Passport/pkg/internal/services/accounts.go

package services

import (
	"fmt"
	"time"
	"unicode"

	"gorm.io/gorm/clause"

	"github.com/rs/zerolog/log"
	"github.com/spf13/viper"
	"gorm.io/datatypes"

	"git.solsynth.dev/hydrogen/passport/pkg/internal/database"
	"git.solsynth.dev/hydrogen/passport/pkg/internal/models"
	"github.com/google/uuid"
	"github.com/samber/lo"
)

func ValidateAccountName(val string, min, max int) bool {
	actualLength := 0
	for _, r := range val {
		if unicode.Is(unicode.Han, r) || unicode.Is(unicode.Hiragana, r) || unicode.Is(unicode.Katakana, r) || unicode.Is(unicode.Hangul, r) {
			actualLength += 2
		} else {
			actualLength += 1
		}
	}
	return actualLength >= min && max >= actualLength
}

func GetAccount(id uint) (models.Account, error) {
	var account models.Account
	if err := database.C.Where(models.Account{
		BaseModel: models.BaseModel{ID: id},
	}).First(&account).Error; err != nil {
		return account, err
	}

	return account, nil
}

func GetAccountList(id []uint) ([]models.Account, error) {
	var accounts []models.Account
	if err := database.C.Where("id IN ?", id).Find(&accounts).Error; err != nil {
		return accounts, err
	}

	return accounts, nil
}

func GetAccountWithName(alias string) (models.Account, error) {
	var account models.Account
	if err := database.C.Where(models.Account{
		Name: alias,
	}).First(&account).Error; err != nil {
		return account, err
	}

	return account, nil
}

func LookupAccount(probe string) (models.Account, error) {
	var account models.Account
	if err := database.C.Where(models.Account{Name: probe}).First(&account).Error; err == nil {
		return account, nil
	}

	var contact models.AccountContact
	if err := database.C.Where(models.AccountContact{Content: probe}).First(&contact).Error; err == nil {
		if err := database.C.
			Where(models.Account{
				BaseModel: models.BaseModel{ID: contact.AccountID},
			}).First(&account).Error; err == nil {
			return account, err
		}
	}

	return account, fmt.Errorf("account was not found")
}

func SearchAccount(probe string) ([]models.Account, error) {
	probe = "%" + probe + "%"
	var accounts []models.Account
	if err := database.C.Where("name LIKE ? OR nick LIKE ?", probe, probe).Find(&accounts).Error; err != nil {
		return accounts, err
	}
	return accounts, nil
}

func CreateAccount(name, nick, email, password string) (models.Account, error) {
	user := models.Account{
		Name: name,
		Nick: nick,
		Profile: models.AccountProfile{
			Experience: 100,
		},
		Factors: []models.AuthFactor{
			{
				Type:   models.PasswordAuthFactor,
				Secret: HashPassword(password),
			},
			{
				Type:   models.EmailPasswordFactor,
				Secret: uuid.NewString()[:8],
			},
		},
		Contacts: []models.AccountContact{
			{
				Type:       models.EmailAccountContact,
				Content:    email,
				IsPrimary:  true,
				VerifiedAt: nil,
			},
		},
		PermNodes:   datatypes.JSONMap{},
		ConfirmedAt: nil,
	}

	if err := database.C.Create(&user).Error; err != nil {
		return user, err
	} else if viper.GetInt("default_user_group") > 0 {
		database.C.Create(&models.AccountGroupMember{
			AccountID: user.ID,
			GroupID:   uint(viper.GetInt("default_user_group")),
		})
	}

	if tk, err := NewMagicToken(models.ConfirmMagicToken, &user, nil); err != nil {
		return user, err
	} else if err := NotifyMagicToken(tk); err != nil {
		return user, err
	}

	return user, nil
}

func ConfirmAccount(code string) error {
	token, err := ValidateMagicToken(code, models.ConfirmMagicToken)
	if err != nil {
		return err
	} else if token.AccountID == nil {
		return fmt.Errorf("magic token didn't assign a valid account")
	}

	var user models.Account
	if err := database.C.Where(&models.Account{
		BaseModel: models.BaseModel{ID: *token.AccountID},
	}).First(&user).Error; err != nil {
		return err
	}

	if err = ForceConfirmAccount(user); err != nil {
		return err
	} else {
		database.C.Delete(&token)
	}

