feat: password auth
This commit is contained in:
juancwu
parent
6c704828ce
commit
7443547593
7 changed files with 317 additions and 9 deletions
|
|
@ -1,6 +1,7 @@
|
|||
package handler
|
||||
|
||||
import (
|
||||
"errors"
|
||||
"log/slog"
|
||||
"net/http"
|
||||
"strings"
|
||||
|
|
@ -31,6 +32,70 @@ func (h *authHandler) PasswordPage(w http.ResponseWriter, r *http.Request) {
|
|||
ui.Render(w, r, pages.AuthPassword(""))
|
||||
}
|
||||
|
||||
func (h *authHandler) LoginWithPassword(w http.ResponseWriter, r *http.Request) {
|
||||
email := strings.TrimSpace(r.FormValue("email"))
|
||||
password := r.FormValue("password")
|
||||
|
||||
if email == "" || password == "" {
|
||||
ui.Render(w, r, pages.AuthPassword("Email and password are required"))
|
||||
return
|
||||
}
|
||||
|
||||
user, err := h.authService.LoginWithPassword(email, password)
|
||||
if err != nil {
|
||||
slog.Warn("password login failed", "error", err, "email", email)
|
||||
|
||||
msg := "An error occurred. Please try again."
|
||||
if errors.Is(err, service.ErrInvalidCredentials) {
|
||||
msg = "Invalid email or password"
|
||||
} else if errors.Is(err, service.ErrNoPassword) {
|
||||
msg = "This account uses passwordless login. Please use a magic link."
|
||||
}
|
||||
|
||||
ui.Render(w, r, pages.AuthPassword(msg))
|
||||
return
|
||||
}
|
||||
|
||||
jwtToken, err := h.authService.GenerateJWT(user)
|
||||
if err != nil {
|
||||
slog.Error("failed to generate JWT", "error", err, "user_id", user.ID)
|
||||
ui.Render(w, r, pages.AuthPassword("An error occurred. Please try again."))
|
||||
return
|
||||
}
|
||||
|
||||
h.authService.SetJWTCookie(w, jwtToken, time.Now().Add(7*24*time.Hour))
|
||||
|
||||
// Check for pending invite
|
||||
inviteCookie, err := r.Cookie("pending_invite")
|
||||
if err == nil && inviteCookie.Value != "" {
|
||||
spaceID, err := h.inviteService.AcceptInvite(inviteCookie.Value, user.ID)
|
||||
if err != nil {
|
||||
slog.Error("failed to process pending invite", "error", err, "token", inviteCookie.Value)
|
||||
} else {
|
||||
slog.Info("accepted pending invite", "user_id", user.ID, "space_id", spaceID)
|
||||
http.SetCookie(w, &http.Cookie{
|
||||
Name: "pending_invite",
|
||||
Value: "",
|
||||
Path: "/",
|
||||
MaxAge: -1,
|
||||
HttpOnly: true,
|
||||
})
|
||||
}
|
||||
}
|
||||
|
||||
needsOnboarding, err := h.authService.NeedsOnboarding(user.ID)
|
||||
if err != nil {
|
||||
slog.Warn("failed to check onboarding status", "error", err, "user_id", user.ID)
|
||||
}
|
||||
|
||||
if needsOnboarding {
|
||||
http.Redirect(w, r, "/auth/onboarding", http.StatusSeeOther)
|
||||
return
|
||||
}
|
||||
|
||||
http.Redirect(w, r, "/app/dashboard", http.StatusSeeOther)
|
||||
}
|
||||
|
||||
func (h *authHandler) Logout(w http.ResponseWriter, r *http.Request) {
|
||||
h.authService.ClearJWTCookie(w)
|
||||
http.Redirect(w, r, "/", http.StatusSeeOther)
|
||||
|
|
|
|||
74
internal/handler/settings.go
Normal file
74
internal/handler/settings.go
Normal file
|
|
@ -0,0 +1,74 @@
|
|||
package handler
|
||||
|
||||
import (
|
||||
"errors"
|
||||
"log/slog"
|
||||
"net/http"
|
||||
|
||||
"git.juancwu.dev/juancwu/budgit/internal/ctxkeys"
|
||||
"git.juancwu.dev/juancwu/budgit/internal/service"
|
||||
"git.juancwu.dev/juancwu/budgit/internal/ui"
|
||||
"git.juancwu.dev/juancwu/budgit/internal/ui/pages"
|
||||
)
|
||||
|
||||
type settingsHandler struct {
|
||||
authService *service.AuthService
|
||||
userService *service.UserService
|
||||
}
|
||||
|
||||
func NewSettingsHandler(authService *service.AuthService, userService *service.UserService) *settingsHandler {
|
||||
return &settingsHandler{
|
||||
authService: authService,
|
||||
userService: userService,
|
||||
}
|
||||
}
|
||||
|
||||
func (h *settingsHandler) SettingsPage(w http.ResponseWriter, r *http.Request) {
|
||||
user := ctxkeys.User(r.Context())
|
||||
|
||||
// Re-fetch user from DB since middleware strips PasswordHash
|
||||
fullUser, err := h.userService.ByID(user.ID)
|
||||
if err != nil {
|
||||
slog.Error("failed to fetch user for settings", "error", err, "user_id", user.ID)
|
||||
http.Error(w, "Internal Server Error", http.StatusInternalServerError)
|
||||
return
|
||||
}
|
||||
|
||||
ui.Render(w, r, pages.AppSettings(fullUser.HasPassword(), ""))
|
||||
}
|
||||
|
||||
func (h *settingsHandler) SetPassword(w http.ResponseWriter, r *http.Request) {
|
||||
user := ctxkeys.User(r.Context())
|
||||
|
||||
currentPassword := r.FormValue("current_password")
|
||||
newPassword := r.FormValue("new_password")
|
||||
confirmPassword := r.FormValue("confirm_password")
|
||||
|
||||
// Re-fetch user to check HasPassword
|
||||
fullUser, err := h.userService.ByID(user.ID)
|
||||
if err != nil {
|
||||
slog.Error("failed to fetch user for set password", "error", err, "user_id", user.ID)
|
||||
http.Error(w, "Internal Server Error", http.StatusInternalServerError)
|
||||
return
|
||||
}
|
||||
|
||||
err = h.authService.SetPassword(user.ID, currentPassword, newPassword, confirmPassword)
|
||||
if err != nil {
|
||||
slog.Warn("set password failed", "error", err, "user_id", user.ID)
|
||||
|
||||
msg := "An error occurred. Please try again."
|
||||
if errors.Is(err, service.ErrInvalidCredentials) {
|
||||
msg = "Current password is incorrect"
|
||||
} else if errors.Is(err, service.ErrPasswordsDoNotMatch) {
|
||||
msg = "New passwords do not match"
|
||||
} else if errors.Is(err, service.ErrWeakPassword) {
|
||||
msg = "Password must be at least 12 characters"
|
||||
}
|
||||
|
||||
ui.Render(w, r, pages.AppSettings(fullUser.HasPassword(), msg))
|
||||
return
|
||||
}
|
||||
|
||||
// Password set successfully — render page with success message
|
||||
ui.Render(w, r, pages.AppSettings(true, ""))
|
||||
}
|
||||
Loading…
Add table
Add a link
Reference in a new issue