Passport/pkg/internal/services/factors.go

package services

import (
	"fmt"
	"git.solsynth.dev/hypernet/nexus/pkg/nex/localize"
	"strings"
	"time"

	"git.solsynth.dev/hypernet/passport/pkg/authkit/models"
	"git.solsynth.dev/hypernet/passport/pkg/internal/database"
	"git.solsynth.dev/hypernet/passport/pkg/internal/gap"
	"git.solsynth.dev/hypernet/pusher/pkg/pushkit"
	"github.com/google/uuid"
	"github.com/nats-io/nats.go"
	"github.com/pquerna/otp/totp"
	"github.com/rs/zerolog/log"
	"github.com/samber/lo"
	"github.com/spf13/viper"
)

func GetPasswordTypeFactor(userId uint) (models.AuthFactor, error) {
	var factor models.AuthFactor
	err := database.C.Where(models.AuthFactor{
		Type:      models.PasswordAuthFactor,
		AccountID: userId,
	}).First(&factor).Error

	return factor, err
}

func GetFactor(id uint) (models.AuthFactor, error) {
	var factor models.AuthFactor
	err := database.C.Where(models.AuthFactor{
		BaseModel: models.BaseModel{ID: id},
	}).First(&factor).Error

	return factor, err
}

func ListUserFactor(userId uint) ([]models.AuthFactor, error) {
	var factors []models.AuthFactor
	err := database.C.Where(models.AuthFactor{
		AccountID: userId,
	}).Find(&factors).Error

	return factors, err
}

func CountUserFactor(userId uint) int64 {
	var count int64
	database.C.Where(models.AuthFactor{
		AccountID: userId,
	}).Model(&models.AuthFactor{}).Count(&count)

	return count
}

func GetFactorCode(factor models.AuthFactor, ip string) (bool, error) {
	switch factor.Type {
	case models.InAppNotifyFactor:
		var user models.Account
		if err := database.C.Where(&models.Account{
			BaseModel: models.BaseModel{ID: factor.AccountID},
		}).First(&user).Error; err != nil {
			return true, err
		}

		secret := uuid.NewString()[:6]

		identifier := fmt.Sprintf("%s%d", gap.FactorOtpPrefix, factor.ID)
		_, err := gap.Jt.Publish(identifier, []byte(secret))
		if err != nil {
			return true, fmt.Errorf("error during publish message: %v", err)
		} else {
			log.Info().Uint("factor", factor.ID).Str("secret", secret).Msg("Published one-time-password to JetStream...")
		}

		err = PushNotification(models.Notification{
			Topic:     "passport.security.otp",
			Title:     localize.L.GetLocalizedString("subjectLoginOneTimePassword", user.Language),
			Body:      fmt.Sprintf(localize.L.GetLocalizedString("shortBodyLoginOneTimePassword", user.Language), secret),
			Account:   user,
			AccountID: user.ID,
			Metadata:  map[string]any{"secret": secret},
		}, true)
		if err != nil {
			log.Warn().Err(err).Uint("factor", factor.ID).Msg("Failed to delivery one-time-password via notify...")
			return true, nil
		}
		return true, nil
	case models.EmailPasswordFactor:
		var user models.Account
		if err := database.C.Where(&models.Account{
			BaseModel: models.BaseModel{ID: factor.AccountID},
		}).Preload("Contacts").First(&user).Error; err != nil {
			return true, err
		}

		secret := uuid.NewString()[:6]

		identifier := fmt.Sprintf("%s%d", gap.FactorOtpPrefix, factor.ID)
		_, err := gap.Jt.Publish(identifier, []byte(secret))
		if err != nil {
			return true, fmt.Errorf("error during publish message: %v", err)
		} else {
			log.Info().Uint("factor", factor.ID).Str("secret", secret).Msg("Published one-time-password to JetStream...")
		}

		subject := fmt.Sprintf("[%s] %s", viper.GetString("name"), localize.L.GetLocalizedString("subjectLoginOneTimePassword", user.Language))

		content := localize.L.RenderLocalizedTemplateHTML("email-otp.tmpl", user.Language, map[string]any{
			"Code": secret,
			"User": user,
			"IP":   ip,
			"Date": time.Now().Format(time.DateTime),
		})

		err = gap.Px.PushEmail(pushkit.EmailDeliverRequest{
			To: user.GetPrimaryEmail().Content,
			Email: pushkit.EmailData{
				Subject: subject,
				HTML:    &content,
			},
		})
		if err != nil {
			log.Warn().Err(err).Uint("factor", factor.ID).Msg("Failed to delivery one-time-password via mail...")
			return true, nil
		}
		return true, nil
	default:
		return false, nil
	}
}

