homebox/backend/internal/services/service_user.go

package services

import (
	"context"
	"errors"
	"time"

	"github.com/google/uuid"
	"github.com/hay-kot/content/backend/internal/repo"
	"github.com/hay-kot/content/backend/internal/services/mappers"
	"github.com/hay-kot/content/backend/internal/types"
	"github.com/hay-kot/content/backend/pkgs/hasher"
)

var (
	oneWeek              = time.Hour * 24 * 7
	ErrorInvalidLogin    = errors.New("invalid username or password")
	ErrorInvalidToken    = errors.New("invalid token")
	ErrorTokenIdMismatch = errors.New("token id mismatch")
)

type UserService struct {
	repos *repo.AllRepos
}

// RegisterUser creates a new user and group in the data with the provided data. It also bootstraps the user's group
// with default Labels and Locations.
func (svc *UserService) RegisterUser(ctx context.Context, data types.UserRegistration) (*types.UserOut, error) {
	group, err := svc.repos.Groups.Create(ctx, data.GroupName)
	if err != nil {
		return &types.UserOut{}, err
	}

	hashed, _ := hasher.HashPassword(data.User.Password)
	usrCreate := types.UserCreate{
		Name:        data.User.Name,
		Email:       data.User.Email,
		Password:    hashed,
		IsSuperuser: false,
		GroupID:     group.ID,
	}

	usr, err := svc.repos.Users.Create(ctx, usrCreate)
	if err != nil {
		return &types.UserOut{}, err
	}

	for _, label := range defaultLabels() {
		_, err := svc.repos.Labels.Create(ctx, group.ID, label)
		if err != nil {
			return &types.UserOut{}, err
		}
	}

	for _, location := range defaultLocations() {
		_, err := svc.repos.Locations.Create(ctx, group.ID, location)
		if err != nil {
			return &types.UserOut{}, err
		}
	}

	return mappers.ToOutUser(usr, nil)
}

// GetSelf returns the user that is currently logged in based of the token provided within
func (svc *UserService) GetSelf(ctx context.Context, requestToken string) (*types.UserOut, error) {
	hash := hasher.HashToken(requestToken)
	return mappers.ToOutUser(svc.repos.AuthTokens.GetUserFromToken(ctx, hash))
}

func (svc *UserService) UpdateSelf(ctx context.Context, ID uuid.UUID, data types.UserUpdate) (*types.UserOut, error) {
	err := svc.repos.Users.Update(ctx, ID, data)
	if err != nil {
		return &types.UserOut{}, err
	}

	return mappers.ToOutUser(svc.repos.Users.GetOneId(ctx, ID))
}

// ============================================================================
// User Authentication

func (svc *UserService) createToken(ctx context.Context, userId uuid.UUID) (types.UserAuthTokenDetail, error) {
	newToken := hasher.GenerateToken()

	created, err := svc.repos.AuthTokens.CreateToken(ctx, types.UserAuthTokenCreate{
		UserID:    userId,
		TokenHash: newToken.Hash,
		ExpiresAt: time.Now().Add(oneWeek),
	})

	return types.UserAuthTokenDetail{Raw: newToken.Raw, ExpiresAt: created.ExpiresAt}, err
}

func (svc *UserService) Login(ctx context.Context, username, password string) (types.UserAuthTokenDetail, error) {
	usr, err := svc.repos.Users.GetOneEmail(ctx, username)

	if err != nil || !hasher.CheckPasswordHash(password, usr.Password) {
		return types.UserAuthTokenDetail{}, ErrorInvalidLogin
	}

	return svc.createToken(ctx, usr.ID)
}

func (svc *UserService) Logout(ctx context.Context, token string) error {
	hash := hasher.HashToken(token)
	err := svc.repos.AuthTokens.DeleteToken(ctx, hash)
	return err
}

func (svc *UserService) RenewToken(ctx context.Context, token string) (types.UserAuthTokenDetail, error) {
	hash := hasher.HashToken(token)

	dbToken, err := svc.repos.AuthTokens.GetUserFromToken(ctx, hash)

	if err != nil {
		return types.UserAuthTokenDetail{}, ErrorInvalidToken
	}

	newToken, _ := svc.createToken(ctx, dbToken.ID)

	return newToken, nil
}

// DeleteSelf deletes the user that is currently logged based of the provided UUID
// There is _NO_ protection against deleting the wrong user, as such this should only
// be used when the identify of the user has been confirmed.
func (svc *UserService) DeleteSelf(ctx context.Context, ID uuid.UUID) error {
	return svc.repos.Users.Delete(ctx, ID)
}
Initial commit 2022-08-30 02:30:36 +00:00			`package services`

			`import (`
			`"context"`
			`"errors"`
			`"time"`

			`"github.com/google/uuid"`
update imports 2022-08-30 02:40:54 +00:00			`"github.com/hay-kot/content/backend/internal/repo"`
end-to-end testing setup 2022-09-04 02:42:03 +00:00			`"github.com/hay-kot/content/backend/internal/services/mappers"`
update imports 2022-08-30 02:40:54 +00:00			`"github.com/hay-kot/content/backend/internal/types"`
			`"github.com/hay-kot/content/backend/pkgs/hasher"`
Initial commit 2022-08-30 02:30:36 +00:00			`)`

			`var (`
			`oneWeek = time.Hour * 24 * 7`
			`ErrorInvalidLogin = errors.New("invalid username or password")`
			`ErrorInvalidToken = errors.New("invalid token")`
			`ErrorTokenIdMismatch = errors.New("token id mismatch")`
			`)`

