api/user.go

   1 package api
   2
   3 import (
   4         "fmt"
   5         "regexp"
   6         "strconv"
   7         "time"
   8
   9         "github.com/dchest/passwordreset"
  10         "github.com/gin-gonic/gin"
  11
  12         "immae.eu/Immae/Projets/Cryptomonnaies/Cryptoportfolio/Front/db"
  13 )
  14
  15 const (
  16         VALID_EMAIL_REGEX = `(?i)^[A-Z0-9._%+-]+@[A-Z0-9.-]+\.[A-Z]{2,4}$`
  17 )
  18
  19 func UserConfirmed(c *gin.Context) *Error {
  20         user, exists := c.Get("user")
  21
  22         if !exists {
  23                 return &Error{NotAuthorized, "not authorized", fmt.Errorf("no user key in context")}
  24         }
  25
  26         if user.(db.User).Status != db.Confirmed {
  27                 return &Error{UserNotConfirmed, "user awaiting admin validation", fmt.Errorf("user '%v' not confirmed", user)}
  28         }
  29
  30         return nil
  31 }
  32
  33 func GetUser(c *gin.Context) db.User {
  34         user, _ := c.Get("user")
  35
  36         return user.(db.User)
  37 }
  38
  39 func IsValidEmailAddress(email string) bool {
  40         r := regexp.MustCompile(VALID_EMAIL_REGEX)
  41
  42         return r.MatchString(email)
  43 }
  44
  45 type SignParams struct {
  46         Email    string
  47         Password string
  48 }
  49
  50 type SignResult struct {
  51         Token string `json:"token"`
  52 }
  53
  54 func (s SignParams) Validate() *Error {
  55         if !IsValidEmailAddress(s.Email) {
  56                 return &Error{InvalidEmail, "invalid email", fmt.Errorf("'%v' is not a valid email", s.Email)}
  57         }
  58
  59         if s.Password == "" {
  60                 return &Error{InvalidPassword, "invalid password", fmt.Errorf("invalid password")}
  61         }
  62
  63         return nil
  64 }
  65
  66 type SignupQuery struct {
  67         In SignParams
  68 }
  69
  70 func (q SignupQuery) ValidateParams() *Error {
  71         return q.In.Validate()
  72 }
  73
  74 func (q SignupQuery) Run() (interface{}, *Error) {
  75         user, err := db.GetUserByEmail(q.In.Email)
  76         if err != nil {
  77                 return nil, NewInternalError(err)
  78         }
  79
  80         if user != nil {
  81                 return nil, &Error{EmailExists, "email already taken", fmt.Errorf("'%v' is already registered '%v'", q.In.Email, user)}
  82         }
  83
  84         newUser := db.User{Email: q.In.Email, Status: db.AwaitingConfirmation}
  85         newUser.PasswordHash, err = db.HashPassword(q.In.Password)
  86         if err != nil {
  87                 return nil, NewInternalError(err)
  88         }
  89
  90         err = db.InsertUser(&newUser)
  91         if err != nil {
  92                 return nil, NewInternalError(err)
  93         }
  94
  95         token, err := CreateJwtToken(newUser.Id)
  96         if err != nil {
  97                 return nil, NewInternalError(fmt.Errorf("cannot create jwt token %v", err))
  98         }
  99
 100         if CONFIG.FreeSMSUser != "" {
 101                 err := SendSMS(CONFIG.FreeSMSUser, CONFIG.FreeSMSPass, fmt.Sprintf("New user signup '%v'", q.In.Email))
 102                 if err != nil {
 103                         return nil, NewInternalError(err)
 104                 }
 105         }
 106
 107         configMap := make(map[string]string)
 108         configMap["key"] = ""
 109         configMap["secret"] = ""
 110
 111         _, err = db.SetUserMarketConfig(newUser.Id, "poloniex", configMap)
 112         if err != nil {
 113                 return nil, NewInternalError(err)
 114         }
 115
 116         if MAIL_CONFIG.IsEnabled {
 117                 mailConfirmationToken := passwordreset.NewToken(q.In.Email, time.Hour*24*1, []byte(strconv.FormatUint(uint64(newUser.Status), 10)), PASSWORD_RESET_SECRET)
 118                 err = SendConfirmationMail(q.In.Email, mailConfirmationToken)
