aboutsummaryrefslogtreecommitdiffstats
path: root/internal/user
diff options
context:
space:
mode:
authorLibravatar Mo Tarbin <mhed.t91@gmail.com>2024-06-30 21:41:41 -0400
committerLibravatar Mo Tarbin <mhed.t91@gmail.com>2024-06-30 21:41:41 -0400
commitc13dd9addbf89f716e4ef5cfdf1d673139ffcb68 (patch)
treebc09646ce1d6d3a402abb4694e19da51b57204f6 /internal/user
downloaddonetick-c13dd9addbf89f716e4ef5cfdf1d673139ffcb68.tar.gz
donetick-c13dd9addbf89f716e4ef5cfdf1d673139ffcb68.tar.bz2
donetick-c13dd9addbf89f716e4ef5cfdf1d673139ffcb68.zip
Move to Donetick Org, first commit
Diffstat (limited to '')
-rw-r--r--internal/user/handler.go511
-rw-r--r--internal/user/model/model.go38
-rw-r--r--internal/user/repo/repository.go160
3 files changed, 709 insertions, 0 deletions
diff --git a/internal/user/handler.go b/internal/user/handler.go
new file mode 100644
index 0000000..0eee6f2
--- /dev/null
+++ b/internal/user/handler.go
@@ -0,0 +1,511 @@
+package user
+
+import (
+ "crypto/rand"
+ "crypto/sha256"
+ "encoding/hex"
+ "fmt"
+ "html"
+ "net/http"
+ "time"
+
+ auth "donetick.com/core/internal/authorization"
+ cModel "donetick.com/core/internal/circle/model"
+ cRepo "donetick.com/core/internal/circle/repo"
+ "donetick.com/core/internal/email"
+ uModel "donetick.com/core/internal/user/model"
+ uRepo "donetick.com/core/internal/user/repo"
+ "donetick.com/core/internal/utils"
+ "donetick.com/core/logging"
+ jwt "github.com/appleboy/gin-jwt/v2"
+ "github.com/gin-gonic/gin"
+ limiter "github.com/ulule/limiter/v3"
+ "google.golang.org/api/googleapi"
+ "google.golang.org/api/oauth2/v1"
+)
+
+type Handler struct {
+ userRepo *uRepo.UserRepository
+ circleRepo *cRepo.CircleRepository
+ jwtAuth *jwt.GinJWTMiddleware
+ email *email.EmailSender
+}
+
+func NewHandler(ur *uRepo.UserRepository, cr *cRepo.CircleRepository, jwtAuth *jwt.GinJWTMiddleware, email *email.EmailSender) *Handler {
+ return &Handler{
+ userRepo: ur,
+ circleRepo: cr,
+ jwtAuth: jwtAuth,
+ email: email,
+ }
+}
+
+func (h *Handler) GetAllUsers() gin.HandlerFunc {
+ return func(c *gin.Context) {
+ currentUser, ok := auth.CurrentUser(c)
+ if !ok {
+ c.JSON(500, gin.H{
+ "error": "Error getting current user",
+ })
+ return
+ }
+
+ users, err := h.userRepo.GetAllUsers(c, currentUser.CircleID)
+ if err != nil {
+ c.JSON(500, gin.H{
+ "error": "Error getting users",
+ })
+ return
+ }
+
+ c.JSON(200, gin.H{
+ "res": users,
+ })
+ }
+}
+
+func (h *Handler) signUp(c *gin.Context) {
+
+ type SignUpReq struct {
+ Username string `json:"username" binding:"required,min=4,max=20"`
+ Password string `json:"password" binding:"required,min=8,max=45"`
+ DisplayName string `json:"displayName"`
+ }
+ var signupReq SignUpReq
+ if err := c.BindJSON(&signupReq); err != nil {
+ c.JSON(400, gin.H{
+ "error": "Invalid request",
+ })
+ return
+ }
+ if signupReq.DisplayName == "" {
+ signupReq.DisplayName = signupReq.Username
+ }
+ password, err := auth.EncodePassword(signupReq.Password)
+ signupReq.Username = html.EscapeString(signupReq.Username)
+ signupReq.DisplayName = html.EscapeString(signupReq.DisplayName)
+
+ if err != nil {
+ c.JSON(500, gin.H{
+ "error": "Error encoding password",
