Merge pull request #13 from hammercode-dev/be-03/04/07/feat(forget-password)-forgot&set-password

Be 03/04/07/feat(forget password) forgot, set password, and migration

Author: AfandyW

app/app.go

@@ -44,7 +44,7 @@ func InitApp(
 	middleware := middlewares.InitMiddleware(jwtInstance, userRepo)
 
 	// usecase
-	userUsecase := users.InitUsecase(userRepo, dbTx, jwtInstance)
+	userUsecase := users.InitUsecase(cfg, userRepo, dbTx, jwtInstance)
 	newsletterUC := newsletters.InitUsecase(cfg, newsletterRepo, dbTx, jwt.NewJwt(cfg.JWT_SECRET_KEY))
 	eventUC := events.InitUsecase(eventRepo, imgRepo, dbTx)
 	imgUc := images.InitUsecase(imgRepo, dbTx)

app/users/delivery/http/forgot_password_user.go

@@ -0,0 +1,57 @@
+package http
+
+import (
+	"encoding/json"
+	"io"
+	"net/http"
+	"regexp"
+
+	"github.com/hammer-code/lms-be/domain"
+	"github.com/hammer-code/lms-be/utils"
+)
+
+func (h Handler) ForgotPassword(w http.ResponseWriter, r *http.Request) {
+	reEmail := regexp.MustCompile(`^[a-z0-9._%+\-]+@[a-z0-9.\-]+\.[a-z]{2,}$`)
+
+	bodyBytes, err := io.ReadAll(r.Body)
+	if err != nil {
+		utils.Response(domain.HttpResponse{
+			Code:    500,
+			Message: err.Error(),
+			Data:    nil,
+		}, w)
+		return
+	}
+
+	forgotPassword := domain.ForgotPassword{}
+	if err = json.Unmarshal(bodyBytes, &forgotPassword); err != nil {
+		utils.Response(domain.HttpResponse{
+			Code:    500,
+			Message: err.Error(),
+		}, w)
+		return
+	}
+
+	if isValidEmail := reEmail.MatchString(forgotPassword.Email); !isValidEmail {
+		utils.Response(domain.HttpResponse{
+			Code:    400,
+			Message: "Email is not valid",
+		}, w)
+		return
+	}
+
+	if err := h.usecase.ForgotPassword(r.Context(), forgotPassword); err != nil {
+		utils.Response(domain.HttpResponse{
+			Code:    500,
+			Message: err.Error(),
+		}, w)
+		return
+	}
+
+	utils.Response(domain.HttpResponse{
+		Code:    200,
+		Message: "Request reset password success check your email",
+		Data:    nil,
+	}, w)
+
+}

app/users/delivery/http/reset_password.go

@@ -0,0 +1,65 @@
+package http
+
+import (
+	"encoding/json"
+	"io"
+	"net/http"
+	"regexp"
+
+	"github.com/hammer-code/lms-be/domain"
+	"github.com/hammer-code/lms-be/utils"
+)
+
+func (h Handler) ResetPassword(w http.ResponseWriter, r *http.Request) {
+
+	passwordRegex := regexp.MustCompile(`^[a-zA-Z\d]{8,}$`)
+
+	bodyBytes, err := io.ReadAll(r.Body)
+	if err != nil {
+		utils.Response(domain.HttpResponse{
+			Code:    500,
+			Message: "Failed to read request body :" + err.Error(),
+		}, w)
+		return
+	}
+
+	forgotPasswordInstance := domain.ForgotPassword{}
+
+	if err := json.Unmarshal(bodyBytes, &forgotPasswordInstance); err != nil {
+		utils.Response(domain.HttpResponse{
+			Code:    500,
+			Message: "Failed to unmarshal request body :" + err.Error(),
+		}, w)
+		return
+	}
+
+	if forgotPasswordInstance.Password != forgotPasswordInstance.ConfirmPassword {
+		utils.Response(domain.HttpResponse{
+			Code:    400,
+			Message: "Password and confirm password must be the same",
+		}, w)
+		return
+	}
+
+	if isValidPass := passwordRegex.MatchString(forgotPasswordInstance.Password); !isValidPass {
+		utils.Response(domain.HttpResponse{
+			Code:    400,
+			Message: "Password must contain at least 8 characters, one uppercase letter, one lowercase letter, and one number",
+		}, w)
+		return
+	}
+
+	if err := h.usecase.ResetPassword(r.Context(), forgotPasswordInstance); err != nil {
+		utils.Response(domain.HttpResponse{
+			Code:    500,
+			Message: "Failed to reset password :" + err.Error(),
+		}, w)
+		return
+
+	}
+
+	utils.Response(domain.HttpResponse{
+		Code:    200,
+		Message: "Reset password success",
+	}, w)
+}

