443 lines
15 KiB
Go
443 lines
15 KiB
Go
package handlers
|
|
|
|
import (
|
|
"errors"
|
|
"fmt"
|
|
"time"
|
|
|
|
"github.com/SamuelTariku/FortuneBet-Backend/internal/domain"
|
|
"github.com/SamuelTariku/FortuneBet-Backend/internal/services/authentication"
|
|
jwtutil "github.com/SamuelTariku/FortuneBet-Backend/internal/web_server/jwt"
|
|
"github.com/SamuelTariku/FortuneBet-Backend/internal/web_server/response"
|
|
"github.com/gofiber/fiber/v2"
|
|
"go.uber.org/zap"
|
|
)
|
|
|
|
// loginCustomerReq represents the request body for the LoginCustomer endpoint.
|
|
type loginCustomerReq struct {
|
|
Email string `json:"email" validate:"required_without=PhoneNumber" example:"john.doe@example.com"`
|
|
PhoneNumber string `json:"phone_number" validate:"required_without=Email" example:"1234567890"`
|
|
Password string `json:"password" validate:"required" example:"password123"`
|
|
}
|
|
|
|
// loginCustomerRes represents the response body for the LoginCustomer endpoint.
|
|
type loginCustomerRes struct {
|
|
AccessToken string `json:"access_token"`
|
|
RefreshToken string `json:"refresh_token"`
|
|
Role string `json:"role"`
|
|
}
|
|
|
|
// LoginCustomer godoc
|
|
// @Summary Login customer
|
|
// @Description Login customer
|
|
// @Tags auth
|
|
// @Accept json
|
|
// @Produce json
|
|
// @Param login body loginCustomerReq true "Login customer"
|
|
// @Success 200 {object} loginCustomerRes
|
|
// @Failure 400 {object} response.APIResponse
|
|
// @Failure 401 {object} response.APIResponse
|
|
// @Failure 500 {object} response.APIResponse
|
|
// @Router /api/v1/auth/customer-login [post]
|
|
func (h *Handler) LoginCustomer(c *fiber.Ctx) error {
|
|
var req loginCustomerReq
|
|
if err := c.BodyParser(&req); err != nil {
|
|
h.mongoLoggerSvc.Info("Failed to parse LoginCustomer request",
|
|
zap.Int("status_code", fiber.StatusBadRequest),
|
|
zap.Error(err),
|
|
zap.Time("timestamp", time.Now()),
|
|
)
|
|
return fiber.NewError(fiber.StatusBadRequest, "Invalid request body"+err.Error())
|
|
}
|
|
|
|
if valErrs, ok := h.validator.Validate(c, req); !ok {
|
|
var errMsg string
|
|
for field, msg := range valErrs {
|
|
errMsg += fmt.Sprintf("%s: %s; ", field, msg)
|
|
}
|
|
return fiber.NewError(fiber.StatusBadRequest, errMsg)
|
|
}
|
|
|
|
successRes, err := h.authSvc.Login(c.Context(), req.Email, req.PhoneNumber, req.Password)
|
|
if err != nil {
|
|
switch {
|
|
case errors.Is(err, authentication.ErrInvalidPassword), errors.Is(err, authentication.ErrUserNotFound):
|
|
h.mongoLoggerSvc.Info("Login attempt failed: Invalid credentials",
|
|
zap.Int("status_code", fiber.StatusUnauthorized),
|
|
zap.String("email", req.Email),
|
|
zap.String("phone", req.PhoneNumber),
|
|
zap.Error(err),
|
|
zap.Time("timestamp", time.Now()),
|
|
)
|
|
return fiber.NewError(fiber.StatusUnauthorized, "Invalid credentials")
|
|
case errors.Is(err, authentication.ErrUserSuspended):
|
|
h.mongoLoggerSvc.Info("Login attempt failed: User login has been locked",
|
|
zap.Int("status_code", fiber.StatusUnauthorized),
|
|
zap.String("email", req.Email),
|
|
zap.String("phone", req.PhoneNumber),
|
|
zap.Error(err),
|
|
zap.Time("timestamp", time.Now()),
|
|
)
|
|
return fiber.NewError(fiber.StatusUnauthorized, "User login has been locked")
|
|
default:
|
|
h.mongoLoggerSvc.Error("Login failed",
