forked from nixcn/nixcn-cms
127 lines
2.8 KiB
Go
127 lines
2.8 KiB
Go
package auth
|
|
|
|
import (
|
|
"nixcn-cms/data"
|
|
"nixcn-cms/internal/cryptography"
|
|
"nixcn-cms/pkgs/email"
|
|
"nixcn-cms/pkgs/magiclink"
|
|
"nixcn-cms/pkgs/turnstile"
|
|
|
|
"github.com/google/uuid"
|
|
log "github.com/sirupsen/logrus"
|
|
"gorm.io/gorm"
|
|
|
|
"github.com/gin-gonic/gin"
|
|
"github.com/spf13/viper"
|
|
)
|
|
|
|
type MagicLinkRequest struct {
|
|
Email string `json:"email" binding:"required,email"`
|
|
TurnstileToken string `json:"turnstile_token" binding:"required"`
|
|
}
|
|
|
|
func RequestMagicLink(c *gin.Context) {
|
|
// Parse request
|
|
var req MagicLinkRequest
|
|
if err := c.ShouldBindJSON(&req); err != nil {
|
|
c.JSON(400, gin.H{"error": "invalid request"})
|
|
return
|
|
}
|
|
|
|
// Cloudflare turnstile
|
|
ok, err := turnstile.VerifyTurnstile(req.TurnstileToken, c.ClientIP())
|
|
if err != nil || !ok {
|
|
c.JSON(403, gin.H{"error": "turnstile failed"})
|
|
return
|
|
}
|
|
|
|
// Generate magic token
|
|
token, err := magiclink.NewMagicToken(req.Email)
|
|
if err != nil {
|
|
c.JSON(500, gin.H{"error": "internal error"})
|
|
return
|
|
}
|
|
|
|
link := viper.GetString("server.external_url") + "/login?ticket=" + token
|
|
|
|
// Send email using resend
|
|
resend, err := email.NewResendClient()
|
|
if err != nil {
|
|
log.Error(err)
|
|
c.JSON(500, gin.H{"status": "invilad email config"})
|
|
return
|
|
}
|
|
resend.Send(
|
|
req.Email,
|
|
"NixCN CMS Email Verify",
|
|
"<p>Click the link below to verify your email. This link will expire in 10 minutes.</p><a href="+link+">"+link+"</a>",
|
|
)
|
|
|
|
c.JSON(200, gin.H{"status": "magic link sent"})
|
|
}
|
|
|
|
func VerifyMagicLink(c *gin.Context) {
|
|
// Get token from url
|
|
magicToken := c.Query("token")
|
|
if magicToken == "" {
|
|
c.JSON(400, gin.H{"error": "missing token"})
|
|
return
|
|
}
|
|
|
|
// Verify email token
|
|
email, ok := magiclink.VerifyMagicToken(magicToken)
|
|
if !ok {
|
|
c.JSON(401, gin.H{"error": "invalid or expired token"})
|
|
return
|
|
}
|
|
|
|
// Verify if user exists
|
|
user := new(data.User)
|
|
err := user.GetByEmail(email)
|
|
|
|
if err != nil {
|
|
if err == gorm.ErrRecordNotFound {
|
|
// Create user
|
|
newUUID, err := uuid.NewUUID()
|
|
if err != nil {
|
|
c.JSON(500, gin.H{"status": "internal server error"})
|
|
return
|
|
}
|
|
newUserId, err := uuid.NewUUID()
|
|
if err != nil {
|
|
c.JSON(500, gin.H{"status": "internal server error"})
|
|
return
|
|
}
|
|
user.UUID = newUUID
|
|
user.UserId = newUserId
|
|
user.Email = email
|
|
user.Type = "Normal"
|
|
user.PermissionLevel = 10
|
|
if err := user.Create(); err != nil {
|
|
c.JSON(500, gin.H{"status": "internal server error"})
|
|
return
|
|
}
|
|
} else {
|
|
c.JSON(500, gin.H{"status": "internal server error"})
|
|
return
|
|
}
|
|
}
|
|
|
|
// Generate jwt
|
|
JwtTool := cryptography.Token{
|
|
UserID: user.UserId,
|
|
Application: viper.GetString("server.application"),
|
|
}
|
|
accessToken, refreshToken, err := JwtTool.IssueTokens()
|
|
if err != nil {
|
|
c.JSON(500, gin.H{
|
|
"status": "error generating tokens",
|
|
})
|
|
}
|
|
|
|
c.JSON(200, gin.H{
|
|
"access_token": accessToken,
|
|
"refresh_token": refreshToken,
|
|
})
|
|
}
|