Initial commit
This commit is contained in:
@@ -0,0 +1,95 @@
|
||||
package auth
|
||||
|
||||
import (
|
||||
"context"
|
||||
"crypto/rand"
|
||||
"encoding/hex"
|
||||
"errors"
|
||||
"time"
|
||||
|
||||
"go.mongodb.org/mongo-driver/v2/bson"
|
||||
"go.mongodb.org/mongo-driver/v2/mongo"
|
||||
"golang.org/x/crypto/bcrypt"
|
||||
|
||||
"logjensticks/internal/db"
|
||||
)
|
||||
|
||||
var ErrInvalidCredentials = errors.New("invalid username or password")
|
||||
var ErrSessionNotFound = errors.New("session not found or expired")
|
||||
|
||||
type User struct {
|
||||
Username string `bson:"username"`
|
||||
PasswordHash string `bson:"password_hash"`
|
||||
Role string `bson:"role"`
|
||||
}
|
||||
|
||||
type Session struct {
|
||||
Token string `bson:"token"`
|
||||
Username string `bson:"username"`
|
||||
Role string `bson:"role"`
|
||||
ExpiresAt time.Time `bson:"expires_at"`
|
||||
}
|
||||
|
||||
// Login verifies credentials, creates a session, and returns the session token.
|
||||
func Login(ctx context.Context, dbc *db.Client, username, password string) (string, *Session, error) {
|
||||
var user User
|
||||
err := dbc.Users().FindOne(ctx, bson.D{{Key: "username", Value: username}}).Decode(&user)
|
||||
if errors.Is(err, mongo.ErrNoDocuments) {
|
||||
return "", nil, ErrInvalidCredentials
|
||||
}
|
||||
if err != nil {
|
||||
return "", nil, err
|
||||
}
|
||||
|
||||
if err := bcrypt.CompareHashAndPassword([]byte(user.PasswordHash), []byte(password)); err != nil {
|
||||
return "", nil, ErrInvalidCredentials
|
||||
}
|
||||
|
||||
token, err := generateToken()
|
||||
if err != nil {
|
||||
return "", nil, err
|
||||
}
|
||||
|
||||
session := Session{
|
||||
Token: token,
|
||||
Username: user.Username,
|
||||
Role: user.Role,
|
||||
ExpiresAt: time.Now().UTC().Add(db.SessionTTL),
|
||||
}
|
||||
|
||||
if _, err := dbc.Sessions().InsertOne(ctx, session); err != nil {
|
||||
return "", nil, err
|
||||
}
|
||||
|
||||
return token, &session, nil
|
||||
}
|
||||
|
||||
// ValidateSession looks up a session by token and confirms it has not expired.
|
||||
func ValidateSession(ctx context.Context, dbc *db.Client, token string) (*Session, error) {
|
||||
var session Session
|
||||
err := dbc.Sessions().FindOne(ctx, bson.D{{Key: "token", Value: token}}).Decode(&session)
|
||||
if errors.Is(err, mongo.ErrNoDocuments) {
|
||||
return nil, ErrSessionNotFound
|
||||
}
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
if time.Now().After(session.ExpiresAt) {
|
||||
return nil, ErrSessionNotFound
|
||||
}
|
||||
return &session, nil
|
||||
}
|
||||
|
||||
// DeleteSession removes a session document (used on logout).
|
||||
func DeleteSession(ctx context.Context, dbc *db.Client, token string) error {
|
||||
_, err := dbc.Sessions().DeleteOne(ctx, bson.D{{Key: "token", Value: token}})
|
||||
return err
|
||||
}
|
||||
|
||||
func generateToken() (string, error) {
|
||||
b := make([]byte, 32)
|
||||
if _, err := rand.Read(b); err != nil {
|
||||
return "", err
|
||||
}
|
||||
return hex.EncodeToString(b), nil
|
||||
}
|
||||
Reference in New Issue
Block a user