+ })
+ return
+ }
+ var insertedUser *uModel.User
+ if insertedUser, err = h.userRepo.CreateUser(c, &uModel.User{
+ Username: signupReq.Username,
+ Password: password,
+ DisplayName: signupReq.DisplayName,
+ CreatedAt: time.Now(),
+ UpdatedAt: time.Now(),
+ }); err != nil {
+ c.JSON(500, gin.H{
+ "error": "Error creating user",
+ })
+ return
+ }
+ // var userCircle *circle.Circle
+ // var userRole string
+ userCircle, err := h.circleRepo.CreateCircle(c, &cModel.Circle{
+ Name: signupReq.DisplayName + "'s circle",
+ CreatedAt: time.Now(),
+ UpdatedAt: time.Now(),
+ InviteCode: utils.GenerateInviteCode(c),
+ })
+
+ if err != nil {
+ c.JSON(500, gin.H{
+ "error": "Error creating circle",
+ })
+ return
+ }
+
+ if err := h.circleRepo.AddUserToCircle(c, &cModel.UserCircle{
+ UserID: insertedUser.ID,
+ CircleID: userCircle.ID,
+ Role: "admin",
+ IsActive: true,
+ CreatedAt: time.Now(),
+ UpdatedAt: time.Now(),
+ }); err != nil {
+ c.JSON(500, gin.H{
+ "error": "Error adding user to circle",
+ })
+ return
+ }
+ insertedUser.CircleID = userCircle.ID
+ if err := h.userRepo.UpdateUser(c, insertedUser); err != nil {
+ c.JSON(500, gin.H{
+ "error": "Error updating user",
+ })
+ return
+ }
+
+ c.JSON(201, gin.H{})
+}
+
+func (h *Handler) GetUserProfile(c *gin.Context) {
+ user, ok := auth.CurrentUser(c)
+ if !ok {
+ c.JSON(500, gin.H{
+ "error": "Error getting user",
+ })
+ return
+ }
+ c.JSON(200, gin.H{
+ "res": user,
+ })
+}
+
+func (h *Handler) thirdPartyAuthCallback(c *gin.Context) {
+
+ // read :provider from path param, if param is google check the token with google if it's valid and fetch the user details:
+ logger := logging.FromContext(c)
+ provider := c.Param("provider")
+ logger.Infow("account.handler.thirdPartyAuthCallback", "provider", provider)
+
+ if provider == "google" {
+ c.Set("auth_provider", "3rdPartyAuth")
+ type OAuthRequest struct {
+ Token string `json:"token" binding:"required"`
+ Provider string `json:"provider" binding:"required"`
+ }
+ var body OAuthRequest
+ if err := c.ShouldBindJSON(&body); err != nil {
+ logger.Errorw("account.handler.thirdPartyAuthCallback failed to bind", "err", err)
+ c.JSON(http.StatusBadRequest, gin.H{
+ "error": "Invalid request",
+ })
+ return
+ }
+
+ // logger.Infow("account.handler.thirdPartyAuthCallback", "token", token)
+ service, err := oauth2.New(http.DefaultClient)
+
+ // tokenInfo, err := service.Tokeninfo().AccessToken(token).Do()
+ userinfo, err := service.Userinfo.Get().Do(googleapi.QueryParameter("access_token", body.Token))
+ logger.Infow("account.handler.thirdPartyAuthCallback", "tokenInfo", userinfo)
+ if err != nil {
+ logger.Errorw("account.handler.thirdPartyAuthCallback failed to get token info", "err", err)
+ c.JSON(http.StatusBadRequest, gin.H{
+ "error": "Invalid token",
+ })
+ return
+ }
+
+ acc, err := h.userRepo.FindByEmail(c, userinfo.Email)
+
+ if err != nil {
+ // create a random password for the user using crypto/rand:
+ password := auth.GenerateRandomPassword(12)
+ encodedPassword, err := auth.EncodePassword(password)
+ acc = &uModel.User{
+ Username: userinfo.Id,
+ Email: userinfo.Email,
+ Image: userinfo.Picture,
