[perso/Immae/Projets/Cryptomonnaies/Cryptoportfolio/Front.git] / api / user.go

package api

import (
	"fmt"
	"regexp"
	"strconv"
	"time"

	"github.com/dchest/passwordreset"
	"github.com/gin-gonic/gin"

	"git.immae.eu/Cryptoportfolio/Front.git/db"
)

const (
	VALID_EMAIL_REGEX = `(?i)^[A-Z0-9._%+-]+@[A-Z0-9.-]+\.[A-Z]{2,4}$`
)

func UserConfirmed(c *gin.Context) *Error {
	user, exists := c.Get("user")

	if !exists {
		return &Error{NotAuthorized, "not authorized", fmt.Errorf("no user key in context")}
	}

	if user.(db.User).Status != db.Confirmed {
		return &Error{UserNotConfirmed, "user awaiting admin validation", fmt.Errorf("user '%v' not confirmed", user)}
	}

	return nil
}

func UserIsAdmin(c *gin.Context) *Error {
	user, exists := c.Get("user")

	if !exists {
		return &Error{NotAuthorized, "not authorized", fmt.Errorf("no user key in context")}
	}

	if user.(db.User).Role != db.RoleAdmin {
		return &Error{NotAuthorized, "not authorized", fmt.Errorf("user '%v' is not admin", user)}
	}

	return nil
}

func GetUser(c *gin.Context) db.User {
	user, _ := c.Get("user")

	return user.(db.User)
}

func IsValidEmailAddress(email string) bool {
	r := regexp.MustCompile(VALID_EMAIL_REGEX)

	return r.MatchString(email)
}

type SignParams struct {
	Email    string
	Password string
}

type SignResult struct {
	Token   string `json:"token"`
	IsAdmin bool   `json:"isAdmin"`
}

func (s SignParams) Validate() *Error {
	if !IsValidEmailAddress(s.Email) {
		return &Error{InvalidEmail, "invalid email", fmt.Errorf("'%v' is not a valid email", s.Email)}
	}

	if s.Password == "" {
		return &Error{InvalidPassword, "invalid password", fmt.Errorf("invalid password")}
	}

	return nil
}

type SignupQuery struct {
	In SignParams
}

func (q SignupQuery) ValidateParams() *Error {
	return q.In.Validate()
}

func (q SignupQuery) Run() (interface{}, *Error) {
	user, err := db.GetUserByEmail(q.In.Email)
	if err != nil {
		return nil, NewInternalError(err)
	}

	if user != nil {
		return nil, &Error{EmailExists, "email already taken", fmt.Errorf("'%v' is already registered '%v'", q.In.Email, user)}
	}

	newUser := db.User{Email: q.In.Email, Status: db.AwaitingConfirmation}
	newUser.PasswordHash, err = db.HashPassword(q.In.Password)
	if err != nil {
		return nil, NewInternalError(err)
	}

	err = db.InsertUser(&newUser)
	if err != nil {
		return nil, NewInternalError(err)
	}

	token, err := CreateJwtToken(newUser.Id)
	if err != nil {
		return nil, NewInternalError(fmt.Errorf("cannot create jwt token %v", err))
	}

	if CONFIG.FreeSMSUser != "" {
		err := SendSMS(CONFIG.FreeSMSUser, CONFIG.FreeSMSPass, fmt.Sprintf("New user signup '%v'", q.In.Email))
		if err != nil {
			log.Error(err)
		}
	}

	configMap := make(map[string]string)
	configMap["key"] = ""
	configMap["secret"] = ""