app/users/repository/forgot_password.go

@@ -0,0 +1,23 @@
+package repository
+
+import (
+	"context"
+	"time"
+
+	"github.com/hammer-code/lms-be/domain"
+	"github.com/sirupsen/logrus"
+)
+
+func (repo *repository) ForgotPassword(ctx context.Context, token string, expiredAt time.Time, user domain.User) (err error) {
+	err = repo.db.DB(ctx).Create(&domain.ResetPasswordToken{
+		Token:      token,
+		UserID:     uint64(user.ID),
+		ExpiryDate: expiredAt,
+	}).Error
+	if err != nil {
+		logrus.Error("repo.ForgotPassword : failed to create reset password token")
+		return err
+	}
+
+	return nil
+}

app/users/repository/reset_password.go

@@ -0,0 +1,39 @@
+package repository
+
+import (
+	"context"
+	"errors"
+
+	"github.com/hammer-code/lms-be/domain"
+	"github.com/sirupsen/logrus"
+)
+
+func (repo *repository) ResetPassword(ctx context.Context, email, password, token string) error {
+	if err := repo.db.StartTransaction(ctx, func(ctx context.Context) error {
+		resetPasswordTokenInstance := domain.ResetPasswordToken{}
+		if err := repo.db.DB(ctx).Model(resetPasswordTokenInstance).Where("token = ?", token).First(&resetPasswordTokenInstance).Error; err != nil {
+			logrus.Error("repo.ResetPassword: failed to find token")
+			return err
+		}
+
+		if resetPasswordTokenInstance.IsUsed {
+			logrus.Error("repo.ResetPassword: token already used")
+			return errors.New("token already used")
+		}
+
+		if err := repo.db.DB(ctx).Model(domain.User{}).Where("email = ?", email).Update("password", password).Error; err != nil {
+			logrus.Error("repo.ResetPassword: failed to update password")
+			return err
+		}
+
+		if err := repo.db.DB(ctx).Model(domain.ResetPasswordToken{}).Where("token = ?", token).Update("is_used", true).Error; err != nil {
+			logrus.Error("repo.ResetPassword: failed to update token state")
+			return err
+		}
+		return nil
+	}); err != nil {
+		logrus.Error("repo.ResetPassword: failed to reset password")
+		return err
+	}
+	return nil
+}

app/users/usecase/forgot_password.go

@@ -0,0 +1,85 @@
+package usecase
+
+import (
+	"bytes"
+	"context"
+	"fmt"
+	"html/template"
+	"net/smtp"
+	"os"
+
+	"github.com/hammer-code/lms-be/domain"
+	"github.com/sirupsen/logrus"
+)
+
+func (us *usecase) ForgotPassword(ctx context.Context, emailForgot domain.ForgotPassword) (err error) {
+	user := domain.User{}
+	err = us.dbTX.StartTransaction(ctx, func(txCtx context.Context) error {
+		user, err = us.userRepo.FindByEmail(ctx, emailForgot.Email)
+		if err != nil {
+			logrus.Error("us.ForgotPassword: failed to get Email", err)
+			return err
+		}
+		return nil
+	})
+
+	if err != nil {
+		logrus.Error("us.ForgotPassword: failed to get Email", err)
+		return
+	}
+
+	resetToken, err := us.jwt.GenerateAccessToken(ctx, &user, 30)
+	if err != nil {
+		logrus.Error("us.ForgotPassword: failed to generate token", err)
+		return
+	}
+
+	jwtData, err := us.jwt.VerifyToken(*resetToken)
+
+	if err != nil {
+		logrus.Error("us.ForgotPassword: failed to verify token", err)
+		return
+	}
+
+	if err = us.userRepo.ForgotPassword(ctx, *resetToken, jwtData.ExpiresAt.Time, user); err != nil {
+		logrus.Error("us.ForgotPassword: failed to save token", err)
+		return
+	}
+
+	// link to reset password
+	link := us.cfg.BASE_URL_FE + "/forgot_password?token=" + *resetToken
+
+	htmlTmpl, err := os.ReadFile("./assets/reset_button_on_email.html")
+	if err != nil {
+		logrus.Error("us.ForgotPassword: failed to read template file", err)
+		return
+	}
+
+	tmpl, err := template.New("reset_email").Parse(string(htmlTmpl))
+	if err != nil {
+		logrus.Error("us.ForgotPassword: failed to parse template", err)
+		return
+	}
+
+	var bodyBuffer bytes.Buffer
+	if err = tmpl.Execute(&bodyBuffer, link); err != nil {
+		logrus.Error("us.ForgotPassword: failed to execute template", err)
+		return
+	}
+
+	subject := "Reset Password"
+	mime := "MIME-version: 1.0;\nContent-Type: text/html; charset=\"UTF-8\";\n\n"
+	message := []byte(fmt.Sprintf("To: %s\r\n"+
+		"Subject: %s\r\n"+
+		"%s\r\n"+
+		"%s\r\n", emailForgot.Email, subject, mime, bodyBuffer.String()))
+
+	auth := smtp.PlainAuth("", us.cfg.SMTP_EMAIL, us.cfg.SMTP_PASSWORD, us.cfg.SMTP_HOST)
+
+	host := fmt.Sprintf("%s:%s", us.cfg.SMTP_HOST, us.cfg.SMTP_PORT)
+	if err := smtp.SendMail(host, auth, us.cfg.SMTP_EMAIL, []string{emailForgot.Email}, message); err != nil {
+		return err
+	}
+
+	return nil
+}

