draincloud-core/internal/app/handlers/logon.go

package handlers

import (
	"bytes"
	"context"
	"encoding/json"
	"errors"
	"fmt"
	"log/slog"
	"net/http"
	"time"

	"git.optclblast.xyz/draincloud/draincloud-core/internal/common"
	"git.optclblast.xyz/draincloud/draincloud-core/internal/domain"
	"git.optclblast.xyz/draincloud/draincloud-core/internal/errs"
	"git.optclblast.xyz/draincloud/draincloud-core/internal/handler"
	"git.optclblast.xyz/draincloud/draincloud-core/internal/logger"
	"git.optclblast.xyz/draincloud/draincloud-core/internal/storage"
	"git.optclblast.xyz/draincloud/draincloud-core/internal/storage/models/auth"
	"github.com/google/uuid"
	"golang.org/x/crypto/bcrypt"
)

type LogonHandler struct {
	*handler.BaseHandler
	authStorage storage.AuthStorage
}

func NewLogonHandler(
	authStorage storage.AuthStorage,
) *LogonHandler {
	h := &LogonHandler{
		authStorage: authStorage,
		BaseHandler: handler.New().
			WithName("logonv1").
			WithRequiredResolveParams(),
	}
	h.WithProcessFunc(h.process)
	return h
}

func (h *LogonHandler) process(ctx context.Context, req *common.Request, w handler.Writer) error {
	logger.Debug(ctx, "[Logon] new request")

	body := new(domain.LogonRequest)
	err := json.Unmarshal(req.Body, body)
	if err != nil {
		logger.Error(ctx, "[Logon] failed to bind request", logger.Err(err))
		w.Write(ctx, map[string]string{
			"error": "bad request",
		}, handler.WithCode(http.StatusBadRequest))
		return nil
	}

	session, err := h.getSession(ctx, req)
	if err != nil && !errors.Is(err, http.ErrNoCookie) {
		return err
	}

	if session != nil {
		if err := validateSession(req, session); err != nil {
			// TODO add audit log entry
			return err
		}
		logger.Debug(ctx, "[login] user is already logged in", slog.String("session_id", session.ID.String()))
		w.Write(ctx, &domain.LogonResponse{
			Ok: true,
		})
		return nil
	}
	logger.Debug(ctx, "[login] session not founh. trying to authorize")

	resp, err := h.login(ctx, body, session, w)
	if err != nil {
		logger.Error(ctx, "[Logon] failed to login user", logger.Err(err))
		return err
	}

	w.Write(ctx, resp)
	return nil
}

func (h *LogonHandler) login(ctx context.Context, req *domain.LogonRequest, session *auth.Session, w handler.Writer) (*domain.LogonResponse, error) {
	passwordHash, err := bcrypt.GenerateFromPassword([]byte(req.Password), 10)
	if err != nil {
		logger.Error(ctx, "[login] failed to generate password hash", logger.Err(err))
		return nil, fmt.Errorf("failed to generate password hash: %w", err)
	}

	user, err := h.authStorage.GetUserByLogin(ctx, req.Login)
	if err != nil {
		return nil, fmt.Errorf("failed to fetch user by login: %w", err)
	}

	if bytes.Equal(passwordHash, user.PasswordHash) {
		logger.Warn(ctx, "[login] failed to login user. passwords hashes not equal")
		return nil, errs.ErrorAccessDenied
	}

	sessionCreatedAt := time.Now()
	sessionExpiredAt := sessionCreatedAt.Add(time.Hour * 24 * 7)

	sessionToken, err := generateSessionToken(100)
	if err != nil {
		return nil, fmt.Errorf("failed to generate a session token: %w", err)
	}
	w.SetCookie(sessionTokenCookie, sessionToken, int(sessionExpiredAt.Sub(sessionCreatedAt).Seconds()), "_path", "_domain", true, true)

	csrfToken, err := generateSessionToken(100)
	if err != nil {
		return nil, fmt.Errorf("failed to generate a csrf token: %w", err)
	}
	w.SetCookie(csrfTokenCookie, csrfToken, int(sessionExpiredAt.Sub(sessionCreatedAt).Seconds()), "_path", "_domain", true, false)

	sessionID, err := uuid.NewV7()
	if err != nil {
		return nil, fmt.Errorf("failed to generate session id: %w", err)
	}

	if _, err = h.authStorage.AddSession(ctx, &auth.Session{
		ID:           sessionID,
		SessionToken: sessionToken,
		CsrfToken:    csrfToken,
		UserID:       user.ID,
		CreatedAt:    sessionCreatedAt,
		ExpiredAt:    sessionExpiredAt,
	}); err != nil {
		return nil, fmt.Errorf("failed to save session: %w", err)
	}

