unified code verification service

2026-02-10 01:55:33 +01:00
parent 76c3bfdea9
commit 7f540671c1
120 changed files with 1863 additions and 1394 deletions
--- a/api/server/internal/api/routers/authorized/handler.go
+++ b/api/server/internal/api/routers/authorized/handler.go
@@ -38,12 +38,12 @@ func (ar *AuthorizedRouter) tokenHandler(service mservice.Type, endpoint string,
 func (ar *AuthorizedRouter) AccountHandler(service mservice.Type, endpoint string, method api.HTTPMethod, handler sresponse.AccountHandlerFunc) {
 	hndlr := func(r *http.Request, t *emodel.AccountToken) http.HandlerFunc {
 		if t.Pending {
-			return response.Forbidden(ar.logger, ar.service, "confirmation_required", "pending token requires confirmation")
+			return response.Unauthorized(ar.logger, ar.service, "additional verification required")
 		}
 		var a model.Account
 		if err := ar.db.Get(r.Context(), t.AccountRef, &a); err != nil {
 			if errors.Is(err, merrors.ErrNoData) {
-				ar.logger.Debug("Failed to find related user", zap.Error(err), mzap.ObjRef("account_ref", t.AccountRef))
+				ar.logger.Debug("Failed to find related user", zap.Error(err), mzap.AccRef(t.AccountRef))
 				return response.NotFound(ar.logger, ar.service, err.Error())
 			}
 			return response.Internal(ar.logger, ar.service, err)
@@ -63,7 +63,7 @@ func (ar *AuthorizedRouter) PendingAccountHandler(service mservice.Type, endpoin
 		var a model.Account
 		if err := ar.db.Get(r.Context(), t.AccountRef, &a); err != nil {
 			if errors.Is(err, merrors.ErrNoData) {
-				ar.logger.Debug("Failed to find related user", zap.Error(err), mzap.ObjRef("account_ref", t.AccountRef))
+				ar.logger.Debug("Failed to find related user", zap.Error(err), mzap.AccRef(t.AccountRef))
 				return response.NotFound(ar.logger, ar.service, err.Error())
 			}
 			return response.Internal(ar.logger, ar.service, err)
--- a/api/server/internal/api/routers/dispatcher.go
+++ b/api/server/internal/api/routers/dispatcher.go
@@ -8,8 +8,8 @@ import (
 	api "github.com/tech/sendico/pkg/api/http"
 	"github.com/tech/sendico/pkg/auth"
 	"github.com/tech/sendico/pkg/db/account"
-	"github.com/tech/sendico/pkg/db/confirmation"
 	"github.com/tech/sendico/pkg/db/refreshtokens"
+	"github.com/tech/sendico/pkg/db/verification"
 	"github.com/tech/sendico/pkg/mlogger"
 	"github.com/tech/sendico/pkg/mservice"
 	"github.com/tech/sendico/server/interface/api/sresponse"
@@ -36,7 +36,7 @@ func (d *Dispatcher) PendingAccountHandler(service mservice.Type, endpoint strin
 	d.protected.PendingAccountHandler(service, endpoint, method, handler)
 }

-func NewDispatcher(logger mlogger.Logger, router chi.Router, db account.DB, cdb confirmation.DB, rtdb refreshtokens.DB, enforcer auth.Enforcer, config *middleware.Config) *Dispatcher {
+func NewDispatcher(logger mlogger.Logger, router chi.Router, db account.DB, vdb verification.DB, rtdb refreshtokens.DB, enforcer auth.Enforcer, config *middleware.Config) *Dispatcher {
 	d := &Dispatcher{
 		logger: logger.Named("api_dispatcher"),
 	}
@@ -45,7 +45,7 @@ func NewDispatcher(logger mlogger.Logger, router chi.Router, db account.DB, cdb
 	endpoint := os.Getenv(config.EndPointEnv)
 	signature := middleware.SignatureConf(config)
 	router.Group(func(r chi.Router) {
-		d.public = rpublic.NewRouter(d.logger, endpoint, db, cdb, rtdb, r, &config.Token, &signature)
+		d.public = rpublic.NewRouter(d.logger, endpoint, db, vdb, rtdb, r, &config.Token, &signature)
 	})
 	router.Group(func(r chi.Router) {
 		d.protected = rauthorized.NewRouter(d.logger, endpoint, r, db, enforcer, &config.Token, &signature)
--- a/api/server/internal/api/routers/public/login.go
+++ b/api/server/internal/api/routers/public/login.go
@@ -6,15 +6,13 @@ import (
 	"errors"
 	"net/http"
 	"strings"
-	"time"

 	"github.com/tech/sendico/pkg/api/http/response"
 	"github.com/tech/sendico/pkg/merrors"
-	"github.com/tech/sendico/pkg/model"
 	"github.com/tech/sendico/pkg/mservice"
+	"github.com/tech/sendico/pkg/mutil/mask"
 	"github.com/tech/sendico/server/interface/api/srequest"
 	"github.com/tech/sendico/server/interface/api/sresponse"
-	"github.com/tech/sendico/server/internal/server/confirmationimp"
 	"go.uber.org/zap"
 )