 119                 if err != nil {
 120                         return nil, NewInternalError(err)
 121                 }
 122         }
 123
 124         if CONFIG.FreeSMSUser != "" {
 125                 err := SendSMS(CONFIG.FreeSMSUser, CONFIG.FreeSMSPass, fmt.Sprintf("'%v' request a password reset. Token '/change-password?token=%v'", q.In.Email, token))
 126                 if err != nil {
 127                         return nil, NewInternalError(err)
 128                 }
 129         }
 130
 131         return SignResult{token}, nil
 132 }
 133
 134 type SigninQuery struct {
 135         In SignParams
 136 }
 137
 138 func (q SigninQuery) ValidateParams() *Error {
 139         return q.In.Validate()
 140 }
 141
 142 func (q SigninQuery) Run() (interface{}, *Error) {
 143         user, err := db.GetUserByEmail(q.In.Email)
 144         if err != nil {
 145                 return nil, NewInternalError(err)
 146         }
 147
 148         if user == nil {
 149                 return nil, &Error{InvalidCredentials, "invalid credentials", fmt.Errorf("no email '%v' found", q.In.Email)}
 150         }
 151
 152         err = db.ValidatePassword(q.In.Password, user.PasswordHash)
 153         if err != nil {
 154                 return nil, &Error{InvalidCredentials, "invalid credentials", err}
 155         }
 156
 157         token, err := CreateJwtToken(user.Id)
 158         if err != nil {
 159                 return nil, NewInternalError(err)
 160         }
 161
 162         return SignResult{token}, nil
 163 }
 164
 165 type ConfirmEmailQuery struct {
 166         In struct {
 167                 Token string
 168         }
 169 }
 170
 171 func (q ConfirmEmailQuery) ValidateParams() *Error {
 172
 173         if q.In.Token == "" {
 174                 return &Error{BadRequest, "invalid token", fmt.Errorf("invalid token")}
 175         }
 176
 177         return nil
 178 }
 179
 180 func (q ConfirmEmailQuery) Run() (interface{}, *Error) {
 181         var user *db.User
 182
 183         email, err := passwordreset.VerifyToken(q.In.Token, func(email string) ([]byte, error) {
 184                 var err error
 185                 user, err = db.GetUserByEmail(email)
 186                 if err != nil {
 187                         return nil, err
 188                 }
 189
 190                 if user == nil {
 191                         return nil, fmt.Errorf("'%v' is not registered", email)
 192                 }
 193
 194                 return []byte(strconv.FormatUint(uint64(user.Status), 10)), nil
 195
 196         }, PASSWORD_RESET_SECRET)
 197
 198         if err != nil && (err == passwordreset.ErrExpiredToken) {
 199                 return nil, &Error{BadRequest, "expired token", fmt.Errorf("expired token")}
 200         } else if err != nil && (err == passwordreset.ErrMalformedToken || err == passwordreset.ErrWrongSignature) {
 201                 return nil, &Error{BadRequest, "wrong token", fmt.Errorf("wrong token")}
 202         } else if err != nil {
 203                 return nil, NewInternalError(err)
 204         }
 205
 206         if user == nil {
 207                 return nil, &Error{BadRequest, "bad request", fmt.Errorf("no user found for email '%v'", email)}
 208         }
 209
 210         err = db.SetUserStatus(user, db.Confirmed)
 211         if err != nil {
 212                 return nil, NewInternalError(err)
 213         }
 214
 215         return nil, nil
 216 }
 217
 218 type UserAccountQuery struct {
 219         In struct {
 220                 User db.User
 221         }
 222         Out struct {
 223                 Email string `json:"email"`
 224         }
 225 }
 226
 227 func (q UserAccountQuery) ValidateParams() *Error {
 228         return nil
 229 }
 230
 231 func (q UserAccountQuery) Run() (interface{}, *Error) {
 232         q.Out.Email = q.In.User.Email
 233
 234         return q.Out, nil
 235 }