|
|
zap.Int("status_code", fiber.StatusInternalServerError),
|
|
zap.Error(err),
|
|
zap.Time("timestamp", time.Now()),
|
|
)
|
|
return fiber.NewError(fiber.StatusInternalServerError, "Internal server error")
|
|
}
|
|
}
|
|
|
|
if successRes.Role != domain.RoleCustomer {
|
|
h.mongoLoggerSvc.Info("Login attempt: customer login of other role",
|
|
zap.Int("status_code", fiber.StatusForbidden),
|
|
zap.String("role", string(successRes.Role)),
|
|
zap.String("email", req.Email),
|
|
zap.String("phone", req.PhoneNumber),
|
|
zap.Error(err),
|
|
zap.Time("timestamp", time.Now()),
|
|
)
|
|
return fiber.NewError(fiber.StatusForbidden, "Only customers are allowed to login ")
|
|
}
|
|
|
|
accessToken, err := jwtutil.CreateJwt(successRes.UserId, successRes.Role, successRes.CompanyID, h.jwtConfig.JwtAccessKey, h.jwtConfig.JwtAccessExpiry)
|
|
if err != nil {
|
|
h.mongoLoggerSvc.Error("Failed to create access token",
|
|
zap.Int("status_code", fiber.StatusInternalServerError),
|
|
zap.Int64("user_id", successRes.UserId),
|
|
zap.Error(err),
|
|
zap.Time("timestamp", time.Now()),
|
|
)
|
|
return fiber.NewError(fiber.StatusInternalServerError, "Failed to generate access token")
|
|
}
|
|
|
|
res := loginCustomerRes{
|
|
AccessToken: accessToken,
|
|
RefreshToken: successRes.RfToken,
|
|
Role: string(successRes.Role),
|
|
}
|
|
|
|
h.mongoLoggerSvc.Info("Login successful",
|
|
zap.Int("status_code", fiber.StatusOK),
|
|
zap.Int64("user_id", successRes.UserId),
|
|
zap.String("role", string(successRes.Role)),
|
|
zap.Time("timestamp", time.Now()),
|
|
)
|
|
|
|
return response.WriteJSON(c, fiber.StatusOK, "Login successful", res, nil)
|
|
}
|
|
|
|
// loginAdminReq represents the request body for the LoginAdmin endpoint.
|
|
type loginAdminReq struct {
|
|
Email string `json:"email" validate:"email" example:"john.doe@example.com"`
|
|
PhoneNumber string `json:"phone_number" validate:"required_without=Email" example:"1234567890"`
|
|
Password string `json:"password" validate:"required" example:"password123"`
|
|
}
|
|
|
|
// loginAdminRes represents the response body for the LoginAdmin endpoint.
|
|
type loginAdminRes struct {
|
|
AccessToken string `json:"access_token"`
|
|
RefreshToken string `json:"refresh_token"`
|
|
Role string `json:"role"`
|
|
}
|
|
|
|
// LoginAdmin godoc
|
|
// @Summary Login customer
|
|
// @Description Login customer
|
|
// @Tags auth
|
|
// @Accept json
|
|
// @Produce json
|
|
// @Param login body loginAdminReq true "Login admin"
|
|
// @Success 200 {object} loginAdminRes
|
|
// @Failure 400 {object} response.APIResponse
|
|
// @Failure 401 {object} response.APIResponse
|
|
// @Failure 500 {object} response.APIResponse
|
|
// @Router /api/v1/auth/admin-login [post]
|
|
func (h *Handler) LoginAdmin(c *fiber.Ctx) error {
|
|
var req loginAdminReq
|
|
if err := c.BodyParser(&req); err != nil {
|
|
h.mongoLoggerSvc.Info("Failed to parse LoginAdmin request",
|
|
zap.Int("status_code", fiber.StatusBadRequest),
|
|
zap.Error(err),
|
|
zap.Time("timestamp", time.Now()),
|
|
)
|
|
return fiber.NewError(fiber.StatusBadRequest, "Invalid request body"+err.Error())
|
|
}
|
|
|
|
if valErrs, ok := h.validator.Validate(c, req); !ok {
|
|
var errMsg string
|
|
for field, msg := range valErrs {
|
|
errMsg += fmt.Sprintf("%s: %s; ", field, msg)
|
|
}
|
