Merge pull request #1 from aisa-it/add/emailCodes

add emailCodes

Author: EgorSheff

.gitignore

@@ -32,4 +32,5 @@ go.work.sum
 # .vscode/
 
 bin/
+.idea
 aiplan_mem.db

api/api.go

@@ -1,7 +1,11 @@
 package api
 
 import (
+	"bytes"
 	"encoding/base64"
+	"encoding/json"
+	"github.com/aisa-it/aiplan-mem/internal/dao"
+	"io"
 	"net/http"
 	"net/url"
 	"strconv"
@@ -70,6 +74,38 @@ func (a *AIPlanMemAPI) GetUserLastSeenTime(userId uuid.UUID) (time.Time, error)
 	return time.Unix(int64(t), 0), err
 }
 
+// EmailCodes methods
+func (a *AIPlanMemAPI) SaveEmailCode(userID uuid.UUID, newEmail string) (string, error) {
+	if a.isModule {
+		return a.ds.EmailCodes.GenCode(userID, newEmail)
+	}
+
+	h, err := a.postRequestWithResponseHeader("/emailCodes/" + userID.String() + "?email=" + url.QueryEscape(newEmail))
+	return h.Get("code"), err
+}
+
+func (a *AIPlanMemAPI) VerifyEmailCode(userID uuid.UUID, email, code string) (bool, error) {
+	if a.isModule {
+		return a.ds.EmailCodes.VerifyCode(userID, email, code)
+	}
+
+	data := dao.EmailCodeData{
+		NewEmail:  email,
+		Code:      code,
+		CreatedAt: time.Now(),
+	}
+	jsonData, _ := json.Marshal(data)
+
+	resp, err := a.postRequestWithResponse("/emailCodes/"+userID.String()+"/verify", jsonData)
+	if err != nil {
+		return false, err
+	}
+	defer resp.Body.Close()
+	return resp.Header.Get("verify") == "true", nil
+}
+
+//-------------------
+
 func (a *AIPlanMemAPI) getRequest(path string) (http.Header, error) {
 	resp, err := http.Get(a.addr.ResolveReference(&url.URL{Path: path}).String())
 	if err != nil {
@@ -87,3 +123,21 @@ func (a *AIPlanMemAPI) postRequest(path string) error {
 	defer resp.Body.Close()
 	return nil
 }
+
+func (a *AIPlanMemAPI) postRequestWithResponseHeader(path string) (http.Header, error) {
+	resp, err := http.Post(a.addr.ResolveReference(&url.URL{Path: path}).String(), "", nil)
+	if err != nil {
+		return nil, err
+	}
+	defer resp.Body.Close()
+	return resp.Header, nil
+}
+
+func (a *AIPlanMemAPI) postRequestWithResponse(path string, body []byte) (*http.Response, error) {
+	var reader io.Reader
+	if body != nil {
+		reader = bytes.NewReader(body)
+	}
+
+	return http.Post(a.addr.ResolveReference(&url.URL{Path: path}).String(), "application/json", reader)
+}

apierror/errors.go

@@ -0,0 +1,8 @@
+package apierror
+
+import "errors"
+
+var (
+	ErrVerification     = errors.New("verification error")
+	ErrEmailCodeTooSoon = errors.New("email code rate limit exceeded")
+)

internal/config/config.go

@@ -2,11 +2,16 @@ package config
 
 import (
 	"os"
+	"time"
 )
 
 const (
 	SessionsBlaclistBucket = "sessionsBlacklist"
 	LastSeenBucket         = "userLastSeen"
+	EmailCodesBucket       = "emailCodes"
+
+	EmailCodeLifeTime time.Duration = time.Minute * 5
+	EmailCodeLimitReq               = time.Minute
 )
 
 type Config struct {

internal/dao/email-code.go

@@ -0,0 +1,9 @@
+package dao
+
+import "time"
+
+type EmailCodeData struct {
+	NewEmail  string    `json:"new_email"`
+	Code      string    `json:"code"`
+	CreatedAt time.Time `json:"created_at"`
+}

internal/db/db.go

@@ -1,6 +1,7 @@
 package db
 
 import (
+	emailcodes "github.com/aisa-it/aiplan-mem/internal/db/email-codes"
 	"log/slog"
 	"os"
 	"time"
@@ -14,7 +15,8 @@ import (
 type DataStore struct {
 	db *bolt.DB
 
-	Sessions *sessions.SessionsStore
+	Sessions   *sessions.SessionsStore
+	EmailCodes *emailcodes.EmailCodesStore
 }
 
 func OpenDB(cfg *config.Config) (*DataStore, error) {
@@ -24,7 +26,11 @@ func OpenDB(cfg *config.Config) (*DataStore, error) {
 	}
 
 	if err := db.Update(func(tx *bolt.Tx) error {
-		_, err := tx.CreateBucketIfNotExists([]byte(config.SessionsBlaclistBucket))
+		_, err := tx.CreateBucketIfNotExists([]byte(config.EmailCodesBucket))
+		if err != nil {
+			return err
+		}
+		_, err = tx.CreateBucketIfNotExists([]byte(config.SessionsBlaclistBucket))
 		if err != nil {
 			return err
 		}
@@ -35,7 +41,9 @@ func OpenDB(cfg *config.Config) (*DataStore, error) {
 		os.Exit(1)
 	}
 