	_, err = db.SetUserMarketConfig(newUser.Id, "poloniex", configMap)
	if err != nil {
		return nil, NewInternalError(err)
	}

	if MAIL_CONFIG.IsEnabled {
		mailConfirmationToken := passwordreset.NewToken(q.In.Email, time.Hour*24*1, []byte(strconv.FormatUint(uint64(newUser.Status), 10)), PASSWORD_RESET_SECRET)
		err = SendConfirmationMail(q.In.Email, mailConfirmationToken)
		if err != nil {
			return nil, NewInternalError(err)
		}
	}

	return SignResult{token, newUser.Role == db.RoleAdmin}, nil
}

type SigninQuery struct {
	In SignParams
}

func (q SigninQuery) ValidateParams() *Error {
	return q.In.Validate()
}

func (q SigninQuery) Run() (interface{}, *Error) {
	user, err := db.GetUserByEmail(q.In.Email)
	if err != nil {
		return nil, NewInternalError(err)
	}

	if user == nil {
		return nil, &Error{InvalidCredentials, "invalid credentials", fmt.Errorf("no email '%v' found", q.In.Email)}
	}

	err = db.ValidatePassword(q.In.Password, user.PasswordHash)
	if err != nil {
		return nil, &Error{InvalidCredentials, "invalid credentials", err}
	}

	token, err := CreateJwtToken(user.Id)
	if err != nil {
		return nil, NewInternalError(err)
	}

	return SignResult{token, user.Role == db.RoleAdmin}, nil
}

type ConfirmEmailQuery struct {
	In struct {
		Token string
	}
}

func (q ConfirmEmailQuery) ValidateParams() *Error {

	if q.In.Token == "" {
		return &Error{BadRequest, "invalid token", fmt.Errorf("invalid token")}
	}

	return nil
}

func (q ConfirmEmailQuery) Run() (interface{}, *Error) {
	var user *db.User

	email, err := passwordreset.VerifyToken(q.In.Token, func(email string) ([]byte, error) {
		var err error
		user, err = db.GetUserByEmail(email)
		if err != nil {
			return nil, err
		}

		if user == nil {
			return nil, fmt.Errorf("'%v' is not registered", email)
		}

		return []byte(strconv.FormatUint(uint64(user.Status), 10)), nil

	}, PASSWORD_RESET_SECRET)

	if err != nil && (err == passwordreset.ErrExpiredToken) {
		return nil, &Error{BadRequest, "expired token", fmt.Errorf("expired token")}
	} else if err != nil && (err == passwordreset.ErrMalformedToken || err == passwordreset.ErrWrongSignature) {
		return nil, &Error{BadRequest, "wrong token", fmt.Errorf("wrong token")}
	} else if err != nil {
		return nil, NewInternalError(err)
	}

	if user == nil {
		return nil, &Error{BadRequest, "bad request", fmt.Errorf("no user found for email '%v'", email)}
	}

	err = db.SetUserStatus(user, db.Confirmed)
	if err != nil {
		return nil, NewInternalError(err)
	}

	return nil, nil
}

type UserAccountQuery struct {
	In struct {
		User db.User
	}
	Out struct {
		Email string `json:"email"`
	}
}

func (q UserAccountQuery) ValidateParams() *Error {
	return nil
}

func (q UserAccountQuery) Run() (interface{}, *Error) {
	q.Out.Email = q.In.User.Email

