drexa/drive
1
0
Fork 0
mirror of https://github.com/get-drexa/drive.git synced 2026-02-02 13:21:17 +00:00
Code Issues Packages Projects Releases Wiki Activity

feat: suppor tokenDelivery field for account reg

Browse Source
This commit is contained in:
Kenneth
2025-12-16 00:41:30 +00:00
parent bab6e24a0d
commit 3686f87377
6 changed files with 85 additions and 28 deletions
Download Patch File Download Diff File Expand all files Collapse all files

49
apps/backend/docs/swagger.json
View File

@@ -17,8 +17,40 @@
"basePath": "/api", "basePath": "/api",
"paths": { "paths": {
"/accounts": { "/accounts": {
"get": {
"security": [
{
"BearerAuth": []
}
],
"description": "Retrieve all accounts for the authenticated user",
"produces": [
"application/json"
],
"tags": [
"accounts"
],
"summary": "List accounts",
"responses": {
"200": {
"description": "List of accounts for the authenticated user",
"schema": {
"type": "array",
"items": {
"$ref": "#/definitions/internal_account.Account"
}
}
},
"401": {
"description": "Not authenticated",
"schema": {
"type": "string"
}
}
}
},
"post": { "post": {
"description": "Create a new user account with email and password. Returns the account, user, and authentication tokens.", "description": "Create a new user account with email and password. Returns the account, user, and authentication tokens. Tokens can be delivered via HTTP-only cookies or in the response body based on the tokenDelivery field.",
"consumes": [ "consumes": [
"application/json" "application/json"
], ],
@@ -48,7 +80,7 @@
} }
}, },
"400": { "400": {
"description": "Invalid request body", "description": "Invalid request body or token delivery method",
"schema": { "schema": {
"type": "string" "type": "string"
} }
@@ -1325,6 +1357,15 @@
"description": "Password for the new account (min 8 characters)", "description": "Password for the new account (min 8 characters)",
"type": "string", "type": "string",
"example": "securepassword123" "example": "securepassword123"
},
"tokenDelivery": {
"description": "How to deliver tokens: \"cookie\" (set HTTP-only cookies) or \"body\" (include in response)",
"type": "string",
"enum": [
"cookie",
"body"
],
"example": "body"
} }
} }
}, },
@@ -1333,7 +1374,7 @@
"type": "object", "type": "object",
"properties": { "properties": {
"accessToken": { "accessToken": {
"description": "JWT access token for immediate authentication", "description": "JWT access token for immediate authentication (only included when tokenDelivery is \"body\")",
"type": "string", "type": "string",
"example": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiI1NTBlODQwMC1lMjliLTQxZDQtYTcxNi00NDY2NTU0NDAwMDAifQ.signature" "example": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiI1NTBlODQwMC1lMjliLTQxZDQtYTcxNi00NDY2NTU0NDAwMDAifQ.signature"
}, },
@@ -1346,7 +1387,7 @@
] ]
}, },
"refreshToken": { "refreshToken": {
"description": "Base64 URL encoded refresh token", "description": "Base64 URL encoded refresh token (only included when tokenDelivery is \"body\")",
"type": "string", "type": "string",
"example": "dR4nD0mUu1DkZXlCeXRlc0FuZFJhbmRvbURhdGFIZXJlMTIzNDU2Nzg5MGFi" "example": "dR4nD0mUu1DkZXlCeXRlc0FuZFJhbmRvbURhdGFIZXJlMTIzNDU2Nzg5MGFi"
}, },