-	return &DataStore{db: db, Sessions: sessions.NewSessionsStore(db, cfg)}, nil
+	return &DataStore{db: db,
+		Sessions:   sessions.NewSessionsStore(db, cfg),
+		EmailCodes: emailcodes.NewEmailCodesStore(db)}, nil
 }
 
 func (ds DataStore) Close() error {

internal/db/email-codes/email-codes.go

@@ -0,0 +1,88 @@
+package emailcodes
+
+import (
+	"encoding/json"
+	"github.com/aisa-it/aiplan-mem/apierror"
+	"github.com/aisa-it/aiplan-mem/internal/dao"
+	"github.com/aisa-it/aiplan-mem/internal/utils"
+	"time"
+
+	"github.com/aisa-it/aiplan-mem/internal/config"
+	"github.com/boltdb/bolt"
+	"github.com/gofrs/uuid/v5"
+)
+
+type EmailCodesStore struct {
+	db *bolt.DB
+}
+
+func NewEmailCodesStore(db *bolt.DB) *EmailCodesStore {
+	return &EmailCodesStore{db: db}
+}
+
+func (ecs *EmailCodesStore) GenCode(userID uuid.UUID, newEmail string) (string, error) {
+	var codeData *dao.EmailCodeData
+	data := dao.EmailCodeData{
+		NewEmail:  newEmail,
+		Code:      utils.GenCode(),
+		CreatedAt: time.Now(),
+	}
+	return data.Code, ecs.db.Update(func(tx *bolt.Tx) error {
+		b := tx.Bucket([]byte(config.EmailCodesBucket))
+
+		jsonDataOld := b.Get(userID.Bytes())
+		if jsonDataOld != nil {
+			if err := json.Unmarshal(jsonDataOld, &codeData); err != nil {
+				return err
+			}
+
+			if codeData.CreatedAt.Add(config.EmailCodeLimitReq).After(time.Now()) {
+				return apierror.ErrEmailCodeTooSoon
+			}
+		}
+
+		jsonData, err := json.Marshal(data)
+		if err != nil {
+			return err
+		}
+
+		return b.Put(userID.Bytes(), jsonData)
+	})
+}
+
+func (ecs *EmailCodesStore) VerifyCode(userID uuid.UUID, email, code string) (bool, error) {
+	var verified bool
+	var codeData *dao.EmailCodeData
+
+	err := ecs.db.Update(func(tx *bolt.Tx) error {
+		b := tx.Bucket([]byte(config.EmailCodesBucket))
+
+		jsonData := b.Get(userID.Bytes())
+		if jsonData == nil {
+			return nil
+		}
+
+		if err := json.Unmarshal(jsonData, &codeData); err != nil {
+			return err
+		}
+
+		if codeData.NewEmail != email ||
+			codeData.Code != code ||
+			codeData.CreatedAt.Add(config.EmailCodeLifeTime).Before(time.Now()) {
+			return apierror.ErrVerification
+		}
+
+		if err := b.Delete(userID.Bytes()); err != nil {
+			return err
+		}
+
+		verified = true
+		return nil
+	})
+
+	if err != nil {
+		return false, err
+	}
+
+	return verified, nil
+}

internal/server/server.go

@@ -2,11 +2,13 @@ package server
 
 import (
 	"encoding/base64"
+	"encoding/json"
 	"fmt"
 	"log/slog"
 	"net/http"
 
 	"github.com/aisa-it/aiplan-mem/internal/config"
+	"github.com/aisa-it/aiplan-mem/internal/dao"
 	"github.com/aisa-it/aiplan-mem/internal/db"
 	"github.com/gofrs/uuid/v5"
 	"github.com/labstack/echo/v4"
@@ -34,6 +36,12 @@ func RunServer(cfg *config.Config, ds *db.DataStore) {
 		lastSeenGroup.POST("/:userId", s.postUserLastSeen)
 	}
 
+	emailCodeGroup := e.Group("/emailCodes")
+	{
+		emailCodeGroup.POST("/:userId/verify", s.verifyEmailCode)
+		emailCodeGroup.POST("/:userId", s.saveEmailCode)
+	}
+
 	if err := e.Start(cfg.ListenAddr); err != nil {
 		slog.Error("Start http server", "err", err)
 	}
@@ -90,3 +98,35 @@ func (s *Server) postUserLastSeen(c echo.Context) error {
 	}
 	return c.NoContent(http.StatusOK)
 }
+
+// EmailCodes handlers
+
+func (s *Server) saveEmailCode(c echo.Context) error {
+	userId := uuid.FromStringOrNil(c.Param("userId"))
+	email := c.QueryParam("email")
+
+	code, err := s.DataStore.EmailCodes.GenCode(userId, email)
+	if err != nil {
+		return sendError(c, err)
+	}
+
+	c.Response().Header().Set("code", fmt.Sprint(code))
+	return c.NoContent(http.StatusOK)
+}
+
+func (s *Server) verifyEmailCode(c echo.Context) error {
+	userId := uuid.FromStringOrNil(c.Param("userId"))
+
+	var req dao.EmailCodeData
+	if err := json.NewDecoder(c.Request().Body).Decode(&req); err != nil {
+		return sendError(c, err)
+	}
+
+	verify, err := s.DataStore.EmailCodes.VerifyCode(userId, req.NewEmail, req.Code)
+	if err != nil {
+		return sendError(c, err)
+	}
+
+	c.Response().Header().Set("verify", fmt.Sprint(verify))
+	return c.NoContent(http.StatusOK)
+}

internal/utils/utils.go

@@ -0,0 +1,7 @@
+package utils
+
+import "github.com/sethvargo/go-password/password"
+
+func GenCode() string {
+	return password.MustGenerate(6, 6, 0, false, true)
+}