func CheckFactor(factor models.AuthFactor, code string) error {
	switch factor.Type {
	case models.PasswordAuthFactor:
		return lo.Ternary(
			VerifyPassword(code, factor.Secret),
			nil,
			fmt.Errorf("invalid password"),
		)
	case models.TimeOtpFactor:
		return lo.Ternary(
			totp.Validate(code, factor.Secret),
			nil,
			fmt.Errorf("invalid verification code"),
		)
	case models.InAppNotifyFactor:
	case models.EmailPasswordFactor:
		identifier := fmt.Sprintf("%s%d", gap.FactorOtpPrefix, factor.ID)
		sub, err := gap.Jt.PullSubscribe(identifier, "otp_validator", nats.BindStream("OTPs"))
		if err != nil {
			log.Error().Err(err).Msg("Error subscribing to subject when validating factor code...")
			return fmt.Errorf("error subscribing to subject: %v", err)
		}
		defer sub.Unsubscribe()

		msgs, err := sub.Fetch(1, nats.MaxWait(3*time.Second))
		if err != nil {
			log.Error().Err(err).Msg("Error fetching message when validating factor code...")
			return fmt.Errorf("error fetching message: %v", err)
		}

		if len(msgs) > 0 {
			msg := msgs[0]
			if !strings.EqualFold(code, string(msg.Data)) {
				return fmt.Errorf("invalid verification code")
			}
			log.Info().Uint("factor", factor.ID).Str("secret", code).Msg("Verified one-time-password...")
			if err := msg.AckSync(); err != nil {
				log.Warn().Err(err).Uint("factor", factor.ID).Msg("Failed to acknowledge message when validating factor code...")
			}
			return nil
		}

		return fmt.Errorf("one-time-password not found or expired")
	}

	return nil
}
:tada: Initial Commit 2024-01-07 01:56:32 +08:00			`package services`

			`import (`
:sparkles: Sign in 2024-03-12 23:23:16 +08:00			`"fmt"`
:recycle: Replace i18n services with nexus one 2025-02-02 14:28:03 +08:00			`"git.solsynth.dev/hypernet/nexus/pkg/nex/localize"`
:recycle: Use nats jetstream instead of database to store otp 2025-01-27 15:43:24 +08:00			`"strings"`
			`"time"`

:truck: Update package name from Hypdrogen to Hypernet 2024-10-31 20:38:50 +08:00			`"git.solsynth.dev/hypernet/passport/pkg/authkit/models"`
			`"git.solsynth.dev/hypernet/passport/pkg/internal/database"`
			`"git.solsynth.dev/hypernet/passport/pkg/internal/gap"`
:recycle: All parts into nexus 2024-10-27 00:06:23 +08:00			`"git.solsynth.dev/hypernet/pusher/pkg/pushkit"`
:sparkles: Email notification 2024-01-29 16:11:59 +08:00			`"github.com/google/uuid"`
:recycle: Use nats jetstream instead of database to store otp 2025-01-27 15:43:24 +08:00			`"github.com/nats-io/nats.go"`
:sparkles: Impl for totp code, and in app notify factor 2025-01-28 18:20:18 +08:00			`"github.com/pquerna/otp/totp"`
:recycle: All parts into nexus 2024-10-27 00:06:23 +08:00			`"github.com/rs/zerolog/log"`
			`"github.com/samber/lo"`
:sparkles: Email notification 2024-01-29 16:11:59 +08:00			`"github.com/spf13/viper"`
:tada: Initial Commit 2024-01-07 01:56:32 +08:00			`)`

:sparkles: An entire complete sign in user flow 2024-04-21 01:33:42 +08:00			`func GetPasswordTypeFactor(userId uint) (models.AuthFactor, error) {`
:sparkles: New ticket ways 2024-04-20 19:04:33 +08:00			`var factor models.AuthFactor`
			`err := database.C.Where(models.AuthFactor{`
			`Type: models.PasswordAuthFactor,`
			`AccountID: userId,`
			`}).First(&factor).Error`

			`return factor, err`
			`}`

			`func GetFactor(id uint) (models.AuthFactor, error) {`
:tada: Initial Commit 2024-01-07 01:56:32 +08:00			`var factor models.AuthFactor`
			`err := database.C.Where(models.AuthFactor{`
			`BaseModel: models.BaseModel{ID: id},`
			`}).First(&factor).Error`