	return nil
}

func ForceConfirmAccount(user models.Account) error {
	user.ConfirmedAt = lo.ToPtr(time.Now())

	for k, v := range viper.GetStringMap("permissions.verified") {
		if val, ok := user.PermNodes[k]; !ok {
			user.PermNodes[k] = v
		} else {
			user.PermNodes[k] = val
		}
	}

	if err := database.C.Save(&user).Error; err != nil {
		return err
	}

	InvalidAuthCacheWithUser(user.ID)

	return nil
}

func CheckAbleToResetPassword(user models.Account) error {
	var count int64
	if err := database.C.
		Where("account_id = ?", user.ID).
		Where("expired_at < ?", time.Now()).
		Where("type = ?", models.ResetPasswordMagicToken).
		Model(&models.MagicToken{}).
		Count(&count).Error; err != nil {
		return fmt.Errorf("unable to check reset password ability: %v", err)
	} else if count > 0 {
		return fmt.Errorf("you requested reset password recently")
	}

	return nil
}

func RequestResetPassword(user models.Account) error {
	if tk, err := NewMagicToken(
		models.ResetPasswordMagicToken,
		&user,
		lo.ToPtr(time.Now().Add(24*time.Hour)),
	); err != nil {
		return err
	} else if err := NotifyMagicToken(tk); err != nil {
		log.Error().
			Err(err).
			Str("code", tk.Code).
			Uint("user", user.ID).
			Msg("Failed to notify password reset magic token...")
	}

	return nil
}

func ConfirmResetPassword(code, newPassword string) error {
	token, err := ValidateMagicToken(code, models.ResetPasswordMagicToken)
	if err != nil {
		return err
	} else if token.AccountID == nil {
		return fmt.Errorf("magic token didn't assign a valid account")
	}

	factor, err := GetPasswordTypeFactor(*token.AccountID)
	if err != nil {
		factor = models.AuthFactor{
			Type:      models.PasswordAuthFactor,
			Secret:    HashPassword(newPassword),
			AccountID: *token.AccountID,
		}
	} else {
		factor.Secret = HashPassword(newPassword)
	}

	return database.C.Save(&factor).Error
}

func DeleteAccount(id uint) error {
	tx := database.C.Begin()

	if err := tx.Select(clause.Associations).Delete(&models.Account{}, "id = ?", id).Error; err != nil {
		tx.Rollback()
		return err
	}

	return tx.Commit().Error
}

func RecycleUnConfirmAccount() {
	var hitList []models.Account
	if err := database.C.Where("confirmed_at IS NULL").Find(&hitList).Error; err != nil {
		log.Error().Err(err).Msg("An error occurred while recycling accounts...")
		return
	}

	if len(hitList) > 0 {
		log.Info().Int("count", len(hitList)).Msg("Going to recycle those un-confirmed accounts...")
		for _, entry := range hitList {
			if err := DeleteAccount(entry.ID); err != nil {
				log.Error().Err(err).Msg("An error occurred while recycling accounts...")
			}
		}
	}
}

func SetAccountLastSeen(uid uint) error {
	var profile models.AccountProfile
	if err := database.C.Where("account_id = ?", uid).First(&profile).Error; err != nil {
		return err
	}

	profile.LastSeenAt = lo.ToPtr(time.Now())

	return database.C.Save(&profile).Error
}
:tada: Initial Commit 2024-01-06 17:56:32 +00:00			`package services`

			`import (`
:sparkles: Profiles 2024-01-28 08:17:38 +00:00			`"fmt"`
:bug: Fix recycle account error 2024-07-12 05:31:39 +00:00			`"time"`
:wheelchair: Better account name validation 2024-08-01 04:21:34 +00:00			`"unicode"`
:bug: Fix recycle account error 2024-07-12 05:31:39 +00:00
:sparkles: Search accounts w/ username or nick 2024-07-30 10:20:45 +00:00			`"gorm.io/gorm/clause"`

:sparkles: Recycle accounts 2024-06-26 07:52:58 +00:00			`"github.com/rs/zerolog/log"`
:sparkles: Basis perm nodes feature 2024-05-17 09:13:11 +00:00			`"github.com/spf13/viper"`
			`"gorm.io/datatypes"`
:truck: Update domain 2024-03-20 12:56:43 +00:00
:bug: Bug fixes on connection and package naming 2024-06-17 14:21:34 +00:00			`"git.solsynth.dev/hydrogen/passport/pkg/internal/database"`
			`"git.solsynth.dev/hydrogen/passport/pkg/internal/models"`
:sparkles: Email notification 2024-01-29 08:11:59 +00:00			`"github.com/google/uuid"`
:sparkles: Account confirm 2024-01-28 16:32:39 +00:00			`"github.com/samber/lo"`
:tada: Initial Commit 2024-01-06 17:56:32 +00:00			`)`

