drive/apps/backend/internal/auth/service.go

package auth

import (
	"context"
	"encoding/hex"
	"errors"

	"github.com/get-drexa/drexa/internal/password"
	"github.com/get-drexa/drexa/internal/user"
	"github.com/google/uuid"
	"github.com/uptrace/bun"
)

type LoginResult struct {
	User         *user.User
	AccessToken  string
	RefreshToken string
}

var ErrInvalidCredentials = errors.New("invalid credentials")

type Service struct {
	db          *bun.DB
	userService *user.Service
	tokenConfig TokenConfig
}

type registerOptions struct {
	displayName string
	email       string
	password    string
}

func NewService(db *bun.DB, userService *user.Service, tokenConfig TokenConfig) *Service {
	return &Service{
		db:          db,
		userService: userService,
		tokenConfig: tokenConfig,
	}
}

func (s *Service) LoginWithEmailAndPassword(ctx context.Context, email, plain string) (*LoginResult, error) {
	u, err := s.userService.UserByEmail(ctx, email)
	if err != nil {
		var nf *user.NotFoundError
		if errors.As(err, &nf) {
			return nil, ErrInvalidCredentials
		}
		return nil, err
	}

	ok, err := password.Verify(plain, u.Password)
	if err != nil || !ok {
		return nil, ErrInvalidCredentials
	}

	at, err := GenerateAccessToken(u, &s.tokenConfig)
	if err != nil {
		return nil, err
	}

	rt, err := GenerateRefreshToken(u, &s.tokenConfig)
	if err != nil {
		return nil, err
	}

	_, err = s.db.NewInsert().Model(rt).Exec(ctx)
	if err != nil {
		return nil, err
	}

	return &LoginResult{
		User:         u,
		AccessToken:  at,
		RefreshToken: hex.EncodeToString(rt.Token),
	}, nil
}

func (s *Service) Register(ctx context.Context, opts registerOptions) (*LoginResult, error) {
	hashed, err := password.Hash(opts.password)
	if err != nil {
		return nil, err
	}

	u, err := s.userService.RegisterUser(ctx, user.UserRegistrationOptions{
		Email:       opts.email,
		DisplayName: opts.displayName,
		Password:    hashed,
	})
	if err != nil {
		return nil, err
	}

	at, err := GenerateAccessToken(u, &s.tokenConfig)
	if err != nil {
		return nil, err
	}

	rt, err := GenerateRefreshToken(u, &s.tokenConfig)
	if err != nil {
		return nil, err
	}

	_, err = s.db.NewInsert().Model(rt).Exec(ctx)
	if err != nil {
		return nil, err
	}

	return &LoginResult{
		User:         u,
		AccessToken:  at,
		RefreshToken: hex.EncodeToString(rt.Token),
	}, nil
}

func (s *Service) AuthenticateWithAccessToken(ctx context.Context, token string) (*user.User, error) {
	claims, err := ParseAccessToken(token, &s.tokenConfig)
	if err != nil {
		return nil, err
	}

	id, err := uuid.Parse(claims.Subject)
	if err != nil {
		return nil, newInvalidAccessTokenError(err)
	}

	return s.userService.UserByID(ctx, id)
}
feat: initial backend scaffolding migrating away from convex Co-authored-by: Ona <no-reply@ona.com> 2025-11-10 00:19:30 +00:00			`package auth`

			`import (`
			`"context"`
			`"encoding/hex"`
			`"errors"`

fix: ret invalid cred if usr not found in login 2025-11-26 01:42:52 +00:00			`"github.com/get-drexa/drexa/internal/password"`
feat: impl bearer auth middleware 2025-11-26 01:09:42 +00:00			`"github.com/get-drexa/drexa/internal/user"`
			`"github.com/google/uuid"`
feat: initial backend scaffolding migrating away from convex Co-authored-by: Ona <no-reply@ona.com> 2025-11-10 00:19:30 +00:00			`"github.com/uptrace/bun"`
			`)`

			`type LoginResult struct {`
feat: impl bearer auth middleware 2025-11-26 01:09:42 +00:00			`User *user.User`
feat: initial backend scaffolding migrating away from convex Co-authored-by: Ona <no-reply@ona.com> 2025-11-10 00:19:30 +00:00			`AccessToken string`
			`RefreshToken string`
			`}`

			`var ErrInvalidCredentials = errors.New("invalid credentials")`

			`type Service struct {`
			`db *bun.DB`
feat: impl bearer auth middleware 2025-11-26 01:09:42 +00:00			`userService *user.Service`
feat: initial backend scaffolding migrating away from convex Co-authored-by: Ona <no-reply@ona.com> 2025-11-10 00:19:30 +00:00			`tokenConfig TokenConfig`
			`}`