			`return factor, err`
			`}`

:sparkles: New ticket ways 2024-04-20 19:04:33 +08:00			`func ListUserFactor(userId uint) ([]models.AuthFactor, error) {`
:tada: Initial Commit 2024-01-07 01:56:32 +08:00			`var factors []models.AuthFactor`
			`err := database.C.Where(models.AuthFactor{`
:sparkles: New ticket ways 2024-04-20 19:04:33 +08:00			`AccountID: userId,`
:tada: Initial Commit 2024-01-07 01:56:32 +08:00			`}).Find(&factors).Error`

			`return factors, err`
			`}`
:sparkles: Email notification 2024-01-29 16:11:59 +08:00
:sparkles: An entire complete sign in user flow 2024-04-21 01:33:42 +08:00			`func CountUserFactor(userId uint) int64 {`
			`var count int64`
			`database.C.Where(models.AuthFactor{`
			`AccountID: userId,`
			`}).Model(&models.AuthFactor{}).Count(&count)`

			`return count`
			`}`

:sparkles: Push email & notification localization 2025-02-01 17:53:21 +08:00			`func GetFactorCode(factor models.AuthFactor, ip string) (bool, error) {`
:sparkles: Email notification 2024-01-29 16:11:59 +08:00			`switch factor.Type {`
:sparkles: Impl for totp code, and in app notify factor 2025-01-28 18:20:18 +08:00			`case models.InAppNotifyFactor:`
			`var user models.Account`
			`if err := database.C.Where(&models.Account{`
			`BaseModel: models.BaseModel{ID: factor.AccountID},`
			`}).First(&user).Error; err != nil {`
			`return true, err`
			`}`

			`secret := uuid.NewString()[:6]`

			`identifier := fmt.Sprintf("%s%d", gap.FactorOtpPrefix, factor.ID)`
			`_, err := gap.Jt.Publish(identifier, []byte(secret))`
			`if err != nil {`
			`return true, fmt.Errorf("error during publish message: %v", err)`
			`} else {`
			`log.Info().Uint("factor", factor.ID).Str("secret", secret).Msg("Published one-time-password to JetStream...")`
			`}`

			`err = PushNotification(models.Notification{`
			`Topic: "passport.security.otp",`
:recycle: Replace i18n services with nexus one 2025-02-02 14:28:03 +08:00			`Title: localize.L.GetLocalizedString("subjectLoginOneTimePassword", user.Language),`
			`Body: fmt.Sprintf(localize.L.GetLocalizedString("shortBodyLoginOneTimePassword", user.Language), secret),`
:sparkles: Impl for totp code, and in app notify factor 2025-01-28 18:20:18 +08:00			`Account: user,`
			`AccountID: user.ID,`
:sparkles: Push email & notification localization 2025-02-01 17:53:21 +08:00			`Metadata: map[string]any{"secret": secret},`
:sparkles: Impl for totp code, and in app notify factor 2025-01-28 18:20:18 +08:00			`}, true)`
			`if err != nil {`
			`log.Warn().Err(err).Uint("factor", factor.ID).Msg("Failed to delivery one-time-password via notify...")`
			`return true, nil`
			`}`
			`return true, nil`
:sparkles: Email notification 2024-01-29 16:11:59 +08:00			`case models.EmailPasswordFactor:`
			`var user models.Account`
			`if err := database.C.Where(&models.Account{`
			`BaseModel: models.BaseModel{ID: factor.AccountID},`
			`}).Preload("Contacts").First(&user).Error; err != nil {`
			`return true, err`
			`}`

:recycle: Use nats jetstream instead of database to store otp 2025-01-27 15:43:24 +08:00			`secret := uuid.NewString()[:6]`

			`identifier := fmt.Sprintf("%s%d", gap.FactorOtpPrefix, factor.ID)`
			`_, err := gap.Jt.Publish(identifier, []byte(secret))`
			`if err != nil {`
			`return true, fmt.Errorf("error during publish message: %v", err)`
			`} else {`
			`log.Info().Uint("factor", factor.ID).Str("secret", secret).Msg("Published one-time-password to JetStream...")`
:sparkles: Email notification 2024-01-29 16:11:59 +08:00			`}`