+ Password: encodedPassword,
+ DisplayName: userinfo.GivenName,
+ Provider: 2,
+ }
+ createdUser, err := h.userRepo.CreateUser(c, acc)
+ if err != nil {
+ c.JSON(http.StatusInternalServerError, gin.H{
+ "error": "Unable to create user",
+ })
+ return
+
+ }
+ // Create Circle for the user:
+ userCircle, err := h.circleRepo.CreateCircle(c, &cModel.Circle{
+ Name: userinfo.GivenName + "'s circle",
+ CreatedAt: time.Now(),
+ UpdatedAt: time.Now(),
+ InviteCode: utils.GenerateInviteCode(c),
+ })
+
+ if err != nil {
+ c.JSON(500, gin.H{
+ "error": "Error creating circle",
+ })
+ return
+ }
+
+ if err := h.circleRepo.AddUserToCircle(c, &cModel.UserCircle{
+ UserID: createdUser.ID,
+ CircleID: userCircle.ID,
+ Role: "admin",
+ IsActive: true,
+ CreatedAt: time.Now(),
+ UpdatedAt: time.Now(),
+ }); err != nil {
+ c.JSON(500, gin.H{
+ "error": "Error adding user to circle",
+ })
+ return
+ }
+ createdUser.CircleID = userCircle.ID
+ if err := h.userRepo.UpdateUser(c, createdUser); err != nil {
+ c.JSON(500, gin.H{
+ "error": "Error updating user",
+ })
+ return
+ }
+ }
+ // use auth to generate a token for the user:
+ c.Set("user_account", acc)
+ h.jwtAuth.Authenticator(c)
+ tokenString, expire, err := h.jwtAuth.TokenGenerator(acc)
+ if err != nil {
+ logger.Errorw("Unable to Generate a Token")
+ c.JSON(http.StatusInternalServerError, gin.H{
+ "error": "Unable to Generate a Token",
+ })
+ return
+ }
+ c.JSON(http.StatusOK, gin.H{"token": tokenString, "expire": expire})
+ return
+ }
+}
+
+func (h *Handler) resetPassword(c *gin.Context) {
+ log := logging.FromContext(c)
+ type ResetPasswordReq struct {
+ Email string `json:"email" binding:"required,email"`
+ }
+ var req ResetPasswordReq
+ if err := c.ShouldBindJSON(&req); err != nil {
+ c.JSON(http.StatusBadRequest, gin.H{
+ "error": "Invalid request",
+ })
+ return
+ }
+ user, err := h.userRepo.FindByEmail(c, req.Email)
+ if err != nil {
+ c.JSON(http.StatusNotFound, gin.H{
+ "error": "User not found",
+ })
+ return
+ }
+ if user.Provider != 0 {
+ // user create account thought login with Gmail. they can reset the password they just need to login with google again
+ c.JSON(
+ http.StatusForbidden,
+ gin.H{
+ "error": "User account created with google login. Please login with google",
+ },
+ )
+ return
+ }
+ // generate a random password:
+ token, err := auth.GenerateEmailResetToken(c)
+ if err != nil {
+ c.JSON(http.StatusInternalServerError, gin.H{
+ "error": "Unable to generate token",
+ })
+ return
+ }
+
+ err = h.userRepo.SetPasswordResetToken(c, req.Email, token)
+ if err != nil {
+ c.JSON(http.StatusInternalServerError, gin.H{
+ "error": "Unable to generate password",
+ })
+ return
+ }
+ // send an email to the user with the new password:
+ err = h.email.SendResetPasswordEmail(c, req.Email, token)
+ if err != nil {
+ log.Errorw("account.handler.resetPassword failed to send email", "err", err)
+ c.JSON(http.StatusInternalServerError, gin.H{
+ "error": "Unable to send email",
+ })
+ return
+ }
+
+ // send an email to the user with the new password:
+ c.JSON(http.StatusOK, gin.H{})
+}
+
+func (h *Handler) updateUserPassword(c *gin.Context) {
