Passport/pkg/internal/services/accounts.go

package services

import (
	"fmt"
	"github.com/rs/zerolog/log"
	"github.com/spf13/viper"
	"gorm.io/datatypes"
	"time"

	"git.solsynth.dev/hydrogen/passport/pkg/internal/database"
	"git.solsynth.dev/hydrogen/passport/pkg/internal/models"
	"github.com/google/uuid"
	"github.com/samber/lo"
	"gorm.io/gorm"
)

func GetAccount(id uint) (models.Account, error) {
	var account models.Account
	if err := database.C.Where(models.Account{
		BaseModel: models.BaseModel{ID: id},
	}).First(&account).Error; err != nil {
		return account, err
	}

	return account, nil
}

func GetAccountWithName(alias string) (models.Account, error) {
	var account models.Account
	if err := database.C.Where(models.Account{
		Name: alias,
	}).First(&account).Error; err != nil {
		return account, err
	}

	return account, nil
}

func LookupAccount(probe string) (models.Account, error) {
	var account models.Account
	if err := database.C.Where(models.Account{Name: probe}).First(&account).Error; err == nil {
		return account, nil
	}

	var contact models.AccountContact
	if err := database.C.Where(models.AccountContact{Content: probe}).First(&contact).Error; err == nil {
		if err := database.C.
			Where(models.Account{
				BaseModel: models.BaseModel{ID: contact.AccountID},
			}).First(&account).Error; err == nil {
			return account, err
		}
	}

	return account, fmt.Errorf("account was not found")
}

func CreateAccount(name, nick, email, password string) (models.Account, error) {
	user := models.Account{
		Name: name,
		Nick: nick,
		Profile: models.AccountProfile{
			Experience: 100,
		},
		Factors: []models.AuthFactor{
			{
				Type:   models.PasswordAuthFactor,
				Secret: HashPassword(password),
			},
			{
				Type:   models.EmailPasswordFactor,
				Secret: uuid.NewString()[:8],
			},
		},
		Contacts: []models.AccountContact{
			{
				Type:       models.EmailAccountContact,
				Content:    email,
				IsPrimary:  true,
				VerifiedAt: nil,
			},
		},
		PermNodes:   datatypes.JSONMap(viper.GetStringMap("permissions.default")),
		ConfirmedAt: nil,
	}

	if err := database.C.Create(&user).Error; err != nil {
		return user, err
	}

	if tk, err := NewMagicToken(models.ConfirmMagicToken, &user, nil); err != nil {
		return user, err
	} else if err := NotifyMagicToken(tk); err != nil {
		return user, err
	}

	return user, nil
}

func ConfirmAccount(code string) error {
	token, err := ValidateMagicToken(code, models.ConfirmMagicToken)
	if err != nil {
		return err
	} else if token.AccountID == nil {
		return fmt.Errorf("magic token didn't assign a valid account")
	}

	var user models.Account
	if err := database.C.Where(&models.Account{
		BaseModel: models.BaseModel{ID: *token.AccountID},
	}).First(&user).Error; err != nil {
		return err
	}

	return database.C.Transaction(func(tx *gorm.DB) error {
		user.ConfirmedAt = lo.ToPtr(time.Now())

		for k, v := range viper.GetStringMap("permissions.verified") {
			if val, ok := user.PermNodes[k]; !ok {
				user.PermNodes[k] = v
			} else if !ComparePermNode(val, v) {
				user.PermNodes[k] = v
			}
		}

		if err := database.C.Delete(&token).Error; err != nil {
			return err
		}
		if err := database.C.Save(&user).Error; err != nil {
			return err
		}

		InvalidAuthCacheWithUser(user.ID)

		return nil
	})
}

func CheckAbleToResetPassword(user models.Account) error {
	var count int64
	if err := database.C.
		Where("account_id = ?", user.ID).
		Where("expired_at < ?", time.Now()).
		Model(&models.MagicToken{}).
		Count(&count).Error; err != nil {
		return fmt.Errorf("unable to check reset password ability: %v", err)
	} else if count == 0 {
		return fmt.Errorf("you requested reset password recently")
	}

	return nil
}

func RequestResetPassword(user models.Account) error {
	if tk, err := NewMagicToken(
		models.ResetPasswordMagicToken,
		&user,
		lo.ToPtr(time.Now().Add(24*time.Hour)),
	); err != nil {
		return err
	} else if err := NotifyMagicToken(tk); err != nil {
		log.Error().
			Err(err).
			Str("code", tk.Code).
			Uint("user", user.ID).
			Msg("Failed to notify password reset magic token...")
	}