|
return fiber.NewError(fiber.StatusBadRequest, errMsg)
|
|
}
|
|
|
|
successRes, err := h.authSvc.Login(c.Context(), req.Email, req.PhoneNumber, req.Password)
|
|
if err != nil {
|
|
switch {
|
|
case errors.Is(err, authentication.ErrInvalidPassword), errors.Is(err, authentication.ErrUserNotFound):
|
|
h.mongoLoggerSvc.Info("Login attempt failed: Invalid credentials",
|
|
zap.Int("status_code", fiber.StatusUnauthorized),
|
|
zap.String("email", req.Email),
|
|
zap.String("phone", req.PhoneNumber),
|
|
zap.Error(err),
|
|
zap.Time("timestamp", time.Now()),
|
|
)
|
|
return fiber.NewError(fiber.StatusUnauthorized, "Invalid credentials")
|
|
case errors.Is(err, authentication.ErrUserSuspended):
|
|
h.mongoLoggerSvc.Info("Login attempt failed: User login has been locked",
|
|
zap.Int("status_code", fiber.StatusUnauthorized),
|
|
zap.String("email", req.Email),
|
|
zap.String("phone", req.PhoneNumber),
|
|
zap.Error(err),
|
|
zap.Time("timestamp", time.Now()),
|
|
)
|
|
return fiber.NewError(fiber.StatusUnauthorized, "User login has been locked")
|
|
default:
|
|
h.mongoLoggerSvc.Error("Login failed",
|
|
zap.Int("status_code", fiber.StatusInternalServerError),
|
|
zap.Error(err),
|
|
zap.Time("timestamp", time.Now()),
|
|
)
|
|
return fiber.NewError(fiber.StatusInternalServerError, "Internal server error")
|
|
}
|
|
}
|
|
|
|
if successRes.Role == domain.RoleCustomer {
|
|
h.mongoLoggerSvc.Warn("Login attempt: admin login of customer",
|
|
zap.Int("status_code", fiber.StatusForbidden),
|
|
zap.String("role", string(successRes.Role)),
|
|
zap.String("email", req.Email),
|
|
zap.String("phone", req.PhoneNumber),
|
|
zap.Error(err),
|
|
zap.Time("timestamp", time.Now()),
|
|
)
|
|
return fiber.NewError(fiber.StatusForbidden, "Only admin roles are allowed")
|
|
}
|
|
|
|
accessToken, err := jwtutil.CreateJwt(successRes.UserId, successRes.Role, successRes.CompanyID, h.jwtConfig.JwtAccessKey, h.jwtConfig.JwtAccessExpiry)
|
|
if err != nil {
|
|
h.mongoLoggerSvc.Error("Failed to create access token",
|
|
zap.Int("status_code", fiber.StatusInternalServerError),
|
|
zap.Int64("user_id", successRes.UserId),
|
|
zap.Error(err),
|
|
zap.Time("timestamp", time.Now()),
|
|
)
|
|
return fiber.NewError(fiber.StatusInternalServerError, "Failed to generate access token")
|
|
}
|
|
|
|
res := loginCustomerRes{
|
|
AccessToken: accessToken,
|
|
RefreshToken: successRes.RfToken,
|
|
Role: string(successRes.Role),
|
|
}
|
|
|
|
h.mongoLoggerSvc.Info("Login successful",
|
|
zap.Int("status_code", fiber.StatusOK),
|
|
zap.Int64("user_id", successRes.UserId),
|
|
zap.String("role", string(successRes.Role)),
|
|
zap.Time("timestamp", time.Now()),
|
|
)
|
|
|
|
return response.WriteJSON(c, fiber.StatusOK, "Login successful", res, nil)
|
|
}
|
|
|
|
type refreshToken struct {
|
|
AccessToken string `json:"access_token" validate:"required" example:"<jwt-token>"`
|
|
RefreshToken string `json:"refresh_token" validate:"required" example:"<refresh-token>"`
|
|
}
|
|
|
|
// RefreshToken godoc
|
|
// @Summary Refresh token
|
|
// @Description Refresh token
|
|
// @Tags auth
|
|
// @Accept json
|
|
// @Produce json
|
|
// @Param refresh body refreshToken true "tokens"
|
|
// @Success 200 {object} loginCustomerRes
|
|
// @Failure 400 {object} response.APIResponse
|
|
// @Failure 401 {object} response.APIResponse