+ logger := logging.FromContext(c)
+ // read the code from query param:
+ code := c.Query("c")
+ email, code, err := email.DecodeEmailAndCode(code)
+ if err != nil {
+ logger.Errorw("account.handler.verify failed to decode email and code", "err", err)
+ c.JSON(http.StatusBadRequest, gin.H{
+ "error": "Invalid code",
+ })
+ return
+
+ }
+ // read password from body:
+ type RequestBody struct {
+ Password string `json:"password" binding:"required,min=8,max=32"`
+ }
+ var body RequestBody
+ if err := c.ShouldBindJSON(&body); err != nil {
+ logger.Errorw("user.handler.resetAccountPassword failed to bind", "err", err)
+ c.JSON(http.StatusBadRequest, gin.H{
+ "error": "Invalid request",
+ })
+ return
+
+ }
+ password, err := auth.EncodePassword(body.Password)
+ if err != nil {
+ c.JSON(http.StatusInternalServerError, gin.H{
+ "error": "Unable to process password",
+ })
+ return
+ }
+
+ err = h.userRepo.UpdatePasswordByToken(c.Request.Context(), email, code, password)
+ if err != nil {
+ logger.Errorw("account.handler.resetAccountPassword failed to reset password", "err", err)
+ c.JSON(http.StatusInternalServerError, gin.H{
+ "error": "Unable to reset password",
+ })
+ return
+ }
+ c.JSON(http.StatusOK, gin.H{})
+
+}
+
+func (h *Handler) UpdateUserDetails(c *gin.Context) {
+ type UpdateUserReq struct {
+ DisplayName *string `json:"displayName" binding:"omitempty"`
+ ChatID *int64 `json:"chatID" binding:"omitempty"`
+ Image *string `json:"image" binding:"omitempty"`
+ }
+ user, ok := auth.CurrentUser(c)
+ if !ok {
+ c.JSON(500, gin.H{
+ "error": "Error getting user",
+ })
+ return
+ }
+ var req UpdateUserReq
+ if err := c.ShouldBindJSON(&req); err != nil {
+ c.JSON(400, gin.H{
+ "error": "Invalid request",
+ })
+ return
+ }
+ // update non-nil fields:
+ if req.DisplayName != nil {
+ user.DisplayName = *req.DisplayName
+ }
+ if req.ChatID != nil {
+ user.ChatID = *req.ChatID
+ }
+ if req.Image != nil {
+ user.Image = *req.Image
+ }
+
+ if err := h.userRepo.UpdateUser(c, user); err != nil {
+ c.JSON(500, gin.H{
+ "error": "Error updating user",
+ })
+ return
+ }
+ c.JSON(200, user)
+}
+
+func (h *Handler) CreateLongLivedToken(c *gin.Context) {
+ currentUser, ok := auth.CurrentUser(c)
+ if !ok {
+ c.JSON(http.StatusInternalServerError, gin.H{"error": "Failed to get current user"})
+ return
+ }
+ type TokenRequest struct {
+ Name string `json:"name" binding:"required"`
+ }
+ var req TokenRequest
+ if err := c.ShouldBindJSON(&req); err != nil {
+ c.JSON(http.StatusBadRequest, gin.H{"error": "Invalid request"})
+ return
+ }
+
+ // Step 1: Generate a secure random number
+ randomBytes := make([]byte, 16) // 128 bits are enough for strong randomness
+ _, err := rand.Read(randomBytes)
+ if err != nil {
+ c.JSON(http.StatusInternalServerError, gin.H{"error": "Failed to generate random part of the token"})
+ return
+ }
+
+ timestamp := time.Now().Unix()
+ hashInput := fmt.Sprintf("%s:%d:%x", currentUser.Username, timestamp, randomBytes)
+ hash := sha256.Sum256([]byte(hashInput))
+
+ token := hex.EncodeToString(hash[:])
+
+ tokenModel, err := h.userRepo.StoreAPIToken(c, currentUser.ID, req.Name, token)
+ if err != nil {
