386 lines
9.4 KiB
Go
386 lines
9.4 KiB
Go
package services
|
|
|
|
import (
|
|
"context"
|
|
"fmt"
|
|
"git.solsynth.dev/hypernet/nexus/pkg/nex"
|
|
"git.solsynth.dev/hypernet/nexus/pkg/proto"
|
|
"git.solsynth.dev/hypernet/passport/pkg/authkit/models"
|
|
localCache "git.solsynth.dev/hypernet/passport/pkg/internal/cache"
|
|
"github.com/eko/gocache/lib/v4/cache"
|
|
"github.com/eko/gocache/lib/v4/marshaler"
|
|
"github.com/eko/gocache/lib/v4/store"
|
|
"time"
|
|
"unicode"
|
|
|
|
"git.solsynth.dev/hypernet/passport/pkg/internal/gap"
|
|
|
|
"gorm.io/gorm/clause"
|
|
|
|
"github.com/rs/zerolog/log"
|
|
"github.com/spf13/viper"
|
|
"gorm.io/datatypes"
|
|
|
|
"git.solsynth.dev/hypernet/passport/pkg/internal/database"
|
|
"github.com/google/uuid"
|
|
"github.com/samber/lo"
|
|
)
|
|
|
|
func GetAccountCacheKey(query any) string {
|
|
return fmt.Sprintf("account-query#%v", query)
|
|
}
|
|
|
|
func CacheAccount(account models.Account) {
|
|
cacheManager := cache.New[any](localCache.S)
|
|
marshal := marshaler.New(cacheManager)
|
|
ctx := context.Background()
|
|
|
|
_ = marshal.Set(
|
|
ctx,
|
|
GetAccountCacheKey(account.Name),
|
|
account,
|
|
store.WithExpiration(30*time.Minute),
|
|
store.WithTags([]string{"account", fmt.Sprintf("user#%d", account.ID)}),
|
|
)
|
|
_ = marshal.Set(
|
|
ctx,
|
|
GetAccountCacheKey(account.ID),
|
|
account,
|
|
store.WithExpiration(30*time.Minute),
|
|
store.WithTags([]string{"account", fmt.Sprintf("user#%d", account.ID)}),
|
|
)
|
|
}
|
|
|
|
func ValidateAccountName(val string, min, max int) bool {
|
|
actualLength := 0
|
|
for _, r := range val {
|
|
if unicode.Is(unicode.Han, r) || unicode.Is(unicode.Hiragana, r) || unicode.Is(unicode.Katakana, r) || unicode.Is(unicode.Hangul, r) {
|
|
actualLength += 2
|
|
} else {
|
|
actualLength += 1
|
|
}
|
|
}
|
|
return actualLength >= min && max >= actualLength
|
|
}
|
|
|
|
func GetAccount(id uint) (models.Account, error) {
|
|
var account models.Account
|
|
if err := database.C.Where(models.Account{
|
|
BaseModel: models.BaseModel{ID: id},
|
|
}).First(&account).Error; err != nil {
|
|
return account, err
|
|
}
|
|
|
|
return account, nil
|
|
}
|
|
|
|
func GetAccountList(id []uint) ([]models.Account, error) {
|
|
var accounts []models.Account
|
|
if err := database.C.Where("id IN ?", id).Find(&accounts).Error; err != nil {
|
|
return accounts, err
|
|
}
|
|
|
|
return accounts, nil
|
|
}
|
|
|
|
func GetAccountWithName(alias string) (models.Account, error) {
|
|
var account models.Account
|
|
if err := database.C.Where(models.Account{
|
|
Name: alias,
|
|
}).First(&account).Error; err != nil {
|
|
return account, err
|
|
}
|
|
|
|
return account, nil
|
|
}
|
|
|
|
func LookupAccount(probe string) (models.Account, error) {
|
|
var account models.Account
|
|
if err := database.C.Where(models.Account{Name: probe}).First(&account).Error; err == nil {
|
|
return account, nil
|
|
}
|
|
|
|
var contact models.AccountContact
|
|
if err := database.C.Where(models.AccountContact{Content: probe}).First(&contact).Error; err == nil {
|
|
if err := database.C.
