package handlers import ( "errors" "fmt" "time" "github.com/SamuelTariku/FortuneBet-Backend/internal/domain" "github.com/SamuelTariku/FortuneBet-Backend/internal/services/authentication" jwtutil "github.com/SamuelTariku/FortuneBet-Backend/internal/web_server/jwt" "github.com/SamuelTariku/FortuneBet-Backend/internal/web_server/response" "github.com/gofiber/fiber/v2" "go.uber.org/zap" ) // loginCustomerReq represents the request body for the LoginCustomer endpoint. type loginCustomerReq struct { Email string `json:"email" validate:"required_without=PhoneNumber" example:"john.doe@example.com"` PhoneNumber string `json:"phone_number" validate:"required_without=Email" example:"1234567890"` Password string `json:"password" validate:"required" example:"password123"` } // loginCustomerRes represents the response body for the LoginCustomer endpoint. type loginCustomerRes struct { AccessToken string `json:"access_token"` RefreshToken string `json:"refresh_token"` Role string `json:"role"` } // LoginCustomer godoc // @Summary Login customer // @Description Login customer // @Tags auth // @Accept json // @Produce json // @Param login body loginCustomerReq true "Login customer" // @Success 200 {object} loginCustomerRes // @Failure 400 {object} response.APIResponse // @Failure 401 {object} response.APIResponse // @Failure 500 {object} response.APIResponse // @Router /api/v1/{tenant_slug}/customer-login [post] func (h *Handler) LoginCustomer(c *fiber.Ctx) error { companyID := c.Locals("company_id").(domain.ValidInt64) if !companyID.Valid { h.BadRequestLogger().Error("invalid company id") return fiber.NewError(fiber.StatusBadRequest, "invalid company id") } var req loginCustomerReq if err := c.BodyParser(&req); err != nil { h.mongoLoggerSvc.Info("Failed to parse LoginCustomer request", zap.Int("status_code", fiber.StatusBadRequest), zap.Error(err), zap.Time("timestamp", time.Now()), ) return fiber.NewError(fiber.StatusBadRequest, "Invalid request body"+err.Error()) } if valErrs, ok := h.validator.Validate(c, req); !ok { var errMsg string for field, msg := range valErrs { errMsg += fmt.Sprintf("%s: %s; ", field, msg) } return fiber.NewError(fiber.StatusBadRequest, errMsg) } successRes, err := h.authSvc.Login(c.Context(), req.Email, req.PhoneNumber, req.Password, companyID) if err != nil { switch { case errors.Is(err, authentication.ErrInvalidPassword), errors.Is(err, authentication.ErrUserNotFound): h.mongoLoggerSvc.Info("Login attempt failed: Invalid credentials", zap.Int("status_code", fiber.StatusUnauthorized), zap.String("email", req.Email), zap.String("phone", req.PhoneNumber), zap.Error(err), zap.Time("timestamp", time.Now()), ) return fiber.NewError(fiber.StatusUnauthorized, "Invalid credentials") case errors.Is(err, authentication.ErrUserSuspended): h.mongoLoggerSvc.Info("Login attempt failed: User login has been locked", zap.Int("status_code", fiber.StatusUnauthorized), zap.String("email", req.Email), zap.String("phone", req.PhoneNumber), zap.Error(err), zap.Time("timestamp", time.Now()), ) return fiber.NewError(fiber.StatusUnauthorized, "User login has been locked") default: h.mongoLoggerSvc.Error("Login failed", zap.Int("status_code", fiber.StatusInternalServerError), zap.Error(err), zap.Time("timestamp", time.Now()), ) return fiber.NewError(fiber.StatusInternalServerError, "Internal server error") } } if successRes.Role != domain.RoleCustomer { h.mongoLoggerSvc.Info("Login attempt: customer login of other role", zap.Int("status_code", fiber.StatusForbidden), zap.String("role", string(successRes.Role)), zap.String("email", req.Email), zap.String("phone", req.PhoneNumber), zap.Error(err), zap.Time("timestamp", time.Now()), ) return fiber.NewError(fiber.StatusForbidden, "Only