+ c.JSON(http.StatusInternalServerError, gin.H{"error": "Failed to store the token"})
+ return
+ }
+
+ c.JSON(http.StatusOK, gin.H{"res": tokenModel})
+}
+
+func (h *Handler) GetAllUserToken(c *gin.Context) {
+ currentUser, ok := auth.CurrentUser(c)
+ if !ok {
+ c.JSON(http.StatusInternalServerError, gin.H{"error": "Failed to get current user"})
+ return
+ }
+
+ tokens, err := h.userRepo.GetAllUserTokens(c, currentUser.ID)
+ if err != nil {
+ c.JSON(http.StatusInternalServerError, gin.H{"error": "Failed to get user tokens"})
+ return
+ }
+
+ c.JSON(http.StatusOK, gin.H{"res": tokens})
+
+}
+
+func (h *Handler) DeleteUserToken(c *gin.Context) {
+ currentUser, ok := auth.CurrentUser(c)
+ if !ok {
+ c.JSON(http.StatusInternalServerError, gin.H{"error": "Failed to get current user"})
+ return
+ }
+
+ tokenID := c.Param("id")
+
+ err := h.userRepo.DeleteAPIToken(c, currentUser.ID, tokenID)
+ if err != nil {
+ c.JSON(http.StatusInternalServerError, gin.H{"error": "Failed to delete the token"})
+ return
+ }
+
+ c.JSON(http.StatusOK, gin.H{})
+}
+
+func Routes(router *gin.Engine, h *Handler, auth *jwt.GinJWTMiddleware, limiter *limiter.Limiter) {
+
+ userRoutes := router.Group("users")
+ userRoutes.Use(auth.MiddlewareFunc(), utils.RateLimitMiddleware(limiter))
+ {
+ userRoutes.GET("/", h.GetAllUsers())
+ userRoutes.GET("/profile", h.GetUserProfile)
+ userRoutes.PUT("", h.UpdateUserDetails)
+ userRoutes.POST("/tokens", h.CreateLongLivedToken)
+ userRoutes.GET("/tokens", h.GetAllUserToken)
+ userRoutes.DELETE("/tokens/:id", h.DeleteUserToken)
+ }
+
+ authRoutes := router.Group("auth")
+ authRoutes.Use(utils.RateLimitMiddleware(limiter))
+ {
+ authRoutes.POST("/", h.signUp)
+ authRoutes.POST("login", auth.LoginHandler)
+ authRoutes.GET("refresh", auth.RefreshHandler)
+ authRoutes.POST("/:provider/callback", h.thirdPartyAuthCallback)
+ authRoutes.POST("reset", h.resetPassword)
+ authRoutes.POST("password", h.updateUserPassword)
+ }
+}
diff --git a/internal/user/model/model.go b/internal/user/model/model.go
new file mode 100644
index 0000000..4874ac1
--- /dev/null
+++ b/internal/user/model/model.go
@@ -0,0 +1,38 @@
+package user
+
+import "time"
+
+type User struct {
+ ID int `json:"id" gorm:"primary_key"` // Unique identifier
+ DisplayName string `json:"displayName" gorm:"column:display_name"` // Display name
+ Username string `json:"username" gorm:"column:username;unique"` // Username (unique)
+ Email string `json:"email" gorm:"column:email;unique"` // Email (unique)
+ Provider int `json:"provider" gorm:"column:provider"` // Provider
+ Password string `json:"-" gorm:"column:password"` // Password
+ CircleID int `json:"circleID" gorm:"column:circle_id"` // Circle ID
+ ChatID int64 `json:"chatID" gorm:"column:chat_id"` // Telegram chat ID
+ Image string `json:"image" gorm:"column:image"` // Image
+ CreatedAt time.Time `json:"created_at" gorm:"column:created_at"` // Created at
+ UpdatedAt time.Time `json:"updated_at" gorm:"column:updated_at"` // Updated at
+ Disabled bool `json:"disabled" gorm:"column:disabled"` // Disabled
+ // Email string `json:"email" gorm:"column:email"` // Email
