homebox/backend/app/api/handlers/v1/v1_ctrl_auth.go

package v1

import (
	"errors"
	"net/http"
	"strings"
	"time"

	"github.com/hay-kot/homebox/backend/internal/core/services"
	"github.com/hay-kot/homebox/backend/internal/sys/validate"
	"github.com/hay-kot/homebox/backend/pkgs/server"
	"github.com/rs/zerolog/log"
)

type (
	TokenResponse struct {
		Token           string    `json:"token"`
		ExpiresAt       time.Time `json:"expiresAt"`
		AttachmentToken string    `json:"attachmentToken"`
	}

	LoginForm struct {
		Username string `json:"username"`
		Password string `json:"password"`
	}
)

// HandleAuthLogin godoc
//
//	@Summary User Login
//	@Tags    Authentication
//	@Accept  x-www-form-urlencoded
//	@Accept  application/json
//	@Param   username formData string false "string" example(admin@admin.com)
//	@Param   password formData string false "string" example(admin)
//	@Produce json
//	@Success 200 {object} TokenResponse
//	@Router  /v1/users/login [POST]
func (ctrl *V1Controller) HandleAuthLogin() server.HandlerFunc {
	return func(w http.ResponseWriter, r *http.Request) error {
		loginForm := &LoginForm{}

		switch r.Header.Get("Content-Type") {
		case server.ContentFormUrlEncoded:
			err := r.ParseForm()
			if err != nil {
				return server.Respond(w, http.StatusBadRequest, server.Wrap(err))
			}

			loginForm.Username = r.PostFormValue("username")
			loginForm.Password = r.PostFormValue("password")
		case server.ContentJSON:
			err := server.Decode(r, loginForm)
			if err != nil {
				log.Err(err).Msg("failed to decode login form")
			}
		default:
			return server.Respond(w, http.StatusBadRequest, errors.New("invalid content type"))
		}

		if loginForm.Username == "" || loginForm.Password == "" {
			return validate.NewFieldErrors(
				validate.FieldError{
					Field: "username",
					Error: "username or password is empty",
				},
				validate.FieldError{
					Field: "password",
					Error: "username or password is empty",
				},
			)
		}

		newToken, err := ctrl.svc.User.Login(r.Context(), strings.ToLower(loginForm.Username), loginForm.Password)
		if err != nil {
			return validate.NewRequestError(errors.New("authentication failed"), http.StatusInternalServerError)
		}

		return server.Respond(w, http.StatusOK, TokenResponse{
			Token:           "Bearer " + newToken.Raw,
			ExpiresAt:       newToken.ExpiresAt,
			AttachmentToken: newToken.AttachmentToken,
		})
	}
}

// HandleAuthLogout godoc
//
//	@Summary  User Logout
//	@Tags     Authentication
//	@Success  204
//	@Router   /v1/users/logout [POST]
//	@Security Bearer
func (ctrl *V1Controller) HandleAuthLogout() server.HandlerFunc {
	return func(w http.ResponseWriter, r *http.Request) error {
		token := services.UseTokenCtx(r.Context())
		if token == "" {
			return validate.NewRequestError(errors.New("no token within request context"), http.StatusUnauthorized)
		}

		err := ctrl.svc.User.Logout(r.Context(), token)
		if err != nil {
			return validate.NewRequestError(err, http.StatusInternalServerError)
		}

		return server.Respond(w, http.StatusNoContent, nil)
	}
}

// HandleAuthLogout godoc
//
//	@Summary     User Token Refresh
//	@Description handleAuthRefresh returns a handler that will issue a new token from an existing token.
//	@Description This does not validate that the user still exists within the database.
//	@Tags        Authentication
//	@Success     200
//	@Router      /v1/users/refresh [GET]
//	@Security    Bearer
func (ctrl *V1Controller) HandleAuthRefresh() server.HandlerFunc {
	return func(w http.ResponseWriter, r *http.Request) error {
		requestToken := services.UseTokenCtx(r.Context())
		if requestToken == "" {
			return validate.NewRequestError(errors.New("no token within request context"), http.StatusUnauthorized)
		}

		newToken, err := ctrl.svc.User.RenewToken(r.Context(), requestToken)
		if err != nil {
			return validate.NewUnauthorizedError()
		}

		return server.Respond(w, http.StatusOK, newToken)
	}
}
Initial commit 2022-08-30 02:30:36 +00:00			`package v1`

