authkit/service_magic.go

package authkit

import (
	"context"
	"errors"

	"git.juancwu.dev/juancwu/errx"
)

// RequestMagicLink mints a single-use magic-link token for the email and
// returns the plaintext for delivery.
//
// Default behavior is anti-enumeration: if the email is not registered,
// returns ("", nil) — the caller cannot distinguish "exists" from "doesn't
// exist". Set Config.RevealUnknownEmail = true to surface ErrUserNotFound.
func (a *Auth) RequestMagicLink(ctx context.Context, email string) (string, error) {
	const op = "authkit.Auth.RequestMagicLink"
	u, err := a.storeGetUserByEmail(ctx, normalizeEmail(email))
	if err != nil {
		if errors.Is(err, ErrUserNotFound) && !a.cfg.RevealUnknownEmail {
			return "", nil
		}
		return "", errx.Wrap(op, err)
	}
	plaintext, hash, err := MintOpaqueSecret(a.cfg.Random, prefixMagicLink)
	if err != nil {
		return "", errx.Wrap(op, err)
	}
	now := a.now()
	t := &Token{
		Hash:      hash,
		Kind:      TokenMagicLink,
		UserID:    u.ID,
		CreatedAt: now,
		ExpiresAt: now.Add(a.cfg.MagicLinkTTL),
	}
	if err := a.storeCreateToken(ctx, t); err != nil {
		return "", errx.Wrap(op, err)
	}
	return plaintext, nil
}

// ConsumeMagicLink consumes the magic-link token and returns the
// authenticated user. Callers typically follow with IssueSession or
// IssueJWT to actually log the user in. A successful consume implicitly
// verifies the email (the user demonstrably controls the inbox).
func (a *Auth) ConsumeMagicLink(ctx context.Context, plaintextToken string) (*User, error) {
	const op = "authkit.Auth.ConsumeMagicLink"
	hash, ok := ParseOpaqueSecret(prefixMagicLink, plaintextToken)
	if !ok {
		return nil, errx.Wrap(op, ErrTokenInvalid)
	}
	now := a.now()
	t, err := a.storeConsumeToken(ctx, TokenMagicLink, hash, now)
	if err != nil {
		return nil, errx.Wrap(op, err)
	}
	u, err := a.storeGetUserByID(ctx, t.UserID)
	if err != nil {
		return nil, errx.Wrap(op, err)
	}
	if u.EmailVerifiedAt == nil {
		if err := a.storeSetEmailVerified(ctx, u.ID, now); err == nil {
			u.EmailVerifiedAt = &now
		}
	}
	return u, nil
}