mirror of
https://github.com/SamyRai/tercul-backend.git
synced 2025-12-27 05:11:34 +00:00
87 lines
2.3 KiB
Go
87 lines
2.3 KiB
Go
package auth
|
|
|
|
import (
|
|
"context"
|
|
"errors"
|
|
"tercul/internal/domain"
|
|
"tercul/internal/platform/auth"
|
|
"tercul/internal/platform/log"
|
|
)
|
|
|
|
var (
|
|
ErrUserNotFound = errors.New("user not found")
|
|
ErrContextRequired = errors.New("context is required")
|
|
)
|
|
|
|
// AuthQueries contains the query handlers for authentication.
|
|
type AuthQueries struct {
|
|
userRepo domain.UserRepository
|
|
jwtManager *auth.JWTManager
|
|
}
|
|
|
|
// NewAuthQueries creates a new AuthQueries handler.
|
|
func NewAuthQueries(userRepo domain.UserRepository, jwtManager *auth.JWTManager) *AuthQueries {
|
|
return &AuthQueries{
|
|
userRepo: userRepo,
|
|
jwtManager: jwtManager,
|
|
}
|
|
}
|
|
|
|
// GetUserFromContext extracts user from context
|
|
func (q *AuthQueries) GetUserFromContext(ctx context.Context) (*domain.User, error) {
|
|
if ctx == nil {
|
|
return nil, ErrContextRequired
|
|
}
|
|
|
|
claims, err := auth.RequireAuth(ctx)
|
|
if err != nil {
|
|
log.LogWarn("Failed to get user from context - authentication required", log.F("error", err))
|
|
return nil, err
|
|
}
|
|
|
|
user, err := q.userRepo.GetByID(ctx, claims.UserID)
|
|
if err != nil {
|
|
log.LogWarn("Failed to get user from context - user not found", log.F("user_id", claims.UserID), log.F("error", err))
|
|
return nil, ErrUserNotFound
|
|
}
|
|
|
|
if !user.Active {
|
|
log.LogWarn("Failed to get user from context - user inactive", log.F("user_id", user.ID))
|
|
return nil, ErrInvalidCredentials
|
|
}
|
|
|
|
return user, nil
|
|
}
|
|
|
|
// ValidateToken validates a JWT token and returns the user
|
|
func (q *AuthQueries) ValidateToken(ctx context.Context, tokenString string) (*domain.User, error) {
|
|
if ctx == nil {
|
|
return nil, ErrContextRequired
|
|
}
|
|
|
|
if tokenString == "" {
|
|
log.LogWarn("Token validation failed - empty token")
|
|
return nil, auth.ErrMissingToken
|
|
}
|
|
|
|
claims, err := q.jwtManager.ValidateToken(tokenString)
|
|
if err != nil {
|
|
log.LogWarn("Token validation failed - invalid token", log.F("error", err))
|
|
return nil, err
|
|
}
|
|
|
|
user, err := q.userRepo.GetByID(ctx, claims.UserID)
|
|
if err != nil {
|
|
log.LogWarn("Token validation failed - user not found", log.F("user_id", claims.UserID), log.F("error", err))
|
|
return nil, ErrUserNotFound
|
|
}
|
|
|
|
if !user.Active {
|
|
log.LogWarn("Token validation failed - user inactive", log.F("user_id", user.ID))
|
|
return nil, ErrInvalidCredentials
|
|
}
|
|
|
|
log.LogInfo("Token validated successfully", log.F("user_id", user.ID))
|
|
return user, nil
|
|
}
|