			`import (`
			`"errors"`
			`"net/http"`
feat: enhanced search functions (#260) * make login case insensitive * expand query to support by Field and By AID search * type generation * new API callers * rework search to support field queries * improve unnecessary data fetches * clear stores on logout * change verbage * add labels 2023-02-05 21:12:54 +00:00			`"strings"`
refactor: repositories (#28) * cleanup unnecessary mocks * refactor document storage location * remove unused function * move ownership to document types to repo package * move types and mappers to repo package * refactor sets to own package 2022-09-27 23:52:13 +00:00			`"time"`
Initial commit 2022-08-30 02:30:36 +00:00
refactor: remove empty services (#116) * remove empty services * remove old factory * remove old static files * cleanup more duplicate service code * file/folder reorg 2022-10-30 04:05:38 +00:00			`"github.com/hay-kot/homebox/backend/internal/core/services"`
refactor: http interfaces (#114) * implement custom http handler interface * implement trace_id * normalize http method spacing for consistent logs * fix failing test * fix linter errors * cleanup old dead code * more route cleanup * cleanup some inconsistent errors * update and generate code * make taskfile more consistent * update task calls * run tidy * drop `@` tag for version * use relative paths * tidy * fix auto-setting variables * update build paths * add contributing guide * tidy 2022-10-30 02:15:35 +00:00			`"github.com/hay-kot/homebox/backend/internal/sys/validate"`
feat: item-attachments CRUD (#22) * change /content/ -> /homebox/ * add cache to code generators * update env variables to set data storage * update env variables * set env variables in prod container * implement attachment post route (WIP) * get attachment endpoint * attachment download * implement string utilities lib * implement generic drop zone * use explicit truncate * remove clean dir * drop strings composable for lib * update item types and add attachments * add attachment API * implement service context * consolidate API code * implement editing attachments * implement upload limit configuration * improve error handling * add docs for max upload size * fix test cases 2022-09-24 19:33:38 +00:00			`"github.com/hay-kot/homebox/backend/pkgs/server"`
switch to zero log 2022-09-03 18:38:35 +00:00			`"github.com/rs/zerolog/log"`
Initial commit 2022-08-30 02:30:36 +00:00			`)`

refactor: repositories (#28) * cleanup unnecessary mocks * refactor document storage location * remove unused function * move ownership to document types to repo package * move types and mappers to repo package * refactor sets to own package 2022-09-27 23:52:13 +00:00			`type (`
			`TokenResponse struct {`
feat: auth-roles, image-gallery, click-to-open (#166) * schema changes * db generate * db migration * add role based middleware * implement attachment token access * generate docs * implement role based auth * replace attachment specific tokens with gen token * run linter * cleanup temporary token implementation 2022-12-03 19:55:00 +00:00			Token string `json:"token"`
			ExpiresAt time.Time `json:"expiresAt"`
			AttachmentToken string `json:"attachmentToken"`
refactor: repositories (#28) * cleanup unnecessary mocks * refactor document storage location * remove unused function * move ownership to document types to repo package * move types and mappers to repo package * refactor sets to own package 2022-09-27 23:52:13 +00:00			`}`

			`LoginForm struct {`
			Username string `json:"username"`
			Password string `json:"password"`
			`}`
			`)`