customers are allowed to login ") } accessToken, err := jwtutil.CreateJwt( successRes.UserId, successRes.Role, successRes.CompanyID, h.jwtConfig.JwtAccessKey, h.jwtConfig.JwtAccessExpiry, ); if err != nil { h.mongoLoggerSvc.Error("Failed to create access token", zap.Int("status_code", fiber.StatusInternalServerError), zap.Int64("user_id", successRes.UserId), zap.Error(err), zap.Time("timestamp", time.Now()), ) return fiber.NewError(fiber.StatusInternalServerError, "Failed to generate access token") } res := loginCustomerRes{ AccessToken: accessToken, RefreshToken: successRes.RfToken, Role: string(successRes.Role), } h.mongoLoggerSvc.Info("Login successful", zap.Int("status_code", fiber.StatusOK), zap.Int64("user_id", successRes.UserId), zap.String("role", string(successRes.Role)), zap.Time("timestamp", time.Now()), ) return response.WriteJSON(c, fiber.StatusOK, "Login successful", res, nil) } // loginAdminReq represents the request body for the LoginAdmin endpoint. type loginAdminReq struct { Email string `json:"email" validate:"email" example:"john.doe@example.com"` PhoneNumber string `json:"phone_number" validate:"required_without=Email" example:"1234567890"` Password string `json:"password" validate:"required" example:"password123"` } // loginAdminRes represents the response body for the LoginAdmin endpoint. type loginAdminRes struct { AccessToken string `json:"access_token"` RefreshToken string `json:"refresh_token"` Role string `json:"role"` } // LoginAdmin godoc // @Summary Login customer // @Description Login customer // @Tags auth // @Accept json // @Produce json // @Param login body loginAdminReq true "Login admin" // @Success 200 {object} loginAdminRes // @Failure 400 {object} response.APIResponse // @Failure 401 {object} response.APIResponse // @Failure 500 {object} response.APIResponse // @Router /api/v1/{tenant_slug}/admin-login [post] func (h *Handler) LoginAdmin(c *fiber.Ctx) error { companyID := c.Locals("company_id").(domain.ValidInt64) if !companyID.Valid { h.BadRequestLogger().Error("invalid company id") return fiber.NewError(fiber.StatusBadRequest, "invalid company id") } var req loginAdminReq if err := c.BodyParser(&req); err != nil { h.mongoLoggerSvc.Info("Failed to parse LoginAdmin request", zap.Int("status_code", fiber.StatusBadRequest), zap.Error(err), zap.Time("timestamp", time.Now()), ) return fiber.NewError(fiber.StatusBadRequest, "Invalid request body"+err.Error()) } if valErrs, ok := h.validator.Validate(c, req); !ok { var errMsg string for field, msg := range valErrs { errMsg += fmt.Sprintf("%s: %s; ", field, msg) } return fiber.NewError(fiber.StatusBadRequest, errMsg) } successRes, err := h.authSvc.Login(c.Context(), req.Email, req.PhoneNumber, req.Password, companyID) if err != nil { switch { case errors.Is(err, authentication.ErrInvalidPassword), errors.Is(err, authentication.ErrUserNotFound): h.mongoLoggerSvc.Info("Login attempt failed: Invalid credentials", zap.Int("status_code", fiber.StatusUnauthorized), zap.String("email", req.Email), zap.String("phone", req.PhoneNumber), zap.Error(err), zap.Time("timestamp", time.Now()), ) return fiber.NewError(fiber.StatusUnauthorized, "Invalid credentials") case errors.Is(err, authentication.ErrUserSuspended): h.mongoLoggerSvc.Info("Login attempt failed: User login has been locked", zap.Int("status_code", fiber.StatusUnauthorized), zap.String("email", req.Email), zap.String("phone", req.PhoneNumber), zap.Error(err), zap.Time("timestamp", time.Now()), ) return fiber.NewError(fiber.StatusUnauthorized, "User login has been locked") default: h.mongoLoggerSvc.Error("Login failed", zap.Int("status_code", fiber.StatusInternalServerError), zap.Error(err), zap.Time("timestamp", time.Now()), ) return