	return q.Out, nil
}
Commit	Line	Data
7a9e5112	1	package api
	2
	3	import (
	4	"fmt"
	5	"regexp"
2da5b12c	6	"strconv"
2da5b12c	7	"time"
7a9e5112	8
2da5b12c	9	"github.com/dchest/passwordreset"
7a9e5112	10	"github.com/gin-gonic/gin"
7a9e5112	11
1d68446a	12	"git.immae.eu/Cryptoportfolio/Front.git/db"
7a9e5112	13	)
	14
	15	const (
	16	VALID_EMAIL_REGEX = `(?i)^[A-Z0-9._%+-]+@[A-Z0-9.-]+\.[A-Z]{2,4}$`
	17	)
	18
d1c0ccfc	19	func UserConfirmed(c gin.Context) Error {
	20	user, exists := c.Get("user")
	21
	22	if !exists {
	23	return &Error{NotAuthorized, "not authorized", fmt.Errorf("no user key in context")}
	24	}
	25
	26	if user.(db.User).Status != db.Confirmed {
	27	return &Error{UserNotConfirmed, "user awaiting admin validation", fmt.Errorf("user '%v' not confirmed", user)}
	28	}
	29
	30	return nil
	31	}
	32
cf5bb85c	33	func UserIsAdmin(c gin.Context) Error {
	34	user, exists := c.Get("user")
	35
	36	if !exists {
	37	return &Error{NotAuthorized, "not authorized", fmt.Errorf("no user key in context")}
	38	}
	39
	40	if user.(db.User).Role != db.RoleAdmin {
	41	return &Error{NotAuthorized, "not authorized", fmt.Errorf("user '%v' is not admin", user)}
	42	}
	43
	44	return nil
	45	}
	46
d1c0ccfc	47	func GetUser(c *gin.Context) db.User {
	48	user, _ := c.Get("user")
	49
	50	return user.(db.User)
	51	}
	52
7a9e5112	53	func IsValidEmailAddress(email string) bool {
	54	r := regexp.MustCompile(VALID_EMAIL_REGEX)
	55
	56	return r.MatchString(email)
	57	}
	58
	59	type SignParams struct {
	60	Email string
	61	Password string
	62	}
	63
	64	type SignResult struct {
2e4885d9	65	Token string `json:"token"`
2e4885d9	66	IsAdmin bool `json:"isAdmin"`
7a9e5112	67	}
	68
	69	func (s SignParams) Validate() *Error {
	70	if !IsValidEmailAddress(s.Email) {
	71	return &Error{InvalidEmail, "invalid email", fmt.Errorf("'%v' is not a valid email", s.Email)}
	72	}
	73
	74	if s.Password == "" {
	75	return &Error{InvalidPassword, "invalid password", fmt.Errorf("invalid password")}
	76	}
	77
	78	return nil
	79	}
	80
	81	type SignupQuery struct {
	82	In SignParams
	83	}
	84
	85	func (q SignupQuery) ValidateParams() *Error {
	86	return q.In.Validate()
	87	}
	88
	89	func (q SignupQuery) Run() (interface{}, *Error) {
	90	user, err := db.GetUserByEmail(q.In.Email)
	91	if err != nil {
	92	return nil, NewInternalError(err)
	93	}
	94
	95	if user != nil {
	96	return nil, &Error{EmailExists, "email already taken", fmt.Errorf("'%v' is already registered '%v'", q.In.Email, user)}
	97	}
	98
	99	newUser := db.User{Email: q.In.Email, Status: db.AwaitingConfirmation}
	100	newUser.PasswordHash, err = db.HashPassword(q.In.Password)
	101	if err != nil {
	102	return nil, NewInternalError(err)
	103	}
	104
	105	err = db.InsertUser(&newUser)
	106	if err != nil {
	107	return nil, NewInternalError(err)
	108	}
	109
	110	token, err := CreateJwtToken(newUser.Id)
	111	if err != nil {
	112	return nil, NewInternalError(fmt.Errorf("cannot create jwt token %v", err))
	113	}
	114
85545aba	115	if CONFIG.FreeSMSUser != "" {
	116	err := SendSMS(CONFIG.FreeSMSUser, CONFIG.FreeSMSPass, fmt.Sprintf("New user signup '%v'", q.In.Email))
	117	if err != nil {
574bf1e4	118	log.Error(err)
85545aba	119	}
	120	}
	121
84cce85f	122	configMap := make(map[string]string)
	123	configMap["key"] = ""
	124	configMap["secret"] = ""
	125
