Replace auth handlers with commands

Author: theandrew168

backend/command/account.go

@@ -9,8 +9,8 @@ import (
 	"github.com/theandrew168/bloggulus/backend/repository"
 )
 
-var ErrAccountNotFound = errors.New("account not found")
-var ErrDeleteAdminAccount = errors.New("cannot delete admin account")
+var ErrAccountNotFound = errors.New("account: not found")
+var ErrDeleteAdminAccount = errors.New("account: cannot delete admin account")
 
 func (cmd *Command) FollowBlog(accountID uuid.UUID, blogID uuid.UUID) error {
 	return cmd.repo.WithTransaction(func(tx *repository.Repository) error {

backend/command/auth.go

@@ -12,7 +12,7 @@ import (
 	"github.com/theandrew168/bloggulus/backend/web/util"
 )
 
-var ErrSessionNotFound = errors.New("session not found")
+var ErrSessionNotFound = errors.New("session: not found")
 
 func (cmd *Command) SignIn(username string) (string, error) {
 	// NOTE: Handling state outside the transaciton is the exception, not the rule.

backend/command/blog.go

@@ -10,7 +10,7 @@ import (
 	"github.com/theandrew168/bloggulus/backend/repository"
 )
 
-var ErrBlogNotFound = errors.New("blog not found")
+var ErrBlogNotFound = errors.New("blog: not found")
 
 func (cmd *Command) DeleteBlog(blogID uuid.UUID) error {
 	return cmd.repo.WithTransaction(func(tx *repository.Repository) error {

backend/web/auth.go

@@ -10,10 +10,8 @@ import (
 
 	"golang.org/x/oauth2"
 
-	"github.com/theandrew168/bloggulus/backend/model"
-	"github.com/theandrew168/bloggulus/backend/postgres"
+	"github.com/theandrew168/bloggulus/backend/command"
 	"github.com/theandrew168/bloggulus/backend/random"
-	"github.com/theandrew168/bloggulus/backend/repository"
 	"github.com/theandrew168/bloggulus/backend/web/page"
 	"github.com/theandrew168/bloggulus/backend/web/util"
 )
@@ -134,7 +132,7 @@ func HandleOAuthSignIn(conf *oauth2.Config) http.Handler {
 
 func HandleOAuthCallback(
 	secretKey string,
-	repo *repository.Repository,
+	cmd *command.Command,
 	conf *oauth2.Config,
 	fetchUserID FetchUserID,
 ) http.Handler {
@@ -174,54 +172,16 @@ func HandleOAuthCallback(
 		}
 
 		username := util.HashUserID(userID, secretKey)
-		account, err := repo.Account().ReadByUsername(username)
-		if err != nil {
-			if !errors.Is(err, postgres.ErrNotFound) {
-				util.InternalServerErrorResponse(w, r, err)
-				return
-			}
-
-			// We need to create a new account at this point.
-			account, err = model.NewAccount(username)
-			if err != nil {
-				util.InternalServerErrorResponse(w, r, err)
-				return
-			}
-
-			err = repo.Account().Create(account)
-			if err != nil {
-				slog.Error("failed create user account", "error", err.Error())
-				util.BadRequestResponse(w, r)
-				return
-			}
-
-			slog.Info("account created",
-				"account_id", account.ID(),
-			)
-		}
-
-		// Create a new session for the account.
-		session, sessionID, err := model.NewSession(account, util.SessionCookieTTL)
+		sessionID, err := cmd.SignIn(username)
 		if err != nil {
 			util.InternalServerErrorResponse(w, r, err)
 			return
 		}
 
-		err = repo.Session().Create(session)
-		if err != nil {
-			util.CreateErrorResponse(w, r, err)
-			return
-		}
-
 		// Set a permanent cookie after sign in.
 		sessionCookie := util.NewPermanentCookie(util.SessionCookieName, sessionID, util.SessionCookieTTL)
 		http.SetCookie(w, &sessionCookie)
 
-		slog.Info("account signed in",
-			"account_id", account.ID(),
-			"session_id", session.ID(),
-		)
-
 		next := "/"
 		nextCookie, err := r.Cookie(util.NextCookieName)
 		if err == nil {
@@ -235,7 +195,7 @@ func HandleOAuthCallback(
 	})
 }
 
-func HandleDebugSignIn(secretKey string, repo *repository.Repository) http.Handler {
+func HandleDebugSignIn(secretKey string, cmd *command.Command) http.Handler {
 	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
 		// Generate a random userID for the debug sign in.
 		userID, err := random.BytesBase64(16)
@@ -247,54 +207,16 @@ func HandleDebugSignIn(secretKey string, repo *repository.Repository) http.Handl
 		userID = "debug_" + userID
 		username := util.HashUserID(userID, secretKey)
 