|
|
Where(models.Account{
|
|
BaseModel: models.BaseModel{ID: contact.AccountID},
|
|
}).First(&account).Error; err == nil {
|
|
return account, err
|
|
}
|
|
}
|
|
|
|
return account, fmt.Errorf("account was not found")
|
|
}
|
|
|
|
func SearchAccount(probe string) ([]models.Account, error) {
|
|
probe = "%" + probe + "%"
|
|
var accounts []models.Account
|
|
if err := database.C.Where("name LIKE ? OR nick LIKE ?", probe, probe).Find(&accounts).Error; err != nil {
|
|
return accounts, err
|
|
}
|
|
return accounts, nil
|
|
}
|
|
|
|
func CreateAccount(name, nick, email, password string) (models.Account, error) {
|
|
user := models.Account{
|
|
Name: name,
|
|
Nick: nick,
|
|
Profile: models.AccountProfile{
|
|
Experience: 100,
|
|
},
|
|
Factors: []models.AuthFactor{
|
|
{
|
|
Type: models.PasswordAuthFactor,
|
|
Secret: HashPassword(password),
|
|
},
|
|
{
|
|
Type: models.EmailPasswordFactor,
|
|
Secret: uuid.NewString()[:8],
|
|
},
|
|
},
|
|
Contacts: []models.AccountContact{
|
|
{
|
|
Type: models.EmailAccountContact,
|
|
Content: email,
|
|
IsPrimary: true,
|
|
VerifiedAt: nil,
|
|
},
|
|
},
|
|
PermNodes: datatypes.JSONMap{},
|
|
ConfirmedAt: nil,
|
|
}
|
|
|
|
if err := database.C.Create(&user).Error; err != nil {
|
|
return user, err
|
|
} else if viper.GetInt("default_user_group") > 0 {
|
|
database.C.Create(&models.AccountGroupMember{
|
|
AccountID: user.ID,
|
|
GroupID: uint(viper.GetInt("default_user_group")),
|
|
})
|
|
}
|
|
|
|
if tk, err := NewMagicToken(models.ConfirmMagicToken, &user, nil); err != nil {
|
|
return user, err
|
|
} else if err := NotifyMagicToken(tk); err != nil {
|
|
return user, err
|
|
}
|
|
|
|
return user, nil
|
|
}
|
|
|
|
func ConfirmAccount(code string) error {
|
|
token, err := ValidateMagicToken(code, models.ConfirmMagicToken)
|
|
if err != nil {
|
|
return err
|
|
} else if token.AccountID == nil {
|
|
return fmt.Errorf("magic token didn't assign a valid account")
|
|
}
|
|
|
|
var user models.Account
|
|
if err := database.C.Where(&models.Account{
|
|
BaseModel: models.BaseModel{ID: *token.AccountID},
|
|
}).First(&user).Error; err != nil {
|
|
return err
|
|
}
|
|
|
|
if err = ForceConfirmAccount(user); err != nil {
|
|
return err
|
|
} else {
|
|
database.C.Delete(&token)
|
|
}
|
|
|
|
return nil
|
|
}
|
|
|
|
func ForceConfirmAccount(user models.Account) error {
|
|
user.ConfirmedAt = lo.ToPtr(time.Now())
|
|
|
|
for k, v := range viper.GetStringMap("permissions.verified") {
|
|
if val, ok := user.PermNodes[k]; !ok {
|
|
user.PermNodes[k] = v
|
|
} else {
|
|
user.PermNodes[k] = val
|
|
}
|
|
}
|
|
|
|
if err := database.C.Save(&user).Error; err != nil {
|
|
return err
|
|
}
|
|
|
|
InvalidAuthCacheWithUser(user.ID)
|
|
|
|
return nil
|
|
}
|
|
|
|
func CheckAbleToDeleteAccount(user models.Account) error {
|
|
if user.AutomatedID != nil {
|
|
return fmt.Errorf("bot cannot request delete account, head to developer portal and dispose bot")
|
|
}
|
|
|
|
var count int64
|
|
if err := database.C.
|
|
Where("account_id = ?", user.ID).
|
|
Where("expired_at < ?", time.Now()).
|
|
Where("type = ?", models.DeleteAccountMagicToken).
|
|
Model(&models.MagicToken{}).
|
|
Count(&count).Error; err != nil {
|
|
return fmt.Errorf("unable to check delete account ability: %v", err)
|
|
} else if count > 0 {
|
|
return fmt.Errorf("you requested delete account recently")
|
|
}
|
|
|
|
return nil
|
|
}
|
|
|
|
func RequestDeleteAccount(user models.Account) error {
|
|
if tk, err := NewMagicToken(
|
|
models.DeleteAccountMagicToken,
|
|
&user,
|
|
lo.ToPtr(time.Now().Add(24*time.Hour)),
|
|
); err != nil {
|
|
return err
|
|
} else if err := NotifyMagicToken(tk); err != nil {
|
|
log.Error().
|
|
Err(err).
|
|
Str("code", tk.Code).
|
|
Uint("user", user.ID).
|
|
Msg("Failed to notify delete account magic token...")