			`type UserService struct {`
			`repos *repo.AllRepos`
			`}`

inject defaults + cleanup 2022-09-04 06:19:13 +00:00			`// RegisterUser creates a new user and group in the data with the provided data. It also bootstraps the user's group`
			`// with default Labels and Locations.`
update data contract for users 2022-08-31 00:44:49 +00:00			`func (svc UserService) RegisterUser(ctx context.Context, data types.UserRegistration) (types.UserOut, error) {`
align types with new db schema 2022-08-30 18:05:11 +00:00			`group, err := svc.repos.Groups.Create(ctx, data.GroupName)`
			`if err != nil {`
update data contract for users 2022-08-31 00:44:49 +00:00			`return &types.UserOut{}, err`
align types with new db schema 2022-08-30 18:05:11 +00:00			`}`

			`hashed, _ := hasher.HashPassword(data.User.Password)`
			`usrCreate := types.UserCreate{`
			`Name: data.User.Name,`
			`Email: data.User.Email,`
			`Password: hashed,`
			`IsSuperuser: false,`
			`GroupID: group.ID,`
			`}`

inject defaults + cleanup 2022-09-04 06:19:13 +00:00			`usr, err := svc.repos.Users.Create(ctx, usrCreate)`
			`if err != nil {`
			`return &types.UserOut{}, err`
			`}`

			`for _, label := range defaultLabels() {`
			`_, err := svc.repos.Labels.Create(ctx, group.ID, label)`
			`if err != nil {`
			`return &types.UserOut{}, err`
			`}`
			`}`

			`for _, location := range defaultLocations() {`
			`_, err := svc.repos.Locations.Create(ctx, group.ID, location)`
			`if err != nil {`
			`return &types.UserOut{}, err`
			`}`
			`}`

			`return mappers.ToOutUser(usr, nil)`
align types with new db schema 2022-08-30 18:05:11 +00:00			`}`

Initial commit 2022-08-30 02:30:36 +00:00			`// GetSelf returns the user that is currently logged in based of the token provided within`
update data contract for users 2022-08-31 00:44:49 +00:00			`func (svc UserService) GetSelf(ctx context.Context, requestToken string) (types.UserOut, error) {`
Initial commit 2022-08-30 02:30:36 +00:00			`hash := hasher.HashToken(requestToken)`
end-to-end testing setup 2022-09-04 02:42:03 +00:00			`return mappers.ToOutUser(svc.repos.AuthTokens.GetUserFromToken(ctx, hash))`
Initial commit 2022-08-30 02:30:36 +00:00			`}`

update data contract for users 2022-08-31 00:44:49 +00:00			`func (svc UserService) UpdateSelf(ctx context.Context, ID uuid.UUID, data types.UserUpdate) (types.UserOut, error) {`
Initial commit 2022-08-30 02:30:36 +00:00			`err := svc.repos.Users.Update(ctx, ID, data)`
			`if err != nil {`
update data contract for users 2022-08-31 00:44:49 +00:00			`return &types.UserOut{}, err`
Initial commit 2022-08-30 02:30:36 +00:00			`}`

end-to-end testing setup 2022-09-04 02:42:03 +00:00			`return mappers.ToOutUser(svc.repos.Users.GetOneId(ctx, ID))`
Initial commit 2022-08-30 02:30:36 +00:00			`}`

			`// ============================================================================`
			`// User Authentication`

			`func (svc *UserService) createToken(ctx context.Context, userId uuid.UUID) (types.UserAuthTokenDetail, error) {`
			`newToken := hasher.GenerateToken()`

			`created, err := svc.repos.AuthTokens.CreateToken(ctx, types.UserAuthTokenCreate{`
			`UserID: userId,`
			`TokenHash: newToken.Hash,`
			`ExpiresAt: time.Now().Add(oneWeek),`
			`})`

			`return types.UserAuthTokenDetail{Raw: newToken.Raw, ExpiresAt: created.ExpiresAt}, err`
			`}`

			`func (svc *UserService) Login(ctx context.Context, username, password string) (types.UserAuthTokenDetail, error) {`
			`usr, err := svc.repos.Users.GetOneEmail(ctx, username)`

			`if err != nil \|\| !hasher.CheckPasswordHash(password, usr.Password) {`
			`return types.UserAuthTokenDetail{}, ErrorInvalidLogin`
			`}`

			`return svc.createToken(ctx, usr.ID)`
			`}`

			`func (svc *UserService) Logout(ctx context.Context, token string) error {`
			`hash := hasher.HashToken(token)`
			`err := svc.repos.AuthTokens.DeleteToken(ctx, hash)`
			`return err`
			`}`

			`func (svc *UserService) RenewToken(ctx context.Context, token string) (types.UserAuthTokenDetail, error) {`
			`hash := hasher.HashToken(token)`

			`dbToken, err := svc.repos.AuthTokens.GetUserFromToken(ctx, hash)`

			`if err != nil {`
			`return types.UserAuthTokenDetail{}, ErrorInvalidToken`
			`}`

			`newToken, _ := svc.createToken(ctx, dbToken.ID)`

			`return newToken, nil`
			`}`
end-to-end testing setup 2022-09-04 02:42:03 +00:00
			`// DeleteSelf deletes the user that is currently logged based of the provided UUID`
			`// There is _NO_ protection against deleting the wrong user, as such this should only`
			`// be used when the identify of the user has been confirmed.`
			`func (svc *UserService) DeleteSelf(ctx context.Context, ID uuid.UUID) error {`
			`return svc.repos.Users.Delete(ctx, ID)`
			`}`