:recycle: Replace i18n services with nexus one 2025-02-02 14:28:03 +08:00			`subject := fmt.Sprintf("[%s] %s", viper.GetString("name"), localize.L.GetLocalizedString("subjectLoginOneTimePassword", user.Language))`
:sparkles: Push email & notification localization 2025-02-01 17:53:21 +08:00
:recycle: Replace i18n services with nexus one 2025-02-02 14:28:03 +08:00			`content := localize.L.RenderLocalizedTemplateHTML("email-otp.tmpl", user.Language, map[string]any{`
:sparkles: Push email & notification localization 2025-02-01 17:53:21 +08:00			`"Code": secret,`
			`"User": user,`
			`"IP": ip,`
			`"Date": time.Now().Format(time.DateTime),`
			`})`
:recycle: Use dealer postman instead of built-in feature to deliver email and notify 2024-07-21 14:22:54 +08:00
:recycle: Use nats jetstream instead of database to store otp 2025-01-27 15:43:24 +08:00			`err = gap.Px.PushEmail(pushkit.EmailDeliverRequest{`
:recycle: Use dealer postman instead of built-in feature to deliver email and notify 2024-07-21 14:22:54 +08:00			`To: user.GetPrimaryEmail().Content,`
:recycle: All parts into nexus 2024-10-27 00:06:23 +08:00			`Email: pushkit.EmailData{`
			`Subject: subject,`
:bug: Fix email html rendering 2025-02-01 18:27:57 +08:00			`HTML: &content,`
:recycle: Use dealer postman instead of built-in feature to deliver email and notify 2024-07-21 14:22:54 +08:00			`},`
			`})`
			`if err != nil {`
:sparkles: Status system 2024-06-26 20:05:28 +08:00			`log.Warn().Err(err).Uint("factor", factor.ID).Msg("Failed to delivery one-time-password via mail...")`
			`return true, nil`
:sparkles: Email notification 2024-01-29 16:11:59 +08:00			`}`
			`return true, nil`
			`default:`
			`return false, nil`
			`}`
			`}`
:sparkles: New ticket ways 2024-04-20 19:04:33 +08:00
			`func CheckFactor(factor models.AuthFactor, code string) error {`
			`switch factor.Type {`
			`case models.PasswordAuthFactor:`
			`return lo.Ternary(`
			`VerifyPassword(code, factor.Secret),`
			`nil,`
			`fmt.Errorf("invalid password"),`
			`)`
:sparkles: Impl for totp code, and in app notify factor 2025-01-28 18:20:18 +08:00			`case models.TimeOtpFactor:`
:sparkles: Push email & notification localization 2025-02-01 17:53:21 +08:00			`return lo.Ternary(`
:sparkles: Impl for totp code, and in app notify factor 2025-01-28 18:20:18 +08:00			`totp.Validate(code, factor.Secret),`
			`nil,`
			`fmt.Errorf("invalid verification code"),`
			`)`
			`case models.InAppNotifyFactor:`
:sparkles: New ticket ways 2024-04-20 19:04:33 +08:00			`case models.EmailPasswordFactor:`
:recycle: Use nats jetstream instead of database to store otp 2025-01-27 15:43:24 +08:00			`identifier := fmt.Sprintf("%s%d", gap.FactorOtpPrefix, factor.ID)`
:bug: Trying to fix nats: subject does not match consumer 2025-01-27 16:12:09 +08:00			`sub, err := gap.Jt.PullSubscribe(identifier, "otp_validator", nats.BindStream("OTPs"))`
:recycle: Use nats jetstream instead of database to store otp 2025-01-27 15:43:24 +08:00			`if err != nil {`
			`log.Error().Err(err).Msg("Error subscribing to subject when validating factor code...")`
			`return fmt.Errorf("error subscribing to subject: %v", err)`
			`}`
:bug: Unsubscribe the stream after used the stream to validate code 2025-01-27 16:31:15 +08:00			`defer sub.Unsubscribe()`
:recycle: Use nats jetstream instead of database to store otp 2025-01-27 15:43:24 +08:00
:bug: Fix nats option durable set more than once 2025-01-27 15:53:34 +08:00			`msgs, err := sub.Fetch(1, nats.MaxWait(3*time.Second))`
:recycle: Use nats jetstream instead of database to store otp 2025-01-27 15:43:24 +08:00			`if err != nil {`
			`log.Error().Err(err).Msg("Error fetching message when validating factor code...")`
			`return fmt.Errorf("error fetching message: %v", err)`
			`}`

			`if len(msgs) > 0 {`
			`msg := msgs[0]`
			`if !strings.EqualFold(code, string(msg.Data)) {`
			`return fmt.Errorf("invalid verification code")`
			`}`
			`log.Info().Uint("factor", factor.ID).Str("secret", code).Msg("Verified one-time-password...")`
:bug: Trying to fix ack message issue 2025-01-27 16:39:14 +08:00			`if err := msg.AckSync(); err != nil {`
			`log.Warn().Err(err).Uint("factor", factor.ID).Msg("Failed to acknowledge message when validating factor code...")`
			`}`
:recycle: Use nats jetstream instead of database to store otp 2025-01-27 15:43:24 +08:00			`return nil`
			`}`

			`return fmt.Errorf("one-time-password not found or expired")`
:sparkles: New ticket ways 2024-04-20 19:04:33 +08:00			`}`

			`return nil`
			`}`