fiber.NewError(fiber.StatusInternalServerError, "Internal server error") } } if successRes.Role == domain.RoleCustomer { h.mongoLoggerSvc.Warn("Login attempt: admin login of customer", zap.Int("status_code", fiber.StatusForbidden), zap.String("role", string(successRes.Role)), zap.String("email", req.Email), zap.String("phone", req.PhoneNumber), zap.Error(err), zap.Time("timestamp", time.Now()), ) return fiber.NewError(fiber.StatusForbidden, "Only admin roles are allowed") } accessToken, err := jwtutil.CreateJwt(successRes.UserId, successRes.Role, successRes.CompanyID, h.jwtConfig.JwtAccessKey, h.jwtConfig.JwtAccessExpiry) if err != nil { h.mongoLoggerSvc.Error("Failed to create access token", zap.Int("status_code", fiber.StatusInternalServerError), zap.Int64("user_id", successRes.UserId), zap.Error(err), zap.Time("timestamp", time.Now()), ) return fiber.NewError(fiber.StatusInternalServerError, "Failed to generate access token") } res := loginCustomerRes{ AccessToken: accessToken, RefreshToken: successRes.RfToken, Role: string(successRes.Role), } h.mongoLoggerSvc.Info("Login successful", zap.Int("status_code", fiber.StatusOK), zap.Int64("user_id", successRes.UserId), zap.String("role", string(successRes.Role)), zap.Time("timestamp", time.Now()), ) return response.WriteJSON(c, fiber.StatusOK, "Login successful", res, nil) } // LoginSuper godoc // @Summary Login super-admin // @Description Login super-admin // @Tags auth // @Accept json // @Produce json // @Param login body loginAdminReq true "Login super-admin" // @Success 200 {object} loginAdminRes // @Failure 400 {object} response.APIResponse // @Failure 401 {object} response.APIResponse // @Failure 500 {object} response.APIResponse // @Router /api/v1/super-login [post] func (h *Handler) LoginSuper(c *fiber.Ctx) error { var req loginAdminReq if err := c.BodyParser(&req); err != nil { h.mongoLoggerSvc.Info("Failed to parse LoginAdmin request", zap.Int("status_code", fiber.StatusBadRequest), zap.Error(err), zap.Time("timestamp", time.Now()), ) return fiber.NewError(fiber.StatusBadRequest, "Invalid request body"+err.Error()) } if valErrs, ok := h.validator.Validate(c, req); !ok { var errMsg string for field, msg := range valErrs { errMsg += fmt.Sprintf("%s: %s; ", field, msg) } return fiber.NewError(fiber.StatusBadRequest, errMsg) } successRes, err := h.authSvc.Login(c.Context(), req.Email, req.PhoneNumber, req.Password, domain.ValidInt64{}) if err != nil { switch { case errors.Is(err, authentication.ErrInvalidPassword), errors.Is(err, authentication.ErrUserNotFound): h.mongoLoggerSvc.Info("Login attempt failed: Invalid credentials", zap.Int("status_code", fiber.StatusUnauthorized), zap.String("email", req.Email), zap.String("phone", req.PhoneNumber), zap.Error(err), zap.Time("timestamp", time.Now()), ) return fiber.NewError(fiber.StatusUnauthorized, "Invalid credentials") case errors.Is(err, authentication.ErrUserSuspended): h.mongoLoggerSvc.Info("Login attempt failed: User login has been locked", zap.Int("status_code", fiber.StatusUnauthorized), zap.String("email", req.Email), zap.String("phone", req.PhoneNumber), zap.Error(err), zap.Time("timestamp", time.Now()), ) return fiber.NewError(fiber.StatusUnauthorized, "User login has been locked") default: h.mongoLoggerSvc.Error("Login failed", zap.Int("status_code", fiber.StatusInternalServerError), zap.Error(err), zap.Time("timestamp", time.Now()), ) return fiber.NewError(fiber.StatusInternalServerError, "Internal server error") } } if successRes.Role != domain.RoleSuperAdmin { h.mongoLoggerSvc.Warn("Login attempt: super-admin login of