drive/apps/backend/internal/auth/http.go

package auth

import (
	"errors"
	"log/slog"

	"github.com/get-drexa/drexa/internal/httperr"
	"github.com/get-drexa/drexa/internal/user"
	"github.com/gofiber/fiber/v2"
	"github.com/uptrace/bun"
)

type loginRequest struct {
	Email    string `json:"email"`
	Password string `json:"password"`
}

type loginResponse struct {
	User         user.User `json:"user"`
	AccessToken  string    `json:"accessToken"`
	RefreshToken string    `json:"refreshToken"`
}

type refreshAccessTokenRequest struct {
	RefreshToken string `json:"refreshToken"`
}

type tokenResponse struct {
	AccessToken  string `json:"accessToken"`
	RefreshToken string `json:"refreshToken"`
}

type HTTPHandler struct {
	service *Service
	db      *bun.DB
}

func NewHTTPHandler(s *Service, db *bun.DB) *HTTPHandler {
	return &HTTPHandler{service: s, db: db}
}

func (h *HTTPHandler) RegisterRoutes(api fiber.Router) {
	auth := api.Group("/auth")
	auth.Post("/login", h.Login)
	auth.Post("/tokens", h.refreshAccessToken)
}

func (h *HTTPHandler) Login(c *fiber.Ctx) error {
	req := new(loginRequest)
	if err := c.BodyParser(req); err != nil {
		return c.Status(fiber.StatusBadRequest).JSON(fiber.Map{"error": "Invalid request"})
	}

	tx, err := h.db.BeginTx(c.Context(), nil)
	if err != nil {
		return httperr.Internal(err)
	}
	defer tx.Rollback()

	result, err := h.service.LoginWithEmailAndPassword(c.Context(), tx, req.Email, req.Password)
	if err != nil {
		if errors.Is(err, ErrInvalidCredentials) {
			return c.Status(fiber.StatusUnauthorized).JSON(fiber.Map{"error": "Invalid credentials"})
		}
		return httperr.Internal(err)
	}

	if err := tx.Commit(); err != nil {
		return httperr.Internal(err)
	}

	return c.JSON(loginResponse{
		User:         *result.User,
		AccessToken:  result.AccessToken,
		RefreshToken: result.RefreshToken,
	})
}

func (h *HTTPHandler) refreshAccessToken(c *fiber.Ctx) error {
	req := new(refreshAccessTokenRequest)
	if err := c.BodyParser(req); err != nil {
		return c.Status(fiber.StatusBadRequest).JSON(fiber.Map{"error": "Invalid request"})
	}

	tx, err := h.db.BeginTx(c.Context(), nil)
	if err != nil {
		return httperr.Internal(err)
	}
	defer tx.Rollback()

	result, err := h.service.RefreshAccessToken(c.Context(), tx, req.RefreshToken)
	if err != nil {
		if errors.Is(err, ErrInvalidRefreshToken) ||
			errors.Is(err, ErrRefreshTokenExpired) ||
			errors.Is(err, ErrRefreshTokenReused) {
			_ = tx.Commit()
			slog.Info("invalid refresh token", "error", err)
			return c.Status(fiber.StatusUnauthorized).JSON(fiber.Map{"error": "invalid refresh token"})
		}
		return httperr.Internal(err)
	}

	if err := tx.Commit(); err != nil {
		return httperr.Internal(err)
	}

	return c.JSON(tokenResponse{
		AccessToken:  result.AccessToken,
		RefreshToken: result.RefreshToken,
	})
}
feat: initial backend scaffolding migrating away from convex Co-authored-by: Ona <no-reply@ona.com> 2025-11-10 00:19:30 +00:00			`package auth`

			`import (`
			`"errors"`
feat: impl refresh token rotation 2025-12-03 00:07:39 +00:00			`"log/slog"`
feat: initial backend scaffolding migrating away from convex Co-authored-by: Ona <no-reply@ona.com> 2025-11-10 00:19:30 +00:00
feat: improve err logging 2025-11-30 19:19:33 +00:00			`"github.com/get-drexa/drexa/internal/httperr"`
feat: impl bearer auth middleware 2025-11-26 01:09:42 +00:00			`"github.com/get-drexa/drexa/internal/user"`
feat: initial backend scaffolding migrating away from convex Co-authored-by: Ona <no-reply@ona.com> 2025-11-10 00:19:30 +00:00			`"github.com/gofiber/fiber/v2"`
fix: registration endpoint and db auto close issue 2025-11-29 20:51:56 +00:00			`"github.com/uptrace/bun"`
feat: initial backend scaffolding migrating away from convex Co-authored-by: Ona <no-reply@ona.com> 2025-11-10 00:19:30 +00:00			`)`

			`type loginRequest struct {`
			Email string `json:"email"`
			Password string `json:"password"`
			`}`

			`type loginResponse struct {`
feat: impl bearer auth middleware 2025-11-26 01:09:42 +00:00			User user.User `json:"user"`
			AccessToken string `json:"accessToken"`
			RefreshToken string `json:"refreshToken"`
feat: initial backend scaffolding migrating away from convex Co-authored-by: Ona <no-reply@ona.com> 2025-11-10 00:19:30 +00:00			`}`

feat: impl refresh token rotation 2025-12-03 00:07:39 +00:00			`type refreshAccessTokenRequest struct {`
			RefreshToken string `json:"refreshToken"`
			`}`