|
|
}
|
|
|
|
return nil
|
|
}
|
|
|
|
func ConfirmDeleteAccount(code string) error {
|
|
token, err := ValidateMagicToken(code, models.DeleteAccountMagicToken)
|
|
if err != nil {
|
|
return err
|
|
} else if token.AccountID == nil {
|
|
return fmt.Errorf("magic token didn't assign a valid account")
|
|
}
|
|
|
|
if err := DeleteAccount(*token.AccountID); err != nil {
|
|
return err
|
|
} else {
|
|
database.C.Delete(&token)
|
|
}
|
|
|
|
return nil
|
|
}
|
|
|
|
func CheckAbleToResetPassword(user models.Account) error {
|
|
var count int64
|
|
if err := database.C.
|
|
Where("account_id = ?", user.ID).
|
|
Where("expired_at < ?", time.Now()).
|
|
Where("type = ?", models.ResetPasswordMagicToken).
|
|
Model(&models.MagicToken{}).
|
|
Count(&count).Error; err != nil {
|
|
return fmt.Errorf("unable to check reset password ability: %v", err)
|
|
} else if count > 0 {
|
|
return fmt.Errorf("you requested reset password recently")
|
|
}
|
|
|
|
return nil
|
|
}
|
|
|
|
func RequestResetPassword(user models.Account) error {
|
|
if tk, err := NewMagicToken(
|
|
models.ResetPasswordMagicToken,
|
|
&user,
|
|
lo.ToPtr(time.Now().Add(24*time.Hour)),
|
|
); err != nil {
|
|
return err
|
|
} else if err := NotifyMagicToken(tk); err != nil {
|
|
log.Error().
|
|
Err(err).
|
|
Str("code", tk.Code).
|
|
Uint("user", user.ID).
|
|
Msg("Failed to notify password reset magic token...")
|
|
}
|
|
|
|
return nil
|
|
}
|
|
|
|
func ConfirmResetPassword(code, newPassword string) error {
|
|
token, err := ValidateMagicToken(code, models.ResetPasswordMagicToken)
|
|
if err != nil {
|
|
return err
|
|
} else if token.AccountID == nil {
|
|
return fmt.Errorf("magic token didn't assign a valid account")
|
|
}
|
|
|
|
factor, err := GetPasswordTypeFactor(*token.AccountID)
|
|
if err != nil {
|
|
factor = models.AuthFactor{
|
|
Type: models.PasswordAuthFactor,
|
|
Secret: HashPassword(newPassword),
|
|
AccountID: *token.AccountID,
|
|
}
|
|
} else {
|
|
factor.Secret = HashPassword(newPassword)
|
|
}
|
|
|
|
if err = database.C.Save(&factor).Error; err != nil {
|
|
return err
|
|
} else {
|
|
database.C.Delete(&token)
|
|
}
|
|
|
|
return nil
|
|
}
|
|
|
|
func DeleteAccount(id uint) error {
|
|
tx := database.C.Begin()
|
|
|
|
if err := tx.Select(clause.Associations).Delete(&models.Account{}, "id = ?", id).Error; err != nil {
|
|
tx.Rollback()
|
|
return err
|
|
}
|
|
|
|
if err := tx.Commit().Error; err != nil {
|
|
return err
|
|
} else {
|
|
InvalidAuthCacheWithUser(id)
|
|
_, _ = proto.NewDirectoryServiceClient(gap.Nx.GetNexusGrpcConn()).BroadcastEvent(context.Background(), &proto.EventInfo{
|
|
Event: "deletion",
|
|
Data: nex.EncodeMap(map[string]any{
|
|
"type": "account",
|
|
"id": fmt.Sprintf("%d", id),
|
|
}),
|
|
})
|
|
}
|
|
|
|
return nil
|
|
}
|
|
|
|
func RecycleUnConfirmAccount() {
|
|
deadline := time.Now().Add(-24 * time.Hour)
|
|
|
|
var hitList []models.Account
|
|
if err := database.C.Where("confirmed_at IS NULL AND created_at <= ?", deadline).Find(&hitList).Error; err != nil {
|
|
log.Error().Err(err).Msg("An error occurred while recycling accounts...")
|
|
return
|
|
}
|
|
|
|
if len(hitList) > 0 {
|
|
log.Info().Int("count", len(hitList)).Msg("Going to recycle those un-confirmed accounts...")
|
|
for _, entry := range hitList {
|
|
if err := DeleteAccount(entry.ID); err != nil {
|
|
log.Error().Err(err).Msg("An error occurred while recycling accounts...")
|
|
}
|
|
}
|
|
}
|
|
}
|
|
|
|
func SetAccountLastSeen(uid uint) error {
|
|
var profile models.AccountProfile
|
|
if err := database.C.Where("account_id = ?", uid).First(&profile).Error; err != nil {
|
|
return err
|
|
}
|
|
|
|
profile.LastSeenAt = lo.ToPtr(time.Now())
|
|
|
|
return database.C.Save(&profile).Error
|
|
}
|