From e5d8f1ab3b725e07d794eda6914e8076c203a2fb Mon Sep 17 00:00:00 2001
From: LittleSheep <littlesheep.code@hotmail.com>
Date: Sun, 30 Jun 2024 17:01:39 +0800
Subject: [PATCH] :sparkles: Reset password APIs

---
 .idea/workspace.xml                           |  71 ++++++------
 pkg/internal/models/tokens.go                 |   1 +
 pkg/internal/server/api/accounts_api.go       |  17 ---
 pkg/internal/server/api/factors_api.go        |  41 +++++++
 pkg/internal/server/api/index.go              |   2 +
 pkg/internal/server/api/security_api.go       |  17 +++
 pkg/internal/services/accounts.go             |  57 ++++++++++
 pkg/internal/services/tokens.go               |  27 ++++-
 web/src/router/index.ts                       |  21 +++-
 web/src/views/flow/confirm.vue                | 104 ++++++++++++++++++
 .../{confirm.vue => flow/password-reset.vue}  |   0
 11 files changed, 304 insertions(+), 54 deletions(-)
 create mode 100755 web/src/views/flow/confirm.vue
 rename web/src/views/{confirm.vue => flow/password-reset.vue} (100%)

diff --git a/.idea/workspace.xml b/.idea/workspace.xml
index 49b501b..f46b1c5 100644
--- a/.idea/workspace.xml
+++ b/.idea/workspace.xml
@@ -4,9 +4,18 @@
     <option name="autoReloadType" value="ALL" />
   </component>
   <component name="ChangeListManager">
-    <list default="true" id="3fefb2c4-b6f9-466b-a523-53352e8d6f95" name="更改" comment=":bug: Fix API mapping issue">
+    <list default="true" id="3fefb2c4-b6f9-466b-a523-53352e8d6f95" name="更改" comment=":recycle: Improve notify API">
+      <change afterPath="$PROJECT_DIR$/web/src/views/flow/password-reset.vue" afterDir="false" />
       <change beforePath="$PROJECT_DIR$/.idea/workspace.xml" beforeDir="false" afterPath="$PROJECT_DIR$/.idea/workspace.xml" afterDir="false" />
-      <change beforePath="$PROJECT_DIR$/pkg/internal/services/notifications.go" beforeDir="false" afterPath="$PROJECT_DIR$/pkg/internal/services/notifications.go" afterDir="false" />
+      <change beforePath="$PROJECT_DIR$/pkg/internal/models/tokens.go" beforeDir="false" afterPath="$PROJECT_DIR$/pkg/internal/models/tokens.go" afterDir="false" />
+      <change beforePath="$PROJECT_DIR$/pkg/internal/server/api/accounts_api.go" beforeDir="false" afterPath="$PROJECT_DIR$/pkg/internal/server/api/accounts_api.go" afterDir="false" />
+      <change beforePath="$PROJECT_DIR$/pkg/internal/server/api/factors_api.go" beforeDir="false" afterPath="$PROJECT_DIR$/pkg/internal/server/api/factors_api.go" afterDir="false" />
+      <change beforePath="$PROJECT_DIR$/pkg/internal/server/api/index.go" beforeDir="false" afterPath="$PROJECT_DIR$/pkg/internal/server/api/index.go" afterDir="false" />
+      <change beforePath="$PROJECT_DIR$/pkg/internal/server/api/security_api.go" beforeDir="false" afterPath="$PROJECT_DIR$/pkg/internal/server/api/security_api.go" afterDir="false" />
+      <change beforePath="$PROJECT_DIR$/pkg/internal/services/accounts.go" beforeDir="false" afterPath="$PROJECT_DIR$/pkg/internal/services/accounts.go" afterDir="false" />
+      <change beforePath="$PROJECT_DIR$/pkg/internal/services/tokens.go" beforeDir="false" afterPath="$PROJECT_DIR$/pkg/internal/services/tokens.go" afterDir="false" />
+      <change beforePath="$PROJECT_DIR$/web/src/router/index.ts" beforeDir="false" afterPath="$PROJECT_DIR$/web/src/router/index.ts" afterDir="false" />
+      <change beforePath="$PROJECT_DIR$/web/src/views/confirm.vue" beforeDir="false" afterPath="$PROJECT_DIR$/web/src/views/flow/confirm.vue" afterDir="false" />
     </list>
     <option name="SHOW_DIALOG" value="false" />
     <option name="HIGHLIGHT_CONFLICTS" value="true" />
@@ -41,48 +50,48 @@
     <option name="hideEmptyMiddlePackages" value="true" />
     <option name="showLibraryContents" value="true" />
   </component>
-  <component name="PropertiesComponent">{
-  &quot;keyToString&quot;: {
-    &quot;DefaultGoTemplateProperty&quot;: &quot;Go File&quot;,
-    &quot;Go Build.Backend.executor&quot;: &quot;Run&quot;,
-    &quot;Go 构建.Backend.executor&quot;: &quot;Run&quot;,
-    &quot;RunOnceActivity.ShowReadmeOnStart&quot;: &quot;true&quot;,
-    &quot;RunOnceActivity.go.formatter.settings.were.checked&quot;: &quot;true&quot;,
-    &quot;RunOnceActivity.go.migrated.go.modules.settings&quot;: &quot;true&quot;,
-    &quot;RunOnceActivity.go.modules.automatic.dependencies.download&quot;: &quot;true&quot;,
