package auth
import (
"net/http"
"nixcn-cms/data"
"nixcn-cms/internal/crypto/jwt"
"nixcn-cms/pkgs/email"
"nixcn-cms/pkgs/magiclink"
"nixcn-cms/pkgs/turnstile"
log "github.com/sirupsen/logrus"
"github.com/gin-gonic/gin"
"github.com/spf13/viper"
)
type MagicLinkRequest struct {
Email string `json:"email" binding:"required,email"`
TurnstileToken string `json:"turnstile_token" binding:"required"`
}
func RequestMagicLink(c *gin.Context) {
// Parse request
var req MagicLinkRequest
if err := c.ShouldBindJSON(&req); err != nil {
c.JSON(400, gin.H{"error": "invalid request"})
return
}
// Cloudflare turnstile
ok, err := turnstile.VerifyTurnstile(req.TurnstileToken, c.ClientIP())
if err != nil || !ok {
c.JSON(403, gin.H{"error": "turnstile failed"})
return
}
// Generate magic token
token, err := magiclink.NewMagicToken(req.Email)
if err != nil {
c.JSON(500, gin.H{"error": "internal error"})
return
}
link := viper.GetString("server.external_url") + "/login?ticket=" + token
// Send email using resend
resend, err := email.NewResendClient()
if err != nil {
log.Error(err)
c.JSON(500, gin.H{"status": "invilad email config"})
return
}
resend.Send(
req.Email,
"NixCN CMS Email Verify",
"Click the link below to verify your email. This link will expire in 10 minutes.
"+link+"",
)
c.JSON(200, gin.H{"status": "magic link sent"})
}
func VerifyMagicLink(c *gin.Context) {
// Get token from url
token := c.Query("token")
if token == "" {
c.JSON(400, gin.H{"error": "missing token"})
return
}
// Verify email token
email, ok := magiclink.VerifyMagicToken(token)
if !ok {
c.JSON(401, gin.H{"error": "invalid or expired token"})
return
}
// Generate jwt
userInfo := new(data.User)
err := userInfo.GetByEmail(email)
if err != nil {
c.JSON(http.StatusUnauthorized, gin.H{"status": "user not found"})
}
jwtToken, _ := jwt.GenerateToken(userInfo.UserId, "application")
c.JSON(200, gin.H{
"jwt_token": jwtToken,
"email": email,
})
}