Add User route and Refactor code

2023-12-06 20:21:25 +07:00 · 2023-12-06 20:21:25 +07:00 · b311a41dc7
commit b311a41dc7
parent 519749fd3a
24 changed files with 902 additions and 489 deletions
--- a/server/routers/auth.go
+++ b/server/routers/auth.go
@ -1,26 +1,27 @@
 package routers

 import (
+	"context"
 	"crypto/rand"
 	"encoding/base64"
-	"encoding/json"
-	"net/http"
-	"net/url"
-	"recipe-manager/config"
-	"recipe-manager/services/oauth"
-
 	"github.com/go-chi/chi/v5"
 	"go.uber.org/zap"
 	"golang.org/x/oauth2"
+	"net/http"
+	"net/url"
+	"recipe-manager/config"
+	"recipe-manager/services/logger"
+	"recipe-manager/services/oauth"
+	"recipe-manager/services/user"
+	"strconv"
+	"time"
 )

 type AuthRouter struct {
-	cfg   *config.ServerConfig
-	oauth oauth.OAuthService
-}
-
-func NewAuthRouter(cfg *config.ServerConfig, oauth oauth.OAuthService) *AuthRouter {
-	return &AuthRouter{cfg, oauth}
+	cfg         *config.ServerConfig
+	oauth       oauth.OAuthService
+	userService user.UserService
+	taoLogger   *logger.TaoLogger
 }

 func (ar *AuthRouter) Route(r chi.Router) {
@ -29,7 +30,10 @@ func (ar *AuthRouter) Route(r chi.Router) {

 			// generate state and nonce
 			bytes := make([]byte, 32)
-			rand.Read(bytes)
+			_, err := rand.Read(bytes)
+			if err != nil {
+				return
+			}
 			state := base64.URLEncoding.EncodeToString(bytes)

 			stateMap := map[string]string{}
@ -38,14 +42,16 @@ func (ar *AuthRouter) Route(r chi.Router) {
 				stateMap["redirect_to"] = r.URL.Query().Get("redirect_to")
 			}

-			url := ar.oauth.AuthURL(state, stateMap)
-			http.Redirect(w, r, url, http.StatusTemporaryRedirect)
+			authURL := ar.oauth.AuthURL(state, stateMap)
+			http.Redirect(w, r, authURL, http.StatusTemporaryRedirect)
 		})

 		r.Get("/google/callback", func(w http.ResponseWriter, r *http.Request) {
 			// check state
+			ctx, cancel := context.WithTimeout(r.Context(), time.Second*5)
+			defer cancel()

-			var redirect_to string
+			var redirectTo string
 			state := r.URL.Query().Get("state")
 			if state == "" {
 				http.Error(w, "State not found", http.StatusBadRequest)
@ -58,7 +64,7 @@ func (ar *AuthRouter) Route(r chi.Router) {
 					return
 				}

-				redirect_to = val["redirect_to"]
+				redirectTo = val["redirect_to"]

 				ar.oauth.RemoveState(state)
 			}
@ -70,25 +76,44 @@ func (ar *AuthRouter) Route(r chi.Router) {
 				return
 			}

-			// get user info
-			user, err := ar.oauth.GetUserInfo(r.Context(), token)
+			// get userInfo info
+			userInfo, err := ar.oauth.GetUserInfo(r.Context(), token)

 			if err != nil {
-				http.Error(w, "Error getting user info", http.StatusBadRequest)
+				http.Error(w, "Error getting userInfo info", http.StatusBadRequest)
 				return
 			}

+			// map with database
+			userFromDb, err := ar.userService.GetUserByEmail(ctx, userInfo.Email)
+			if err != nil {
+				http.Error(w, "Error while getting user data from database.", http.StatusInternalServerError)
+				return
+			}
+
+			if userFromDb == nil {
+				http.Error(w, "Unauthorized, We not found your email, Please contact admin.", http.StatusUnauthorized)
+				return
+			}
+
+			picture := userInfo.Picture
+			if userFromDb.Picture != "" {
+				picture = userFromDb.Picture
+			}
+
 			value := url.Values{
-				"name":    {user.Name},
-				"email":   {user.Email},
-				"picture": {user.Picture},
+				"id":          {userFromDb.ID},
+				"name":        {userFromDb.Name},
+				"email":       {userInfo.Email},
+				"picture":     {picture},
+				"permissions": {strconv.Itoa(int(userFromDb.Permissions))},
 			}

-			if redirect_to != "" {
-				value.Add("redirect_to", redirect_to)
+			if redirectTo != "" {
+				value.Add("redirect_to", redirectTo)
 			}

-			Log.Info("User Log-In Success", zap.String("user", user.Name), zap.String("email", user.Email))
+			ar.taoLogger.Log.Info("User Log-In Success", zap.String("userInfo", userInfo.Name), zap.String("email", userInfo.Email))

 			// redirect to frontend with token and refresh token
 			w.Header().Add("set-cookie", "access_token="+token.AccessToken+"; Path=/; HttpOnly; SameSite=None; Secure; Max-Age=3600")
@ -132,38 +157,9 @@ func (ar *AuthRouter) Route(r chi.Router) {
 			w.Header().Add("set-cookie", "refresh_token=; Path=/; HttpOnly; SameSite=None; Secure; Max-Age=0")
 			w.WriteHeader(http.StatusNoContent)
 		})
-
-		r.Get("/user", func(w http.ResponseWriter, r *http.Request) {
-
-			token := &oauth2.Token{}
-			if cookie, err := r.Cookie("access_token"); err == nil {
-				token.AccessToken = cookie.Value
-			}
-
-			// if have refresh token, set refresh token to token
-			if cookie, err := r.Cookie("refresh_token"); err == nil {
-				token.RefreshToken = cookie.Value
-			}
-
-			if token.AccessToken == "" && token.RefreshToken == "" {
-				http.Error(w, "Unauthorized", http.StatusUnauthorized)
-				return
-			}
-
-			// get user info
-			user, err := ar.oauth.GetUserInfo(r.Context(), token)
-
-			if err != nil {
-				http.Error(w, "Error getting user info", http.StatusBadRequest)
-				return
-			}
-
-			// return user info
-			w.Header().Add("Content-Type", "application/json")
-			json.NewEncoder(w).Encode(map[string]interface{}{
-				"user": user,
-			})
-		})
-
 	})
 }
+
+func NewAuthRouter(cfg *config.ServerConfig, oauth oauth.OAuthService, userService user.UserService, taoLogger *logger.TaoLogger) *AuthRouter {
+	return &AuthRouter{cfg, oauth, userService, taoLogger}
+}