app/users/usecase/login_users.go

@@ -27,7 +27,7 @@ func (us *usecase) Login(ctx context.Context, userReq domain.Login) (user domain
 		return
 	}
 
-	signToken, err := us.jwt.GenerateAccessToken(ctx, &user)
+	signToken, err := us.jwt.GenerateAccessToken(ctx, &user, 60)
 	if err != nil {
 		logrus.Error("us.Login: failed to login. ", err)
 		return

app/users/usecase/reset_password.go

@@ -0,0 +1,31 @@
+package usecase
+
+import (
+	"context"
+
+	"github.com/hammer-code/lms-be/domain"
+	"github.com/sirupsen/logrus"
+	"golang.org/x/crypto/bcrypt"
+)
+
+func (us *usecase) ResetPassword(ctx context.Context, reqBodyInstance domain.ForgotPassword) error {
+	jwtData, err := us.jwt.VerifyToken(reqBodyInstance.Token)
+	if err != nil {
+		logrus.Error("us.ResetPassword: failed to verify token", err)
+		return err
+	}
+
+	hashPassword, err := bcrypt.GenerateFromPassword([]byte(reqBodyInstance.Password), bcrypt.DefaultCost)
+	if err != nil {
+		logrus.Error("us.ResetPassword: failed to hash password", err)
+		return err
+	}
+
+	if err := us.userRepo.ResetPassword(ctx, jwtData.Email, string(hashPassword), reqBodyInstance.Token); err != nil {
+		logrus.Error("us.ResetPassword: failed to reset password", err)
+		return err
+	}
+
+	return nil
+
+}

app/users/usecase/usecase.go

@@ -1,6 +1,7 @@
 package usecase
 
 import (
+	"github.com/hammer-code/lms-be/config"
 	"github.com/hammer-code/lms-be/domain"
 	"github.com/hammer-code/lms-be/pkg/db"
 	"github.com/hammer-code/lms-be/pkg/jwt"
@@ -10,15 +11,17 @@ type usecase struct {
 	userRepo domain.UserRepository
 	dbTX     db.DatabaseTransaction
 	jwt      jwt.JWT
+	cfg      config.Config
 }
 
 var (
 	usec *usecase
 )
 
-func NewUsecase(userRepo domain.UserRepository, dbTX db.DatabaseTransaction, jwt jwt.JWT) domain.UserUsecase {
+func NewUsecase(cfg config.Config, userRepo domain.UserRepository, dbTX db.DatabaseTransaction, jwt jwt.JWT) domain.UserUsecase {
 	if usec == nil {
 		usec = &usecase{
+			cfg:      cfg,
 			userRepo: userRepo,
 			dbTX:     dbTX,
 			jwt:      jwt,

app/users/users.go

@@ -4,6 +4,7 @@ import (
 	users_handler "github.com/hammer-code/lms-be/app/users/delivery/http"
 	users_repo "github.com/hammer-code/lms-be/app/users/repository"
 	users_usecase "github.com/hammer-code/lms-be/app/users/usecase"
+	"github.com/hammer-code/lms-be/config"
 	"github.com/hammer-code/lms-be/domain"
 	"github.com/hammer-code/lms-be/pkg/db"
 	"github.com/hammer-code/lms-be/pkg/jwt"
@@ -13,8 +14,8 @@ func InitRepository(db db.DatabaseTransaction) domain.UserRepository {
 	return users_repo.NewRepository(db)
 }
 
-func InitUsecase(repository domain.UserRepository, dbTX db.DatabaseTransaction, jwt jwt.JWT) domain.UserUsecase {
-	return users_usecase.NewUsecase(repository, dbTX, jwt)
+func InitUsecase(cfg config.Config, repository domain.UserRepository, dbTX db.DatabaseTransaction, jwt jwt.JWT) domain.UserUsecase {
+	return users_usecase.NewUsecase(cfg, repository, dbTX, jwt)
 }
 
 func InitHandler(usecase domain.UserUsecase) domain.UserHandler {