	return nil
}

func ConfirmResetPassword(code, newPassword string) error {
	token, err := ValidateMagicToken(code, models.ResetPasswordMagicToken)
	if err != nil {
		return err
	} else if token.AccountID == nil {
		return fmt.Errorf("magic token didn't assign a valid account")
	}

	factor, err := GetPasswordTypeFactor(*token.AccountID)
	if err != nil {
		factor = models.AuthFactor{
			Type:      models.PasswordAuthFactor,
			Secret:    HashPassword(newPassword),
			AccountID: *token.AccountID,
		}
	} else {
		factor.Secret = HashPassword(newPassword)
	}

	return database.C.Save(&factor).Error
}

func DeleteAccount(id uint) error {
	tx := database.C.Begin()

	for _, model := range []any{
		&models.Badge{},
		&models.RealmMember{},
		&models.AccountContact{},
		&models.AuthFactor{},
		&models.AuthTicket{},
		&models.MagicToken{},
		&models.ThirdClient{},
		&models.Notification{},
		&models.NotificationSubscriber{},
		&models.AccountFriendship{},
	} {
		if err := tx.Delete(model, "account_id = ?", id).Error; err != nil {
			tx.Rollback()
			return err
		}
	}

	if err := tx.Delete(&models.Account{}, "id = ?", id).Error; err != nil {
		tx.Rollback()
		return err
	}

	return tx.Commit().Error
}

func RecycleUnConfirmAccount() {
	var hitList []models.Account
	if err := database.C.Where("confirmed_at IS NULL").Find(&hitList).Error; err != nil {
		log.Error().Err(err).Msg("An error occurred while recycling accounts...")
		return
	}

	if len(hitList) > 0 {
		log.Info().Int("count", len(hitList)).Msg("Going to recycle those un-confirmed accounts...")
		for _, entry := range hitList {
			if err := DeleteAccount(entry.ID); err != nil {
				log.Error().Err(err).Msg("An error occurred while recycling accounts...")
			}
		}
	}
}

func SetAccountLastSeen(uid uint) error {
	var profile models.AccountProfile
	if err := database.C.Where("account_id = ?", uid).First(&profile).Error; err != nil {
		return err
	}

	profile.LastSeenAt = lo.ToPtr(time.Now())

	return database.C.Save(&profile).Error
}
:tada: Initial Commit 2024-01-06 17:56:32 +00:00			`package services`

			`import (`
:sparkles: Profiles 2024-01-28 08:17:38 +00:00			`"fmt"`
:sparkles: Recycle accounts 2024-06-26 07:52:58 +00:00			`"github.com/rs/zerolog/log"`
:sparkles: Basis perm nodes feature 2024-05-17 09:13:11 +00:00			`"github.com/spf13/viper"`
			`"gorm.io/datatypes"`
:truck: Update domain 2024-03-20 12:56:43 +00:00			`"time"`

:bug: Bug fixes on connection and package naming 2024-06-17 14:21:34 +00:00			`"git.solsynth.dev/hydrogen/passport/pkg/internal/database"`
			`"git.solsynth.dev/hydrogen/passport/pkg/internal/models"`
:sparkles: Email notification 2024-01-29 08:11:59 +00:00			`"github.com/google/uuid"`
:sparkles: Account confirm 2024-01-28 16:32:39 +00:00			`"github.com/samber/lo"`
			`"gorm.io/gorm"`
:tada: Initial Commit 2024-01-06 17:56:32 +00:00			`)`

:sparkles: Auth impl 2024-01-07 07:52:23 +00:00			`func GetAccount(id uint) (models.Account, error) {`
			`var account models.Account`
			`if err := database.C.Where(models.Account{`
			`BaseModel: models.BaseModel{ID: id},`
			`}).First(&account).Error; err != nil {`
			`return account, err`
			`}`

			`return account, nil`
			`}`

:sparkles: Status system 2024-06-26 12:05:28 +00:00			`func GetAccountWithName(alias string) (models.Account, error) {`
			`var account models.Account`
			`if err := database.C.Where(models.Account{`
			`Name: alias,`
			`}).First(&account).Error; err != nil {`
			`return account, err`
			`}`

			`return account, nil`
			`}`

:sparkles: New ticket ways 2024-04-20 11:04:33 +00:00			`func LookupAccount(probe string) (models.Account, error) {`
:tada: Initial Commit 2024-01-06 17:56:32 +00:00			`var account models.Account`
:sparkles: New ticket ways 2024-04-20 11:04:33 +00:00			`if err := database.C.Where(models.Account{Name: probe}).First(&account).Error; err == nil {`
:tada: Initial Commit 2024-01-06 17:56:32 +00:00			`return account, nil`
			`}`

