✨ An entire complete sign in user flow

pkg/server/startup.go

@@ -130,7 +130,7 @@ func NewServer() {
 		URL:        "/favicon.png",
 	}))
 
-	ui.MapUserInterface(A)
+	ui.MapUserInterface(A, authFunc)
 }
 
 func Listen() {

pkg/server/ui/accounts.go

@@ -0,0 +1,7 @@
+package ui
+
+import "github.com/gofiber/fiber/v2"
+
+func selfUserinfoPage(c *fiber.Ctx) error {
+	return c.Render("views/users/me/index", fiber.Map{})
+}

pkg/server/ui/index.go

@@ -1,13 +1,41 @@
 package ui
 
-import "github.com/gofiber/fiber/v2"
+import (
+	"fmt"
+	"git.solsynth.dev/hydrogen/passport/pkg/services"
+	"github.com/gofiber/fiber/v2"
+)
+
+func MapUserInterface(A *fiber.App, authFunc func(c *fiber.Ctx, overrides ...string) error) {
+	authCheckWare := func(c *fiber.Ctx) error {
+		var token string
+		if cookie := c.Cookies(services.CookieAccessKey); len(cookie) > 0 {
+			token = cookie
+		}
+		fmt.Println(token)
+
+		c.Locals("token", token)
+
+		if err := authFunc(c); err != nil {
+			fmt.Println(err)
+			uri := c.Request().URI().FullURI()
+			return c.Redirect(fmt.Sprintf("/sign-in?redirect_uri=%s", string(uri)))
+		} else {
+			return c.Next()
+		}
+	}
 
-func MapUserInterface(A *fiber.App) {
 	pages := A.Group("/").Name("Pages")
 
 	pages.Get("/sign-up", signupPage)
 	pages.Get("/sign-in", signinPage)
+	pages.Get("/mfa", mfaRequestPage)
+	pages.Get("/mfa/apply", mfaApplyPage)
 
 	pages.Post("/sign-up", signupAction)
 	pages.Post("/sign-in", signinAction)
+	pages.Post("/mfa", mfaRequestAction)
+	pages.Post("/mfa/apply", mfaApplyAction)
+
+	pages.Get("/users/me", authCheckWare, selfUserinfoPage)
 }