44
apps/backend/internal/account/http.go
View File

@@ -17,6 +17,7 @@ type HTTPHandler struct {
authService *auth.Service authService *auth.Service
db *bun.DB db *bun.DB
authMiddleware fiber.Handler authMiddleware fiber.Handler
cookieConfig auth.CookieConfig
} }
// registerAccountRequest represents a new account registration // registerAccountRequest represents a new account registration
@@ -28,6 +29,8 @@ type registerAccountRequest struct {
Password string `json:"password" example:"securepassword123"` Password string `json:"password" example:"securepassword123"`
// Display name for the user // Display name for the user
DisplayName string `json:"displayName" example:"Jane Doe"` DisplayName string `json:"displayName" example:"Jane Doe"`
// How to deliver tokens: "cookie" (set HTTP-only cookies) or "body" (include in response)
TokenDelivery string `json:"tokenDelivery" example:"body" enums:"cookie,body"`
} }
// registerAccountResponse represents a successful registration // registerAccountResponse represents a successful registration
@@ -37,10 +40,10 @@ type registerAccountResponse struct {
Account *Account `json:"account"` Account *Account `json:"account"`
// The created user // The created user
User *user.User `json:"user"` User *user.User `json:"user"`
// JWT access token for immediate authentication // JWT access token for immediate authentication (only included when tokenDelivery is "body")
AccessToken string `json:"accessToken" example:"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiI1NTBlODQwMC1lMjliLTQxZDQtYTcxNi00NDY2NTU0NDAwMDAifQ.signature"` AccessToken string `json:"accessToken,omitempty" example:"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiI1NTBlODQwMC1lMjliLTQxZDQtYTcxNi00NDY2NTU0NDAwMDAifQ.signature"`
// Base64 URL encoded refresh token // Base64 URL encoded refresh token (only included when tokenDelivery is "body")
RefreshToken string `json:"refreshToken" example:"dR4nD0mUu1DkZXlCeXRlc0FuZFJhbmRvbURhdGFIZXJlMTIzNDU2Nzg5MGFi"` RefreshToken string `json:"refreshToken,omitempty" example:"dR4nD0mUu1DkZXlCeXRlc0FuZFJhbmRvbURhdGFIZXJlMTIzNDU2Nzg5MGFi"`
} }
const currentAccountKey = "currentAccount" const currentAccountKey = "currentAccount"
@@ -49,8 +52,8 @@ func CurrentAccount(c *fiber.Ctx) *Account {
return c.Locals(currentAccountKey).(*Account) return c.Locals(currentAccountKey).(*Account)
} }
func NewHTTPHandler(accountService *Service, authService *auth.Service, db *bun.DB, authMiddleware fiber.Handler) *HTTPHandler { func NewHTTPHandler(accountService *Service, authService *auth.Service, db *bun.DB, authMiddleware fiber.Handler, cookieConfig auth.CookieConfig) *HTTPHandler {
return &HTTPHandler{accountService: accountService, authService: authService, db: db, authMiddleware: authMiddleware} return &HTTPHandler{accountService: accountService, authService: authService, db: db, authMiddleware: authMiddleware, cookieConfig: cookieConfig}
} }
func (h *HTTPHandler) RegisterRoutes(api fiber.Router) fiber.Router { func (h *HTTPHandler) RegisterRoutes(api fiber.Router) fiber.Router {
@@ -126,13 +129,13 @@ func (h *HTTPHandler) getAccount(c *fiber.Ctx) error {
// registerAccount creates a new account and user // registerAccount creates a new account and user
// @Summary Register new account // @Summary Register new account
// @Description Create a new user account with email and password. Returns the account, user, and authentication tokens. // @Description Create a new user account with email and password. Returns the account, user, and authentication tokens. Tokens can be delivered via HTTP-only cookies or in the response body based on the tokenDelivery field.
// @Tags accounts // @Tags accounts
// @Accept json // @Accept json
// @Produce json // @Produce json
// @Param request body registerAccountRequest true "Registration details" // @Param request body registerAccountRequest true "Registration details"
// @Success 200 {object} registerAccountResponse "Account created successfully" // @Success 200 {object} registerAccountResponse "Account created successfully"
// @Failure 400 {string} string "Invalid request body" // @Failure 400 {string} string "Invalid request body or token delivery method"
// @Failure 409 {string} string "Email already registered" // @Failure 409 {string} string "Email already registered"
// @Router /accounts [post] // @Router /accounts [post]
func (h *HTTPHandler) registerAccount(c *fiber.Ctx) error { func (h *HTTPHandler) registerAccount(c *fiber.Ctx) error {
@@ -173,10 +176,23 @@ func (h *HTTPHandler) registerAccount(c *fiber.Ctx) error {
return httperr.Internal(err) return httperr.Internal(err)
} }
return c.JSON(registerAccountResponse{ switch req.TokenDelivery {
Account: acc, default:
User: u, return c.Status(fiber.StatusBadRequest).JSON(fiber.Map{"error": "invalid token delivery method"})
AccessToken: result.AccessToken,
RefreshToken: result.RefreshToken, case auth.TokenDeliveryCookie:
}) auth.SetAuthCookies(c, result.AccessToken, result.RefreshToken, h.cookieConfig)
return c.JSON(registerAccountResponse{
Account: acc,
User: u,
})
case auth.TokenDeliveryBody:
return c.JSON(registerAccountResponse{
Account: acc,
User: u,
AccessToken: result.AccessToken,
RefreshToken: result.RefreshToken,
})
}
} }

