mirror of
https://github.com/ForFarmTeam/ForFarm.git
synced 2025-12-19 22:14:08 +01:00
102 lines
2.6 KiB
Go
102 lines
2.6 KiB
Go
package api
|
|
|
|
import (
|
|
"context"
|
|
"crypto/rand"
|
|
"errors"
|
|
"net/http"
|
|
|
|
"github.com/danielgtaylor/huma/v2"
|
|
"github.com/forfarm/backend/internal/domain"
|
|
"github.com/forfarm/backend/internal/utilities"
|
|
"github.com/go-chi/chi/v5"
|
|
"golang.org/x/crypto/bcrypt"
|
|
)
|
|
|
|
func (a *api) registerOauthRoutes(_ chi.Router, apiInstance huma.API) {
|
|
tags := []string{"oauth"}
|
|
huma.Register(apiInstance, huma.Operation{
|
|
OperationID: "oauth_exchange",
|
|
Method: http.MethodPost,
|
|
Path: "/oauth/exchange",
|
|
Tags: tags,
|
|
}, a.exchangeHandler)
|
|
}
|
|
|
|
type ExchangeTokenInput struct {
|
|
Body struct {
|
|
AccessToken string `json:"access_token" example:"Google ID token obtained after login"`
|
|
}
|
|
}
|
|
|
|
type ExchangeTokenOutput struct {
|
|
Body struct {
|
|
JWT string `json:"jwt" example:"Fresh JWT for frontend authentication"`
|
|
Email string `json:"email" example:"Email address of the user"`
|
|
}
|
|
}
|
|
|
|
func generateRandomPassword(length int) (string, error) {
|
|
const charset = "abcdefghijklmnopqrstuvwxyz" +
|
|
"ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789!@#$%^&*()-_=+[]{}<>?,./"
|
|
|
|
bytes := make([]byte, length)
|
|
if _, err := rand.Read(bytes); err != nil {
|
|
return "", err
|
|
}
|
|
|
|
for i, b := range bytes {
|
|
bytes[i] = charset[b%byte(len(charset))]
|
|
}
|
|
return string(bytes), nil
|
|
}
|
|
|
|
// exchangeHandler assumes the provided access token is a Google ID token.
|
|
// It verifies the token with Google, and if the user doesn't exist,
|
|
// it creates a new user with a randomly generated password before issuing your JWT.
|
|
func (a *api) exchangeHandler(ctx context.Context, input *ExchangeTokenInput) (*ExchangeTokenOutput, error) {
|
|
if input.Body.AccessToken == "" {
|
|
return nil, errors.New("access token is required")
|
|
}
|
|
|
|
googleUserID, email, err := utilities.ExtractGoogleUserID(input.Body.AccessToken)
|
|
if err != nil {
|
|
return nil, errors.New("invalid Google ID token")
|
|
}
|
|
|
|
user, err := a.userRepo.GetByEmail(ctx, email)
|
|
if err == domain.ErrNotFound {
|
|
newPassword, err := generateRandomPassword(12)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
hashedPassword, err := bcrypt.GenerateFromPassword([]byte(newPassword), bcrypt.DefaultCost)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
newUser := &domain.User{
|
|
Email: email,
|
|
Password: string(hashedPassword),
|
|
}
|
|
if err := a.userRepo.CreateOrUpdate(ctx, newUser); err != nil {
|
|
return nil, err
|
|
}
|
|
user = *newUser
|
|
} else if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
token, err := utilities.CreateJwtToken(user.UUID)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
output := &ExchangeTokenOutput{}
|
|
output.Body.JWT = token
|
|
output.Body.Email = email
|
|
_ = googleUserID // Maybe need in the future
|
|
return output, nil
|
|
}
|