core/auth/auth.go

package auth

import (
	"errors"
	"github.com/openaccounting/oa-server/core/model/db"
	"github.com/openaccounting/oa-server/core/model/types"
	"github.com/openaccounting/oa-server/core/util"
)

var Instance Interface

type AuthService struct {
	db     db.Datastore
	bcrypt util.Bcrypt
}

type Interface interface {
	Authenticate(string, string) (*types.User, error)
	AuthenticateUser(email string, password string) (*types.User, error)
	AuthenticateSession(string) (*types.User, error)
	AuthenticateApiKey(string) (*types.User, error)
	AuthenticateEmailVerifyCode(string) (*types.User, error)
}

func NewAuthService(db db.Datastore, bcrypt util.Bcrypt) *AuthService {
	authService := &AuthService{db: db, bcrypt: bcrypt}
	Instance = authService
	return authService
}

func (auth *AuthService) Authenticate(emailOrKey string, password string) (*types.User, error) {
	// authenticate via session, apikey or user
	user, err := auth.AuthenticateSession(emailOrKey)

	if err == nil {
		return user, nil
	}

	user, err = auth.AuthenticateApiKey(emailOrKey)

	if err == nil {
		return user, nil
	}

	user, err = auth.AuthenticateUser(emailOrKey, password)

	if err == nil {
		return user, nil
	}

	user, err = auth.AuthenticateEmailVerifyCode(emailOrKey)

	if err == nil {
		return user, nil
	}

	return nil, errors.New("Unauthorized")
}

func (auth *AuthService) AuthenticateUser(email string, password string) (*types.User, error) {
	u, err := auth.db.GetVerifiedUserByEmail(email)

	if err != nil {
		return nil, errors.New("Invalid email or password")
	}

	err = auth.bcrypt.CompareHashAndPassword([]byte(u.PasswordHash), []byte(password))

	if err != nil {
		return nil, errors.New("Invalid email or password")
	}

	return u, nil
}

func (auth *AuthService) AuthenticateSession(id string) (*types.User, error) {
	u, err := auth.db.GetUserByActiveSession(id)

	if err != nil {
		return nil, errors.New("Invalid session")
	}

	auth.db.UpdateSessionActivity(id)

	return u, nil
}

func (auth *AuthService) AuthenticateApiKey(id string) (*types.User, error) {
	u, err := auth.db.GetUserByApiKey(id)

	if err != nil {
		return nil, errors.New("Access denied")
	}

	auth.db.UpdateApiKeyActivity(id)

	return u, nil
}

func (auth *AuthService) AuthenticateEmailVerifyCode(code string) (*types.User, error) {
	u, err := auth.db.GetUserByEmailVerifyCode(code)

	if err != nil {
		return nil, errors.New("Access denied")
	}

	return u, nil
}
initial commit 2018-10-19 15:31:41 -04:00			`package auth`

			`import (`
			`"errors"`
			`"github.com/openaccounting/oa-server/core/model/db"`
			`"github.com/openaccounting/oa-server/core/model/types"`
			`"github.com/openaccounting/oa-server/core/util"`
			`)`

			`var Instance Interface`

			`type AuthService struct {`
			`db db.Datastore`
			`bcrypt util.Bcrypt`
			`}`

			`type Interface interface {`
			`Authenticate(string, string) (*types.User, error)`
			`AuthenticateUser(email string, password string) (*types.User, error)`
			`AuthenticateSession(string) (*types.User, error)`
			`AuthenticateApiKey(string) (*types.User, error)`
allow limited login via email verify code 2018-11-02 15:14:26 -04:00			`AuthenticateEmailVerifyCode(string) (*types.User, error)`
initial commit 2018-10-19 15:31:41 -04:00			`}`

			`func NewAuthService(db db.Datastore, bcrypt util.Bcrypt) *AuthService {`
			`authService := &AuthService{db: db, bcrypt: bcrypt}`
			`Instance = authService`
			`return authService`
			`}`

			`func (auth AuthService) Authenticate(emailOrKey string, password string) (types.User, error) {`
			`// authenticate via session, apikey or user`
			`user, err := auth.AuthenticateSession(emailOrKey)`

			`if err == nil {`
			`return user, nil`
			`}`

			`user, err = auth.AuthenticateApiKey(emailOrKey)`

			`if err == nil {`
			`return user, nil`
			`}`

			`user, err = auth.AuthenticateUser(emailOrKey, password)`

			`if err == nil {`
			`return user, nil`
			`}`

allow limited login via email verify code 2018-11-02 15:14:26 -04:00			`user, err = auth.AuthenticateEmailVerifyCode(emailOrKey)`

			`if err == nil {`
			`return user, nil`
			`}`

initial commit 2018-10-19 15:31:41 -04:00			`return nil, errors.New("Unauthorized")`
			`}`

			`func (auth AuthService) AuthenticateUser(email string, password string) (types.User, error) {`
			`u, err := auth.db.GetVerifiedUserByEmail(email)`

			`if err != nil {`
			`return nil, errors.New("Invalid email or password")`
			`}`

			`err = auth.bcrypt.CompareHashAndPassword([]byte(u.PasswordHash), []byte(password))`

			`if err != nil {`
			`return nil, errors.New("Invalid email or password")`
			`}`

			`return u, nil`
			`}`

			`func (auth AuthService) AuthenticateSession(id string) (types.User, error) {`
			`u, err := auth.db.GetUserByActiveSession(id)`

			`if err != nil {`
			`return nil, errors.New("Invalid session")`
			`}`

			`auth.db.UpdateSessionActivity(id)`

			`return u, nil`
			`}`

			`func (auth AuthService) AuthenticateApiKey(id string) (types.User, error) {`
			`u, err := auth.db.GetUserByApiKey(id)`

			`if err != nil {`
			`return nil, errors.New("Access denied")`
			`}`

			`auth.db.UpdateApiKeyActivity(id)`

			`return u, nil`
			`}`
allow limited login via email verify code 2018-11-02 15:14:26 -04:00
			`func (auth AuthService) AuthenticateEmailVerifyCode(code string) (types.User, error) {`
			`u, err := auth.db.GetUserByEmailVerifyCode(code)`

			`if err != nil {`
			`return nil, errors.New("Access denied")`
			`}`

			`return u, nil`
format code 2020-01-14 14:29:00 -05:00			`}`