pkg/server/ui/mfa.go

@@ -0,0 +1,194 @@
+package ui
+
+import (
+	"fmt"
+	"git.solsynth.dev/hydrogen/passport/pkg/models"
+	"git.solsynth.dev/hydrogen/passport/pkg/services"
+	"git.solsynth.dev/hydrogen/passport/pkg/utils"
+	"github.com/gofiber/fiber/v2"
+	"github.com/nicksnyder/go-i18n/v2/i18n"
+	"github.com/samber/lo"
+	"github.com/sujit-baniya/flash"
+)
+
+func mfaRequestPage(c *fiber.Ctx) error {
+	ticketId := c.QueryInt("ticket", 0)
+
+	ticket, err := services.GetTicket(uint(ticketId))
+	if err != nil {
+		return flash.WithInfo(c, fiber.Map{
+			"message": "you must provide ticket id to perform multi-factor authenticate",
+		}).Redirect("/sign-in")
+	}
+	user, err := services.GetAccount(ticket.AccountID)
+	if err != nil {
+		return flash.WithInfo(c, fiber.Map{
+			"message": "ticket related user just weirdly disappear",
+		}).Redirect("/sign-in")
+	}
+	factors, err := services.ListUserFactor(user.ID)
+	if err != nil {
+		return flash.WithInfo(c, fiber.Map{
+			"message": fmt.Sprintf("unable to get your factors: %v", err.Error()),
+		}).Redirect("/sign-in")
+	}
+
+	factors = lo.Filter(factors, func(item models.AuthFactor, index int) bool {
+		return item.Type != models.PasswordAuthFactor
+	})
+
+	localizer := c.Locals("localizer").(*i18n.Localizer)
+
+	next, _ := localizer.LocalizeMessage(&i18n.Message{ID: "next"})
+	title, _ := localizer.LocalizeMessage(&i18n.Message{ID: "mfaTitle"})
+	caption, _ := localizer.LocalizeMessage(&i18n.Message{ID: "mfaCaption"})
+
+	return c.Render("views/mfa", fiber.Map{
+		"info":         flash.Get(c)["message"],
+		"redirect_uri": flash.Get(c)["redirect_uri"],
+		"ticket_id":    ticket.ID,
+		"factors": lo.Map(factors, func(item models.AuthFactor, index int) fiber.Map {
+			return fiber.Map{
+				"name": services.GetFactorName(item.Type, localizer),
+				"id":   item.ID,
+			}
+		}),
+		"i18n": fiber.Map{
+			"next":    next,
+			"title":   title,
+			"caption": caption,
+		},
+	}, "views/layouts/auth")
+}
+
+func mfaRequestAction(c *fiber.Ctx) error {
+	var data struct {
+		TicketID uint `form:"ticket_id" validate:"required"`
+		FactorID uint `form:"factor_id" validate:"required"`
+	}
+
+	redirectBackUri := "/sign-in"
+	err := utils.BindAndValidate(c, &data)
+
+	if data.TicketID > 0 {
+		redirectBackUri = fmt.Sprintf("/mfa?ticket=%d", data.TicketID)
+	}
+
+	if err != nil {
+		return flash.WithInfo(c, fiber.Map{
+			"message": err.Error(),
+		}).Redirect(redirectBackUri)
+	}
+
+	factor, err := services.GetFactor(data.FactorID)
+	if err != nil {
+		return flash.WithInfo(c, fiber.Map{
+			"message": fmt.Sprintf("factor was not found: %v", err.Error()),
+		}).Redirect(redirectBackUri)
+	}
+
+	_, err = services.GetFactorCode(factor)
+	if err != nil {
+		return flash.WithInfo(c, fiber.Map{
+			"message": fmt.Sprintf("unable to get factor code: %v", err.Error()),
+		}).Redirect(redirectBackUri)
+	}
+
+	return flash.WithData(c, fiber.Map{
+		"redirect_uri": utils.GetRedirectUri(c),
+	}).Redirect(fmt.Sprintf("/mfa/apply?ticket=%d&factor=%d", data.TicketID, factor.ID))
+}
+
+func mfaApplyPage(c *fiber.Ctx) error {
+	ticketId := c.QueryInt("ticket", 0)
+	factorId := c.QueryInt("factor", 0)
+
+	ticket, err := services.GetTicket(uint(ticketId))
+	if err != nil {
+		return flash.WithInfo(c, fiber.Map{
+			"message": fmt.Sprintf("unable to find your ticket: %v", err.Error()),
+		}).Redirect("/sign-in")
+	}
+	factor, err := services.GetFactor(uint(factorId))
+	if err != nil {
+		return flash.WithInfo(c, fiber.Map{
+			"message": fmt.Sprintf("unable to find your factors: %v", err.Error()),
+		}).Redirect("/sign-in")
+	}
+
+	localizer := c.Locals("localizer").(*i18n.Localizer)
+
+	next, _ := localizer.LocalizeMessage(&i18n.Message{ID: "next"})
+	password, _ := localizer.LocalizeMessage(&i18n.Message{ID: "password"})
+	title, _ := localizer.LocalizeMessage(&i18n.Message{ID: "mfaTitle"})
+	caption, _ := localizer.LocalizeMessage(&i18n.Message{ID: "mfaCaption"})
+
+	return c.Render("views/mfa-apply", fiber.Map{
+		"info":      flash.Get(c)["message"],
+		"label":     services.GetFactorName(factor.Type, localizer),
+		"ticket_id": ticket.ID,
+		"factor_id": factor.ID,
+		"i18n": fiber.Map{
+			"next":     next,
+			"password": password,
+			"title":    title,
+			"caption":  caption,
+		},
+	}, "views/layouts/auth")
+}
+
+func mfaApplyAction(c *fiber.Ctx) error {
+	var data struct {
+		TicketID uint   `form:"ticket_id" validate:"required"`
+		FactorID uint   `form:"factor_id" validate:"required"`
+		Code     string `form:"code" validate:"required"`
+	}
+
+	redirectBackUri := "/sign-in"
+	err := utils.BindAndValidate(c, &data)
+
+	if data.TicketID > 0 {
+		redirectBackUri = fmt.Sprintf("/mfa/apply?ticket=%d&factor=%d", data.TicketID, data.FactorID)
+	}
+
+	if err != nil {
+		return flash.WithInfo(c, fiber.Map{
+			"message": err.Error(),
+		}).Redirect(redirectBackUri)
+	}
+
+	ticket, err := services.GetTicket(data.TicketID)
+	if err != nil {
+		return flash.WithInfo(c, fiber.Map{
+			"message": fmt.Sprintf("unable to find your ticket: %v", err.Error()),
+		}).Redirect("/sign-in")
+	}
+	factor, err := services.GetFactor(data.FactorID)
+	if err != nil {
+		return flash.WithInfo(c, fiber.Map{
+			"message": fmt.Sprintf("factor was not found: %v", err.Error()),
+		}).Redirect(redirectBackUri)
+	}
+
+	ticket, err = services.ActiveTicketWithMFA(ticket, factor, data.Code)
+	if err != nil {
+		return flash.WithInfo(c, fiber.Map{
+			"message": fmt.Sprintf("invalid multi-factor authenticate code: %v", err.Error()),
+		}).Redirect(redirectBackUri)
+	} else if ticket.IsAvailable() != nil {
+		return flash.WithInfo(c, fiber.Map{
+			"message": "ticket weirdly still unavailable after multi-factor authenticate",
+		}).Redirect("/sign-in")
+	}
+
+	access, refresh, err := services.ExchangeToken(*ticket.GrantToken)
+	if err != nil {
+		return flash.WithInfo(c, fiber.Map{
+			"message": fmt.Sprintf("failed to exchange token: %v", err.Error()),
+		}).Redirect("/sign-in")
+	} else {
+		services.SetJwtCookieSet(c, access, refresh)
+	}
+
+	return c.Redirect(lo.FromPtr(utils.GetRedirectUri(c, "/users/me")))
+}