Initial commit 2022-08-30 02:30:36 +00:00			`// HandleAuthLogin godoc`
feat: Notifiers CRUD (#337) * introduce scaffold for new models * wip: shoutrrr wrapper (may remove) * update schema files * gen: ent code * gen: migrations * go mod tidy * add group_id to notifier * db migration * new mapper helpers * notifier repo * introduce experimental adapter pattern for hdlrs * refactor adapters to fit more common use cases * new routes for notifiers * update errors to fix validation panic * go tidy * reverse checkbox label display * wip: notifiers UI * use badges instead of text * improve documentation * add scaffold schema reference * remove notifier service * refactor schema folder * support group edges via scaffold * delete test file * include link to API docs * audit and update documentation + improve format * refactor schema edges * refactor * add custom validator * set validate + order fields by name * fix failing tests 2023-03-07 06:18:58 +00:00			`//`
			`// @Summary User Login`
			`// @Tags Authentication`
			`// @Accept x-www-form-urlencoded`
			`// @Accept application/json`
			`// @Param username formData string false "string" example(admin@admin.com)`
			`// @Param password formData string false "string" example(admin)`
			`// @Produce json`
			`// @Success 200 {object} TokenResponse`
			`// @Router /v1/users/login [POST]`
refactor: http interfaces (#114) * implement custom http handler interface * implement trace_id * normalize http method spacing for consistent logs * fix failing test * fix linter errors * cleanup old dead code * more route cleanup * cleanup some inconsistent errors * update and generate code * make taskfile more consistent * update task calls * run tidy * drop `@` tag for version * use relative paths * tidy * fix auto-setting variables * update build paths * add contributing guide * tidy 2022-10-30 02:15:35 +00:00			`func (ctrl *V1Controller) HandleAuthLogin() server.HandlerFunc {`
			`return func(w http.ResponseWriter, r *http.Request) error {`
refactor: repositories (#28) * cleanup unnecessary mocks * refactor document storage location * remove unused function * move ownership to document types to repo package * move types and mappers to repo package * refactor sets to own package 2022-09-27 23:52:13 +00:00			`loginForm := &LoginForm{}`
Initial commit 2022-08-30 02:30:36 +00:00
feat: change password (#35) * refactor: implement factories for testing * add additional factories * change protection for dropFields * prevent timed attacks on login * use switch instead of else-if * API implementation for changing password * add change-password dialog 2022-10-09 17:23:21 +00:00			`switch r.Header.Get("Content-Type") {`
			`case server.ContentFormUrlEncoded:`
Initial commit 2022-08-30 02:30:36 +00:00			`err := r.ParseForm()`
			`if err != nil {`
refactor: http interfaces (#114) * implement custom http handler interface * implement trace_id * normalize http method spacing for consistent logs * fix failing test * fix linter errors * cleanup old dead code * more route cleanup * cleanup some inconsistent errors * update and generate code * make taskfile more consistent * update task calls * run tidy * drop `@` tag for version * use relative paths * tidy * fix auto-setting variables * update build paths * add contributing guide * tidy 2022-10-30 02:15:35 +00:00			`return server.Respond(w, http.StatusBadRequest, server.Wrap(err))`
Initial commit 2022-08-30 02:30:36 +00:00			`}`

			`loginForm.Username = r.PostFormValue("username")`
			`loginForm.Password = r.PostFormValue("password")`
feat: change password (#35) * refactor: implement factories for testing * add additional factories * change protection for dropFields * prevent timed attacks on login * use switch instead of else-if * API implementation for changing password * add change-password dialog 2022-10-09 17:23:21 +00:00			`case server.ContentJSON:`
Initial commit 2022-08-30 02:30:36 +00:00			`err := server.Decode(r, loginForm)`
			`if err != nil {`
switch to zero log 2022-09-03 18:38:35 +00:00			`log.Err(err).Msg("failed to decode login form")`
Initial commit 2022-08-30 02:30:36 +00:00			`}`
feat: change password (#35) * refactor: implement factories for testing * add additional factories * change protection for dropFields * prevent timed attacks on login * use switch instead of else-if * API implementation for changing password * add change-password dialog 2022-10-09 17:23:21 +00:00			`default:`
refactor: http interfaces (#114) * implement custom http handler interface * implement trace_id * normalize http method spacing for consistent logs * fix failing test * fix linter errors * cleanup old dead code * more route cleanup * cleanup some inconsistent errors * update and generate code * make taskfile more consistent * update task calls * run tidy * drop `@` tag for version * use relative paths * tidy * fix auto-setting variables * update build paths * add contributing guide * tidy 2022-10-30 02:15:35 +00:00			`return server.Respond(w, http.StatusBadRequest, errors.New("invalid content type"))`
Initial commit 2022-08-30 02:30:36 +00:00			`}`

			`if loginForm.Username == "" \|\| loginForm.Password == "" {`
refactor: http interfaces (#114) * implement custom http handler interface * implement trace_id * normalize http method spacing for consistent logs * fix failing test * fix linter errors * cleanup old dead code * more route cleanup * cleanup some inconsistent errors * update and generate code * make taskfile more consistent * update task calls * run tidy * drop `@` tag for version * use relative paths * tidy * fix auto-setting variables * update build paths * add contributing guide * tidy 2022-10-30 02:15:35 +00:00			`return validate.NewFieldErrors(`
			`validate.FieldError{`
			`Field: "username",`
			`Error: "username or password is empty",`
			`},`
			`validate.FieldError{`
			`Field: "password",`
			`Error: "username or password is empty",`
			`},`
			`)`
Initial commit 2022-08-30 02:30:36 +00:00			`}`