|
|
// @Failure 500 {object} response.APIResponse
|
|
// @Router /api/v1/auth/refresh [post]
|
|
func (h *Handler) RefreshToken(c *fiber.Ctx) error {
|
|
|
|
type loginCustomerRes struct {
|
|
AccessToken string `json:"access_token"`
|
|
RefreshToken string `json:"refresh_token"`
|
|
Role string `json:"role"`
|
|
}
|
|
|
|
var req refreshToken
|
|
if err := c.BodyParser(&req); err != nil {
|
|
h.mongoLoggerSvc.Info("Failed to parse RefreshToken request",
|
|
zap.Int("status_code", fiber.StatusBadRequest),
|
|
zap.Error(err),
|
|
zap.Time("timestamp", time.Now()),
|
|
)
|
|
return fiber.NewError(fiber.StatusBadRequest, "Invalid request body"+err.Error())
|
|
}
|
|
|
|
if valErrs, ok := h.validator.Validate(c, req); !ok {
|
|
var errMsg string
|
|
for field, msg := range valErrs {
|
|
errMsg += fmt.Sprintf("%s: %s; ", field, msg)
|
|
}
|
|
|
|
h.mongoLoggerSvc.Info("Failed to validate request",
|
|
zap.Int("status_code", fiber.StatusBadRequest),
|
|
zap.Any("validation_errors", valErrs),
|
|
zap.Time("timestamp", time.Now()),
|
|
)
|
|
return fiber.NewError(fiber.StatusBadRequest, errMsg)
|
|
}
|
|
|
|
refreshToken, err := h.authSvc.RefreshToken(c.Context(), req.RefreshToken)
|
|
if err != nil {
|
|
|
|
switch {
|
|
case errors.Is(err, authentication.ErrExpiredToken):
|
|
h.mongoLoggerSvc.Info("Refresh token attempt failed: The refresh token has expired",
|
|
zap.Int("status_code", fiber.StatusUnauthorized),
|
|
zap.String("refresh_token", req.RefreshToken),
|
|
zap.Error(err),
|
|
zap.Time("timestamp", time.Now()),
|
|
)
|
|
return fiber.NewError(fiber.StatusUnauthorized, "The refresh token has expired")
|
|
case errors.Is(err, authentication.ErrRefreshTokenNotFound):
|
|
h.mongoLoggerSvc.Info("Refresh token attempt failed: Refresh token not found",
|
|
zap.Int("status_code", fiber.StatusUnauthorized),
|
|
zap.String("refresh_token", req.RefreshToken),
|
|
zap.Error(err),
|
|
zap.Time("timestamp", time.Now()),
|
|
)
|
|
return fiber.NewError(fiber.StatusUnauthorized, "Refresh token not found")
|
|
default:
|
|
h.mongoLoggerSvc.Error("Refresh token failed",
|
|
zap.Int("status_code", fiber.StatusInternalServerError),
|
|
zap.Error(err),
|
|
zap.Time("timestamp", time.Now()),
|
|
)
|
|
return fiber.NewError(fiber.StatusInternalServerError, "Internal server error")
|
|
}
|
|
}
|
|
|
|
user, err := h.userSvc.GetUserByID(c.Context(), refreshToken.UserID)
|
|
if err != nil {
|
|
h.mongoLoggerSvc.Error("Failed to get user by ID during refresh",
|
|
zap.Int("status_code", fiber.StatusInternalServerError),
|
|
zap.Int64("user_id", refreshToken.UserID),
|
|
zap.Error(err),
|
|
zap.Time("timestamp", time.Now()),
|
|
)
|
|
return fiber.NewError(fiber.StatusInternalServerError, "Failed to retrieve user information:"+err.Error())
|
|
}
|
|
|
|
accessToken, err := jwtutil.CreateJwt(user.ID, user.Role, user.CompanyID, h.jwtConfig.JwtAccessKey, h.jwtConfig.JwtAccessExpiry)
|
|
if err != nil {
|
|
h.mongoLoggerSvc.Error("Failed to create new access token",
|
|
zap.Int("status_code", fiber.StatusInternalServerError),
|
|
zap.Int64("user_id", user.ID),
|
|
zap.Error(err),
|
|
zap.Time("timestamp", time.Now()),
|
|
)
|
|
return fiber.NewError(fiber.StatusInternalServerError, "Failed to generate access token:"+err.Error())
|
|
}
|
|
|
|
res := loginCustomerRes{