:wheelchair: Better account name validation 2024-08-01 04:21:34 +00:00			`func ValidateAccountName(val string, min, max int) bool {`
			`actualLength := 0`
			`for _, r := range val {`
			`if unicode.Is(unicode.Han, r) \|\| unicode.Is(unicode.Hiragana, r) \|\| unicode.Is(unicode.Katakana, r) \|\| unicode.Is(unicode.Hangul, r) {`
			`actualLength += 2`
			`} else {`
			`actualLength += 1`
			`}`
			`}`
:bug: Fix validate condition issue 2024-08-01 15:55:33 +00:00			`return actualLength >= min && max >= actualLength`
:wheelchair: Better account name validation 2024-08-01 04:21:34 +00:00			`}`

:sparkles: Auth impl 2024-01-07 07:52:23 +00:00			`func GetAccount(id uint) (models.Account, error) {`
			`var account models.Account`
			`if err := database.C.Where(models.Account{`
			`BaseModel: models.BaseModel{ID: id},`
			`}).First(&account).Error; err != nil {`
			`return account, err`
			`}`

			`return account, nil`
			`}`

:zap: Optimize batch notification speed 2024-07-17 06:04:55 +00:00			`func GetAccountList(id []uint) ([]models.Account, error) {`
			`var accounts []models.Account`
			`if err := database.C.Where("id IN ?", id).Find(&accounts).Error; err != nil {`
			`return accounts, err`
			`}`

			`return accounts, nil`
			`}`

:sparkles: Status system 2024-06-26 12:05:28 +00:00			`func GetAccountWithName(alias string) (models.Account, error) {`
			`var account models.Account`
			`if err := database.C.Where(models.Account{`
			`Name: alias,`
			`}).First(&account).Error; err != nil {`
			`return account, err`
			`}`

			`return account, nil`
			`}`

:sparkles: New ticket ways 2024-04-20 11:04:33 +00:00			`func LookupAccount(probe string) (models.Account, error) {`
:tada: Initial Commit 2024-01-06 17:56:32 +00:00			`var account models.Account`
:sparkles: New ticket ways 2024-04-20 11:04:33 +00:00			`if err := database.C.Where(models.Account{Name: probe}).First(&account).Error; err == nil {`
:tada: Initial Commit 2024-01-06 17:56:32 +00:00			`return account, nil`
			`}`

			`var contact models.AccountContact`
:sparkles: New ticket ways 2024-04-20 11:04:33 +00:00			`if err := database.C.Where(models.AccountContact{Content: probe}).First(&contact).Error; err == nil {`
:tada: Initial Commit 2024-01-06 17:56:32 +00:00			`if err := database.C.`
			`Where(models.Account{`
			`BaseModel: models.BaseModel{ID: contact.AccountID},`
:sparkles: User login 2024-01-27 16:05:19 +00:00			`}).First(&account).Error; err == nil {`
:tada: Initial Commit 2024-01-06 17:56:32 +00:00			`return account, err`
			`}`
			`}`

			`return account, fmt.Errorf("account was not found")`
			`}`
:sparkles: Profiles 2024-01-28 08:17:38 +00:00
:sparkles: Search accounts w/ username or nick 2024-07-30 10:20:45 +00:00			`func SearchAccount(probe string) ([]models.Account, error) {`
			`probe = "%" + probe + "%"`
			`var accounts []models.Account`
:bug: Fix search account query 2024-07-30 11:39:53 +00:00			`if err := database.C.Where("name LIKE ? OR nick LIKE ?", probe, probe).Find(&accounts).Error; err != nil {`
:sparkles: Search accounts w/ username or nick 2024-07-30 10:20:45 +00:00			`return accounts, err`
			`}`
			`return accounts, nil`
			`}`