			`type tokenResponse struct {`
			AccessToken string `json:"accessToken"`
			RefreshToken string `json:"refreshToken"`
			`}`

fix: registration endpoint and db auto close issue 2025-11-29 20:51:56 +00:00			`type HTTPHandler struct {`
			`service *Service`
			`db *bun.DB`
feat: initial backend scaffolding migrating away from convex Co-authored-by: Ona <no-reply@ona.com> 2025-11-10 00:19:30 +00:00			`}`

fix: registration endpoint and db auto close issue 2025-11-29 20:51:56 +00:00			`func NewHTTPHandler(s Service, db bun.DB) *HTTPHandler {`
			`return &HTTPHandler{service: s, db: db}`
feat: initial backend scaffolding migrating away from convex Co-authored-by: Ona <no-reply@ona.com> 2025-11-10 00:19:30 +00:00			`}`

fix: registration endpoint and db auto close issue 2025-11-29 20:51:56 +00:00			`func (h *HTTPHandler) RegisterRoutes(api fiber.Router) {`
			`auth := api.Group("/auth")`
			`auth.Post("/login", h.Login)`
feat: impl refresh token rotation 2025-12-03 00:07:39 +00:00			`auth.Post("/tokens", h.refreshAccessToken)`
fix: registration endpoint and db auto close issue 2025-11-29 20:51:56 +00:00			`}`
feat: initial backend scaffolding migrating away from convex Co-authored-by: Ona <no-reply@ona.com> 2025-11-10 00:19:30 +00:00
fix: registration endpoint and db auto close issue 2025-11-29 20:51:56 +00:00			`func (h HTTPHandler) Login(c fiber.Ctx) error {`
feat: initial backend scaffolding migrating away from convex Co-authored-by: Ona <no-reply@ona.com> 2025-11-10 00:19:30 +00:00			`req := new(loginRequest)`
			`if err := c.BodyParser(req); err != nil {`
			`return c.Status(fiber.StatusBadRequest).JSON(fiber.Map{"error": "Invalid request"})`
			`}`

fix: registration endpoint and db auto close issue 2025-11-29 20:51:56 +00:00			`tx, err := h.db.BeginTx(c.Context(), nil)`
			`if err != nil {`
feat: improve err logging 2025-11-30 19:19:33 +00:00			`return httperr.Internal(err)`
fix: registration endpoint and db auto close issue 2025-11-29 20:51:56 +00:00			`}`
			`defer tx.Rollback()`

feat: impl refresh token rotation 2025-12-03 00:07:39 +00:00			`result, err := h.service.LoginWithEmailAndPassword(c.Context(), tx, req.Email, req.Password)`
feat: initial backend scaffolding migrating away from convex Co-authored-by: Ona <no-reply@ona.com> 2025-11-10 00:19:30 +00:00			`if err != nil {`
			`if errors.Is(err, ErrInvalidCredentials) {`
			`return c.Status(fiber.StatusUnauthorized).JSON(fiber.Map{"error": "Invalid credentials"})`
			`}`
feat: improve err logging 2025-11-30 19:19:33 +00:00			`return httperr.Internal(err)`
feat: initial backend scaffolding migrating away from convex Co-authored-by: Ona <no-reply@ona.com> 2025-11-10 00:19:30 +00:00			`}`

fix: registration endpoint and db auto close issue 2025-11-29 20:51:56 +00:00			`if err := tx.Commit(); err != nil {`
feat: improve err logging 2025-11-30 19:19:33 +00:00			`return httperr.Internal(err)`
fix: registration endpoint and db auto close issue 2025-11-29 20:51:56 +00:00			`}`

feat: initial backend scaffolding migrating away from convex Co-authored-by: Ona <no-reply@ona.com> 2025-11-10 00:19:30 +00:00			`return c.JSON(loginResponse{`
feat: impl bearer auth middleware 2025-11-26 01:09:42 +00:00			`User: *result.User,`
feat: initial backend scaffolding migrating away from convex Co-authored-by: Ona <no-reply@ona.com> 2025-11-10 00:19:30 +00:00			`AccessToken: result.AccessToken,`
			`RefreshToken: result.RefreshToken,`
			`})`
			`}`
feat: impl refresh token rotation 2025-12-03 00:07:39 +00:00
			`func (h HTTPHandler) refreshAccessToken(c fiber.Ctx) error {`
			`req := new(refreshAccessTokenRequest)`
			`if err := c.BodyParser(req); err != nil {`
			`return c.Status(fiber.StatusBadRequest).JSON(fiber.Map{"error": "Invalid request"})`
			`}`

			`tx, err := h.db.BeginTx(c.Context(), nil)`
			`if err != nil {`
			`return httperr.Internal(err)`
			`}`
			`defer tx.Rollback()`

			`result, err := h.service.RefreshAccessToken(c.Context(), tx, req.RefreshToken)`
			`if err != nil {`
			`if errors.Is(err, ErrInvalidRefreshToken) \|\|`
			`errors.Is(err, ErrRefreshTokenExpired) \|\|`
			`errors.Is(err, ErrRefreshTokenReused) {`
			`_ = tx.Commit()`
			`slog.Info("invalid refresh token", "error", err)`
			`return c.Status(fiber.StatusUnauthorized).JSON(fiber.Map{"error": "invalid refresh token"})`
			`}`
			`return httperr.Internal(err)`
			`}`

			`if err := tx.Commit(); err != nil {`
			`return httperr.Internal(err)`
			`}`

			`return c.JSON(tokenResponse{`
			`AccessToken: result.AccessToken,`
			`RefreshToken: result.RefreshToken,`
			`})`
			`}`