			`type registerOptions struct {`
			`displayName string`
			`email string`
			`password string`
			`}`

feat: impl bearer auth middleware 2025-11-26 01:09:42 +00:00			`func NewService(db bun.DB, userService user.Service, tokenConfig TokenConfig) *Service {`
feat: initial backend scaffolding migrating away from convex Co-authored-by: Ona <no-reply@ona.com> 2025-11-10 00:19:30 +00:00			`return &Service{`
			`db: db,`
feat: impl bearer auth middleware 2025-11-26 01:09:42 +00:00			`userService: userService,`
feat: initial backend scaffolding migrating away from convex Co-authored-by: Ona <no-reply@ona.com> 2025-11-10 00:19:30 +00:00			`tokenConfig: tokenConfig,`
			`}`
			`}`

fix: ret invalid cred if usr not found in login 2025-11-26 01:42:52 +00:00			`func (s Service) LoginWithEmailAndPassword(ctx context.Context, email, plain string) (LoginResult, error) {`
			`u, err := s.userService.UserByEmail(ctx, email)`
feat: initial backend scaffolding migrating away from convex Co-authored-by: Ona <no-reply@ona.com> 2025-11-10 00:19:30 +00:00			`if err != nil {`
fix: ret invalid cred if usr not found in login 2025-11-26 01:42:52 +00:00			`var nf *user.NotFoundError`
			`if errors.As(err, &nf) {`
			`return nil, ErrInvalidCredentials`
			`}`
feat: initial backend scaffolding migrating away from convex Co-authored-by: Ona <no-reply@ona.com> 2025-11-10 00:19:30 +00:00			`return nil, err`
			`}`

fix: ret invalid cred if usr not found in login 2025-11-26 01:42:52 +00:00			`ok, err := password.Verify(plain, u.Password)`
feat: initial backend scaffolding migrating away from convex Co-authored-by: Ona <no-reply@ona.com> 2025-11-10 00:19:30 +00:00			`if err != nil \|\| !ok {`
			`return nil, ErrInvalidCredentials`
			`}`

fix: ret invalid cred if usr not found in login 2025-11-26 01:42:52 +00:00			`at, err := GenerateAccessToken(u, &s.tokenConfig)`
feat: initial backend scaffolding migrating away from convex Co-authored-by: Ona <no-reply@ona.com> 2025-11-10 00:19:30 +00:00			`if err != nil {`
			`return nil, err`
			`}`

fix: ret invalid cred if usr not found in login 2025-11-26 01:42:52 +00:00			`rt, err := GenerateRefreshToken(u, &s.tokenConfig)`
feat: initial backend scaffolding migrating away from convex Co-authored-by: Ona <no-reply@ona.com> 2025-11-10 00:19:30 +00:00			`if err != nil {`
			`return nil, err`
			`}`

			`_, err = s.db.NewInsert().Model(rt).Exec(ctx)`
			`if err != nil {`
			`return nil, err`
			`}`

			`return &LoginResult{`
fix: ret invalid cred if usr not found in login 2025-11-26 01:42:52 +00:00			`User: u,`
feat: initial backend scaffolding migrating away from convex Co-authored-by: Ona <no-reply@ona.com> 2025-11-10 00:19:30 +00:00			`AccessToken: at,`
			`RefreshToken: hex.EncodeToString(rt.Token),`
			`}, nil`
			`}`

			`func (s Service) Register(ctx context.Context, opts registerOptions) (LoginResult, error) {`
fix: ret invalid cred if usr not found in login 2025-11-26 01:42:52 +00:00			`hashed, err := password.Hash(opts.password)`
feat: initial backend scaffolding migrating away from convex Co-authored-by: Ona <no-reply@ona.com> 2025-11-10 00:19:30 +00:00			`if err != nil {`
			`return nil, err`
			`}`

fix: ret invalid cred if usr not found in login 2025-11-26 01:42:52 +00:00			`u, err := s.userService.RegisterUser(ctx, user.UserRegistrationOptions{`
			`Email: opts.email,`
			`DisplayName: opts.displayName,`
			`Password: hashed,`
			`})`
feat: initial backend scaffolding migrating away from convex Co-authored-by: Ona <no-reply@ona.com> 2025-11-10 00:19:30 +00:00			`if err != nil {`
			`return nil, err`
			`}`

fix: ret invalid cred if usr not found in login 2025-11-26 01:42:52 +00:00			`at, err := GenerateAccessToken(u, &s.tokenConfig)`
feat: initial backend scaffolding migrating away from convex Co-authored-by: Ona <no-reply@ona.com> 2025-11-10 00:19:30 +00:00			`if err != nil {`
			`return nil, err`
			`}`

fix: ret invalid cred if usr not found in login 2025-11-26 01:42:52 +00:00			`rt, err := GenerateRefreshToken(u, &s.tokenConfig)`
feat: initial backend scaffolding migrating away from convex Co-authored-by: Ona <no-reply@ona.com> 2025-11-10 00:19:30 +00:00			`if err != nil {`
			`return nil, err`
			`}`

fix: ret invalid cred if usr not found in login 2025-11-26 01:42:52 +00:00			`_, err = s.db.NewInsert().Model(rt).Exec(ctx)`
feat: initial backend scaffolding migrating away from convex Co-authored-by: Ona <no-reply@ona.com> 2025-11-10 00:19:30 +00:00			`if err != nil {`
			`return nil, err`
			`}`

			`return &LoginResult{`
fix: ret invalid cred if usr not found in login 2025-11-26 01:42:52 +00:00			`User: u,`
feat: initial backend scaffolding migrating away from convex Co-authored-by: Ona <no-reply@ona.com> 2025-11-10 00:19:30 +00:00			`AccessToken: at,`
			`RefreshToken: hex.EncodeToString(rt.Token),`
			`}, nil`
			`}`
feat: impl bearer auth middleware 2025-11-26 01:09:42 +00:00
			`func (s Service) AuthenticateWithAccessToken(ctx context.Context, token string) (user.User, error) {`
			`claims, err := ParseAccessToken(token, &s.tokenConfig)`
			`if err != nil {`
			`return nil, err`
			`}`

			`id, err := uuid.Parse(claims.Subject)`
			`if err != nil {`
			`return nil, newInvalidAccessTokenError(err)`
			`}`

			`return s.userService.UserByID(ctx, id)`
			`}`