[mobile] require password for one-time code generation

capcom6 · capcom6 · commit 787d81e9582c · 2025-03-26T18:04:33.000+07:00
diff --git a/internal/sms-gateway/handlers/mobile.go b/internal/sms-gateway/handlers/mobile.go
@@ -201,7 +201,7 @@ func (h *mobileHandler) patchMessage(device models.Device, c *fiber.Ctx) error {
 
 //	@Summary		Get one-time code for device registration
 //	@Description	Returns one-time code for device registration
-//	@Security		MobileToken
+//	@Security		ApiAuth
 //	@Tags			Device
 //	@Accept			json
 //	@Produce		json
@@ -210,8 +210,8 @@ func (h *mobileHandler) patchMessage(device models.Device, c *fiber.Ctx) error {
 //	@Router			/mobile/v1/user/code [get]
 //
 // Get user code
-func (h *mobileHandler) getUserCode(device models.Device, c *fiber.Ctx) error {
-	code, err := h.authSvc.GenerateUserCode(device.UserID)
+func (h *mobileHandler) getUserCode(user models.User, c *fiber.Ctx) error {
+	code, err := h.authSvc.GenerateUserCode(user.ID)
 	if err != nil {
 		return err
 	}
@@ -272,6 +272,12 @@ func (h *mobileHandler) Register(router fiber.Router) {
 		h.postDevice,
 	)
 
+	router.Get("/user/code",
+		userauth.NewBasic(h.authSvc),
+		userauth.UserRequired(),
+		userauth.WithUser(h.getUserCode),
+	)
+
 	router.Use(
 		deviceauth.New(h.authSvc),
 	)
@@ -285,7 +291,6 @@ func (h *mobileHandler) Register(router fiber.Router) {
 	router.Get("/message", deviceauth.WithDevice(h.getMessage))
 	router.Patch("/message", deviceauth.WithDevice(h.patchMessage))
 
-	router.Get("/user/code", deviceauth.WithDevice(h.getUserCode))
 	router.Patch("/user/password", deviceauth.WithDevice(h.changePassword))
 
 	h.webhooksCtrl.Register(router.Group("/webhooks"))
diff --git a/pkg/swagger/docs/swagger.json b/pkg/swagger/docs/swagger.json
@@ -771,7 +771,7 @@
             "get": {
                 "security": [
                     {
-                        "MobileToken": []
+                        "ApiAuth": []
                     }
                 ],
                 "description": "Returns one-time code for device registration",
diff --git a/pkg/swagger/docs/swagger.yaml b/pkg/swagger/docs/swagger.yaml
@@ -935,7 +935,7 @@ paths:
           schema:
             $ref: '#/definitions/smsgateway.ErrorResponse'
       security:
-      - MobileToken: []
+      - ApiAuth: []
       summary: Get one-time code for device registration
       tags:
       - Device

Original file line number	Diff line number	Diff line change
`@@ -771,7 +771,7 @@`
`771`	`771`	`"get": {`
`772`	`772`	`"security": [`
`773`	`773`	`{`
`774`		`- "MobileToken": []`
	`774`	`+ "ApiAuth": []`
`775`	`775`	`}`
`776`	`776`	`],`
`777`	`777`	`"description": "Returns one-time code for device registration",`