	// TODO add audit log entry

	return &domain.LogonResponse{
		Ok: true,
	}, nil
}

func (h *LogonHandler) getSession(ctx context.Context, req *common.Request) (*auth.Session, error) {
	token, err := common.GetValue[string](req.Metadata, sessionTokenCookie)
	if err != nil {
		return nil, fmt.Errorf("failed to fetch session cookie from request: %w", err)
	}
	csrfToken, err := common.GetValue[string](req.Metadata, csrfTokenCookie)
	if err != nil {
		return nil, fmt.Errorf("failed to fetch csrf cookie from request: %w", err)
	}

	if len(csrfToken) == 0 || len(token) == 0 {
		return nil, fmt.Errorf("session token or csrf token is empty")
	}

	session, err := h.authStorage.GetSession(ctx, token)
	if err != nil {
		return nil, fmt.Errorf("failed to fetch session from repo: %w", err)
	}

	return session, nil
}

func validateSession(req *common.Request, session *auth.Session) error {
	if session == nil {
		return errs.ErrorAccessDenied
	}

	csrfToken, err := common.GetValue[string](req.Metadata, csrfTokenCookie)
	if err != nil {
		return fmt.Errorf("failed to fetch csrf cookie from request: %w", err)
	}

	if session.CsrfToken != csrfToken {
		return errs.ErrorAccessDenied
	}

	if session.ExpiredAt.Before(time.Now()) {
		return errs.ErrorSessionExpired
	}

	return nil
}
handlers moved to new system, upload need to be fixed and resolvers must be tested 2025-01-03 00:08:22 +00:00			`package handlers`
tmp 2024-11-23 08:52:06 +00:00
			`import (`
			`"bytes"`
handlers moved to new system, upload need to be fixed and resolvers must be tested 2025-01-03 00:08:22 +00:00			`"context"`
			`"encoding/json"`
tmp 2024-11-23 08:52:06 +00:00			`"errors"`
			`"fmt"`
			`"log/slog"`
			`"net/http"`
			`"time"`

handlers moved to new system, upload need to be fixed and resolvers must be tested 2025-01-03 00:08:22 +00:00			`"git.optclblast.xyz/draincloud/draincloud-core/internal/common"`
tmp 2024-11-23 08:52:06 +00:00			`"git.optclblast.xyz/draincloud/draincloud-core/internal/domain"`
handlers moved to new system, upload need to be fixed and resolvers must be tested 2025-01-03 00:08:22 +00:00			`"git.optclblast.xyz/draincloud/draincloud-core/internal/errs"`
			`"git.optclblast.xyz/draincloud/draincloud-core/internal/handler"`
tmp 2024-11-23 08:52:06 +00:00			`"git.optclblast.xyz/draincloud/draincloud-core/internal/logger"`
handlers moved to new system, upload need to be fixed and resolvers must be tested 2025-01-03 00:08:22 +00:00			`"git.optclblast.xyz/draincloud/draincloud-core/internal/storage"`
refactoring and some plugin stuff 2025-01-10 23:09:37 +00:00			`"git.optclblast.xyz/draincloud/draincloud-core/internal/storage/models/auth"`
init sharding cluster stuff for fun 2024-12-16 05:08:37 +00:00			`"github.com/google/uuid"`
tmp 2024-11-23 08:52:06 +00:00			`"golang.org/x/crypto/bcrypt"`
			`)`

handlers moved to new system, upload need to be fixed and resolvers must be tested 2025-01-03 00:08:22 +00:00			`type LogonHandler struct {`
			`*handler.BaseHandler`
			`authStorage storage.AuthStorage`
			`}`
tmp 2024-11-23 08:52:06 +00:00
handlers moved to new system, upload need to be fixed and resolvers must be tested 2025-01-03 00:08:22 +00:00			`func NewLogonHandler(`
			`authStorage storage.AuthStorage,`
			`) *LogonHandler {`
			`h := &LogonHandler{`
			`authStorage: authStorage,`
			`BaseHandler: handler.New().`
			`WithName("logonv1").`
			`WithRequiredResolveParams(),`
			`}`
			`h.WithProcessFunc(h.process)`
			`return h`
			`}`
tmp 2024-11-23 08:52:06 +00:00
handlers moved to new system, upload need to be fixed and resolvers must be tested 2025-01-03 00:08:22 +00:00			`func (h LogonHandler) process(ctx context.Context, req common.Request, w handler.Writer) error {`
			`logger.Debug(ctx, "[Logon] new request")`
tmp 2024-11-23 08:52:06 +00:00
handlers moved to new system, upload need to be fixed and resolvers must be tested 2025-01-03 00:08:22 +00:00			`body := new(domain.LogonRequest)`
			`err := json.Unmarshal(req.Body, body)`
tmp 2024-11-23 08:52:06 +00:00			`if err != nil {`
handlers moved to new system, upload need to be fixed and resolvers must be tested 2025-01-03 00:08:22 +00:00			`logger.Error(ctx, "[Logon] failed to bind request", logger.Err(err))`
			`w.Write(ctx, map[string]string{`
			`"error": "bad request",`
			`}, handler.WithCode(http.StatusBadRequest))`
			`return nil`
tmp 2024-11-23 08:52:06 +00:00			`}`

