63ede5c237
- refactor: move HTTP status and DTO concerns out of model and service layers into API and handler code. - feat: add admin service boundary and route auth through services instead of direct repository access. - test: add architecture and error tests covering package boundaries, redaction, and service behavior. - docs: record the protocol-neutral boundary decision and update architecture and roadmap notes.
128 lines
3.1 KiB
Go
128 lines
3.1 KiB
Go
package handler
|
|
|
|
import (
|
|
"log/slog"
|
|
"net/http"
|
|
"time"
|
|
|
|
"github.com/gin-gonic/gin"
|
|
|
|
"github.com/dhao2001/mygo/internal/api"
|
|
"github.com/dhao2001/mygo/internal/middleware"
|
|
"github.com/dhao2001/mygo/internal/model"
|
|
"github.com/dhao2001/mygo/internal/service"
|
|
)
|
|
|
|
// AccountHandler handles authenticated account endpoints.
|
|
type AccountHandler struct {
|
|
authService *service.AuthService
|
|
}
|
|
|
|
// NewAccountHandler creates an AccountHandler.
|
|
func NewAccountHandler(authService *service.AuthService) *AccountHandler {
|
|
return &AccountHandler{authService: authService}
|
|
}
|
|
|
|
type createPasskeyRequest struct {
|
|
Label string `json:"label" binding:"required"`
|
|
}
|
|
|
|
type accountResponse struct {
|
|
UserID string `json:"user_id"`
|
|
}
|
|
|
|
type passkeyResponse struct {
|
|
ID string `json:"id"`
|
|
UserID string `json:"user_id"`
|
|
Type string `json:"type"`
|
|
Label string `json:"label"`
|
|
LastUsedAt *time.Time `json:"last_used_at"`
|
|
CreatedAt time.Time `json:"created_at"`
|
|
}
|
|
|
|
type createdPasskeyResponse struct {
|
|
ID string `json:"id"`
|
|
Raw string `json:"raw"`
|
|
Label string `json:"label"`
|
|
}
|
|
|
|
// GetAccount handles GET /api/v1/account.
|
|
func (h *AccountHandler) GetAccount(c *gin.Context) {
|
|
userID := middleware.MustGetUserID(c)
|
|
c.JSON(http.StatusOK, accountResponse{UserID: userID})
|
|
}
|
|
|
|
// ListPasskeys handles GET /api/v1/account/passkeys.
|
|
func (h *AccountHandler) ListPasskeys(c *gin.Context) {
|
|
userID := middleware.MustGetUserID(c)
|
|
|
|
creds, err := h.authService.ListPasskeys(c.Request.Context(), userID)
|
|
if err != nil {
|
|
api.RespondError(c, err)
|
|
return
|
|
}
|
|
|
|
if creds == nil {
|
|
creds = []model.Credential{}
|
|
}
|
|
|
|
c.JSON(http.StatusOK, toPasskeyResponses(creds))
|
|
}
|
|
|
|
// CreatePasskey handles POST /api/v1/account/passkeys.
|
|
func (h *AccountHandler) CreatePasskey(c *gin.Context) {
|
|
userID := middleware.MustGetUserID(c)
|
|
|
|
var req createPasskeyRequest
|
|
if err := c.ShouldBindJSON(&req); err != nil {
|
|
slog.DebugContext(c.Request.Context(), "create passkey bind failed", "error", err)
|
|
api.Error(c, http.StatusBadRequest, "invalid request body")
|
|
return
|
|
}
|
|
|
|
pk, err := h.authService.CreatePasskey(c.Request.Context(), userID, req.Label)
|
|
if err != nil {
|
|
api.RespondError(c, err)
|
|
return
|
|
}
|
|
|
|
c.JSON(http.StatusCreated, createdPasskeyResponse{
|
|
ID: pk.ID,
|
|
Raw: pk.Raw,
|
|
Label: pk.Label,
|
|
})
|
|
}
|
|
|
|
// RevokePasskey handles DELETE /api/v1/account/passkeys/:id.
|
|
func (h *AccountHandler) RevokePasskey(c *gin.Context) {
|
|
userID := middleware.MustGetUserID(c)
|
|
|
|
passkeyID := c.Param("id")
|
|
if passkeyID == "" {
|
|
api.Error(c, http.StatusBadRequest, "missing passkey id")
|
|
return
|
|
}
|
|
|
|
if err := h.authService.RevokePasskey(c.Request.Context(), userID, passkeyID); err != nil {
|
|
api.RespondError(c, err)
|
|
return
|
|
}
|
|
|
|
c.Status(http.StatusOK)
|
|
}
|
|
|
|
func toPasskeyResponses(creds []model.Credential) []passkeyResponse {
|
|
items := make([]passkeyResponse, 0, len(creds))
|
|
for i := range creds {
|
|
items = append(items, passkeyResponse{
|
|
ID: creds[i].ID,
|
|
UserID: creds[i].UserID,
|
|
Type: creds[i].Type,
|
|
Label: creds[i].Label,
|
|
LastUsedAt: creds[i].LastUsedAt,
|
|
CreatedAt: creds[i].CreatedAt,
|
|
})
|
|
}
|
|
return items
|
|
}
|