-    &quot;RunOnceActivity.go.modules.go.list.on.any.changes.was.set&quot;: &quot;true&quot;,
-    &quot;git-widget-placeholder&quot;: &quot;master&quot;,
-    &quot;go.import.settings.migrated&quot;: &quot;true&quot;,
-    &quot;go.sdk.automatically.set&quot;: &quot;true&quot;,
-    &quot;last_opened_file_path&quot;: &quot;/Users/littlesheep/Documents/Projects/Hydrogen/Passport/pkg/internal/server/api&quot;,
-    &quot;node.js.detected.package.eslint&quot;: &quot;true&quot;,
-    &quot;node.js.selected.package.eslint&quot;: &quot;(autodetect)&quot;,
-    &quot;nodejs_package_manager_path&quot;: &quot;npm&quot;,
-    &quot;run.code.analysis.last.selected.profile&quot;: &quot;pProject Default&quot;,
-    &quot;settings.editor.selected.configurable&quot;: &quot;preferences.pluginManager&quot;,
-    &quot;ts.external.directory.path&quot;: &quot;/Users/littlesheep/Documents/Projects/Hydrogen/Passport/web/node_modules/typescript/lib&quot;,
-    &quot;vue.rearranger.settings.migration&quot;: &quot;true&quot;
+  <component name="PropertiesComponent"><![CDATA[{
+  "keyToString": {
+    "DefaultGoTemplateProperty": "Go File",
+    "Go Build.Backend.executor": "Run",
+    "Go 构建.Backend.executor": "Run",
+    "RunOnceActivity.ShowReadmeOnStart": "true",
+    "RunOnceActivity.go.formatter.settings.were.checked": "true",
+    "RunOnceActivity.go.migrated.go.modules.settings": "true",
+    "RunOnceActivity.go.modules.automatic.dependencies.download": "true",
+    "RunOnceActivity.go.modules.go.list.on.any.changes.was.set": "true",
+    "git-widget-placeholder": "master",
+    "go.import.settings.migrated": "true",
+    "go.sdk.automatically.set": "true",
+    "last_opened_file_path": "/Users/littlesheep/Documents/Projects/Hydrogen/Passport/web/src/views",
+    "node.js.detected.package.eslint": "true",
+    "node.js.selected.package.eslint": "(autodetect)",
+    "nodejs_package_manager_path": "npm",
+    "run.code.analysis.last.selected.profile": "pProject Default",
+    "settings.editor.selected.configurable": "preferences.pluginManager",
+    "ts.external.directory.path": "/Users/littlesheep/Documents/Projects/Hydrogen/Passport/web/node_modules/typescript/lib",
+    "vue.rearranger.settings.migration": "true"
   },
-  &quot;keyToStringList&quot;: {
-    &quot;DatabaseDriversLRU&quot;: [
-      &quot;postgresql&quot;
+  "keyToStringList": {
+    "DatabaseDriversLRU": [
+      "postgresql"
     ]
   }
-}</component>
+}]]></component>
   <component name="RecentsManager">
     <key name="CopyFile.RECENT_KEYS">
+      <recent name="$PROJECT_DIR$/web/src/views" />
       <recent name="$PROJECT_DIR$/pkg/internal/server/api" />
       <recent name="$PROJECT_DIR$/web" />
       <recent name="$PROJECT_DIR$/pkg/services" />
       <recent name="$PROJECT_DIR$/pkg/server/ui" />
-      <recent name="$PROJECT_DIR$/pkg/views/users" />
     </key>
     <key name="MoveFile.RECENT_KEYS">
+      <recent name="$PROJECT_DIR$/web/src/views/flow" />
       <recent name="$PROJECT_DIR$/pkg/internal/server/exts" />
       <recent name="$PROJECT_DIR$/pkg/internal/server/api" />
       <recent name="$PROJECT_DIR$/pkg/internal" />
       <recent name="$PROJECT_DIR$/pkg" />
-      <recent name="$PROJECT_DIR$/pkg/views/users/directory" />
     </key>
   </component>
   <component name="RunAnythingCache">
@@ -152,7 +161,6 @@
     </option>
   </component>
   <component name="VcsManagerConfiguration">
-    <MESSAGE value=":bug: Fix frontend" />
     <MESSAGE value=":card_file_box: Add the status model" />
     <MESSAGE value=":bug: Authenticate wrong payload hotfix" />
     <MESSAGE value=":sparkles: Can pick up mfa request" />
@@ -177,7 +185,8 @@
     <MESSAGE value=":sparkles: Admin notify all API" />
     <MESSAGE value=":bug: Fix request body validation" />
     <MESSAGE value=":bug: Fix API mapping issue" />
-    <option name="LAST_COMMIT_MESSAGE" value=":bug: Fix API mapping issue" />
+    <MESSAGE value=":recycle: Improve notify API" />
+    <option name="LAST_COMMIT_MESSAGE" value=":recycle: Improve notify API" />
   </component>
   <component name="VgoProject">
     <settings-migrated>true</settings-migrated>
diff --git a/pkg/internal/models/tokens.go b/pkg/internal/models/tokens.go
index 760d7b4..35d1417 100644
--- a/pkg/internal/models/tokens.go
+++ b/pkg/internal/models/tokens.go
@@ -7,6 +7,7 @@ type MagicTokenType = int8
 const (
 	ConfirmMagicToken = MagicTokenType(iota)
 	RegistrationMagicToken
+	ResetPasswordMagicToken
 )
 