pkg/server/ui/signin.go

@@ -6,6 +6,7 @@ import (
 	"git.solsynth.dev/hydrogen/passport/pkg/utils"
 	"github.com/gofiber/fiber/v2"
 	"github.com/nicksnyder/go-i18n/v2/i18n"
+	"github.com/samber/lo"
 	"github.com/sujit-baniya/flash"
 )
 
@@ -18,9 +19,17 @@ func signinPage(c *fiber.Ctx) error {
 	signup, _ := localizer.LocalizeMessage(&i18n.Message{ID: "signupTitle"})
 	title, _ := localizer.LocalizeMessage(&i18n.Message{ID: "signinTitle"})
 	caption, _ := localizer.LocalizeMessage(&i18n.Message{ID: "signinCaption"})
+	requiredNotify, _ := localizer.LocalizeMessage(&i18n.Message{ID: "signinRequired"})
+
+	var info any
+	if flash.Get(c)["message"] != nil {
+		info = flash.Get(c)["message"]
+	} else {
+		info = requiredNotify
+	}
 
 	return c.Render("views/signin", fiber.Map{
-		"info": flash.Get(c)["message"],
+		"info": info,
 		"i18n": fiber.Map{
 			"next":     next,
 			"username": username,
@@ -66,12 +75,19 @@ func signinAction(c *fiber.Ctx) error {
 	}
 
 	if ticket.IsAvailable() != nil {
+		return flash.WithData(c, fiber.Map{
+			"redirect_uri": utils.GetRedirectUri(c),
+		}).Redirect(fmt.Sprintf("/mfa?ticket=%d", ticket.ID))
+	}
+
+	access, refresh, err := services.ExchangeToken(*ticket.GrantToken)
+	if err != nil {
 		return flash.WithInfo(c, fiber.Map{
-			"message": "multi factor authenticate required",
+			"message": fmt.Sprintf("failed to exchange token: %v", err.Error()),
 		}).Redirect("/sign-in")
 	} else {
-		return flash.WithInfo(c, fiber.Map{
-			"message": "done",
-		}).Redirect("/sign-in")
+		services.SetJwtCookieSet(c, access, refresh)
 	}
+
+	return c.Redirect(lo.FromPtr(utils.GetRedirectUri(c, "/users/me")))
 }

pkg/server/ui/signup.go

@@ -8,6 +8,7 @@ import (
 	"git.solsynth.dev/hydrogen/passport/pkg/utils"
 	"github.com/gofiber/fiber/v2"
 	"github.com/nicksnyder/go-i18n/v2/i18n"
+	"github.com/samber/lo"
 	"github.com/spf13/viper"
 	"github.com/sujit-baniya/flash"
 )
@@ -81,6 +82,6 @@ func signupAction(c *fiber.Ctx) error {
 	} else {
 		return flash.WithInfo(c, fiber.Map{
 			"message": "account has been created. now you can sign in!",
-		}).Redirect("/sign-in")
+		}).Redirect(lo.FromPtr(utils.GetRedirectUri(c, "/sign-in")))
 	}
 }