+ CustomerID *string `gorm:"column:customer_id;<-:false"` // read one column
+ Subscription *string `json:"subscription" gorm:"column:subscription;<-:false"` // read one column
+ Expiration *string `json:"expiration" gorm:"column:expiration;<-:false"` // read one column
+}
+
+type UserPasswordReset struct {
+ ID int `gorm:"column:id"`
+ UserID int `gorm:"column:user_id"`
+ Email string `gorm:"column:email"`
+ Token string `gorm:"column:token"`
+ ExpirationDate time.Time `gorm:"column:expiration_date"`
+}
+
+type APIToken struct {
+ ID int `json:"id" gorm:"primary_key"` // Unique identifier
+ Name string `json:"name" gorm:"column:name;unique"` // Name (unique)
+ UserID int `json:"userId" gorm:"column:user_id;index"` // Index on userID
+ Token string `json:"token" gorm:"column:token;index"` // Index on token
+ CreatedAt time.Time `json:"createdAt" gorm:"column:created_at"`
+}
diff --git a/internal/user/repo/repository.go b/internal/user/repo/repository.go
new file mode 100644
index 0000000..fa53753
--- /dev/null
+++ b/internal/user/repo/repository.go
@@ -0,0 +1,160 @@
+package user
+
+import (
+ "context"
+ "fmt"
+ "time"
+
+ "donetick.com/core/config"
+ uModel "donetick.com/core/internal/user/model"
+ "donetick.com/core/logging"
+ "gorm.io/gorm"
+)
+
+type IUserRepository interface {
+ GetUserByUsername(username string) (*uModel.User, error)
+ GetUser(id int) (*uModel.User, error)
+ GetAllUsers() ([]*uModel.User, error)
+ CreateUser(user *uModel.User) error
+ UpdateUser(user *uModel.User) error
+ UpdateUserCircle(userID, circleID int) error
+ FindByEmail(email string) (*uModel.User, error)
+}
+
+type UserRepository struct {
+ db *gorm.DB
+ isDonetickDotCom bool
+}
+
+func NewUserRepository(db *gorm.DB, cfg *config.Config) *UserRepository {
+ return &UserRepository{db, cfg.IsDoneTickDotCom}
+}
+
+func (r *UserRepository) GetAllUsers(c context.Context, circleID int) ([]*uModel.User, error) {
+ var users []*uModel.User
+ if err := r.db.WithContext(c).Where("circle_id = ?", circleID).Find(&users).Error; err != nil {
+ return nil, err
+ }
+ return users, nil
+}
+
+func (r *UserRepository) GetAllUsersForSystemOnly(c context.Context) ([]*uModel.User, error) {
+ var users []*uModel.User
+ if err := r.db.WithContext(c).Find(&users).Error; err != nil {
+ return nil, err
+ }
+ return users, nil
+}
+func (r *UserRepository) CreateUser(c context.Context, user *uModel.User) (*uModel.User, error) {
+ if err := r.db.WithContext(c).Save(user).Error; err != nil {
+ return nil, err
+ }
+ return user, nil
+}
+func (r *UserRepository) GetUserByUsername(c context.Context, username string) (*uModel.User, error) {
+ var user *uModel.User
+ if r.isDonetickDotCom {
+ if err := r.db.WithContext(c).Table("users u").Select("u.*, ss.status as subscription, ss.expired_at as expiration").Joins("left join stripe_customers sc on sc.user_id = u.id ").Joins("left join stripe_subscriptions ss on sc.customer_id = ss.customer_id").Where("username = ?", username).First(&user).Error; err != nil {
+ return nil, err
+ }
+ } else {
+ if err := r.db.WithContext(c).Where("username = ?", username).First(&user).Error; err != nil {
+ return nil, err
+ }
+ }