 type MagicToken struct {
diff --git a/pkg/internal/server/api/accounts_api.go b/pkg/internal/server/api/accounts_api.go
index d2531aa..a34815a 100644
--- a/pkg/internal/server/api/accounts_api.go
+++ b/pkg/internal/server/api/accounts_api.go
@@ -123,23 +123,6 @@ func editUserinfo(c *fiber.Ctx) error {
 	return c.SendStatus(fiber.StatusOK)
 }
 
-func killTicket(c *fiber.Ctx) error {
-	if err := exts.EnsureAuthenticated(c); err != nil {
-		return err
-	}
-	user := c.Locals("user").(models.Account)
-	id, _ := c.ParamsInt("ticketId", 0)
-
-	if err := database.C.Delete(&models.AuthTicket{}, &models.AuthTicket{
-		BaseModel: models.BaseModel{ID: uint(id)},
-		AccountID: user.ID,
-	}).Error; err != nil {
-		return fiber.NewError(fiber.StatusNotFound, err.Error())
-	}
-
-	return c.SendStatus(fiber.StatusOK)
-}
-
 func doRegister(c *fiber.Ctx) error {
 	var data struct {
 		Name       string `json:"name" validate:"required,lowercase,alphanum,min=4,max=16"`
diff --git a/pkg/internal/server/api/factors_api.go b/pkg/internal/server/api/factors_api.go
index 99bf731..bc5128a 100644
--- a/pkg/internal/server/api/factors_api.go
+++ b/pkg/internal/server/api/factors_api.go
@@ -2,6 +2,7 @@ package api
 