non-super-admin", zap.Int("status_code", fiber.StatusForbidden), zap.String("role", string(successRes.Role)), zap.String("email", req.Email), zap.String("phone", req.PhoneNumber), zap.Error(err), zap.Time("timestamp", time.Now()), ) return fiber.NewError(fiber.StatusForbidden, "Only admin roles are allowed") } accessToken, err := jwtutil.CreateJwt(successRes.UserId, successRes.Role, successRes.CompanyID, h.jwtConfig.JwtAccessKey, h.jwtConfig.JwtAccessExpiry) if err != nil { h.mongoLoggerSvc.Error("Failed to create access token", zap.Int("status_code", fiber.StatusInternalServerError), zap.Int64("user_id", successRes.UserId), zap.Error(err), zap.Time("timestamp", time.Now()), ) return fiber.NewError(fiber.StatusInternalServerError, "Failed to generate access token") } res := loginCustomerRes{ AccessToken: accessToken, RefreshToken: successRes.RfToken, Role: string(successRes.Role), } h.mongoLoggerSvc.Info("Login successful", zap.Int("status_code", fiber.StatusOK), zap.Int64("user_id", successRes.UserId), zap.String("role", string(successRes.Role)), zap.Time("timestamp", time.Now()), ) return response.WriteJSON(c, fiber.StatusOK, "Login successful", res, nil) } type refreshToken struct { AccessToken string `json:"access_token" validate:"required" example:""` RefreshToken string `json:"refresh_token" validate:"required" example:""` } // RefreshToken godoc // @Summary Refresh token // @Description Refresh token // @Tags auth // @Accept json // @Produce json // @Param refresh body refreshToken true "tokens" // @Success 200 {object} loginCustomerRes // @Failure 400 {object} response.APIResponse // @Failure 401 {object} response.APIResponse // @Failure 500 {object} response.APIResponse // @Router /api/v1/auth/refresh [post] func (h *Handler) RefreshToken(c *fiber.Ctx) error { type loginCustomerRes struct { AccessToken string `json:"access_token"` RefreshToken string `json:"refresh_token"` Role string `json:"role"` } var req refreshToken if err := c.BodyParser(&req); err != nil { h.mongoLoggerSvc.Info("Failed to parse RefreshToken request", zap.Int("status_code", fiber.StatusBadRequest), zap.Error(err), zap.Time("timestamp", time.Now()), ) return fiber.NewError(fiber.StatusBadRequest, "Invalid request body"+err.Error()) } if valErrs, ok := h.validator.Validate(c, req); !ok { var errMsg string for field, msg := range valErrs { errMsg += fmt.Sprintf("%s: %s; ", field, msg) } h.mongoLoggerSvc.Info("Failed to validate request", zap.Int("status_code", fiber.StatusBadRequest), zap.Any("validation_errors", valErrs), zap.Time("timestamp", time.Now()), ) return fiber.NewError(fiber.StatusBadRequest, errMsg) } refreshToken, err := h.authSvc.RefreshToken(c.Context(), req.RefreshToken) if err != nil { switch { case errors.Is(err, authentication.ErrExpiredToken): h.mongoLoggerSvc.Info("Refresh token attempt failed: The refresh token has expired", zap.Int("status_code", fiber.StatusUnauthorized), zap.String("refresh_token", req.RefreshToken), zap.Error(err), zap.Time("timestamp", time.Now()), ) return fiber.NewError(fiber.StatusUnauthorized, "The refresh token has expired") case errors.Is(err, authentication.ErrRefreshTokenNotFound): h.mongoLoggerSvc.Info("Refresh token attempt failed: Refresh token not found", zap.Int("status_code", fiber.StatusUnauthorized), zap.String("refresh_token", req.RefreshToken), zap.Error(err), zap.Time("timestamp", time.Now()), ) return fiber.NewError(fiber.StatusUnauthorized, "Refresh token not found") default: h.mongoLoggerSvc.Error("Refresh token failed", zap.Int("status_code", fiber.StatusInternalServerError), zap.Error(err), zap.Time("timestamp", time.Now()), ) return fiber.NewError(fiber.StatusInternalServerError, "Internal server error") } } user, err := h.userSvc.GetUserByID(c.Context(), refreshToken.UserID) if err != nil { h.mongoLoggerSvc.Error("Failed to get user by ID during refresh", zap.Int("status_code", fiber.StatusInternalServerError), zap.Int64("user_id", refreshToken.UserID), zap.Error(err), zap.Time("timestamp", time.Now()), ) return fiber.NewError(fiber.StatusInternalServerError, "Failed to retrieve user information:"+err.Error()) } accessToken, err := jwtutil.CreateJwt(user.ID, user.Role, user.CompanyID, h.jwtConfig.JwtAccessKey, h.jwtConfig.JwtAccessExpiry) if err != nil { h.mongoLoggerSvc.Error("Failed to create new access token", zap.Int("status_code", fiber.StatusInternalServerError), zap.Int64("user_id", user.ID), zap.Error(err), zap.Time("timestamp", time.Now()), ) return fiber.NewError(fiber.StatusInternalServerError, "Failed to generate access token:"+err.Error()) } res := loginCustomerRes{ AccessToken: accessToken, RefreshToken: req.RefreshToken, Role: string(user.Role), } h.mongoLoggerSvc.Info("Token Refreshed Successfully", zap.Int("status_code", fiber.StatusOK), zap.Int64("user_id", user.ID), zap.String("role", string(user.Role)), zap.Time("timestamp", time.Now()), ) return response.WriteJSON(c, fiber.StatusOK, "Refresh successful", res, nil) } type logoutReq struct { RefreshToken string `json:"refresh_token" validate:"required" example:""` } // LogOutCustomer godoc // @Summary Logout customer // @Description Logout customer // @Tags auth // @Accept json // @Produce json // @Param logout body logoutReq true "Logout customer" // @Success 200 {object} response.APIResponse // @Failure 400 {object} response.APIResponse // @Failure 401 {object} response.APIResponse // @Failure 500 {object} response.APIResponse // @Router /api/v1/auth/logout [post] func (h *Handler) LogOutCustomer(c *fiber.Ctx) error { var req logoutReq if err := c.BodyParser(&req); err != nil { h.mongoLoggerSvc.Info("Failed to parse LogOutCustomer request", zap.Int("status_code", fiber.StatusBadRequest), zap.Error(err), zap.Time("timestamp", time.Now()), ) return fiber.NewError(fiber.StatusBadRequest, "Invalid request body"+err.Error()) } if valErrs, ok := h.validator.Validate(c, req); !ok { var errMsg string for field, msg := range valErrs { errMsg += fmt.Sprintf("%s: %s; ", field, msg) } h.mongoLoggerSvc.Info("LogOutCustomer validation failed", zap.String("errMsg", errMsg), zap.Int("status_code", fiber.StatusBadRequest), zap.Any("validation_errors", valErrs), zap.Time("timestamp", time.Now()), ) return fiber.NewError(fiber.StatusBadRequest, errMsg) } err := h.authSvc.Logout(c.Context(), req.RefreshToken) if err != nil { switch { case errors.Is(err, authentication.ErrExpiredToken): h.mongoLoggerSvc.Info("Logout attempt failed:The refresh token has expired", zap.Int("status_code", fiber.StatusUnauthorized), zap.String("refresh_token", req.RefreshToken), zap.Error(err), zap.Time("timestamp", time.Now()), ) return fiber.NewError(fiber.StatusUnauthorized, "The refresh token has expired") case errors.Is(err, authentication.ErrRefreshTokenNotFound): h.mongoLoggerSvc.Info("Logout attempt failed: Refresh token not found", zap.Int("status_code", fiber.StatusUnauthorized), zap.String("refresh_token", req.RefreshToken), zap.Error(err), zap.Time("timestamp", time.Now()), ) return fiber.NewError(fiber.StatusUnauthorized, "Refresh token not found") default: h.mongoLoggerSvc.Error("Logout failed", zap.Int("status_code", fiber.StatusInternalServerError), zap.Error(err), zap.Time("timestamp", time.Now()), ) return fiber.NewError(fiber.StatusInternalServerError, "Internal server error"+err.Error()) } } h.mongoLoggerSvc.Info("Logout successful", zap.Int("status_code", fiber.StatusOK), zap.Time("timestamp", time.Now()), ) return response.WriteJSON(c, fiber.StatusOK, "Logout successful", nil, nil) }