|
|
AccessToken: accessToken,
|
|
RefreshToken: req.RefreshToken,
|
|
Role: string(user.Role),
|
|
}
|
|
|
|
h.mongoLoggerSvc.Info("Token Refreshed Successfully",
|
|
zap.Int("status_code", fiber.StatusOK),
|
|
zap.Int64("user_id", user.ID),
|
|
zap.String("role", string(user.Role)),
|
|
zap.Time("timestamp", time.Now()),
|
|
)
|
|
|
|
return response.WriteJSON(c, fiber.StatusOK, "Refresh successful", res, nil)
|
|
}
|
|
|
|
type logoutReq struct {
|
|
RefreshToken string `json:"refresh_token" validate:"required" example:"<refresh-token>"`
|
|
}
|
|
|
|
// LogOutCustomer godoc
|
|
// @Summary Logout customer
|
|
// @Description Logout customer
|
|
// @Tags auth
|
|
// @Accept json
|
|
// @Produce json
|
|
// @Param logout body logoutReq true "Logout customer"
|
|
// @Success 200 {object} response.APIResponse
|
|
// @Failure 400 {object} response.APIResponse
|
|
// @Failure 401 {object} response.APIResponse
|
|
// @Failure 500 {object} response.APIResponse
|
|
// @Router /api/v1/auth/logout [post]
|
|
func (h *Handler) LogOutCustomer(c *fiber.Ctx) error {
|
|
var req logoutReq
|
|
if err := c.BodyParser(&req); err != nil {
|
|
h.mongoLoggerSvc.Info("Failed to parse LogOutCustomer request",
|
|
zap.Int("status_code", fiber.StatusBadRequest),
|
|
zap.Error(err),
|
|
zap.Time("timestamp", time.Now()),
|
|
)
|
|
return fiber.NewError(fiber.StatusBadRequest, "Invalid request body"+err.Error())
|
|
}
|
|
|
|
if valErrs, ok := h.validator.Validate(c, req); !ok {
|
|
|
|
var errMsg string
|
|
for field, msg := range valErrs {
|
|
errMsg += fmt.Sprintf("%s: %s; ", field, msg)
|
|
}
|
|
|
|
h.mongoLoggerSvc.Info("LogOutCustomer validation failed",
|
|
zap.String("errMsg", errMsg),
|
|
zap.Int("status_code", fiber.StatusBadRequest),
|
|
zap.Any("validation_errors", valErrs),
|
|
zap.Time("timestamp", time.Now()),
|
|
)
|
|
return fiber.NewError(fiber.StatusBadRequest, errMsg)
|
|
}
|
|
|
|
err := h.authSvc.Logout(c.Context(), req.RefreshToken)
|
|
if err != nil {
|
|
|
|
switch {
|
|
case errors.Is(err, authentication.ErrExpiredToken):
|
|
h.mongoLoggerSvc.Info("Logout attempt failed:The refresh token has expired",
|
|
zap.Int("status_code", fiber.StatusUnauthorized),
|
|
zap.String("refresh_token", req.RefreshToken),
|
|
zap.Error(err),
|
|
zap.Time("timestamp", time.Now()),
|
|
)
|
|
return fiber.NewError(fiber.StatusUnauthorized, "The refresh token has expired")
|
|
case errors.Is(err, authentication.ErrRefreshTokenNotFound):
|
|
h.mongoLoggerSvc.Info("Logout attempt failed: Refresh token not found",
|
|
zap.Int("status_code", fiber.StatusUnauthorized),
|
|
zap.String("refresh_token", req.RefreshToken),
|
|
zap.Error(err),
|
|
zap.Time("timestamp", time.Now()),
|
|
)
|
|
return fiber.NewError(fiber.StatusUnauthorized, "Refresh token not found")
|
|
default:
|
|
h.mongoLoggerSvc.Error("Logout failed",
|
|
zap.Int("status_code", fiber.StatusInternalServerError),
|
|
zap.Error(err),
|
|
zap.Time("timestamp", time.Now()),
|
|
)
|
|
return fiber.NewError(fiber.StatusInternalServerError, "Internal server error"+err.Error())
|
|
}
|
|
}
|
|
|
|
h.mongoLoggerSvc.Info("Logout successful",
|
|
zap.Int("status_code", fiber.StatusOK),
|
|
zap.Time("timestamp", time.Now()),
|
|
)
|
|
|
|
return response.WriteJSON(c, fiber.StatusOK, "Logout successful", nil, nil)
|
|
}
|