Update api for auth

2025-11-07 00:14:25 +00:00 · 2024-11-01 15:43:04 +01:00
parent be0f97ab24
commit 34868c53eb
4 changed files with 179 additions and 4 deletions
--- a/backend/internal/api/auth_handlers.go
+++ b/backend/internal/api/auth_handlers.go
@@ -0,0 +1,148 @@
+package api
+
+import (
+	"encoding/json"
+	"net/http"
+	"novamd/internal/auth"
+	"novamd/internal/db"
+	"novamd/internal/models"
+
+	"golang.org/x/crypto/bcrypt"
+)
+
+type LoginRequest struct {
+	Email    string `json:"email"`
+	Password string `json:"password"`
+}
+
+type LoginResponse struct {
+	AccessToken  string        `json:"accessToken"`
+	RefreshToken string        `json:"refreshToken"`
+	User         *models.User  `json:"user"`
+	Session      *auth.Session `json:"session"`
+}
+
+type RefreshRequest struct {
+	RefreshToken string `json:"refreshToken"`
+}
+
+type RefreshResponse struct {
+	AccessToken string `json:"accessToken"`
+}
+
+// Login handles user authentication and returns JWT tokens
+func Login(authService *auth.SessionService, db *db.DB) http.HandlerFunc {
+	return func(w http.ResponseWriter, r *http.Request) {
+		var req LoginRequest
+		if err := json.NewDecoder(r.Body).Decode(&req); err != nil {
+			http.Error(w, "Invalid request body", http.StatusBadRequest)
+			return
+		}
+
+		// Validate request
+		if req.Email == "" || req.Password == "" {
+			http.Error(w, "Email and password are required", http.StatusBadRequest)
+			return
+		}
+
+		// Get user from database
+		user, err := db.GetUserByEmail(req.Email)
+		if err != nil {
+			http.Error(w, "Invalid credentials", http.StatusUnauthorized)
+			return
+		}
+
+		// Verify password
+		err = bcrypt.CompareHashAndPassword([]byte(user.PasswordHash), []byte(req.Password))
+		if err != nil {
+			http.Error(w, "Invalid credentials", http.StatusUnauthorized)
+			return
+		}
+
+		// Create session and generate tokens
+		session, accessToken, err := authService.CreateSession(user.ID, string(user.Role))
+		if err != nil {
+			http.Error(w, "Failed to create session", http.StatusInternalServerError)
+			return
+		}
+
+		// Prepare response
+		response := LoginResponse{
+			AccessToken:  accessToken,
+			RefreshToken: session.RefreshToken,
+			User:         user,
+			Session:      session,
+		}
+
+		respondJSON(w, response)
+	}
+}
+
+// Logout invalidates the user's session
+func Logout(authService *auth.SessionService) http.HandlerFunc {
+	return func(w http.ResponseWriter, r *http.Request) {
+		sessionID := r.Header.Get("X-Session-ID")
+		if sessionID == "" {
+			http.Error(w, "Session ID required", http.StatusBadRequest)
+			return
+		}
+
+		err := authService.InvalidateSession(sessionID)
+		if err != nil {
+			http.Error(w, "Failed to logout", http.StatusInternalServerError)
+			return
+		}
+
+		w.WriteHeader(http.StatusOK)
+	}
+}
+
+// RefreshToken generates a new access token using a refresh token
+func RefreshToken(authService *auth.SessionService) http.HandlerFunc {
+	return func(w http.ResponseWriter, r *http.Request) {
+		var req RefreshRequest
+		if err := json.NewDecoder(r.Body).Decode(&req); err != nil {
+			http.Error(w, "Invalid request body", http.StatusBadRequest)
+			return
+		}
+
+		if req.RefreshToken == "" {
+			http.Error(w, "Refresh token required", http.StatusBadRequest)
+			return
+		}
+
+		// Generate new access token
+		accessToken, err := authService.RefreshSession(req.RefreshToken)
+		if err != nil {
+			http.Error(w, "Invalid refresh token", http.StatusUnauthorized)
+			return
+		}
+
+		response := RefreshResponse{
+			AccessToken: accessToken,
+		}
+
+		respondJSON(w, response)
+	}
+}
+
+// GetCurrentUser returns the currently authenticated user
+func GetCurrentUser(db *db.DB) http.HandlerFunc {
+	return func(w http.ResponseWriter, r *http.Request) {
+		// Get user claims from context (set by auth middleware)
+		claims, err := auth.GetUserFromContext(r.Context())
+		if err != nil {
+			http.Error(w, "Unauthorized", http.StatusUnauthorized)
+			return
+		}
+
+		// Get user from database
+		user, err := db.GetUserByID(claims.UserID)
+		if err != nil {
+			http.Error(w, "User not found", http.StatusNotFound)
+			return
+		}
+
+		respondJSON(w, user)
+	}
+}
--- a/backend/internal/api/routes.go
+++ b/backend/internal/api/routes.go
@@ -1,14 +1,30 @@
 package api

 import (
+	"novamd/internal/auth"
 	"novamd/internal/db"
 	"novamd/internal/filesystem"
+	"novamd/internal/models"

 	"github.com/go-chi/chi/v5"
 )

-func SetupRoutes(r chi.Router, db *db.DB, fs *filesystem.FileSystem) {
-	r.Route("/", func(r chi.Router) {
+func SetupRoutes(r chi.Router, db *db.DB, fs *filesystem.FileSystem, authMiddleware *auth.Middleware, sessionService *auth.SessionService) {
+	// Public routes (no authentication required)
+	r.Group(func(r chi.Router) {
+		r.Post("/auth/login", Login(sessionService, db))
+		r.Post("/auth/refresh", RefreshToken(sessionService))
+	})
+
+	// Protected routes (authentication required)
+	r.Group(func(r chi.Router) {
+		// Apply authentication middleware to all routes in this group
+		r.Use(authMiddleware.Authenticate)
+
+		// Auth routes
+		r.Post("/auth/logout", Logout(sessionService))
+		r.Get("/auth/me", GetCurrentUser(db))
+
 		// User routes
 		r.Route("/users/{userId}", func(r chi.Router) {
 			r.Get("/", GetUser(db))
@@ -30,12 +46,11 @@ func SetupRoutes(r chi.Router, db *db.DB, fs *filesystem.FileSystem) {
 						r.Get("/", ListFiles(fs))
 						r.Get("/last", GetLastOpenedFile(db))
 						r.Put("/last", UpdateLastOpenedFile(db, fs))
-						r.Get("/lookup", LookupFileByName(fs)) // Moved here
+						r.Get("/lookup", LookupFileByName(fs))

 						r.Post("/*", SaveFile(fs))
 						r.Get("/*", GetFileContent(fs))
 						r.Delete("/*", DeleteFile(fs))
-
 					})

 					// Git routes
@@ -46,5 +61,11 @@ func SetupRoutes(r chi.Router, db *db.DB, fs *filesystem.FileSystem) {
 				})
 			})
 		})
+
+		// Admin-only routes
+		r.Group(func(r chi.Router) {
+			r.Use(authMiddleware.RequireRole(string(models.RoleAdmin)))
+			// Admin-only endpoints
+		})
 	})
 }