This commit is contained in:
78
internal/httpapp/user_ops.go
Normal file
78
internal/httpapp/user_ops.go
Normal file
@@ -0,0 +1,78 @@
|
||||
package httpapp
|
||||
|
||||
import (
|
||||
"encoding/json"
|
||||
"log"
|
||||
"net/http"
|
||||
"strings"
|
||||
|
||||
"gitea.avt.data-center.id/othman.suseno/atlas/internal/models"
|
||||
)
|
||||
|
||||
// handleUserOpsWithAuth routes user operations with auth
|
||||
func (a *App) handleUserOpsWithAuth(w http.ResponseWriter, r *http.Request) {
|
||||
if strings.HasSuffix(r.URL.Path, "/password") {
|
||||
// Password change endpoint (requires auth, can change own password)
|
||||
if r.Method == http.MethodPut {
|
||||
a.handleChangePassword(w, r)
|
||||
return
|
||||
}
|
||||
http.Error(w, "method not allowed", http.StatusMethodNotAllowed)
|
||||
return
|
||||
}
|
||||
|
||||
// Regular user operations (admin-only)
|
||||
methodHandler(
|
||||
func(w http.ResponseWriter, r *http.Request) {
|
||||
a.requireRole(models.RoleAdministrator)(http.HandlerFunc(a.handleGetUser)).ServeHTTP(w, r)
|
||||
},
|
||||
nil,
|
||||
func(w http.ResponseWriter, r *http.Request) {
|
||||
a.requireRole(models.RoleAdministrator)(http.HandlerFunc(a.handleUpdateUser)).ServeHTTP(w, r)
|
||||
},
|
||||
func(w http.ResponseWriter, r *http.Request) {
|
||||
a.requireRole(models.RoleAdministrator)(http.HandlerFunc(a.handleDeleteUser)).ServeHTTP(w, r)
|
||||
},
|
||||
nil,
|
||||
)(w, r)
|
||||
}
|
||||
|
||||
// handleChangePassword allows users to change their own password
|
||||
func (a *App) handleChangePassword(w http.ResponseWriter, r *http.Request) {
|
||||
user, ok := getUserFromContext(r)
|
||||
if !ok {
|
||||
writeJSON(w, http.StatusUnauthorized, map[string]string{"error": "unauthorized"})
|
||||
return
|
||||
}
|
||||
|
||||
var req struct {
|
||||
OldPassword string `json:"old_password"`
|
||||
NewPassword string `json:"new_password"`
|
||||
}
|
||||
|
||||
if err := json.NewDecoder(r.Body).Decode(&req); err != nil {
|
||||
writeJSON(w, http.StatusBadRequest, map[string]string{"error": "invalid request body"})
|
||||
return
|
||||
}
|
||||
|
||||
if req.NewPassword == "" {
|
||||
writeJSON(w, http.StatusBadRequest, map[string]string{"error": "new password is required"})
|
||||
return
|
||||
}
|
||||
|
||||
// Verify old password
|
||||
_, err := a.userStore.Authenticate(user.Username, req.OldPassword)
|
||||
if err != nil {
|
||||
writeJSON(w, http.StatusUnauthorized, map[string]string{"error": "invalid current password"})
|
||||
return
|
||||
}
|
||||
|
||||
// Update password
|
||||
if err := a.userStore.UpdatePassword(user.ID, req.NewPassword); err != nil {
|
||||
log.Printf("update password error: %v", err)
|
||||
writeJSON(w, http.StatusInternalServerError, map[string]string{"error": err.Error()})
|
||||
return
|
||||
}
|
||||
|
||||
writeJSON(w, http.StatusOK, map[string]string{"message": "password updated"})
|
||||
}
|
||||
Reference in New Issue
Block a user