feat: enhanced search functions (#260) * make login case insensitive * expand query to support by Field and By AID search * type generation * new API callers * rework search to support field queries * improve unnecessary data fetches * clear stores on logout * change verbage * add labels 2023-02-05 21:12:54 +00:00			`newToken, err := ctrl.svc.User.Login(r.Context(), strings.ToLower(loginForm.Username), loginForm.Password)`
Initial commit 2022-08-30 02:30:36 +00:00			`if err != nil {`
refactor: http interfaces (#114) * implement custom http handler interface * implement trace_id * normalize http method spacing for consistent logs * fix failing test * fix linter errors * cleanup old dead code * more route cleanup * cleanup some inconsistent errors * update and generate code * make taskfile more consistent * update task calls * run tidy * drop `@` tag for version * use relative paths * tidy * fix auto-setting variables * update build paths * add contributing guide * tidy 2022-10-30 02:15:35 +00:00			`return validate.NewRequestError(errors.New("authentication failed"), http.StatusInternalServerError)`
Initial commit 2022-08-30 02:30:36 +00:00			`}`

refactor: http interfaces (#114) * implement custom http handler interface * implement trace_id * normalize http method spacing for consistent logs * fix failing test * fix linter errors * cleanup old dead code * more route cleanup * cleanup some inconsistent errors * update and generate code * make taskfile more consistent * update task calls * run tidy * drop `@` tag for version * use relative paths * tidy * fix auto-setting variables * update build paths * add contributing guide * tidy 2022-10-30 02:15:35 +00:00			`return server.Respond(w, http.StatusOK, TokenResponse{`
feat: auth-roles, image-gallery, click-to-open (#166) * schema changes * db generate * db migration * add role based middleware * implement attachment token access * generate docs * implement role based auth * replace attachment specific tokens with gen token * run linter * cleanup temporary token implementation 2022-12-03 19:55:00 +00:00			`Token: "Bearer " + newToken.Raw,`
			`ExpiresAt: newToken.ExpiresAt,`
			`AttachmentToken: newToken.AttachmentToken,`
Initial commit 2022-08-30 02:30:36 +00:00			`})`
			`}`
			`}`

			`// HandleAuthLogout godoc`
feat: Notifiers CRUD (#337) * introduce scaffold for new models * wip: shoutrrr wrapper (may remove) * update schema files * gen: ent code * gen: migrations * go mod tidy * add group_id to notifier * db migration * new mapper helpers * notifier repo * introduce experimental adapter pattern for hdlrs * refactor adapters to fit more common use cases * new routes for notifiers * update errors to fix validation panic * go tidy * reverse checkbox label display * wip: notifiers UI * use badges instead of text * improve documentation * add scaffold schema reference * remove notifier service * refactor schema folder * support group edges via scaffold * delete test file * include link to API docs * audit and update documentation + improve format * refactor schema edges * refactor * add custom validator * set validate + order fields by name * fix failing tests 2023-03-07 06:18:58 +00:00			`//`
			`// @Summary User Logout`
			`// @Tags Authentication`
			`// @Success 204`
			`// @Router /v1/users/logout [POST]`
			`// @Security Bearer`
refactor: http interfaces (#114) * implement custom http handler interface * implement trace_id * normalize http method spacing for consistent logs * fix failing test * fix linter errors * cleanup old dead code * more route cleanup * cleanup some inconsistent errors * update and generate code * make taskfile more consistent * update task calls * run tidy * drop `@` tag for version * use relative paths * tidy * fix auto-setting variables * update build paths * add contributing guide * tidy 2022-10-30 02:15:35 +00:00			`func (ctrl *V1Controller) HandleAuthLogout() server.HandlerFunc {`
			`return func(w http.ResponseWriter, r *http.Request) error {`
Initial commit 2022-08-30 02:30:36 +00:00			`token := services.UseTokenCtx(r.Context())`
			`if token == "" {`
refactor: http interfaces (#114) * implement custom http handler interface * implement trace_id * normalize http method spacing for consistent logs * fix failing test * fix linter errors * cleanup old dead code * more route cleanup * cleanup some inconsistent errors * update and generate code * make taskfile more consistent * update task calls * run tidy * drop `@` tag for version * use relative paths * tidy * fix auto-setting variables * update build paths * add contributing guide * tidy 2022-10-30 02:15:35 +00:00			`return validate.NewRequestError(errors.New("no token within request context"), http.StatusUnauthorized)`
Initial commit 2022-08-30 02:30:36 +00:00			`}`

