2024-07-04 11:22:03 +02:00
|
|
|
/*
|
|
|
|
ScheduleTogether Backend
|
|
|
|
Copyright (C) 2024, Marco Vitchi Thulin
|
|
|
|
|
|
|
|
DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
|
|
|
|
|
|
|
This program is free software: you can redistribute it and/or modify
|
|
|
|
it under the terms of the GNU Affero General Public License version 3
|
|
|
|
as published by the Free Software Foundation.
|
|
|
|
|
|
|
|
This program is distributed in the hope that it will be useful,
|
|
|
|
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
|
|
GNU Affero General Public License version 3 for more details.
|
|
|
|
|
|
|
|
This program incorporates external libraries for certain functionalities.
|
|
|
|
These libraries are covered by their respective licenses, and their usage
|
|
|
|
agreements are as outlined in their respective documentation or source
|
|
|
|
code.
|
|
|
|
|
|
|
|
You should have received a copy of the GNU Affero General Public License
|
|
|
|
along with this program. If not, see <http://www.gnu.org/licenses/>.
|
|
|
|
*/
|
|
|
|
|
|
|
|
package accounts
|
|
|
|
|
|
|
|
import (
|
|
|
|
"errors"
|
|
|
|
"regexp"
|
|
|
|
|
|
|
|
"github.com/google/uuid"
|
|
|
|
"github.com/kataras/iris/v12"
|
|
|
|
"github.com/kataras/iris/v12/middleware/jwt"
|
|
|
|
"gorm.io/gorm"
|
|
|
|
|
2024-07-04 11:24:16 +02:00
|
|
|
db "git.zervo.org/scheduletogether/backend/internal/database"
|
|
|
|
"git.zervo.org/scheduletogether/backend/pkg/helpers/logging"
|
|
|
|
"git.zervo.org/scheduletogether/backend/pkg/helpers/validation"
|
|
|
|
"git.zervo.org/scheduletogether/backend/pkg/types"
|
2024-07-04 11:22:03 +02:00
|
|
|
)
|
|
|
|
|
|
|
|
var logboi = logging.NewLogger("api.services.accounts")
|
|
|
|
|
|
|
|
// Reusable user account register/update request validation function
|
|
|
|
func validateUserProperties(ctx iris.Context, request types.AccountRegisterRequest) error {
|
|
|
|
// Validate email
|
|
|
|
if err := validation.ValidateEmail(request.Email); err != nil {
|
|
|
|
ctx.StatusCode(iris.StatusBadRequest)
|
|
|
|
ctx.JSON(types.UserRegisterFieldValidationErrorResponse{
|
|
|
|
ValidationFailed: true,
|
|
|
|
Email: "Provided email address is not valid",
|
|
|
|
})
|
|
|
|
return errors.New("validation failed")
|
|
|
|
}
|
|
|
|
|
|
|
|
// Check if email already exists in database
|
|
|
|
var existingEmailUser db.User
|
|
|
|
err := db.Db.Where("email = ?", request.Email).First(&existingEmailUser).Error
|
|
|
|
if err != gorm.ErrRecordNotFound {
|
|
|
|
ctx.StatusCode(iris.StatusBadRequest)
|
|
|
|
ctx.JSON(types.UserRegisterFieldValidationErrorResponse{
|
|
|
|
ValidationFailed: true,
|
|
|
|
Email: "This email address is already in use by another account",
|
|
|
|
})
|
|
|
|
return errors.New("validation failed")
|
|
|
|
}
|
|
|
|
|
|
|
|
// Validate firstName
|
|
|
|
if len(request.FirstName) > 50 {
|
|
|
|
ctx.StatusCode(iris.StatusBadRequest)
|
|
|
|
ctx.JSON(types.UserRegisterFieldValidationErrorResponse{
|
|
|
|
ValidationFailed: true,
|
|
|
|
FirstName: "First name is too long",
|
|
|
|
})
|
|
|
|
return errors.New("validation failed")
|
|
|
|
}
|
|
|
|
|
|
|
|
// Validate lastName
|
|
|
|
if len(request.LastName) > 50 {
|
|
|
|
ctx.StatusCode(iris.StatusBadRequest)
|
|
|
|
ctx.JSON(types.UserRegisterFieldValidationErrorResponse{
|
|
|
|
ValidationFailed: true,
|
|
|
|
LastName: "Last name is too long",
|
|
|
|
})
|
|
|
|
return errors.New("validation failed")
|
|
|
|
}
|
|
|
|
|
|
|
|
// Validate username
|
|
|
|
if len(request.Username) < 5 {
|
|
|
|
ctx.StatusCode(iris.StatusBadRequest)
|
|
|
|
ctx.JSON(types.UserRegisterFieldValidationErrorResponse{
|
|
|
|
ValidationFailed: true,
|
|
|
|
Username: "Username is too short",
|
|
|
|
})
|
|
|
|
return errors.New("validation failed")
|
|
|
|
}
|
|
|
|
|
2024-08-11 00:23:15 +02:00
|
|
|
if len(request.Username) > 18 {