+
+ return user, nil
+}
+
+func (r *UserRepository) UpdateUser(c context.Context, user *uModel.User) error {
+ return r.db.WithContext(c).Save(user).Error
+}
+
+func (r *UserRepository) UpdateUserCircle(c context.Context, userID, circleID int) error {
+ return r.db.WithContext(c).Model(&uModel.User{}).Where("id = ?", userID).Update("circle_id", circleID).Error
+}
+
+func (r *UserRepository) FindByEmail(c context.Context, email string) (*uModel.User, error) {
+ var user *uModel.User
+ if err := r.db.WithContext(c).Where("email = ?", email).First(&user).Error; err != nil {
+ return nil, err
+ }
+ return user, nil
+}
+
+func (r *UserRepository) SetPasswordResetToken(c context.Context, email, token string) error {
+ // confirm user exists with email:
+ user, err := r.FindByEmail(c, email)
+ if err != nil {
+ return err
+ }
+ // save new token:
+ if err := r.db.WithContext(c).Model(&uModel.UserPasswordReset{}).Save(&uModel.UserPasswordReset{
+ UserID: user.ID,
+ Token: token,
+ Email: email,
+ ExpirationDate: time.Now().UTC().Add(time.Hour * 24),
+ }).Error; err != nil {
+ return err
+ }
+ return nil
+}
+
+func (r *UserRepository) UpdatePasswordByToken(ctx context.Context, email string, token string, password string) error {
+ logger := logging.FromContext(ctx)
+
+ logger.Debugw("account.db.UpdatePasswordByToken", "email", email)
+ upr := &uModel.UserPasswordReset{
+ Email: email,
+ Token: token,
+ }
+ result := r.db.WithContext(ctx).Where("email = ?", email).Where("token = ?", token).Delete(upr)
+ if result.RowsAffected <= 0 {
+ return fmt.Errorf("invalid token")
+ }
+ // find account by email and update password:
+ chain := r.db.WithContext(ctx).Model(&uModel.User{}).Where("email = ?", email).UpdateColumns(map[string]interface{}{"password": password})
+ if chain.Error != nil {
+ return chain.Error
+ }
+ if chain.RowsAffected == 0 {
+ return fmt.Errorf("account not found")
+ }
+
+ return nil
+}
+
+func (r *UserRepository) StoreAPIToken(c context.Context, userID int, name string, tokenCode string) (*uModel.APIToken, error) {
+ token := &uModel.APIToken{
+ UserID: userID,
+ Name: name,
+ Token: tokenCode,
+ CreatedAt: time.Now().UTC(),
+ }
+ if err := r.db.WithContext(c).Model(&uModel.APIToken{}).Save(
+ token).Error; err != nil {
+ return nil, err
+
+ }
+ return token, nil
+}
+
+func (r *UserRepository) GetUserByToken(c context.Context, token string) (*uModel.User, error) {
+ var user *uModel.User
+ if err := r.db.WithContext(c).Table("users u").Select("u.*").Joins("left join api_tokens at on at.user_id = u.id").Where("at.token = ?", token).First(&user).Error; err != nil {
+ return nil, err
+ }
+ return user, nil
+}
+
+func (r *UserRepository) GetAllUserTokens(c context.Context, userID int) ([]*uModel.APIToken, error) {
+ var tokens []*uModel.APIToken
+ if err := r.db.WithContext(c).Where("user_id = ?", userID).Find(&tokens).Error; err != nil {
+ return nil, err
+ }
+ return tokens, nil
+}
+
+func (r *UserRepository) DeleteAPIToken(c context.Context, userID int, tokenID string) error {
+ return r.db.WithContext(c).Where("id = ? AND user_id = ?", tokenID, userID).Delete(&uModel.APIToken{}).Error
+}