4
apps/backend/internal/auth/cookies.go
View File

@@ -32,10 +32,10 @@ func authCookies(c *fiber.Ctx) map[string]string {
return m return m
} }
// setAuthCookies sets HTTP-only auth cookies with security settings derived from the request. // SetAuthCookies sets HTTP-only auth cookies with security settings derived from the request.
// Secure flag is based on actual protocol (works automatically with proxies/tunnels), // Secure flag is based on actual protocol (works automatically with proxies/tunnels),
// unless explicitly set in cfg.Secure. // unless explicitly set in cfg.Secure.
func setAuthCookies(c *fiber.Ctx, accessToken, refreshToken string, cfg CookieConfig) { func SetAuthCookies(c *fiber.Ctx, accessToken, refreshToken string, cfg CookieConfig) {
secure := c.Protocol() == "https" secure := c.Protocol() == "https"
accessTokenCookie := &fiber.Cookie{ accessTokenCookie := &fiber.Cookie{

10
apps/backend/internal/auth/http.go
View File

@@ -11,8 +11,8 @@ import (
) )
const ( const (
tokenDeliveryCookie = "cookie" TokenDeliveryCookie = "cookie"
tokenDeliveryBody = "body" TokenDeliveryBody = "body"
) )
const ( const (
@@ -113,13 +113,13 @@ func (h *HTTPHandler) Login(c *fiber.Ctx) error {
default: default:
return c.Status(fiber.StatusBadRequest).JSON(fiber.Map{"error": "invalid token delivery method"}) return c.Status(fiber.StatusBadRequest).JSON(fiber.Map{"error": "invalid token delivery method"})
case tokenDeliveryCookie: case TokenDeliveryCookie:
setAuthCookies(c, result.AccessToken, result.RefreshToken, h.cookieConfig) SetAuthCookies(c, result.AccessToken, result.RefreshToken, h.cookieConfig)
return c.JSON(loginResponse{ return c.JSON(loginResponse{
User: *result.User, User: *result.User,
}) })
case tokenDeliveryBody: case TokenDeliveryBody:
return c.JSON(loginResponse{ return c.JSON(loginResponse{
User: *result.User, User: *result.User,
AccessToken: result.AccessToken, AccessToken: result.AccessToken,

4
apps/backend/internal/auth/middleware.go
View File

@@ -58,7 +58,7 @@ func NewAuthMiddleware(s *Service, db *bun.DB, cookieConfig CookieConfig) fiber.
return c.SendStatus(fiber.StatusUnauthorized) return c.SendStatus(fiber.StatusUnauthorized)
} }
setAuthCookies(c, newTokens.AccessToken, newTokens.RefreshToken, cookieConfig) SetAuthCookies(c, newTokens.AccessToken, newTokens.RefreshToken, cookieConfig)
at = newTokens.AccessToken at = newTokens.AccessToken
rt = newTokens.RefreshToken rt = newTokens.RefreshToken
} }
@@ -90,7 +90,7 @@ func NewAuthMiddleware(s *Service, db *bun.DB, cookieConfig CookieConfig) fiber.
newTokens, err := s.RefreshAccessToken(c.Context(), tx, rt) newTokens, err := s.RefreshAccessToken(c.Context(), tx, rt)
if err == nil { if err == nil {
if commitErr := tx.Commit(); commitErr == nil { if commitErr := tx.Commit(); commitErr == nil {
setAuthCookies(c, newTokens.AccessToken, newTokens.RefreshToken, cookieConfig) SetAuthCookies(c, newTokens.AccessToken, newTokens.RefreshToken, cookieConfig)
} }
} else { } else {
_ = tx.Rollback() _ = tx.Rollback()

2
apps/backend/internal/drexa/server.go
View File

@@ -113,7 +113,7 @@ func NewServer(c Config) (*Server, error) {
auth.NewHTTPHandler(authService, db, cookieConfig).RegisterRoutes(api) auth.NewHTTPHandler(authService, db, cookieConfig).RegisterRoutes(api)
user.NewHTTPHandler(userService, db, authMiddleware).RegisterRoutes(api) user.NewHTTPHandler(userService, db, authMiddleware).RegisterRoutes(api)
accountRouter := account.NewHTTPHandler(accountService, authService, db, authMiddleware).RegisterRoutes(api) accountRouter := account.NewHTTPHandler(accountService, authService, db, authMiddleware, cookieConfig).RegisterRoutes(api)
upload.NewHTTPHandler(uploadService, db).RegisterRoutes(accountRouter) upload.NewHTTPHandler(uploadService, db).RegisterRoutes(accountRouter)
catalog.NewHTTPHandler(vfs, db).RegisterRoutes(accountRouter) catalog.NewHTTPHandler(vfs, db).RegisterRoutes(accountRouter)