|
2024-07-04 11:22:03 +02:00
|
|
|
ctx.StatusCode(iris.StatusBadRequest)
|
|
|
|
ctx.JSON(types.UserRegisterFieldValidationErrorResponse{
|
|
|
|
ValidationFailed: true,
|
|
|
|
Username: "Username is too long",
|
|
|
|
})
|
|
|
|
return errors.New("validation failed")
|
|
|
|
}
|
|
|
|
|
|
|
|
// Check if username already exists in database
|
|
|
|
var existingUsernameUser db.User
|
|
|
|
err = db.Db.Where("username = ?", request.Username).First(&existingUsernameUser).Error
|
|
|
|
if err != gorm.ErrRecordNotFound {
|
|
|
|
ctx.StatusCode(iris.StatusBadRequest)
|
|
|
|
ctx.JSON(types.UserRegisterFieldValidationErrorResponse{
|
|
|
|
ValidationFailed: true,
|
|
|
|
Username: "This username is already in use by another account",
|
|
|
|
})
|
|
|
|
return errors.New("validation failed")
|
|
|
|
}
|
|
|
|
|
|
|
|
// Validate password
|
|
|
|
if len(request.Password) < 8 {
|
|
|
|
ctx.StatusCode(iris.StatusBadRequest)
|
|
|
|
ctx.JSON(types.UserRegisterFieldValidationErrorResponse{
|
|
|
|
ValidationFailed: true,
|
|
|
|
Password: "Password is too short (minimum 8 characters)",
|
|
|
|
})
|
|
|
|
return errors.New("validation failed")
|
|
|
|
}
|
|
|
|
|
|
|
|
if len(request.Password) > 128 {
|
|
|
|
ctx.StatusCode(iris.StatusBadRequest)
|
|
|
|
ctx.JSON(types.UserRegisterFieldValidationErrorResponse{
|
|
|
|
ValidationFailed: true,
|
|
|
|
Password: "Password is too long (maximum 128 characters)",
|
|
|
|
})
|
|
|
|
return errors.New("validation failed")
|
|
|
|
}
|
|
|
|
|
|
|
|
// Check that password contains a lowercase letter
|
|
|
|
if !regexp.MustCompile(`[a-z]`).MatchString(request.Password) {
|
|
|
|
ctx.StatusCode(iris.StatusBadRequest)
|
|
|
|
ctx.JSON(types.UserRegisterFieldValidationErrorResponse{
|
|
|
|
ValidationFailed: true,
|
|
|
|
Password: "Password must contain a lowercase letter",
|
|
|
|
})
|
|
|
|
return errors.New("validation failed")
|
|
|
|
}
|
|
|
|
|
|
|
|
// Check that password contains an uppercase letter
|
|
|
|
if !regexp.MustCompile(`[A-Z]`).MatchString(request.Password) {
|
|
|
|
ctx.StatusCode(iris.StatusBadRequest)
|
|
|
|
ctx.JSON(types.UserRegisterFieldValidationErrorResponse{
|
|
|
|
ValidationFailed: true,
|
|
|
|
Password: "Password must contain an uppercase letter",
|
|
|
|
})
|
|
|
|
return errors.New("validation failed")
|
|
|
|
}
|
|
|
|
|
|
|
|
// Check that password contains a number
|
|
|
|
if !regexp.MustCompile(`[0-9]`).MatchString(request.Password) {
|
|
|
|
ctx.StatusCode(iris.StatusBadRequest)
|
|
|
|
ctx.JSON(types.UserRegisterFieldValidationErrorResponse{
|
|
|
|
ValidationFailed: true,
|
|
|
|
Password: "Password must contain a number",
|
|
|
|
})
|
|
|
|
return errors.New("validation failed")
|
|
|
|
}
|
|
|
|
|
|
|
|
return nil
|
|
|
|
}
|
|
|
|
|
|
|
|
// generateUUID generates a new unused uuid
|
|
|
|
func generateUUID() (string, error) {
|
|
|
|
for {
|
|
|
|
// generate a new uuid
|
|
|
|
uuid, err := uuid.NewRandom()
|
|
|
|
if err != nil {
|
|
|
|
return "", err
|
|
|
|
}
|
|
|
|
|
|
|
|
// check if the uuid already exists in the users table
|
|
|
|
var user db.User
|
|
|
|
err = db.Db.Where("uuid = ?", uuid.String()).First(&user).Error
|
|
|
|
if err != nil && err != gorm.ErrRecordNotFound {
|
|
|
|
return "", err
|
|
|
|
}
|
|
|
|
|
|
|
|
// if the uuid does not already exist in the users table, return it
|
|
|
|
if err == gorm.ErrRecordNotFound {
|
|
|
|
return uuid.String(), nil
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
// GetClaims returns the current authorized client claims
|
|
|
|
func GetClaims(ctx iris.Context) *types.Claims {
|
|
|
|
claims := jwt.Get(ctx).(*types.Claims)
|
|
|
|
return claims
|
|
|
|
}
|
|
|
|
|
|
|
|
// GetUserID returns the current authorized client's user id extracted from claims
|
|
|
|
func GetUserID(ctx iris.Context) uint {
|
|
|
|
return GetClaims(ctx).UserId
|
|
|
|
}
|