aboutsummaryrefslogtreecommitdiff
path: root/auth/controller.go
blob: 71cdc6a6331569645b79bfe4e312fe8c9a20c43f (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
/* openbills - Server for web based Libre Billing Software
 * Copyright (C) 2023  Vidhu Kant Sharma <vidhukant@vidhukant.com>
 *
 * This program is free software: you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
 * the Free Software Foundation, either version 3 of the License, or
 * (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * along with this program.  If not, see <https://www.gnu.org/licenses/>.
 */

package auth

import (
	"github.com/gin-gonic/gin"
	"github.com/golang-jwt/jwt/v5"
	"github.com/spf13/viper"
	"golang.org/x/crypto/bcrypt"
	"vidhukant.com/openbills/user"
	"net/http"
	"time"
)

var (
	COST int
	AUTH_KEY, REFRESH_KEY []byte
)
func init() {
	COST = viper.GetInt("cryptography.password_hashing_cost")
	AUTH_KEY = []byte(viper.GetString("cryptography.auth_key"))
	REFRESH_KEY = []byte(viper.GetString("cryptography.refresh_key"))
}

func handleSignUp (ctx *gin.Context) {
	var user user.User
	ctx.Bind(&user)

	var err error

	// hash password
	var bytes []byte
	bytes, err = bcrypt.GenerateFromPassword([]byte(user.Password), 14)
	if err != nil {
		// TODO: handle potential errors
		ctx.Error(err)
		ctx.Abort()
		return
	}
	user.Password = string(bytes)

	err = user.Create()
	if err != nil {
		ctx.Error(err)
		ctx.Abort()
		return
	}

	ctx.JSON(http.StatusOK, gin.H{
		"message": "success",
		"data": user,
	})
}

func handleSignIn (ctx *gin.Context) {
	var req LoginReq
	ctx.Bind(&req)

	var err error
	var u user.User

	err = user.CheckPassword(&u, req.AccountName, req.Method, req.Password)
	if err != nil {
		// TODO: handle potential errors
		ctx.Error(err)
		ctx.Abort()
		return
	}

	authToken, err := jwt.NewWithClaims(jwt.SigningMethodHS256,
		AuthClaims {
			jwt.RegisteredClaims {
				IssuedAt: jwt.NewNumericDate(time.Now()),
				ExpiresAt: jwt.NewNumericDate(time.Now().Add(time.Minute * 2)),
			},
			u.ID,
		},
	).SignedString(AUTH_KEY)
	if err != nil {
		// TODO: handle potential errors
		ctx.Error(err)
		ctx.Abort()
		return
	}

	refreshToken, err := jwt.NewWithClaims(jwt.SigningMethodHS256,
		AuthClaims {
			jwt.RegisteredClaims {
				IssuedAt: jwt.NewNumericDate(time.Now()),
			  ExpiresAt: jwt.NewNumericDate(time.Now().Add(time.Hour * 6)),
			},
			u.ID,
		},
	).SignedString(REFRESH_KEY)
	if err != nil {
		// TODO: handle potential errors
		ctx.Error(err)
		ctx.Abort()
		return
	}

	ctx.JSON(http.StatusOK, gin.H{
		"auth_token": authToken,
		"refresh_token": refreshToken,
		"message": "success",
		"data": u,
	})
}