valitovgaziz
c5b80129d3
modified: main_dc/yalarba/api_es/internal/handler/user_handler.go modified: main_dc/yalarba/api_es/internal/middleware/auth.go modified: main_dc/yalarba/api_es/internal/router/router.go set authorization with cooky and bearer jwt token
318 lines
8.6 KiB
Go
318 lines
8.6 KiB
Go
package handler
|
|
|
|
import (
|
|
"api_es/internal/dto"
|
|
appMiddleware "api_es/internal/middleware"
|
|
"api_es/internal/service"
|
|
"api_es/internal/utils"
|
|
"api_es/pkg/logger"
|
|
"encoding/json"
|
|
"net/http"
|
|
"strconv"
|
|
|
|
"github.com/go-chi/chi/v5"
|
|
"github.com/go-playground/validator/v10"
|
|
)
|
|
|
|
type UserHandler struct {
|
|
userService service.UserService
|
|
validator *validator.Validate
|
|
}
|
|
|
|
func NewUserHandler(userService service.UserService) *UserHandler {
|
|
return &UserHandler{
|
|
userService: userService,
|
|
validator: validator.New(),
|
|
}
|
|
}
|
|
|
|
// Register godoc
|
|
// @Summary Register new user
|
|
// @Description Create a new user account
|
|
// @Tags auth
|
|
// @Accept json
|
|
// @Produce json
|
|
// @Param request body dto.RegisterRequest true "Register request"
|
|
// @Success 201 {object} dto.AuthResponse
|
|
// @Failure 400 {object} map[string]string
|
|
// @Failure 500 {object} map[string]string
|
|
// @Router /auth/register [post]
|
|
func (h *UserHandler) Register(w http.ResponseWriter, r *http.Request) {
|
|
zapLogger := logger.Get()
|
|
zapLogger.Debug("Start register")
|
|
var req dto.RegisterRequest
|
|
if err := json.NewDecoder(r.Body).Decode(&req); err != nil {
|
|
http.Error(w, "Invalid request body", http.StatusBadRequest)
|
|
return
|
|
}
|
|
|
|
if err := h.validator.Struct(req); err != nil {
|
|
http.Error(w, err.Error(), http.StatusBadRequest)
|
|
return
|
|
}
|
|
|
|
response, err := h.userService.Register(r.Context(), req)
|
|
if err != nil {
|
|
switch err {
|
|
case service.ErrUserAlreadyExists:
|
|
http.Error(w, "User already exists", http.StatusConflict)
|
|
default:
|
|
http.Error(w, "Internal server error", http.StatusInternalServerError)
|
|
}
|
|
return
|
|
}
|
|
|
|
// Устанавливаем куку с токеном
|
|
appMiddleware.SetAuthCookie(w, response.Token)
|
|
|
|
w.Header().Set("Content-Type", "application/json")
|
|
w.WriteHeader(http.StatusCreated)
|
|
zapLogger.Debug("End register")
|
|
json.NewEncoder(w).Encode(response)
|
|
}
|
|
|
|
// Login godoc
|
|
// @Summary Login user
|
|
// @Description Authenticate user and get token
|
|
// @Tags auth
|
|
// @Accept json
|
|
// @Produce json
|
|
// @Param request body dto.LoginRequest true "Login request"
|
|
// @Success 200 {object} dto.AuthResponse
|
|
// @Failure 400 {object} map[string]string
|
|
// @Failure 401 {object} map[string]string
|
|
// @Router /auth/login [post]
|
|
func (h *UserHandler) Login(w http.ResponseWriter, r *http.Request) {
|
|
zapLogger := logger.Get()
|
|
zapLogger.Debug("Start login")
|
|
var req dto.LoginRequest
|
|
if err := json.NewDecoder(r.Body).Decode(&req); err != nil {
|
|
http.Error(w, "Invalid request body", http.StatusBadRequest)
|
|
return
|
|
}
|
|
|
|
if err := h.validator.Struct(req); err != nil {
|
|
http.Error(w, err.Error(), http.StatusBadRequest)
|
|
return
|
|
}
|
|
|
|
response, err := h.userService.Login(r.Context(), req)
|
|
if err != nil {
|
|
switch err {
|
|