 import (
 	"fmt"
+	"git.solsynth.dev/hydrogen/passport/pkg/internal/server/exts"
 	"git.solsynth.dev/hydrogen/passport/pkg/internal/services"
 	"github.com/gofiber/fiber/v2"
 )
@@ -40,3 +41,43 @@ func requestFactorToken(c *fiber.Ctx) error {
 		return c.SendStatus(fiber.StatusOK)
 	}
 }
+
+func requestResetPassword(c *fiber.Ctx) error {
+	var data struct {
+		UserID uint `json:"user_id" validate:"required"`
+	}
+
+	if err := exts.BindAndValidate(c, &data); err != nil {
+		return err
+	}
+
+	user, err := services.GetAccount(data.UserID)
+	if err != nil {
+		return fiber.NewError(fiber.StatusBadRequest, err.Error())
+	}
+
+	if err = services.CheckAbleToResetPassword(user); err != nil {
+		return fiber.NewError(fiber.StatusBadRequest, err.Error())
+	} else if err = services.RequestResetPassword(user); err != nil {
+		return fiber.NewError(fiber.StatusInternalServerError, err.Error())
+	}
+
+	return c.SendStatus(fiber.StatusOK)
+}
+
+func confirmResetPassword(c *fiber.Ctx) error {
+	var data struct {
+		Code        string `json:"code" validate:"required"`
+		NewPassword string `json:"new_password" validate:"required"`
+	}
+
+	if err := exts.BindAndValidate(c, &data); err != nil {
+		return err
+	}
+
+	if err := services.ConfirmResetPassword(data.Code, data.NewPassword); err != nil {
+		return fiber.NewError(fiber.StatusBadRequest, err.Error())
+	}
+
+	return c.SendStatus(fiber.StatusOK)
+}
diff --git a/pkg/internal/server/api/index.go b/pkg/internal/server/api/index.go
index 06158c7..ecd880b 100644
--- a/pkg/internal/server/api/index.go
+++ b/pkg/internal/server/api/index.go
@@ -34,6 +34,8 @@ func MapAPIs(app *fiber.App) {
 			me.Delete("/tickets/:ticketId", killTicket)
 
 			me.Post("/confirm", doRegisterConfirm)
+			me.Post("/reset-password", requestResetPassword)
+			me.Patch("/reset-password", confirmResetPassword)
 
 			me.Get("/status", getMyselfStatus)
 			me.Post("/status", setStatus)
diff --git a/pkg/internal/server/api/security_api.go b/pkg/internal/server/api/security_api.go
index fba9867..715c822 100644
--- a/pkg/internal/server/api/security_api.go
+++ b/pkg/internal/server/api/security_api.go
@@ -38,3 +38,20 @@ func getTickets(c *fiber.Ctx) error {
 		"data":  tickets,
 	})
 }
+
+func killTicket(c *fiber.Ctx) error {
+	if err := exts.EnsureAuthenticated(c); err != nil {
+		return err
+	}
+	user := c.Locals("user").(models.Account)
+	id, _ := c.ParamsInt("ticketId", 0)
+
+	if err := database.C.Delete(&models.AuthTicket{}, &models.AuthTicket{
+		BaseModel: models.BaseModel{ID: uint(id)},
+		AccountID: user.ID,
+	}).Error; err != nil {
+		return fiber.NewError(fiber.StatusNotFound, err.Error())
+	}
+
+	return c.SendStatus(fiber.StatusOK)
+}
diff --git a/pkg/internal/services/accounts.go b/pkg/internal/services/accounts.go
index ab764ca..1d81849 100644
--- a/pkg/internal/services/accounts.go
+++ b/pkg/internal/services/accounts.go
@@ -101,6 +101,8 @@ func ConfirmAccount(code string) error {
 	token, err := ValidateMagicToken(code, models.ConfirmMagicToken)
 	if err != nil {
 		return err
+	} else if token.AccountID == nil {
+		return fmt.Errorf("magic token didn't assign a valid account")
 	}
 
 	var user models.Account
@@ -134,6 +136,61 @@ func ConfirmAccount(code string) error {
 	})
 }
 
