/* ScheduleTogether Backend Copyright (C) 2024, Zervó Zadachin DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. This program is free software: you can redistribute it and/or modify it under the terms of the GNU Affero General Public License version 3 as published by the Free Software Foundation. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License version 3 for more details. This program incorporates external libraries for certain functionalities. These libraries are covered by their respective licenses, and their usage agreements are as outlined in their respective documentation or source code. You should have received a copy of the GNU Affero General Public License along with this program. If not, see . */ package accounts import ( "errors" "regexp" "github.com/google/uuid" "github.com/kataras/iris/v12" "github.com/kataras/iris/v12/middleware/jwt" "gorm.io/gorm" db "git.zervo.org/scheduletogether/backend/internal/database" "git.zervo.org/scheduletogether/backend/pkg/helpers/logging" "git.zervo.org/scheduletogether/backend/pkg/helpers/validation" "git.zervo.org/scheduletogether/backend/pkg/types" ) var logboi = logging.NewLogger("api.services.accounts") // Reusable user account register/update request validation function func validateUserProperties(ctx iris.Context, request types.AccountRegisterRequest) error { // Validate email if err := validation.ValidateEmail(request.Email); err != nil { ctx.StatusCode(iris.StatusBadRequest) ctx.JSON(types.UserRegisterFieldValidationErrorResponse{ ValidationFailed: true, Email: "Provided email address is not valid", }) return errors.New("validation failed") } // Check if email already exists in database var existingEmailUser db.User err := db.Db.Where("email = ?", request.Email).First(&existingEmailUser).Error if err != gorm.ErrRecordNotFound { ctx.StatusCode(iris.StatusBadRequest) ctx.JSON(types.UserRegisterFieldValidationErrorResponse{ ValidationFailed: true, Email: "This email address is already in use by another account", }) return errors.New("validation failed") } // Validate firstName if len(request.FirstName) > 50 { ctx.StatusCode(iris.StatusBadRequest) ctx.JSON(types.UserRegisterFieldValidationErrorResponse{ ValidationFailed: true, FirstName: "First name is too long", }) return errors.New("validation failed") } // Validate lastName if len(request.LastName) > 50 { ctx.StatusCode(iris.StatusBadRequest) ctx.JSON(types.UserRegisterFieldValidationErrorResponse{ ValidationFailed: true, LastName: "Last name is too long", }) return errors.New("validation failed") } // Validate username if len(request.Username) < 5 { ctx.StatusCode(iris.StatusBadRequest) ctx.JSON(types.UserRegisterFieldValidationErrorResponse{ ValidationFailed: true, Username: "Username is too short", }) return errors.New("validation failed") } if len(request.Username) > 18 { ctx.StatusCode(iris.StatusBadRequest) ctx.JSON(types.UserRegisterFieldValidationErrorResponse{ ValidationFailed: true, Username: "Username is too long", }) return errors.New("validation failed") } // Check if username already exists in database var existingUsernameUser db.User err = db.Db.Where("username = ?", request.Username).First(&existingUsernameUser).Error if err != gorm.ErrRecordNotFound { ctx.StatusCode(iris.StatusBadRequest) ctx.JSON(types.UserRegisterFieldValidationErrorResponse{ ValidationFailed: true, Username: "This username is already in use by another account", }) return errors.New("validation failed") } // Validate password if len(request.Password) < 8 { ctx.StatusCode(iris.StatusBadRequest) ctx.JSON(types.UserRegisterFieldValidationErrorResponse{ ValidationFailed: true, Password: "Password is too short (minimum 8 characters)", }) return errors.New("validation failed") } if len(request.Password) > 128 { ctx.StatusCode(iris.StatusBadRequest) ctx.JSON(types.UserRegisterFieldValidationErrorResponse{ ValidationFailed: true, Password: "Password is too long (maximum 128 characters)", }) return errors.New("validation failed") } // Check that password contains a lowercase letter if !regexp.MustCompile(`[a-z]`).MatchString(request.Password) { ctx.StatusCode(iris.StatusBadRequest) ctx.JSON(types.UserRegisterFieldValidationErrorResponse{ ValidationFailed: true, Password: "Password must contain a lowercase letter", }) return errors.New("validation failed") } // Check that password contains an uppercase letter if !regexp.MustCompile(`[A-Z]`).MatchString(request.Password) { ctx.StatusCode(iris.StatusBadRequest) ctx.JSON(types.UserRegisterFieldValidationErrorResponse{ ValidationFailed: true, Password: "Password must contain an uppercase letter", }) return errors.New("validation failed") } // Check that password contains a number if !regexp.MustCompile(`[0-9]`).MatchString(request.Password) { ctx.StatusCode(iris.StatusBadRequest) ctx.JSON(types.UserRegisterFieldValidationErrorResponse{ ValidationFailed: true, Password: "Password must contain a number", }) return errors.New("validation failed") } return nil } // generateUUID generates a new unused uuid func generateUUID() (string, error) { for { // generate a new uuid uuid, err := uuid.NewRandom() if err != nil { return "", err } // check if the uuid already exists in the users table var user db.User err = db.Db.Where("uuid = ?", uuid.String()).First(&user).Error if err != nil && err != gorm.ErrRecordNotFound { return "", err } // if the uuid does not already exist in the users table, return it if err == gorm.ErrRecordNotFound { return uuid.String(), nil } } } // GetClaims returns the current authorized client claims func GetClaims(ctx iris.Context) *types.Claims { claims := jwt.Get(ctx).(*types.Claims) return claims } // GetUserID returns the current authorized client's user id extracted from claims func GetUserID(ctx iris.Context) uint { return GetClaims(ctx).UserId }