From ac7aa8c6e95023def1eba7615d8a42ad52271500 Mon Sep 17 00:00:00 2001
From: Vidhu Kant Sharma <vidhukant@vidhukant.xyz>
Date: Sun, 29 Jan 2023 20:11:09 +0530
Subject: checking password before editing/deleting user

---
 auth/router.go | 60 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 60 insertions(+)
 create mode 100644 auth/router.go

(limited to 'auth/router.go')

diff --git a/auth/router.go b/auth/router.go
new file mode 100644
index 0000000..9fa03b7
--- /dev/null
+++ b/auth/router.go
@@ -0,0 +1,60 @@
+/* OpenBills-server - Server for libre billing software OpenBills-web
+ * Copyright (C) 2022  Vidhu Kant Sharma <vidhukant@vidhukant.xyz>
+
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <https://www.gnu.org/licenses/>.
+ */
+
+package auth
+
+import (
+	"github.com/MikunoNaka/OpenBills-server/user"
+	"github.com/gin-gonic/gin"
+	"log"
+	"net/http"
+)
+
+func Routes(route *gin.Engine) {
+	r := route.Group("/auth")
+	{
+		r.POST("/login", user.checkPassword(), func(ctx *gin.Context) {
+			user := ctx.MustGet("user").(user.User)
+
+			accessToken, err := user.newAccessToken(user.Id.Hex())
+			if err != nil {
+				log.Printf("Error while generating new access token: %v", err)
+				ctx.AbortWithStatusJSON(http.StatusInternalServerError, gin.H{"message": "Internal Server Error (cannot login)"})
+			}
+
+			refreshToken, expiresAt, err := user.newRefreshToken(user.Id.Hex())
+			if err != nil {
+				log.Printf("Error while generating new refresh token: %v", err)
+				ctx.AbortWithStatusJSON(http.StatusInternalServerError, gin.H{"message": "Internal Server Error (cannot login)"})
+			}
+
+			ctx.SetCookie("refreshToken", refreshToken, int(expiresAt), "", "", true, true)
+			ctx.JSON(http.StatusOK, gin.H{"accessToken": accessToken})
+		})
+
+		r.POST("/refresh", user.verifyRefreshToken(), func(ctx *gin.Context) {
+			u := ctx.MustGet("user").(user.User)
+			accessToken, err := util.newAccessToken(u.Id.Hex())
+			if err != nil {
+				log.Printf("Error while generating new access token: %v", err)
+				ctx.AbortWithStatusJSON(http.StatusInternalServerError, gin.H{"message": "Internal Server Error (cannot refresh session)"})
+			} else {
+				ctx.JSON(http.StatusOK, gin.H{"accessToken": accessToken})
+			}
+		})
+	}
+}
-- 
cgit v1.2.3