Add authentication function

Signed-off-by: Asai Neko <sugar@sne.moe>

pkgs/email/resend.go

@@ -0,0 +1,87 @@
+package email
+
+import (
+	"bytes"
+	"encoding/json"
+	"errors"
+	"net/http"
+	"time"
+
+	"github.com/spf13/viper"
+)
+
+type Client struct {
+	apiKey string
+	http   *http.Client
+}
+
+// Resend service client
+func NewResendClient() (*Client, error) {
+	key := viper.GetString("email.resend_api_key")
+	if key == "" {
+		return nil, errors.New("RESEND_API_KEY not set")
+	}
+
+	return &Client{
+		apiKey: key,
+		http: &http.Client{
+			Timeout: 10 * time.Second,
+		},
+	}, nil
+}
+
+type sendEmailRequest struct {
+	From    string   `json:"from"`
+	To      []string `json:"to"`
+	Subject string   `json:"subject"`
+	HTML    string   `json:"html,omitempty"`
+	Text    string   `json:"text,omitempty"`
+}
+
+type sendEmailResponse struct {
+	ID string `json:"id"`
+}
+
+// Send email by resend API
+func (c *Client) Send(to, subject, html string) (string, error) {
+	reqBody := sendEmailRequest{
+		From:    viper.GetString("email.from"),
+		To:      []string{to},
+		Subject: subject,
+		HTML:    html,
+	}
+
+	body, err := json.Marshal(reqBody)
+	if err != nil {
+		return "", err
+	}
+
+	req, err := http.NewRequest(
+		http.MethodPost,
+		"https://api.resend.com/emails",
+		bytes.NewReader(body),
+	)
+	if err != nil {
+		return "", err
+	}
+
+	req.Header.Set("Authorization", "Bearer "+c.apiKey)
+	req.Header.Set("Content-Type", "application/json")
+
+	resp, err := c.http.Do(req)
+	if err != nil {
+		return "", err
+	}
+	defer resp.Body.Close()
+
+	if resp.StatusCode >= 300 {
+		return "", errors.New("resend send failed")
+	}
+
+	var res sendEmailResponse
+	if err := json.NewDecoder(resp.Body).Decode(&res); err != nil {
+		return "", err
+	}
+
+	return res.ID, nil
+}

pkgs/magiclink/magiclink.go

@@ -0,0 +1,51 @@
+package magiclink
+
+import (
+	"crypto/rand"
+	"encoding/base64"
+	"sync"
+	"time"
+)
+
+type Token struct {
+	Email     string
+	ExpiresAt time.Time
+}
+
+var (
+	store = sync.Map{}
+)
+
+// Generate magic token
+func NewMagicToken(email string, ttl time.Duration) (string, error) {
+	b := make([]byte, 32)
+	if _, err := rand.Read(b); err != nil {
+		return "", err
+	}
+
+	token := base64.RawURLEncoding.EncodeToString(b)
+
+	store.Store(token, Token{
+		Email:     email,
+		ExpiresAt: time.Now().Add(ttl),
+	})
+
+	return token, nil
+}
+
+// Verify magic token
+func VerifyMagicToken(token string) (string, bool) {
+	val, ok := store.Load(token)
+	if !ok {
+		return "", false
+	}
+
+	t := val.(Token)
+	if time.Now().After(t.ExpiresAt) {
+		store.Delete(token)
+		return "", false
+	}
+
+	store.Delete(token)
+	return t.Email, true
+}

pkgs/turnstile/turnstile.go

@@ -0,0 +1,34 @@
+package turnstile
+
+import (
+	"encoding/json"
+	"net/http"
+	"net/url"
+
+	"github.com/spf13/viper"
+)
+
+func VerifyTurnstile(token, ip string) (bool, error) {
+	form := url.Values{}
+	form.Set("secret", viper.GetString("secrets.turnstile"))
+	form.Set("response", token)
+	form.Set("remoteip", ip)
+
+	resp, err := http.PostForm(
+		"https://challenges.cloudflare.com/turnstile/v0/siteverify",
+		form,
+	)
+	if err != nil {
+		return false, err
+	}
+	defer resp.Body.Close()
+
+	var result struct {
+		Success bool `json:"success"`
+	}
+	if err := json.NewDecoder(resp.Body).Decode(&result); err != nil {
+		return false, err
+	}
+
+	return result.Success, nil
+}