handlers moved to new system, upload need to be fixed and resolvers must be tested 2025-01-03 00:08:22 +00:00			`session, err := h.getSession(ctx, req)`
tmp 2024-11-23 08:52:06 +00:00			`if err != nil && !errors.Is(err, http.ErrNoCookie) {`
handlers moved to new system, upload need to be fixed and resolvers must be tested 2025-01-03 00:08:22 +00:00			`return err`
tmp 2024-11-23 08:52:06 +00:00			`}`

			`if session != nil {`
refactoring and some plugin stuff 2025-01-10 23:09:37 +00:00			`if err := validateSession(req, session); err != nil {`
tmp 2024-11-23 08:52:06 +00:00			`// TODO add audit log entry`
handlers moved to new system, upload need to be fixed and resolvers must be tested 2025-01-03 00:08:22 +00:00			`return err`
tmp 2024-11-23 08:52:06 +00:00			`}`
init sharding cluster stuff for fun 2024-12-16 05:08:37 +00:00			`logger.Debug(ctx, "[login] user is already logged in", slog.String("session_id", session.ID.String()))`
handlers moved to new system, upload need to be fixed and resolvers must be tested 2025-01-03 00:08:22 +00:00			`w.Write(ctx, &domain.LogonResponse{`
tmp 2024-11-23 08:52:06 +00:00			`Ok: true,`
handlers moved to new system, upload need to be fixed and resolvers must be tested 2025-01-03 00:08:22 +00:00			`})`
			`return nil`
tmp 2024-11-23 08:52:06 +00:00			`}`
handlers moved to new system, upload need to be fixed and resolvers must be tested 2025-01-03 00:08:22 +00:00			`logger.Debug(ctx, "[login] session not founh. trying to authorize")`

			`resp, err := h.login(ctx, body, session, w)`
			`if err != nil {`
			`logger.Error(ctx, "[Logon] failed to login user", logger.Err(err))`
			`return err`
			`}`

			`w.Write(ctx, resp)`
			`return nil`
			`}`
tmp 2024-11-23 08:52:06 +00:00
refactoring and some plugin stuff 2025-01-10 23:09:37 +00:00			`func (h LogonHandler) login(ctx context.Context, req domain.LogonRequest, session auth.Session, w handler.Writer) (domain.LogonResponse, error) {`
tmp 2024-11-23 08:52:06 +00:00			`passwordHash, err := bcrypt.GenerateFromPassword([]byte(req.Password), 10)`
			`if err != nil {`
			`logger.Error(ctx, "[login] failed to generate password hash", logger.Err(err))`
			`return nil, fmt.Errorf("failed to generate password hash: %w", err)`
			`}`

handlers moved to new system, upload need to be fixed and resolvers must be tested 2025-01-03 00:08:22 +00:00			`user, err := h.authStorage.GetUserByLogin(ctx, req.Login)`
tmp 2024-11-23 08:52:06 +00:00			`if err != nil {`
			`return nil, fmt.Errorf("failed to fetch user by login: %w", err)`
			`}`

			`if bytes.Equal(passwordHash, user.PasswordHash) {`
			`logger.Warn(ctx, "[login] failed to login user. passwords hashes not equal")`
handlers moved to new system, upload need to be fixed and resolvers must be tested 2025-01-03 00:08:22 +00:00			`return nil, errs.ErrorAccessDenied`
tmp 2024-11-23 08:52:06 +00:00			`}`

			`sessionCreatedAt := time.Now()`
			`sessionExpiredAt := sessionCreatedAt.Add(time.Hour * 24 * 7)`