	126	_, err = db.SetUserMarketConfig(newUser.Id, "poloniex", configMap)
	127	if err != nil {
	128	return nil, NewInternalError(err)
	129	}
	130
2da5b12c	131	if MAIL_CONFIG.IsEnabled {
	132	mailConfirmationToken := passwordreset.NewToken(q.In.Email, time.Hour241, []byte(strconv.FormatUint(uint64(newUser.Status), 10)), PASSWORD_RESET_SECRET)
	133	err = SendConfirmationMail(q.In.Email, mailConfirmationToken)
	134	if err != nil {
	135	return nil, NewInternalError(err)
	136	}
	137	}
	138
2e4885d9	139	return SignResult{token, newUser.Role == db.RoleAdmin}, nil
7a9e5112	140	}
	141
	142	type SigninQuery struct {
	143	In SignParams
	144	}
	145
	146	func (q SigninQuery) ValidateParams() *Error {
	147	return q.In.Validate()
	148	}
	149
	150	func (q SigninQuery) Run() (interface{}, *Error) {
	151	user, err := db.GetUserByEmail(q.In.Email)
	152	if err != nil {
	153	return nil, NewInternalError(err)
	154	}
	155
	156	if user == nil {
	157	return nil, &Error{InvalidCredentials, "invalid credentials", fmt.Errorf("no email '%v' found", q.In.Email)}
	158	}
	159
	160	err = db.ValidatePassword(q.In.Password, user.PasswordHash)
	161	if err != nil {
	162	return nil, &Error{InvalidCredentials, "invalid credentials", err}
	163	}
	164
7a9e5112	165	token, err := CreateJwtToken(user.Id)
	166	if err != nil {
	167	return nil, NewInternalError(err)
	168	}
	169
2e4885d9	170	return SignResult{token, user.Role == db.RoleAdmin}, nil
7a9e5112	171	}
7a9e5112	172
2da5b12c	173	type ConfirmEmailQuery struct {
	174	In struct {
	175	Token string
	176	}
	177	}
	178
	179	func (q ConfirmEmailQuery) ValidateParams() *Error {
	180
	181	if q.In.Token == "" {
	182	return &Error{BadRequest, "invalid token", fmt.Errorf("invalid token")}
	183	}
	184
	185	return nil
	186	}
	187
	188	func (q ConfirmEmailQuery) Run() (interface{}, *Error) {
	189	var user *db.User
	190
	191	email, err := passwordreset.VerifyToken(q.In.Token, func(email string) ([]byte, error) {
	192	var err error
	193	user, err = db.GetUserByEmail(email)
	194	if err != nil {
	195	return nil, err
	196	}
	197
	198	if user == nil {
	199	return nil, fmt.Errorf("'%v' is not registered", email)
	200	}
	201
	202	return []byte(strconv.FormatUint(uint64(user.Status), 10)), nil
	203
	204	}, PASSWORD_RESET_SECRET)
	205
	206	if err != nil && (err == passwordreset.ErrExpiredToken) {
	207	return nil, &Error{BadRequest, "expired token", fmt.Errorf("expired token")}
	208	} else if err != nil && (err == passwordreset.ErrMalformedToken \|\| err == passwordreset.ErrWrongSignature) {
	209	return nil, &Error{BadRequest, "wrong token", fmt.Errorf("wrong token")}
	210	} else if err != nil {
	211	return nil, NewInternalError(err)
	212	}
	213
	214	if user == nil {
	215	return nil, &Error{BadRequest, "bad request", fmt.Errorf("no user found for email '%v'", email)}
	216	}
	217
	218	err = db.SetUserStatus(user, db.Confirmed)
	219	if err != nil {
	220	return nil, NewInternalError(err)
	221	}
	222
	223	return nil, nil
	224	}
d1c0ccfc	225
	226	type UserAccountQuery struct {
	227	In struct {
	228	User db.User
	229	}
	230	Out struct {
	231	Email string `json:"email"`
	232	}
	233	}
	234
	235	func (q UserAccountQuery) ValidateParams() *Error {
	236	return nil
	237	}
	238
	239	func (q UserAccountQuery) Run() (interface{}, *Error) {
	240	q.Out.Email = q.In.User.Email
	241
	242	return q.Out, nil
	243	}