case service.ErrInvalidCredentials:
|
|
http.Error(w, "Invalid credentials", http.StatusUnauthorized)
|
|
default:
|
|
http.Error(w, err.Error(), http.StatusInternalServerError)
|
|
}
|
|
return
|
|
}
|
|
|
|
// Устанавливаем куку с токеном
|
|
appMiddleware.SetAuthCookie(w, response.Token)
|
|
|
|
w.Header().Set("Content-Type", "application/json")
|
|
zapLogger.Debug("End login")
|
|
json.NewEncoder(w).Encode(response)
|
|
}
|
|
|
|
// Добавляем новый метод для logout
|
|
// Logout godoc
|
|
// @Summary Logout user
|
|
// @Description Clear authentication cookies and tokens
|
|
// @Tags auth
|
|
// @Accept json
|
|
// @Produce json
|
|
// @Security BearerAuth
|
|
// @Success 200 {object} map[string]string
|
|
// @Router /auth/logout [post]
|
|
func (h *UserHandler) Logout(w http.ResponseWriter, r *http.Request) {
|
|
// Очищаем auth cookie
|
|
appMiddleware.ClearAuthCookie(w)
|
|
|
|
w.Header().Set("Content-Type", "application/json")
|
|
json.NewEncoder(w).Encode(map[string]string{
|
|
"message": "Successfully logged out",
|
|
})
|
|
}
|
|
|
|
// Добавляем метод для обновления токена
|
|
// RefreshToken godoc
|
|
// @Summary Refresh authentication token
|
|
// @Description Refresh JWT token using refresh token or existing auth
|
|
// @Tags auth
|
|
// @Accept json
|
|
// @Produce json
|
|
// @Security BearerAuth
|
|
// @Success 200 {object} dto.AuthResponse
|
|
// @Failure 401 {object} map[string]string
|
|
// @Router /auth/refresh [post]
|
|
func (h *UserHandler) RefreshToken(w http.ResponseWriter, r *http.Request) {
|
|
userID, ok := r.Context().Value(appMiddleware.UserIDKey).(uint)
|
|
if !ok {
|
|
http.Error(w, "Unauthorized", http.StatusUnauthorized)
|
|
return
|
|
}
|
|
|
|
user, err := h.userService.GetUserProfile(r.Context(), userID)
|
|
if err != nil {
|
|
http.Error(w, "User not found", http.StatusUnauthorized)
|
|
return
|
|
}
|
|
|
|
// Генерируем новый токен
|
|
// В реальном приложении здесь должна быть логика с refresh token
|
|
jwtUtil := utils.NewJWTUtil("secret")
|
|
newToken, err := jwtUtil.GenerateToken(userID, user.Email, user.Role)
|
|
if err != nil {
|
|
http.Error(w, "Failed to generate token", http.StatusInternalServerError)
|
|
return
|
|
}
|
|
|
|
// Обновляем куку
|
|
appMiddleware.SetAuthCookie(w, newToken)
|
|
|
|
response := &dto.AuthResponse{
|
|
Token: newToken,
|
|
User: *user,
|
|
}
|
|
|
|
w.Header().Set("Content-Type", "application/json")
|
|
json.NewEncoder(w).Encode(response)
|
|
}
|
|
|
|
// GetProfile godoc
|
|
// @Summary Get user profile
|
|
// @Description Get current user profile
|
|
// @Tags users
|
|
// @Accept json
|
|
// @Produce json
|
|
// @Security BearerAuth
|
|
// @Success 200 {object} dto.UserResponse
|
|
// @Failure 404 {object} map[string]string
|
|
// @Router /users/profile [get]
|
|
func (h *UserHandler) GetProfile(w http.ResponseWriter, r *http.Request) {
|
|
zapLogger := logger.Get()
|
|
zapLogger.Debug("GetProfile start debug level")
|
|
userID, ok := r.Context().Value(appMiddleware.UserIDKey).(uint)
|
|
if !ok {
|
|
http.Error(w, "Unauthorized", http.StatusUnauthorized)
|
|
return
|
|
}
|
|
|
|
user, err := h.userService.GetUserProfile(r.Context(), userID)
|
|
if err != nil {
|
|
http.Error(w, "User not found", http.StatusNotFound)
|
|
return
|
|
}
|
|
|
|
w.Header().Set("Content-Type", "application/json")
