Add setup-flow

2026-03-21 03:12:13 +01:00
parent 80a2f662dc
commit dd044cf5d0
17 changed files with 519 additions and 37 deletions
--- a/internal/user/errors.go
+++ b/internal/user/errors.go
@@ -3,3 +3,5 @@ package user
 import "errors"

 var ErrUserNotFound = errors.New("user not found")
+var ErrPasswordsDoNotMatch = errors.New("Incorrect old password")
+var ErrInvalidPassword = errors.New("invalid password")
--- a/internal/user/handler.go
+++ b/internal/user/handler.go
@@ -1,6 +1,10 @@
 package user

-import "github.com/gin-gonic/gin"
+import (
+	"fmt"
+
+	"github.com/gin-gonic/gin"
+)

 type Handler struct {
 	service *Service
@@ -30,3 +34,55 @@ func (h *Handler) Register(c *gin.Context) {

 	c.JSON(201, gin.H{"id": user.ID, "username": user.Username, "role": user.Role})
 }
+
+func (h *Handler) ChangePassword(c *gin.Context) {
+	var req struct {
+		OldPassword string `json:"old_password"`
+		NewPassword string `json:"new_password"`
+	}
+
+	userID, exists := c.Get("user_id")
+	if !exists {
+		fmt.Println("User ID not found in context")
+		c.JSON(401, gin.H{"error": "unauthorized"})
+		return
+	}
+
+	if err := c.ShouldBindJSON(&req); err != nil {
+		c.JSON(400, gin.H{"error": "invalid request"})
+		return
+	}
+
+	err := h.service.ChangePassword(userID.(string), req.OldPassword, req.NewPassword)
+	if err != nil {
+		c.JSON(500, gin.H{"error": err.Error()})
+		return
+	}
+
+	c.JSON(200, gin.H{"message": "password changed successfully"})
+}
+
+func ForcePasswordChangeMiddleware(userService *Service) gin.HandlerFunc {
+	return func(c *gin.Context) {
+		userID, exists := c.Get("user_id")
+		if !exists {
+			c.Next()
+			return
+		}
+
+		user, err := userService.FindByID(userID.(string))
+		if err != nil {
+			c.AbortWithStatus(500)
+			return
+		}
+
+		// Allow access to change password page itself
+		if user.ForceChangePassword && c.Request.URL.Path != "/change-password" {
+			c.Redirect(302, "/change-password")
+			c.Abort()
+			return
+		}
+
+		c.Next()
+	}
+}
--- a/internal/user/model.go
+++ b/internal/user/model.go
@@ -4,7 +4,8 @@ import "gorm.io/gorm"

 type User struct {
 	gorm.Model
-	Username     string `gorm:"uniqueIndex;not null"`
-	PasswordHash string `gorm:"not null"`
-	Role         string `gorm:"not null"`
+	Username            string `gorm:"uniqueIndex;not null"`
+	PasswordHash        string `gorm:"not null"`
+	Role                string `gorm:"not null"`
+	ForceChangePassword bool   `gorm:"default:false"`
 }
--- a/internal/user/repository.go
+++ b/internal/user/repository.go
@@ -25,6 +25,17 @@ func (r *Repository) FindByUsername(username string) (*User, error) {
 	return &u, nil
 }

+func (r *Repository) FindByID(id string) (*User, error) {
+	var u User
+	if err := r.db.First(&u, id).Error; err != nil {
+		if errors.Is(err, gorm.ErrRecordNotFound) {
+			return nil, ErrUserNotFound
+		}
+		return nil, err
+	}
+	return &u, nil
+}
+
 func (r *Repository) Create(u *User) error {
 	return r.db.Create(u).Error
 }
@@ -37,6 +48,10 @@ func (r *Repository) GetAll() ([]User, error) {
 	return users, nil
 }

+func (r *Repository) Update(u *User) error {
+	return r.db.Save(u).Error
+}
+
 func (r *Repository) Delete(id uint) error {
 	return r.db.Delete(&User{}, id).Error
 }
--- a/internal/user/routes.go
+++ b/internal/user/routes.go
@@ -1,11 +1,17 @@
 package user

 import (
+	"ResendIt/internal/api/middleware"
+
 	"github.com/gin-gonic/gin"
 )

 func RegisterRoutes(r *gin.RouterGroup, h *Handler) {
-	//auth := r.Group("/user")
+	auth := r.Group("/user")
+	auth.Use(middleware.AuthMiddleware())
+	auth.Use(middleware.RequireRole("admin"))
+
+	auth.POST("/change-password", h.ChangePassword)

 	//auth.POST("/register", h.Register)
 }
--- a/internal/user/service.go
+++ b/internal/user/service.go
@@ -35,6 +35,66 @@ func (s *Service) CreateUser(username, password, role string) (*User, error) {
 	return u, nil
 }

+// UpdateUser updates a user's information
+func (s *Service) UpdateUser(user *User) (*User, error) {
+	if err := s.repo.Update(user); err != nil {
+		return nil, err
+	}
+	return user, nil
+}
+
+func validNewPassword(oldPassword, newPassword string) bool {
+	if oldPassword == newPassword {
+		return false
+	}
+	if len(newPassword) < 8 {
+		return false
+	}
+	//Contains 1 uppercase, 1 lowercase, 1 number
+	hasUpper := false
+	hasLower := false
+	hasNumber := false
+	for _, c := range newPassword {
+		switch {
+		case 'A' <= c && c <= 'Z':
+			hasUpper = true
+		case 'a' <= c && c <= 'z':
+			hasLower = true
+		case '0' <= c && c <= '9':
+			hasNumber = true
+		}
+	}
+	if !hasUpper || !hasLower || !hasNumber {
+		return false
+	}
+	return true
+}
+
+func (s *Service) ChangePassword(userID string, oldPassword string, newPassword string) error {
+	user, err := s.repo.FindByID(userID)
+	if err != nil {
+		return err
+	}
+
+	if !validNewPassword(oldPassword, newPassword) {
+		return ErrInvalidPassword
+	}
+
+	if !security.CheckPassword(oldPassword, user.PasswordHash) {
+		return ErrPasswordsDoNotMatch
+	}
+
+	newHash, err := security.HashPassword(newPassword)
+	if err != nil {
+		return err
+	}
+
+	user.PasswordHash = newHash
+	user.ForceChangePassword = false
+
+	return s.repo.Update(user)
+}
+
 // GetAllUsers returns all users
 func (s *Service) GetAllUsers() ([]User, error) {
 	return s.repo.GetAll()
@@ -53,3 +113,8 @@ func (s *Service) DeleteUser(requesterID, targetID uint) error {
 func (s *Service) FindByUsername(username string) (*User, error) {
 	return s.repo.FindByUsername(username)
 }
+
+// FindByID returns a user by ID
+func (s *Service) FindByID(id string) (*User, error) {
+	return s.repo.FindByID(id)
+}