chat/internal/handlers/auth.go

package handlers

import (
	"encoding/json"
	"net/http"
	"strings"

	"git.eeqj.de/sneak/neoirc/internal/db"
)

const minPasswordLength = 8

// HandleRegister creates a new user with a password.
func (hdlr *Handlers) HandleRegister() http.HandlerFunc {
	return func(
		writer http.ResponseWriter,
		request *http.Request,
	) {
		request.Body = http.MaxBytesReader(
			writer, request.Body, hdlr.maxBodySize(),
		)

		hdlr.handleRegister(writer, request)
	}
}

func (hdlr *Handlers) handleRegister(
	writer http.ResponseWriter,
	request *http.Request,
) {
	type registerRequest struct {
		Nick     string `json:"nick"`
		Username string `json:"username,omitempty"`
		Password string `json:"password"`
	}

	var payload registerRequest

	err := json.NewDecoder(request.Body).Decode(&payload)
	if err != nil {
		hdlr.respondError(
			writer, request,
			"invalid request body",
			http.StatusBadRequest,
		)

		return
	}

	payload.Nick = strings.TrimSpace(payload.Nick)

	if !validNickRe.MatchString(payload.Nick) {
		hdlr.respondError(
			writer, request,
			"invalid nick format",
			http.StatusBadRequest,
		)

		return
	}

	username := resolveUsername(
		payload.Username, payload.Nick,
	)

	if !validUsernameRe.MatchString(username) {
		hdlr.respondError(
			writer, request,
			"invalid username format",
			http.StatusBadRequest,
		)

		return
	}

	if len(payload.Password) < minPasswordLength {
		hdlr.respondError(
			writer, request,
			"password must be at least 8 characters",
			http.StatusBadRequest,
		)

		return
	}

	hdlr.executeRegister(
		writer, request,
		payload.Nick, payload.Password, username,
	)
}

func (hdlr *Handlers) executeRegister(
	writer http.ResponseWriter,
	request *http.Request,
	nick, password, username string,
) {
	remoteIP := clientIP(request)

	hostname := resolveHostname(
		request.Context(), remoteIP,
	)

	sessionID, clientID, token, err :=
		hdlr.params.Database.RegisterUser(
			request.Context(),
			nick, password, username, hostname, remoteIP,
		)
	if err != nil {
		hdlr.handleRegisterError(
			writer, request, err,
		)

		return
	}

	hdlr.stats.IncrSessions()
	hdlr.stats.IncrConnections()

	hdlr.deliverMOTD(request, clientID, sessionID, nick)

	hdlr.respondJSON(writer, request, map[string]any{
		"id":    sessionID,
		"nick":  nick,
		"token": token,
	}, http.StatusCreated)
}

func (hdlr *Handlers) handleRegisterError(
	writer http.ResponseWriter,
	request *http.Request,
	err error,
) {
	if db.IsUniqueConstraintError(err) {
		hdlr.respondError(
			writer, request,
			"nick already taken",
			http.StatusConflict,
		)

		return
	}

	hdlr.log.Error(
		"register user failed", "error", err,
	)
	hdlr.respondError(
		writer, request,
		"internal error",
		http.StatusInternalServerError,
	)
}

// HandleLogin authenticates a user with nick and password.
func (hdlr *Handlers) HandleLogin() http.HandlerFunc {
	return func(
		writer http.ResponseWriter,
		request *http.Request,
	) {
		request.Body = http.MaxBytesReader(
			writer, request.Body, hdlr.maxBodySize(),
		)

		hdlr.handleLogin(writer, request)
	}
}

func (hdlr *Handlers) handleLogin(
	writer http.ResponseWriter,
	request *http.Request,
) {
	ip := clientIP(request)

	if !hdlr.loginLimiter.Allow(ip) {
		writer.Header().Set(
			"Retry-After", "1",
		)
		hdlr.respondError(
			writer, request,
			"too many login attempts, try again later",
			http.StatusTooManyRequests,
		)

		return
	}

	type loginRequest struct {
		Nick     string `json:"nick"`
		Password string `json:"password"`
	}

	var payload loginRequest

	err := json.NewDecoder(request.Body).Decode(&payload)
	if err != nil {
		hdlr.respondError(
			writer, request,
			"invalid request body",
			http.StatusBadRequest,
		)

		return
	}

	payload.Nick = strings.TrimSpace(payload.Nick)

	if payload.Nick == "" || payload.Password == "" {
		hdlr.respondError(
			writer, request,
			"nick and password required",
			http.StatusBadRequest,
		)

		return
	}

	hdlr.executeLogin(
		writer, request, payload.Nick, payload.Password,
	)
}

func (hdlr *Handlers) executeLogin(
	writer http.ResponseWriter,
	request *http.Request,
	nick, password string,
) {
	remoteIP := clientIP(request)

	hostname := resolveHostname(
		request.Context(), remoteIP,
	)

	sessionID, clientID, token, err :=
		hdlr.params.Database.LoginUser(
			request.Context(),
			nick, password,
			remoteIP, hostname,
		)
	if err != nil {
		hdlr.respondError(
			writer, request,
			"invalid credentials",
			http.StatusUnauthorized,
		)

		return
	}

	hdlr.stats.IncrConnections()

	hdlr.deliverMOTD(
		request, clientID, sessionID, nick,
	)

	// Initialize channel state so the new client knows
	// which channels the session already belongs to.
	hdlr.initChannelState(
		request, clientID, sessionID, nick,
	)

	hdlr.respondJSON(writer, request, map[string]any{
		"id":    sessionID,
		"nick":  nick,
		"token": token,
	}, http.StatusOK)
}