			`sessionToken, err := generateSessionToken(100)`
			`if err != nil {`
			`return nil, fmt.Errorf("failed to generate a session token: %w", err)`
			`}`
handlers moved to new system, upload need to be fixed and resolvers must be tested 2025-01-03 00:08:22 +00:00			`w.SetCookie(sessionTokenCookie, sessionToken, int(sessionExpiredAt.Sub(sessionCreatedAt).Seconds()), "_path", "_domain", true, true)`
tmp 2024-11-23 08:52:06 +00:00
			`csrfToken, err := generateSessionToken(100)`
			`if err != nil {`
			`return nil, fmt.Errorf("failed to generate a csrf token: %w", err)`
			`}`
handlers moved to new system, upload need to be fixed and resolvers must be tested 2025-01-03 00:08:22 +00:00			`w.SetCookie(csrfTokenCookie, csrfToken, int(sessionExpiredAt.Sub(sessionCreatedAt).Seconds()), "_path", "_domain", true, false)`
tmp 2024-11-23 08:52:06 +00:00
init sharding cluster stuff for fun 2024-12-16 05:08:37 +00:00			`sessionID, err := uuid.NewV7()`
			`if err != nil {`
			`return nil, fmt.Errorf("failed to generate session id: %w", err)`
			`}`

refactoring and some plugin stuff 2025-01-10 23:09:37 +00:00			`if _, err = h.authStorage.AddSession(ctx, &auth.Session{`
init sharding cluster stuff for fun 2024-12-16 05:08:37 +00:00			`ID: sessionID,`
tmp 2024-11-23 08:52:06 +00:00			`SessionToken: sessionToken,`
			`CsrfToken: csrfToken,`
			`UserID: user.ID,`
			`CreatedAt: sessionCreatedAt,`
			`ExpiredAt: sessionExpiredAt,`
			`}); err != nil {`
			`return nil, fmt.Errorf("failed to save session: %w", err)`
			`}`

			`// TODO add audit log entry`

handlers moved to new system, upload need to be fixed and resolvers must be tested 2025-01-03 00:08:22 +00:00			`return &domain.LogonResponse{`
tmp 2024-11-23 08:52:06 +00:00			`Ok: true,`
			`}, nil`
			`}`

refactoring and some plugin stuff 2025-01-10 23:09:37 +00:00			`func (h LogonHandler) getSession(ctx context.Context, req common.Request) (*auth.Session, error) {`
handlers moved to new system, upload need to be fixed and resolvers must be tested 2025-01-03 00:08:22 +00:00			`token, err := common.GetValue[string](req.Metadata, sessionTokenCookie)`
tmp 2024-11-23 08:52:06 +00:00			`if err != nil {`
			`return nil, fmt.Errorf("failed to fetch session cookie from request: %w", err)`
			`}`
handlers moved to new system, upload need to be fixed and resolvers must be tested 2025-01-03 00:08:22 +00:00			`csrfToken, err := common.GetValue[string](req.Metadata, csrfTokenCookie)`
tmp 2024-11-23 08:52:06 +00:00			`if err != nil {`
			`return nil, fmt.Errorf("failed to fetch csrf cookie from request: %w", err)`
			`}`

			`if len(csrfToken) == 0 \|\| len(token) == 0 {`
			`return nil, fmt.Errorf("session token or csrf token is empty")`
			`}`

handlers moved to new system, upload need to be fixed and resolvers must be tested 2025-01-03 00:08:22 +00:00			`session, err := h.authStorage.GetSession(ctx, token)`
tmp 2024-11-23 08:52:06 +00:00			`if err != nil {`
			`return nil, fmt.Errorf("failed to fetch session from repo: %w", err)`
			`}`

			`return session, nil`
			`}`

refactoring and some plugin stuff 2025-01-10 23:09:37 +00:00			`func validateSession(req common.Request, session auth.Session) error {`
tmp 2024-11-23 08:52:06 +00:00			`if session == nil {`
handlers moved to new system, upload need to be fixed and resolvers must be tested 2025-01-03 00:08:22 +00:00			`return errs.ErrorAccessDenied`
tmp 2024-11-23 08:52:06 +00:00			`}`

handlers moved to new system, upload need to be fixed and resolvers must be tested 2025-01-03 00:08:22 +00:00			`csrfToken, err := common.GetValue[string](req.Metadata, csrfTokenCookie)`
tmp 2024-11-23 08:52:06 +00:00			`if err != nil {`
			`return fmt.Errorf("failed to fetch csrf cookie from request: %w", err)`
			`}`

			`if session.CsrfToken != csrfToken {`
handlers moved to new system, upload need to be fixed and resolvers must be tested 2025-01-03 00:08:22 +00:00			`return errs.ErrorAccessDenied`
tmp 2024-11-23 08:52:06 +00:00			`}`

			`if session.ExpiredAt.Before(time.Now()) {`
handlers moved to new system, upload need to be fixed and resolvers must be tested 2025-01-03 00:08:22 +00:00			`return errs.ErrorSessionExpired`
tmp 2024-11-23 08:52:06 +00:00			`}`

			`return nil`
			`}`