			`var contact models.AccountContact`
:sparkles: New ticket ways 2024-04-20 11:04:33 +00:00			`if err := database.C.Where(models.AccountContact{Content: probe}).First(&contact).Error; err == nil {`
:tada: Initial Commit 2024-01-06 17:56:32 +00:00			`if err := database.C.`
			`Where(models.Account{`
			`BaseModel: models.BaseModel{ID: contact.AccountID},`
:sparkles: User login 2024-01-27 16:05:19 +00:00			`}).First(&account).Error; err == nil {`
:tada: Initial Commit 2024-01-06 17:56:32 +00:00			`return account, err`
			`}`
			`}`

			`return account, fmt.Errorf("account was not found")`
			`}`
:sparkles: Profiles 2024-01-28 08:17:38 +00:00
			`func CreateAccount(name, nick, email, password string) (models.Account, error) {`
			`user := models.Account{`
:sparkles: Real feel-less refresh token 2024-02-18 07:51:27 +00:00			`Name: name,`
			`Nick: nick,`
:sparkles: Profiles 2024-01-28 08:17:38 +00:00			`Profile: models.AccountProfile{`
			`Experience: 100,`
			`},`
			`Factors: []models.AuthFactor{`
			`{`
			`Type: models.PasswordAuthFactor,`
:sparkles: New ticket ways 2024-04-20 11:04:33 +00:00			`Secret: HashPassword(password),`
:sparkles: Profiles 2024-01-28 08:17:38 +00:00			`},`
:sparkles: Email notification 2024-01-29 08:11:59 +00:00			`{`
			`Type: models.EmailPasswordFactor,`
			`Secret: uuid.NewString()[:8],`
			`},`
:sparkles: Profiles 2024-01-28 08:17:38 +00:00			`},`
			`Contacts: []models.AccountContact{`
			`{`
			`Type: models.EmailAccountContact,`
			`Content: email,`
:sparkles: Email notification 2024-01-29 08:11:59 +00:00			`IsPrimary: true,`
:sparkles: Profiles 2024-01-28 08:17:38 +00:00			`VerifiedAt: nil,`
			`},`
			`},`
:sparkles: Basis perm nodes feature 2024-05-17 09:13:11 +00:00			`PermNodes: datatypes.JSONMap(viper.GetStringMap("permissions.default")),`
:sparkles: Profiles 2024-01-28 08:17:38 +00:00			`ConfirmedAt: nil,`
			`}`

			`if err := database.C.Create(&user).Error; err != nil {`
			`return user, err`
			`}`
:sparkles: Account confirm 2024-01-28 16:32:39 +00:00
			`if tk, err := NewMagicToken(models.ConfirmMagicToken, &user, nil); err != nil {`
			`return user, err`
			`} else if err := NotifyMagicToken(tk); err != nil {`
			`return user, err`
			`}`

			`return user, nil`
			`}`

			`func ConfirmAccount(code string) error {`
:sparkles: Email notification 2024-01-29 08:11:59 +00:00			`token, err := ValidateMagicToken(code, models.ConfirmMagicToken)`
			`if err != nil {`
:sparkles: Account confirm 2024-01-28 16:32:39 +00:00			`return err`
:sparkles: Reset password APIs 2024-06-30 09:01:39 +00:00			`} else if token.AccountID == nil {`
			`return fmt.Errorf("magic token didn't assign a valid account")`
:sparkles: Account confirm 2024-01-28 16:32:39 +00:00			`}`

			`var user models.Account`
			`if err := database.C.Where(&models.Account{`
:sparkles: Recycle accounts 2024-06-26 07:52:58 +00:00			`BaseModel: models.BaseModel{ID: *token.AccountID},`
:sparkles: Account confirm 2024-01-28 16:32:39 +00:00			`}).First(&user).Error; err != nil {`
			`return err`
			`}`

			`return database.C.Transaction(func(tx *gorm.DB) error {`
			`user.ConfirmedAt = lo.ToPtr(time.Now())`
:sparkles: Basis perm nodes feature 2024-05-17 09:13:11 +00:00
			`for k, v := range viper.GetStringMap("permissions.verified") {`
			`if val, ok := user.PermNodes[k]; !ok {`
			`user.PermNodes[k] = v`
:sparkles: Permission check 2024-05-17 11:24:14 +00:00			`} else if !ComparePermNode(val, v) {`
:sparkles: Basis perm nodes feature 2024-05-17 09:13:11 +00:00			`user.PermNodes[k] = v`
			`}`
			`}`
:sparkles: Account confirm 2024-01-28 16:32:39 +00:00
			`if err := database.C.Delete(&token).Error; err != nil {`
			`return err`
			`}`
			`if err := database.C.Save(&user).Error; err != nil {`
			`return err`
			`}`

