
|
if userAgent == "" {
|
|
userAgent = "Unknown"
|
|
}
|
|
|
|
expiresIn := 30 * 24 * time.Hour
|
|
if req.RememberMe {
|
|
expiresIn = 90 * 24 * time.Hour
|
|
}
|
|
|
|
sessionReq := &services.SessionCreateRequest{
|
|
UserID: user.ID,
|
|
Token: tokens.AccessToken,
|
|
IPAddress: ipAddress,
|
|
UserAgent: userAgent,
|
|
ExpiresIn: expiresIn,
|
|
}
|
|
|
|
if _, err := h.sessionService.CreateSession(c.Request.Context(), sessionReq); err != nil {
|
|
h.logger.Warn("Failed to create session after login",
|
|
zap.String("user_id", user.ID.String()),
|
|
zap.String("ip_address", ipAddress),
|
|
zap.Error(err),
|
|
)
|
|
}
|
|
}
|
|
|
|
response := dto.LoginResponse{
|
|
User: dto.UserResponse{
|
|
ID: user.ID,
|
|
Email: user.Email,
|
|
},
|
|
Token: dto.TokenResponse{
|
|
AccessToken: tokens.AccessToken,
|
|
RefreshToken: tokens.RefreshToken,
|
|
ExpiresIn: int(h.authService.JWTService.Config.AccessTokenTTL.Seconds()),
|
|
},
|
|
}
|
|
|
|
c.JSON(http.StatusOK, response)
|
|
}
|
|
|
|
// Refresh gère le rafraîchissement d'un access token
|
|
func (h *AuthHandler) Refresh(c *gin.Context) {
|
|
var req dto.RefreshRequest
|
|
if err := c.ShouldBindJSON(&req); err != nil {
|
|
c.JSON(http.StatusBadRequest, gin.H{"error": err.Error()})
|
|
return
|
|
}
|
|
|
|
tokens, err := h.authService.Refresh(c.Request.Context(), req.RefreshToken)
|
|
if err != nil {
|
|
if strings.Contains(err.Error(), "invalid refresh token") ||
|
|
strings.Contains(err.Error(), "not found") ||
|
|
strings.Contains(err.Error(), "expired") ||
|
|
strings.Contains(err.Error(), "token version mismatch") {
|
|
c.JSON(http.StatusUnauthorized, gin.H{"error": "Invalid refresh token"})
|
|
return
|
|
}
|
|
c.JSON(http.StatusInternalServerError, gin.H{"error": "Failed to refresh token"})
|
|
return
|
|
}
|
|
|
|
response := dto.TokenResponse{
|
|
AccessToken: tokens.AccessToken,
|
|
RefreshToken: tokens.RefreshToken,
|
|
ExpiresIn: 900,
|
|
}
|
|
|
|
c.JSON(http.StatusOK, response)
|
|
}
|
|
|
|
// CheckUsername vérifie la disponibilité d'un nom d'utilisateur
|
|
func (h *AuthHandler) CheckUsername(c *gin.Context) {
|
|
username := c.Query("username")
|
|
if username == "" {
|
|
c.JSON(http.StatusBadRequest, gin.H{"error": "Username is required"})
|
|
return
|
|
}
|
|
|
|
_, err := h.authService.GetUserByUsername(c.Request.Context(), username)
|
|
available := err != nil
|
|
|
|
c.JSON(http.StatusOK, gin.H{
|
|
"available": available,
|
|
"username": username,
|
|
})
|
|
}
|
|
|
|
// GetMe retourne les informations de l'utilisateur connecté
|
|
func (h *AuthHandler) GetMe(c *gin.Context) {
|
|
userID, exists := c.Get("user_id")
|
|
if !exists {
|
|
c.JSON(http.StatusUnauthorized, gin.H{"error": "Unauthorized"})
|
|
return
|
|
}
|
|
|
|
c.JSON(http.StatusOK, gin.H{
|
|
"id": userID,
|
|
"email": c.GetString("email"),
|
|
"role": c.GetString("role"),
|