+func CheckAbleToResetPassword(user models.Account) error {
+	var count int64
+	if err := database.C.
+		Where("account_id = ?", user.ID).
+		Where("expired_at < ?", time.Now()).
+		Model(&models.MagicToken{}).
+		Count(&count).Error; err != nil {
+		return fmt.Errorf("unable to check reset password ability: %v", err)
+	} else if count == 0 {
+		return fmt.Errorf("you requested reset password recently")
+	}
+
+	return nil
+}
+
+func RequestResetPassword(user models.Account) error {
+	if tk, err := NewMagicToken(
+		models.ResetPasswordMagicToken,
+		&user,
+		lo.ToPtr(time.Now().Add(24*time.Hour)),
+	); err != nil {
+		return err
+	} else if err := NotifyMagicToken(tk); err != nil {
+		log.Error().
+			Err(err).
+			Str("code", tk.Code).
+			Uint("user", user.ID).
+			Msg("Failed to notify password reset magic token...")
+	}
+
+	return nil
+}
+
+func ConfirmResetPassword(code, newPassword string) error {
+	token, err := ValidateMagicToken(code, models.ResetPasswordMagicToken)
+	if err != nil {
+		return err
+	} else if token.AccountID == nil {
+		return fmt.Errorf("magic token didn't assign a valid account")
+	}
+
+	factor, err := GetPasswordTypeFactor(*token.AccountID)
+	if err != nil {
+		factor = models.AuthFactor{
+			Type:      models.PasswordAuthFactor,
+			Secret:    HashPassword(newPassword),
+			AccountID: *token.AccountID,
+		}
+	} else {
+		factor.Secret = HashPassword(newPassword)
+	}
+
+	return database.C.Save(&factor).Error
+}
+
 func DeleteAccount(id uint) error {
 	tx := database.C.Begin()
 
diff --git a/pkg/internal/services/tokens.go b/pkg/internal/services/tokens.go
index 9dd9419..8c9bcfa 100644
--- a/pkg/internal/services/tokens.go
+++ b/pkg/internal/services/tokens.go
@@ -27,6 +27,21 @@ Once again, thank you for choosing us. We look forward to serving you and hope y
 Best regards,
 %s`
 
