nixcn-cms/service/auth/magic.go

package auth

import (
	"net/url"
	"nixcn-cms/pkgs/authcode"
	"nixcn-cms/pkgs/email"
	"nixcn-cms/pkgs/turnstile"

	"github.com/gin-gonic/gin"
	"github.com/spf13/viper"
)

type MagicRequest struct {
	ClientId       string `json:"client_id"`
	RedirectUri    string `json:"redirect_uri"`
	State          string `json:"state"`
	Email          string `json:"email"`
	TurnstileToken string `json:"turnstile_token"`
}

func Magic(c *gin.Context) {
	// Parse request
	var req MagicRequest
	if err := c.ShouldBindJSON(&req); err != nil {
		c.JSON(400, gin.H{"error": "invalid request"})
		return
	}

	// Cloudflare turnstile
	ok, err := turnstile.VerifyTurnstile(req.TurnstileToken, c.ClientIP())
	if err != nil || !ok {
		c.JSON(403, gin.H{"error": "turnstile failed"})
		return
	}

	code, err := authcode.NewAuthCode(req.ClientId, req.Email)
	if err != nil {
		c.JSON(500, gin.H{"status": "code gen failed"})
	}

	externalUrl := viper.GetString("server.external_url")
	url, err := url.Parse(externalUrl)
	if err != nil {
		c.JSON(500, gin.H{"status": "invalid external url"})
	}

	url.Path = "/api/v1/auth/redirect"
	query := url.Query()
	query.Set("code", code)
	query.Set("redirect_uri", req.RedirectUri)
	query.Set("state", req.State)
	query.Set("client_id", req.ClientId)
	url.RawQuery = query.Encode()

	debugMode := viper.GetBool("server.debug_mode")
	if debugMode {
		c.JSON(200, gin.H{"status": "magiclink sent", "uri": url.String()})
		return
	} else {
		// Send email using resend
		emailClient, err := email.NewSMTPClient()
		if err != nil {
			c.JSON(500, gin.H{"status": "invalid email config"})
			return
		}
		emailClient.Send(
			req.Email,
			"NixCN CMS Email Verify",
			"<p>Click the link below to verify your email. This link will expire in 10 minutes.</p><a href="+url.String()+">"+url.String()+"</a>",
		)
	}

	c.JSON(200, gin.H{"status": "magic link sent"})
}