|
})
|
|
}
|
|
|
|
// Logout déconnecte l'utilisateur
|
|
func (h *AuthHandler) Logout(c *gin.Context) {
|
|
userIDInterface, exists := c.Get("user_id")
|
|
if !exists {
|
|
c.JSON(http.StatusUnauthorized, gin.H{"error": "Unauthorized"})
|
|
return
|
|
}
|
|
|
|
userID, ok := userIDInterface.(uuid.UUID)
|
|
if !ok {
|
|
c.JSON(http.StatusInternalServerError, gin.H{"error": "Invalid user ID type in context"})
|
|
return
|
|
}
|
|
|
|
var req struct {
|
|
RefreshToken string `json:"refresh_token" binding:"required"`
|
|
}
|
|
|
|
if err := c.ShouldBindJSON(&req); err != nil {
|
|
c.JSON(http.StatusBadRequest, gin.H{"error": "Refresh token is required"})
|
|
return
|
|
}
|
|
|
|
if err := h.authService.Logout(c.Request.Context(), userID, req.RefreshToken); err != nil {
|
|
h.logger.Error("Failed to logout (revoke token)", zap.Error(err))
|
|
}
|
|
|
|
if h.sessionService != nil {
|
|
authHeader := c.GetHeader("Authorization")
|
|
if authHeader != "" && strings.HasPrefix(authHeader, "Bearer ") {
|
|
token := strings.TrimPrefix(authHeader, "Bearer ")
|
|
if err := h.sessionService.RevokeSession(c.Request.Context(), token); err != nil {
|
|
h.logger.Warn("Failed to revoke session on logout", zap.Error(err))
|
|
}
|
|
}
|
|
}
|
|
|
|
c.JSON(http.StatusOK, gin.H{"message": "Logged out successfully"})
|
|
}
|
|
|
|
// VerifyEmail gère la vérification de l'email
|
|
func (h *AuthHandler) VerifyEmail(c *gin.Context) {
|
|
token := c.Query("token")
|
|
if token == "" {
|
|
c.JSON(http.StatusBadRequest, gin.H{"error": "Token required"})
|
|
return
|
|
}
|
|
|
|
if err := h.authService.VerifyEmail(c.Request.Context(), token); err != nil {
|
|
c.JSON(http.StatusBadRequest, gin.H{"error": err.Error()})
|
|
return
|
|
}
|
|
|
|
c.JSON(http.StatusOK, gin.H{"message": "Email verified successfully"})
|
|
}
|
|
|
|
// ResendVerification gère la demande de renvoi d'email de vérification
|
|
func (h *AuthHandler) ResendVerification(c *gin.Context) {
|
|
var req struct {
|
|
Email string `json:"email" binding:"required,email"`
|
|
}
|
|
if err := c.ShouldBindJSON(&req); err != nil {
|
|
c.JSON(http.StatusBadRequest, gin.H{"error": err.Error()})
|
|
return
|
|
}
|
|
|
|
if err := h.authService.ResendVerificationEmail(c.Request.Context(), req.Email); err != nil {
|
|
if err.Error() == "email already verified" {
|
|
c.JSON(http.StatusBadRequest, gin.H{"error": err.Error()})
|
|
return
|
|
}
|
|
}
|
|
|
|
c.JSON(http.StatusOK, gin.H{"message": "Verification email sent if account exists"})
|
|
}
|
|
|
|
// GetUserByUsername gets a user by username
|
|
func (h *AuthHandler) GetUserByUsername(c *gin.Context) {
|
|
username := c.Param("username")
|
|
user, err := h.authService.GetUserByUsername(c.Request.Context(), username)
|
|
if err != nil {
|
|
response.NotFound(c, "User not found")
|
|
return
|
|
}
|
|
response.Success(c, user)
|
|
}
|