|
|
zapLogger.Debug("GetProfile end debug level")
|
|
json.NewEncoder(w).Encode(user)
|
|
}
|
|
|
|
// UpdateProfile godoc
|
|
// @Summary Update user profile
|
|
// @Description Update current user profile
|
|
// @Tags users
|
|
// @Accept json
|
|
// @Produce json
|
|
// @Security BearerAuth
|
|
// @Param request body dto.UpdateUserRequest true "Update request"
|
|
// @Success 200 {object} dto.UserResponse
|
|
// @Failure 400 {object} map[string]string
|
|
// @Router /users/profile [put]
|
|
func (h *UserHandler) UpdateProfile(w http.ResponseWriter, r *http.Request) {
|
|
userID, ok := r.Context().Value(appMiddleware.UserIDKey).(uint)
|
|
if !ok {
|
|
http.Error(w, "Unauthorized", http.StatusUnauthorized)
|
|
return
|
|
}
|
|
|
|
var req dto.UpdateUserRequest
|
|
if err := json.NewDecoder(r.Body).Decode(&req); err != nil {
|
|
http.Error(w, "Invalid request body", http.StatusBadRequest)
|
|
return
|
|
}
|
|
|
|
user, err := h.userService.UpdateUser(r.Context(), userID, req)
|
|
if err != nil {
|
|
http.Error(w, err.Error(), http.StatusInternalServerError)
|
|
return
|
|
}
|
|
|
|
w.Header().Set("Content-Type", "application/json")
|
|
json.NewEncoder(w).Encode(user)
|
|
}
|
|
|
|
// GetUser godoc
|
|
// @Summary Get user by ID
|
|
// @Description Get user details by ID (admin only)
|
|
// @Tags users
|
|
// @Accept json
|
|
// @Produce json
|
|
// @Security BearerAuth
|
|
// @Param id path int true "User ID"
|
|
// @Success 200 {object} dto.UserResponse
|
|
// @Failure 404 {object} map[string]string
|
|
// @Router /users/{id} [get]
|
|
func (h *UserHandler) GetUser(w http.ResponseWriter, r *http.Request) {
|
|
idStr := chi.URLParam(r, "id")
|
|
id, err := strconv.ParseUint(idStr, 10, 32)
|
|
if err != nil {
|
|
http.Error(w, "Invalid user ID", http.StatusBadRequest)
|
|
return
|
|
}
|
|
|
|
user, err := h.userService.GetUser(r.Context(), uint(id))
|
|
if err != nil {
|
|
http.Error(w, "User not found", http.StatusNotFound)
|
|
return
|
|
}
|
|
|
|
w.Header().Set("Content-Type", "application/json")
|
|
json.NewEncoder(w).Encode(user)
|
|
}
|
|
|
|
// ListUsers godoc
|
|
// @Summary List users
|
|
// @Description Get paginated list of users (admin only)
|
|
// @Tags users
|
|
// @Accept json
|
|
// @Produce json
|
|
// @Security BearerAuth
|
|
// @Param limit query int false "Limit" default(10)
|
|
// @Param offset query int false "Offset" default(0)
|
|
// @Success 200 {array} dto.UserResponse
|
|
// @Router /users [get]
|
|
func (h *UserHandler) ListUsers(w http.ResponseWriter, r *http.Request) {
|
|
zapLogger := logger.Get()
|
|
zapLogger.Debug("Debug start handler listUsers")
|
|
limitStr := r.URL.Query().Get("limit")
|
|
offsetStr := r.URL.Query().Get("offset")
|
|
|
|
limit := 10
|
|
offset := 0
|
|
|
|
if limitStr != "" {
|
|
if l, err := strconv.Atoi(limitStr); err == nil {
|
|
limit = l
|
|
}
|
|
}
|
|
|
|
if offsetStr != "" {
|
|
if o, err := strconv.Atoi(offsetStr); err == nil {
|
|
offset = o
|
|
}
|
|
}
|
|
|
|
users, err := h.userService.ListUsers(r.Context(), limit, offset)
|
|
if err != nil {
|
|
http.Error(w, err.Error(), http.StatusInternalServerError)
|
|
return
|
|
}
|
|
|
|
w.Header().Set("Content-Type", "application/json")
|
|
zapLogger.Debug("Debug end handler listUsers")
|
|
json.NewEncoder(w).Encode(users)
|
|
}
|