chedius/delivery-tracker
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
a3929bec8dd23e4e81210ab34158498fb7cecb2a
delivery-tracker/backend/internal/auth/service.go
Egor Pozharov a3929bec8d
Some checks failed
Build and Push Docker Images / build-backend (push) Has been cancelled
Details
Build and Push Docker Images / build-frontend (push) Has been cancelled
Details
implement account lockout after 3 failed login attempts with 5-minute cooldown period
2026-04-29 17:00:37 +06:00

122 lines
2.8 KiB
Go
Raw Blame History

package auth
import (
"context"
"errors"
"time"
sqlc "github.com/chedius/delivery-tracker/internal/db/sqlc"
"github.com/google/uuid"
"github.com/jackc/pgx/v5"
"golang.org/x/crypto/bcrypt"
)
type Service struct {
queries *sqlc.Queries
secret []byte
expiry time.Duration
}
type User struct {
ID string
Username string
// Password string
}
func New(queries *sqlc.Queries, secret []byte, expiry time.Duration) *Service {
return &Service{queries, secret, expiry}
}
func (s *Service) Register(ctx context.Context, username, password string) (User, string, error) {
if username == "" || password == "" {
return User{}, "", ErrCredentialsEmpty
}
if _, err := s.queries.GetUserByUsername(ctx, username); err == nil {
return User{}, "", ErrUserExists
}
if len(password) < 6 {
return User{}, "", ErrPasswordTooShort
}
hashedPassword, err := s.HashPassword(password)
if err != nil {
return User{}, "", err
}
user, err := s.queries.CreateUser(ctx, sqlc.CreateUserParams{
Username: username,
PasswordHash: hashedPassword,
})
if err != nil {
return User{}, "", err
}
token, err := GenerateToken(uuid.UUID(user.ID.Bytes), s.secret, s.expiry)
if err != nil {
return User{}, "", err
}
return User{
ID: user.ID.String(),
Username: user.Username,
}, token, nil
}
func (s *Service) Login(ctx context.Context, username, password string) (string, error) { // returns JWT
user, err := s.queries.GetUserByUsername(ctx, username)
if err != nil {
if errors.Is(err, pgx.ErrNoRows) {
return "", ErrUserNotFound
}
return "", err
}
now := time.Now()
if user.LockedUntil.Valid {
if user.LockedUntil.Time.After(now) {
return "", AccountLockedError{LockedUntil: user.LockedUntil.Time}
}
if err := s.queries.ResetLoginFailures(ctx, username); err != nil {
return "", err
}
}
if !s.VerifyPassword(user.PasswordHash, password) {
failedLogin, err := s.queries.RecordFailedLogin(ctx, username)
if err != nil {
return "", err
}
if failedLogin.LockedUntil.Valid && failedLogin.LockedUntil.Time.After(now) {
return "", AccountLockedError{LockedUntil: failedLogin.LockedUntil.Time}
}
return "", ErrInvalidCredentials
}
if user.FailedLoginAttempts > 0 || user.LockedUntil.Valid {
if err := s.queries.ResetLoginFailures(ctx, username); err != nil {
return "", err
}
}
token, err := GenerateToken(uuid.UUID(user.ID.Bytes), s.secret, s.expiry)
if err != nil {
return "", err
}
return token, nil
}
func (s *Service) HashPassword(password string) (string, error) {
hash, err := bcrypt.GenerateFromPassword([]byte(password), bcrypt.DefaultCost)
if err != nil {
return "", err
}
return string(hash), nil
}
func (s *Service) VerifyPassword(hash, password string) bool {
err := bcrypt.CompareHashAndPassword([]byte(hash), []byte(password))
return err == nil
}
Reference in New Issue View Git Blame Copy Permalink