tulip/server/mail.go

129 lines
3.5 KiB
Go
Raw Normal View History

2023-09-24 18:24:16 +01:00
package server
import (
"github.com/1f349/tulip/database"
2024-03-12 21:04:25 +00:00
"github.com/1f349/tulip/database/types"
2023-09-29 16:37:23 +01:00
"github.com/1f349/tulip/pages"
2023-09-24 18:24:16 +01:00
"github.com/emersion/go-message/mail"
"github.com/julienschmidt/httprouter"
"net/http"
)
2024-03-12 21:04:25 +00:00
func (h *HttpServer) MailVerify(rw http.ResponseWriter, req *http.Request, params httprouter.Params) {
2023-09-24 18:24:16 +01:00
code := params.ByName("code")
k := mailLinkKey{mailLinkVerifyEmail, code}
2023-09-24 18:24:16 +01:00
userSub, ok := h.mailLinkCache.Get(k)
if !ok {
http.Error(rw, "Invalid email verification code", http.StatusBadRequest)
return
}
2024-03-11 12:39:52 +00:00
if h.DbTx(rw, func(tx *database.Queries) error {
2024-03-12 21:04:25 +00:00
return tx.VerifyUserEmail(req.Context(), userSub)
2023-09-24 18:24:16 +01:00
}) {
return
}
h.mailLinkCache.Delete(k)
http.Error(rw, "Email address has been verified, you may close this tab and return to the login page.", http.StatusOK)
}
func (h *HttpServer) MailPassword(rw http.ResponseWriter, _ *http.Request, params httprouter.Params) {
2023-09-29 16:37:23 +01:00
code := params.ByName("code")
k := mailLinkKey{mailLinkResetPassword, code}
_, ok := h.mailLinkCache.Get(k)
2023-09-29 16:37:23 +01:00
if !ok {
http.Error(rw, "Invalid password reset code", http.StatusBadRequest)
return
}
pages.RenderPageTemplate(rw, "reset-password", map[string]any{
2023-10-10 18:06:43 +01:00
"ServiceName": h.conf.ServiceName,
"Code": code,
2023-09-29 16:37:23 +01:00
})
}
func (h *HttpServer) MailPasswordPost(rw http.ResponseWriter, req *http.Request, _ httprouter.Params) {
2023-09-29 16:37:23 +01:00
pw := req.PostFormValue("new_password")
rpw := req.PostFormValue("confirm_password")
code := req.PostFormValue("code")
2023-09-29 16:37:23 +01:00
// reverse passwords are possible
if len(pw) == 0 {
http.Error(rw, "Cannot set an empty password", http.StatusBadRequest)
return
}
// bcrypt only allows up to 72 bytes anyway
if len(pw) > 64 {
http.Error(rw, "Security by extremely long password is a weird flex", http.StatusBadRequest)
return
}
if rpw != pw {
http.Error(rw, "Passwords do not match", http.StatusBadRequest)
return
}
k := mailLinkKey{mailLinkResetPassword, code}
userSub, ok := h.mailLinkCache.Get(k)
2023-09-29 16:37:23 +01:00
if !ok {
http.Error(rw, "Invalid password reset code", http.StatusBadRequest)
return
}
h.mailLinkCache.Delete(k)
2023-09-29 16:37:23 +01:00
// reset password database call
2024-03-11 12:39:52 +00:00
if h.DbTx(rw, func(tx *database.Queries) error {
2024-03-12 21:04:25 +00:00
return tx.ChangePassword(req.Context(), userSub, pw)
2023-09-29 16:37:23 +01:00
}) {
return
}
http.Error(rw, "Reset password successfully, you can login now.", http.StatusOK)
2023-09-24 18:24:16 +01:00
}
2024-03-12 21:04:25 +00:00
func (h *HttpServer) MailDelete(rw http.ResponseWriter, req *http.Request, params httprouter.Params) {
2023-09-24 18:24:16 +01:00
code := params.ByName("code")
k := mailLinkKey{mailLinkDelete, code}
2023-09-24 18:24:16 +01:00
userSub, ok := h.mailLinkCache.Get(k)
if !ok {
http.Error(rw, "Invalid email delete code", http.StatusBadRequest)
return
}
2024-03-12 21:04:25 +00:00
var userInfo database.User
2024-03-11 12:39:52 +00:00
if h.DbTx(rw, func(tx *database.Queries) (err error) {
2024-03-12 21:04:25 +00:00
userInfo, err = tx.GetUser(req.Context(), userSub)
2023-09-24 18:24:16 +01:00
if err != nil {
return
}
2024-03-12 21:04:25 +00:00
return tx.UpdateUserRole(req.Context(), database.UpdateUserRoleParams{
Active: false,
Role: types.RoleToDelete,
Subject: userSub,
})
2023-09-24 18:24:16 +01:00
}) {
return
}
h.mailLinkCache.Delete(k)
// parse email for headers
address, err := mail.ParseAddress(userInfo.Email)
if err != nil {
http.Error(rw, "500 Internal Server Error: Failed to parse user email address", http.StatusInternalServerError)
return
}
2023-10-10 18:06:43 +01:00
err = h.conf.Mail.SendEmailTemplate("mail-account-delete", "Account Deletion", userInfo.Name, address, nil)
2023-09-24 18:24:16 +01:00
if err != nil {
http.Error(rw, "Failed to send confirmation email.", http.StatusInternalServerError)
return
}
http.Error(rw, "You will receive an email shortly to verify this action, you may close this tab.", http.StatusOK)
}