:sparkles: Profiles 2024-01-28 08:17:38 +00:00			`func CreateAccount(name, nick, email, password string) (models.Account, error) {`
			`user := models.Account{`
:sparkles: Real feel-less refresh token 2024-02-18 07:51:27 +00:00			`Name: name,`
			`Nick: nick,`
:sparkles: Profiles 2024-01-28 08:17:38 +00:00			`Profile: models.AccountProfile{`
			`Experience: 100,`
			`},`
			`Factors: []models.AuthFactor{`
			`{`
			`Type: models.PasswordAuthFactor,`
:sparkles: New ticket ways 2024-04-20 11:04:33 +00:00			`Secret: HashPassword(password),`
:sparkles: Profiles 2024-01-28 08:17:38 +00:00			`},`
:sparkles: Email notification 2024-01-29 08:11:59 +00:00			`{`
			`Type: models.EmailPasswordFactor,`
			`Secret: uuid.NewString()[:8],`
			`},`
:sparkles: Profiles 2024-01-28 08:17:38 +00:00			`},`
			`Contacts: []models.AccountContact{`
			`{`
			`Type: models.EmailAccountContact,`
			`Content: email,`
:sparkles: Email notification 2024-01-29 08:11:59 +00:00			`IsPrimary: true,`
:sparkles: Profiles 2024-01-28 08:17:38 +00:00			`VerifiedAt: nil,`
			`},`
			`},`
:sparkles: Default user group 2024-07-24 09:33:05 +00:00			`PermNodes: datatypes.JSONMap{},`
:sparkles: Profiles 2024-01-28 08:17:38 +00:00			`ConfirmedAt: nil,`
			`}`

			`if err := database.C.Create(&user).Error; err != nil {`
			`return user, err`
:sparkles: Default user group 2024-07-24 09:33:05 +00:00			`} else if viper.GetInt("default_user_group") > 0 {`
			`database.C.Create(&models.AccountGroupMember{`
			`AccountID: user.ID,`
			`GroupID: uint(viper.GetInt("default_user_group")),`
			`})`
:sparkles: Profiles 2024-01-28 08:17:38 +00:00			`}`
:sparkles: Account confirm 2024-01-28 16:32:39 +00:00
			`if tk, err := NewMagicToken(models.ConfirmMagicToken, &user, nil); err != nil {`
			`return user, err`
			`} else if err := NotifyMagicToken(tk); err != nil {`
			`return user, err`
			`}`

			`return user, nil`
			`}`

			`func ConfirmAccount(code string) error {`
:sparkles: Email notification 2024-01-29 08:11:59 +00:00			`token, err := ValidateMagicToken(code, models.ConfirmMagicToken)`
			`if err != nil {`
:sparkles: Account confirm 2024-01-28 16:32:39 +00:00			`return err`
:sparkles: Reset password APIs 2024-06-30 09:01:39 +00:00			`} else if token.AccountID == nil {`
			`return fmt.Errorf("magic token didn't assign a valid account")`
:sparkles: Account confirm 2024-01-28 16:32:39 +00:00			`}`

			`var user models.Account`
			`if err := database.C.Where(&models.Account{`
:sparkles: Recycle accounts 2024-06-26 07:52:58 +00:00			`BaseModel: models.BaseModel{ID: *token.AccountID},`
:sparkles: Account confirm 2024-01-28 16:32:39 +00:00			`}).First(&user).Error; err != nil {`
			`return err`
			`}`

:sparkles: Admin force confirm account 2024-07-03 15:01:20 +00:00			`if err = ForceConfirmAccount(user); err != nil {`
			`return err`
			`} else {`
			`database.C.Delete(&token)`
			`}`
:sparkles: Basis perm nodes feature 2024-05-17 09:13:11 +00:00
:sparkles: Admin force confirm account 2024-07-03 15:01:20 +00:00			`return nil`
			`}`
:sparkles: Account confirm 2024-01-28 16:32:39 +00:00
:sparkles: Admin force confirm account 2024-07-03 15:01:20 +00:00			`func ForceConfirmAccount(user models.Account) error {`
			`user.ConfirmedAt = lo.ToPtr(time.Now())`

			`for k, v := range viper.GetStringMap("permissions.verified") {`
			`if val, ok := user.PermNodes[k]; !ok {`
			`user.PermNodes[k] = v`
			`} else {`
			`user.PermNodes[k] = val`
:sparkles: Account confirm 2024-01-28 16:32:39 +00:00			`}`
:sparkles: Admin force confirm account 2024-07-03 15:01:20 +00:00			`}`