+const ResetPasswordTemplate = `Dear %s,
+
+We received a request to reset the password for your account at %s. If you did not request a password reset, please ignore this email.
+
+To confirm your password reset request and create a new password, please use the link below:
+
+%s
+
+This link will expire in 24 hours. If you do not reset your password within this time frame, you will need to submit a new password reset request.
+
+If you have any questions or need further assistance, please do not hesitate to contact our support team.
+
+Best regards,
+%s`
+
 func ValidateMagicToken(code string, mode models.MagicTokenType) (models.MagicToken, error) {
 	var tk models.MagicToken
 	if err := database.C.Where(models.MagicToken{Code: code, Type: mode}).First(&tk).Error; err != nil {
@@ -74,7 +89,7 @@ func NotifyMagicToken(token models.MagicToken) error {
 	var content string
 	switch token.Type {
 	case models.ConfirmMagicToken:
-		link := fmt.Sprintf("https://%s/me/confirm?tk=%s", viper.GetString("domain"), token.Code)
+		link := fmt.Sprintf("https://%s/flow/confirm?code=%s", viper.GetString("domain"), token.Code)
 		subject = fmt.Sprintf("[%s] Confirm your registration", viper.GetString("name"))
 		content = fmt.Sprintf(
 			ConfirmRegistrationTemplate,
@@ -84,6 +99,16 @@ func NotifyMagicToken(token models.MagicToken) error {
 			link,
 			viper.GetString("maintainer"),
 		)
+	case models.ResetPasswordMagicToken:
+		link := fmt.Sprintf("https://%s/flow/password-reset?code=%s", viper.GetString("domain"), token.Code)
+		subject = fmt.Sprintf("[%s] Reset your password", viper.GetString("name"))
+		content = fmt.Sprintf(
+			ResetPasswordTemplate,
+			user.Name,
+			viper.GetString("name"),
+			link,
+			viper.GetString("maintainer"),
+		)
 	default:
 		return fmt.Errorf("unsupported magic token type to notify")
 	}
diff --git a/web/src/router/index.ts b/web/src/router/index.ts
index 65d63ed..f506750 100755
--- a/web/src/router/index.ts
+++ b/web/src/router/index.ts
@@ -51,17 +51,28 @@ const router = createRouter({
           meta: { public: true, title: "Sign up" },
         },
         {
-          path: "authorize",
+          path: "/authorize",
           name: "oauth.authorize",
           component: () => import("@/views/auth/authorize.vue"),
         },
       ],
     },
     {
-      path: "/users/me/confirm",
-      name: "callback.confirm",
-      component: () => import("@/views/confirm.vue"),
-      meta: { public: true, title: "Confirm registration" },
+      path: "/flow",
+      children: [
+        {
+          path: "confirm",
+          name: "callback.confirm",
+          component: () => import("@/views/flow/confirm.vue"),
+          meta: { public: true, title: "Confirm registration" },
+        },
+        {
+          path: "password-reset",
+          name: "callback.password-reset",
+          component: () => import("@/views/flow/password-reset.vue"),
+          meta: { public: true, title: "Reset password" },
+        },
+      ],
     },
   ],
 })
diff --git a/web/src/views/flow/confirm.vue b/web/src/views/flow/confirm.vue
new file mode 100755
index 0000000..0ddb169
--- /dev/null
+++ b/web/src/views/flow/confirm.vue
@@ -0,0 +1,104 @@
+<template>
+  <v-container class="h-screen flex flex-col gap-3 items-center justify-center">
+    <v-card class="w-full max-w-[720px] overflow-auto" :loading="loading">
+      <v-card-text class="card-grid pa-9">
+        <div>
+          <v-avatar color="accent" icon="mdi-check-decagram" size="large" class="card-rounded mb-2" />
+          <h1 class="text-2xl">Confirm registration</h1>
+          <p>Confirm your account to keep your account longer than 48 hours.</p>
+        </div>
+
+        <v-window :touch="false" :model-value="panel" class="pa-2 mx-[-0.5rem]">
+          <v-window-item value="confirm">
+            <div>
+              <v-expand-transition>
+                <v-alert v-show="error" variant="tonal" type="error" class="text-xs mb-3">
+                  Something went wrong... {{ error }}
+                </v-alert>
+              </v-expand-transition>
+
+              <v-progress-circular v-if="!error" indeterminate size="32" color="grey-darken-3" class="mb-3" />
+
+              <h1 class="font-bold text-xl">Confirming</h1>
+              <p>We are confirming your account. Please stand by, this won't took a long time...</p>
+            </div>
+          </v-window-item>
+          <v-window-item value="callback">
+            <div>
+              <v-icon icon="mdi-fire" size="32" color="grey-darken-3" class="mb-3" />
+
+              <h1 class="font-bold text-xl">Confirmed</h1>
+              <p>You're done! We successfully confirmed your account.</p>
+
+              <p class="mt-3">Now you can continue use Solarpass, we will redirect to dashboard you soon.</p>
+            </div>
+          </v-window-item>
+        </v-window>
+      </v-card-text>
+    </v-card>
+
+    <copyright />
+  </v-container>
+</template>
+
+<script setup lang="ts">
+import { ref } from "vue"
+import { useRoute, useRouter } from "vue-router"
+import { request } from "@/scripts/request"
+import { useUserinfo } from "@/stores/userinfo"
+import Copyright from "@/components/Copyright.vue"
+
+const route = useRoute()
+const router = useRouter()
+const { readProfiles } = useUserinfo()
+
+const error = ref<string | null>(null)
+
+const loading = ref(false)
+
+const panel = ref("confirm")
+
+async function confirm() {
+  if (!route.query["code"]) {
+    error.value = "code was not exists"
+    return
+  }
+
+  const res = await request("/api/users/me/confirm", {
+    method: "POST",
+    headers: { "Content-Type": "application/json" },
+    body: JSON.stringify({
+      code: route.query["code"],
+    }),
+  })
+  if (res.status !== 200) {
+    error.value = await res.text()
+  } else {
+    loading.value = true
+    panel.value = "callback"
+    await readProfiles()
+    router.push({ name: "dashboard" })
+  }
+  loading.value = false
+}
+
+confirm()
+</script>
+
+<style scoped>
+.card-grid {
+  display: grid;
+  grid-template-columns: 1fr 1fr;
+  gap: 1rem;
+}
+
+@media (max-width: 768px) {
+  .card-grid {
+    grid-template-columns: 1fr;
+  }
+}
+
+.card-rounded {
+  border-radius: 8px;
+}
+</style>
diff --git a/web/src/views/confirm.vue b/web/src/views/flow/password-reset.vue
similarity index 100%
rename from web/src/views/confirm.vue
rename to web/src/views/flow/password-reset.vue