			`err := ctrl.svc.User.Logout(r.Context(), token)`
			`if err != nil {`
refactor: http interfaces (#114) * implement custom http handler interface * implement trace_id * normalize http method spacing for consistent logs * fix failing test * fix linter errors * cleanup old dead code * more route cleanup * cleanup some inconsistent errors * update and generate code * make taskfile more consistent * update task calls * run tidy * drop `@` tag for version * use relative paths * tidy * fix auto-setting variables * update build paths * add contributing guide * tidy 2022-10-30 02:15:35 +00:00			`return validate.NewRequestError(err, http.StatusInternalServerError)`
Initial commit 2022-08-30 02:30:36 +00:00			`}`

refactor: http interfaces (#114) * implement custom http handler interface * implement trace_id * normalize http method spacing for consistent logs * fix failing test * fix linter errors * cleanup old dead code * more route cleanup * cleanup some inconsistent errors * update and generate code * make taskfile more consistent * update task calls * run tidy * drop `@` tag for version * use relative paths * tidy * fix auto-setting variables * update build paths * add contributing guide * tidy 2022-10-30 02:15:35 +00:00			`return server.Respond(w, http.StatusNoContent, nil)`
Initial commit 2022-08-30 02:30:36 +00:00			`}`
			`}`

			`// HandleAuthLogout godoc`
feat: Notifiers CRUD (#337) * introduce scaffold for new models * wip: shoutrrr wrapper (may remove) * update schema files * gen: ent code * gen: migrations * go mod tidy * add group_id to notifier * db migration * new mapper helpers * notifier repo * introduce experimental adapter pattern for hdlrs * refactor adapters to fit more common use cases * new routes for notifiers * update errors to fix validation panic * go tidy * reverse checkbox label display * wip: notifiers UI * use badges instead of text * improve documentation * add scaffold schema reference * remove notifier service * refactor schema folder * support group edges via scaffold * delete test file * include link to API docs * audit and update documentation + improve format * refactor schema edges * refactor * add custom validator * set validate + order fields by name * fix failing tests 2023-03-07 06:18:58 +00:00			`//`
			`// @Summary User Token Refresh`
			`// @Description handleAuthRefresh returns a handler that will issue a new token from an existing token.`
			`// @Description This does not validate that the user still exists within the database.`
			`// @Tags Authentication`
			`// @Success 200`
			`// @Router /v1/users/refresh [GET]`
			`// @Security Bearer`
refactor: http interfaces (#114) * implement custom http handler interface * implement trace_id * normalize http method spacing for consistent logs * fix failing test * fix linter errors * cleanup old dead code * more route cleanup * cleanup some inconsistent errors * update and generate code * make taskfile more consistent * update task calls * run tidy * drop `@` tag for version * use relative paths * tidy * fix auto-setting variables * update build paths * add contributing guide * tidy 2022-10-30 02:15:35 +00:00			`func (ctrl *V1Controller) HandleAuthRefresh() server.HandlerFunc {`
			`return func(w http.ResponseWriter, r *http.Request) error {`
Initial commit 2022-08-30 02:30:36 +00:00			`requestToken := services.UseTokenCtx(r.Context())`
			`if requestToken == "" {`
refactor: http interfaces (#114) * implement custom http handler interface * implement trace_id * normalize http method spacing for consistent logs * fix failing test * fix linter errors * cleanup old dead code * more route cleanup * cleanup some inconsistent errors * update and generate code * make taskfile more consistent * update task calls * run tidy * drop `@` tag for version * use relative paths * tidy * fix auto-setting variables * update build paths * add contributing guide * tidy 2022-10-30 02:15:35 +00:00			`return validate.NewRequestError(errors.New("no token within request context"), http.StatusUnauthorized)`
Initial commit 2022-08-30 02:30:36 +00:00			`}`

			`newToken, err := ctrl.svc.User.RenewToken(r.Context(), requestToken)`
			`if err != nil {`
refactor: http interfaces (#114) * implement custom http handler interface * implement trace_id * normalize http method spacing for consistent logs * fix failing test * fix linter errors * cleanup old dead code * more route cleanup * cleanup some inconsistent errors * update and generate code * make taskfile more consistent * update task calls * run tidy * drop `@` tag for version * use relative paths * tidy * fix auto-setting variables * update build paths * add contributing guide * tidy 2022-10-30 02:15:35 +00:00			`return validate.NewUnauthorizedError()`
Initial commit 2022-08-30 02:30:36 +00:00			`}`

refactor: http interfaces (#114) * implement custom http handler interface * implement trace_id * normalize http method spacing for consistent logs * fix failing test * fix linter errors * cleanup old dead code * more route cleanup * cleanup some inconsistent errors * update and generate code * make taskfile more consistent * update task calls * run tidy * drop `@` tag for version * use relative paths * tidy * fix auto-setting variables * update build paths * add contributing guide * tidy 2022-10-30 02:15:35 +00:00			`return server.Respond(w, http.StatusOK, newToken)`
Initial commit 2022-08-30 02:30:36 +00:00			`}`
			`}`