-		account, err := repo.Account().ReadByUsername(username)
-		if err != nil {
-			if !errors.Is(err, postgres.ErrNotFound) {
-				util.InternalServerErrorResponse(w, r, err)
-				return
-			}
-
-			// We need to create a new account at this point.
-			account, err = model.NewAccount(username)
-			if err != nil {
-				util.InternalServerErrorResponse(w, r, err)
-				return
-			}
-
-			err = repo.Account().Create(account)
-			if err != nil {
-				slog.Error("failed create user account", "error", err.Error())
-				util.BadRequestResponse(w, r)
-				return
-			}
-
-			slog.Info("account created",
-				"account_id", account.ID(),
-			)
-		}
-
-		// Create a new session for the account.
-		session, sessionID, err := model.NewSession(account, util.SessionCookieTTL)
+		sessionID, err := cmd.SignIn(username)
 		if err != nil {
 			util.InternalServerErrorResponse(w, r, err)
 			return
 		}
 
-		err = repo.Session().Create(session)
-		if err != nil {
-			util.CreateErrorResponse(w, r, err)
-			return
-		}
-
 		// Set a permanent cookie after sign in.
 		sessionCookie := util.NewPermanentCookie(util.SessionCookieName, sessionID, util.SessionCookieTTL)
 		http.SetCookie(w, &sessionCookie)
 
-		slog.Info("account signed in",
-			"account_id", account.ID(),
-			"session_id", session.ID(),
-		)
-
 		next := "/"
 		nextCookie, err := r.Cookie(util.NextCookieName)
 		if err == nil {
@@ -308,7 +230,7 @@ func HandleDebugSignIn(secretKey string, repo *repository.Repository) http.Handl
 	})
 }
 
-func HandleSignOutForm(repo *repository.Repository) http.Handler {
+func HandleSignOutForm(cmd *command.Command) http.Handler {
 	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
 		// Check for a session ID. If there isn't one, just redirect back home.
 		sessionID, err := r.Cookie(util.SessionCookieName)
@@ -321,23 +243,11 @@ func HandleSignOutForm(repo *repository.Repository) http.Handler {
 		cookie := util.NewExpiredCookie(util.SessionCookieName)
 		http.SetCookie(w, &cookie)
 
-		// Lookup the session by its client-side session ID.
-		session, err := repo.Session().ReadBySessionID(sessionID.Value)
-		if err != nil {
-			switch {
-			case errors.Is(err, postgres.ErrNotFound):
-				http.Redirect(w, r, "/", http.StatusSeeOther)
-			default:
-				util.InternalServerErrorResponse(w, r, err)
-			}
-			return
-		}
-
-		// Delete the session from the database.
-		err = repo.Session().Delete(session)
+		err = cmd.SignOut(sessionID.Value)
 		if err != nil {
 			switch {
-			case errors.Is(err, postgres.ErrNotFound):
+			case errors.Is(err, command.ErrSessionNotFound):
+				// If the session was not found, just redirect back home.
 				http.Redirect(w, r, "/", http.StatusSeeOther)
 			default:
 				util.InternalServerErrorResponse(w, r, err)

backend/web/handler.go

@@ -96,16 +96,16 @@ func Handler(
 	// Check if the debug auth method should be enabled.
 	enableDebugAuth := os.Getenv("ENABLE_DEBUG_AUTH") != ""
 	if enableDebugAuth {
-		mux.Handle("POST /debug/signin", HandleDebugSignIn(conf.SecretKey, repo))
+		mux.Handle("POST /debug/signin", HandleDebugSignIn(conf.SecretKey, cmd))
 	}
 
 	// Authenication routes.
 	mux.Handle("GET /signin", HandleSignIn(enableDebugAuth))
 	mux.Handle("GET /github/signin", HandleOAuthSignIn(&githubConf))
-	mux.Handle("GET /github/callback", HandleOAuthCallback(conf.SecretKey, repo, &githubConf, FetchGithubUserID))
+	mux.Handle("GET /github/callback", HandleOAuthCallback(conf.SecretKey, cmd, &githubConf, FetchGithubUserID))
 	mux.Handle("GET /google/signin", HandleOAuthSignIn(&googleConf))
-	mux.Handle("GET /google/callback", HandleOAuthCallback(conf.SecretKey, repo, &googleConf, FetchGoogleUserID))
-	mux.Handle("POST /signout", HandleSignOutForm(repo))
+	mux.Handle("GET /google/callback", HandleOAuthCallback(conf.SecretKey, cmd, &googleConf, FetchGoogleUserID))
+	mux.Handle("POST /signout", HandleSignOutForm(cmd))
 
 	// Public blog routes.
 	mux.Handle("GET /blogs", requireAccount(HandleBlogList(qry)))