			`if err := database.C.Save(&user).Error; err != nil {`
			`return err`
			`}`
:sparkles: Account confirm 2024-01-28 16:32:39 +00:00
:sparkles: Admin force confirm account 2024-07-03 15:01:20 +00:00			`InvalidAuthCacheWithUser(user.ID)`
:zap: In memory auth context cache 2024-05-17 11:37:58 +00:00
:sparkles: Admin force confirm account 2024-07-03 15:01:20 +00:00			`return nil`
:sparkles: Profiles 2024-01-28 08:17:38 +00:00			`}`
:sparkles: Recycle accounts 2024-06-26 07:52:58 +00:00
:sparkles: Reset password APIs 2024-06-30 09:01:39 +00:00			`func CheckAbleToResetPassword(user models.Account) error {`
			`var count int64`
			`if err := database.C.`
			`Where("account_id = ?", user.ID).`
			`Where("expired_at < ?", time.Now()).`
:sparkles: Password reset & user lookup API 2024-06-30 09:20:05 +00:00			`Where("type = ?", models.ResetPasswordMagicToken).`
:sparkles: Reset password APIs 2024-06-30 09:01:39 +00:00			`Model(&models.MagicToken{}).`
			`Count(&count).Error; err != nil {`
			`return fmt.Errorf("unable to check reset password ability: %v", err)`
:sparkles: Password reset & user lookup API 2024-06-30 09:20:05 +00:00			`} else if count > 0 {`
:sparkles: Reset password APIs 2024-06-30 09:01:39 +00:00			`return fmt.Errorf("you requested reset password recently")`
			`}`

			`return nil`
			`}`

			`func RequestResetPassword(user models.Account) error {`
			`if tk, err := NewMagicToken(`
			`models.ResetPasswordMagicToken,`
			`&user,`
			`lo.ToPtr(time.Now().Add(24*time.Hour)),`
			`); err != nil {`
			`return err`
			`} else if err := NotifyMagicToken(tk); err != nil {`
			`log.Error().`
			`Err(err).`
			`Str("code", tk.Code).`
			`Uint("user", user.ID).`
			`Msg("Failed to notify password reset magic token...")`
			`}`

			`return nil`
			`}`

			`func ConfirmResetPassword(code, newPassword string) error {`
			`token, err := ValidateMagicToken(code, models.ResetPasswordMagicToken)`
			`if err != nil {`
			`return err`
			`} else if token.AccountID == nil {`
			`return fmt.Errorf("magic token didn't assign a valid account")`
			`}`

			`factor, err := GetPasswordTypeFactor(*token.AccountID)`
			`if err != nil {`
			`factor = models.AuthFactor{`
			`Type: models.PasswordAuthFactor,`
			`Secret: HashPassword(newPassword),`
			`AccountID: *token.AccountID,`
			`}`
			`} else {`
			`factor.Secret = HashPassword(newPassword)`
			`}`

			`return database.C.Save(&factor).Error`
			`}`

:sparkles: Recycle accounts 2024-06-26 07:52:58 +00:00			`func DeleteAccount(id uint) error {`
			`tx := database.C.Begin()`

:sparkles: Account groups 2024-07-24 09:23:44 +00:00			`if err := tx.Select(clause.Associations).Delete(&models.Account{}, "id = ?", id).Error; err != nil {`
:sparkles: Recycle accounts 2024-06-26 07:52:58 +00:00			`tx.Rollback()`
			`return err`
			`}`

			`return tx.Commit().Error`
			`}`

			`func RecycleUnConfirmAccount() {`
			`var hitList []models.Account`
			`if err := database.C.Where("confirmed_at IS NULL").Find(&hitList).Error; err != nil {`
			`log.Error().Err(err).Msg("An error occurred while recycling accounts...")`
			`return`
			`}`

			`if len(hitList) > 0 {`
			`log.Info().Int("count", len(hitList)).Msg("Going to recycle those un-confirmed accounts...")`
			`for _, entry := range hitList {`
			`if err := DeleteAccount(entry.ID); err != nil {`
			`log.Error().Err(err).Msg("An error occurred while recycling accounts...")`
			`}`
			`}`
			`}`
			`}`
:sparkles: Last seen at 2024-06-26 12:28:12 +00:00
			`func SetAccountLastSeen(uid uint) error {`
			`var profile models.AccountProfile`
			`if err := database.C.Where("account_id = ?", uid).First(&profile).Error; err != nil {`
			`return err`
			`}`

			`profile.LastSeenAt = lo.ToPtr(time.Now())`

			`return database.C.Save(&profile).Error`
			`}`