:zap: In memory auth context cache 2024-05-17 11:37:58 +00:00			`InvalidAuthCacheWithUser(user.ID)`

:sparkles: Account confirm 2024-01-28 16:32:39 +00:00			`return nil`
			`})`
:sparkles: Profiles 2024-01-28 08:17:38 +00:00			`}`
:sparkles: Recycle accounts 2024-06-26 07:52:58 +00:00
:sparkles: Reset password APIs 2024-06-30 09:01:39 +00:00			`func CheckAbleToResetPassword(user models.Account) error {`
			`var count int64`
			`if err := database.C.`
			`Where("account_id = ?", user.ID).`
			`Where("expired_at < ?", time.Now()).`
			`Model(&models.MagicToken{}).`
			`Count(&count).Error; err != nil {`
			`return fmt.Errorf("unable to check reset password ability: %v", err)`
			`} else if count == 0 {`
			`return fmt.Errorf("you requested reset password recently")`
			`}`

			`return nil`
			`}`

			`func RequestResetPassword(user models.Account) error {`
			`if tk, err := NewMagicToken(`
			`models.ResetPasswordMagicToken,`
			`&user,`
			`lo.ToPtr(time.Now().Add(24*time.Hour)),`
			`); err != nil {`
			`return err`
			`} else if err := NotifyMagicToken(tk); err != nil {`
			`log.Error().`
			`Err(err).`
			`Str("code", tk.Code).`
			`Uint("user", user.ID).`
			`Msg("Failed to notify password reset magic token...")`
			`}`

			`return nil`
			`}`

			`func ConfirmResetPassword(code, newPassword string) error {`
			`token, err := ValidateMagicToken(code, models.ResetPasswordMagicToken)`
			`if err != nil {`
			`return err`
			`} else if token.AccountID == nil {`
			`return fmt.Errorf("magic token didn't assign a valid account")`
			`}`

			`factor, err := GetPasswordTypeFactor(*token.AccountID)`
			`if err != nil {`
			`factor = models.AuthFactor{`
			`Type: models.PasswordAuthFactor,`
			`Secret: HashPassword(newPassword),`
			`AccountID: *token.AccountID,`
			`}`
			`} else {`
			`factor.Secret = HashPassword(newPassword)`
			`}`

			`return database.C.Save(&factor).Error`
			`}`

:sparkles: Recycle accounts 2024-06-26 07:52:58 +00:00			`func DeleteAccount(id uint) error {`
			`tx := database.C.Begin()`

			`for _, model := range []any{`
			`&models.Badge{},`
			`&models.RealmMember{},`
			`&models.AccountContact{},`
			`&models.AuthFactor{},`
			`&models.AuthTicket{},`
			`&models.MagicToken{},`
			`&models.ThirdClient{},`
			`&models.Notification{},`
			`&models.NotificationSubscriber{},`
			`&models.AccountFriendship{},`
			`} {`
			`if err := tx.Delete(model, "account_id = ?", id).Error; err != nil {`
			`tx.Rollback()`
			`return err`
			`}`
			`}`

			`if err := tx.Delete(&models.Account{}, "id = ?", id).Error; err != nil {`
			`tx.Rollback()`
			`return err`
			`}`

			`return tx.Commit().Error`
			`}`

			`func RecycleUnConfirmAccount() {`
			`var hitList []models.Account`
			`if err := database.C.Where("confirmed_at IS NULL").Find(&hitList).Error; err != nil {`
			`log.Error().Err(err).Msg("An error occurred while recycling accounts...")`
			`return`
			`}`

			`if len(hitList) > 0 {`
			`log.Info().Int("count", len(hitList)).Msg("Going to recycle those un-confirmed accounts...")`
			`for _, entry := range hitList {`
			`if err := DeleteAccount(entry.ID); err != nil {`
			`log.Error().Err(err).Msg("An error occurred while recycling accounts...")`
			`}`
			`}`
			`}`
			`}`
:sparkles: Last seen at 2024-06-26 12:28:12 +00:00
			`func SetAccountLastSeen(uid uint) error {`
			`var profile models.AccountProfile`
			`if err := database.C.Where("account_id = ?", uid).First(&profile).Error; err != nil {`
			`return err`
			`}`

			`profile.LastSeenAt = lo.ToPtr(time.Now())`

			`return database.C.Save(&profile).Error`
			`}`