@@ -47,15 +45,7 @@ func (pr *PublicRouter) logUserIn(ctx context.Context, _ *http.Request, req *sre
 		return response.Internal(pr.logger, pr.service, err)
 	}

-	cfg := confirmationimp.DefaultConfig()
-	_, rec, err := pr.cstore.Create(ctx, account.ID, account.Login, model.ConfirmationTargetLogin, cfg, pr.generateCode)
-	if err != nil {
-		pr.logger.Warn("Failed to create login confirmation code", zap.Error(err))
-		return response.Internal(pr.logger, pr.service, err)
-	}
-	pr.logger.Info("Login confirmation code issued", zap.String("destination", pr.maskEmail(account.Login)))
-
-	return sresponse.LoginPending(pr.logger, account, &pendingToken, pr.maskEmail(account.Login), int(time.Until(rec.ExpiresAt).Seconds()))
+	return sresponse.LoginPending(pr.logger, account, &pendingToken, mask.Email(account.Login))
 }

 func (a *PublicRouter) login(r *http.Request) http.HandlerFunc {
--- a/api/server/internal/api/routers/public/router.go
+++ b/api/server/internal/api/routers/public/router.go
@@ -1,27 +1,21 @@
 package routers

 import (
-	"crypto/rand"
-	"strings"
-
 	"github.com/go-chi/chi/v5"
 	api "github.com/tech/sendico/pkg/api/http"
 	"github.com/tech/sendico/pkg/db/account"
-	"github.com/tech/sendico/pkg/db/confirmation"
 	"github.com/tech/sendico/pkg/db/refreshtokens"
+	"github.com/tech/sendico/pkg/db/verification"
 	"github.com/tech/sendico/pkg/mlogger"
 	"github.com/tech/sendico/pkg/mservice"
 	"github.com/tech/sendico/server/interface/api/sresponse"
 	"github.com/tech/sendico/server/interface/middleware"
 	re "github.com/tech/sendico/server/internal/api/routers/endpoint"
-	"github.com/tech/sendico/server/internal/server/confirmationimp"
 )

 type PublicRouter struct {
 	logger    mlogger.Logger
 	db        account.DB
-	cdb       confirmation.DB
-	cstore    *confirmationimp.ConfirmationStore
 	imp       *re.HttpEndpointRouter
 	rtdb      refreshtokens.DB
 	config    middleware.TokenConfig
@@ -33,39 +27,11 @@ func (pr *PublicRouter) InstallHandler(service mservice.Type, endpoint string, m
 	pr.imp.InstallHandler(service, endpoint, method, handler)
 }

-func (pr *PublicRouter) generateCode() (string, error) {
-	const digits = "0123456789"
-	b := make([]byte, confirmationimp.DefaultConfig().CodeLength)
-	if _, err := rand.Read(b); err != nil {
-		return "", err
-	}
-	for i := range b {
-		b[i] = digits[int(b[i])%len(digits)]
-	}
-	return string(b), nil
-}
-
-func (pr *PublicRouter) maskEmail(email string) string {
-	parts := strings.Split(email, "@")
-	if len(parts) != 2 {
-		return email
-	}
-	local := parts[0]
-	if len(local) > 2 {
-		local = local[:1] + "***" + local[len(local)-1:]
-	} else {
-		local = local[:1] + "***"
-	}
-	return local + "@" + parts[1]
-}
-
-func NewRouter(logger mlogger.Logger, apiEndpoint string, db account.DB, cdb confirmation.DB, rtdb refreshtokens.DB, router chi.Router, config *middleware.TokenConfig, signature *middleware.Signature) *PublicRouter {
+func NewRouter(logger mlogger.Logger, apiEndpoint string, db account.DB, vdb verification.DB, rtdb refreshtokens.DB, router chi.Router, config *middleware.TokenConfig, signature *middleware.Signature) *PublicRouter {
 	l := logger.Named("public")
 	hr := PublicRouter{
 		logger:    l,
 		db:        db,
-		cdb:       cdb,
-		cstore:    confirmationimp.NewStore(cdb),
 		rtdb:      rtdb,
 		config:    *config,
 		signature: *signature,
--- a/api/server/internal/api/routers/public/validate.go
+++ b/api/server/internal/api/routers/public/validate.go
@@ -45,7 +45,7 @@ func (pr *PublicRouter) validateRefreshToken(ctx context.Context, _ *http.Reques

 	var account model.Account
 	if err := pr.db.Get(ctx, *rt.AccountRef, &account); errors.Is(err, merrors.ErrNoData) {
-		pr.logger.Info("User not found while rotating refresh token", zap.Error(err), mzap.ObjRef("account_ref", *rt.AccountRef))
+		pr.logger.Info("User not found while rotating refresh token", zap.Error(err), mzap.AccRef(*rt.AccountRef))
 		return nil, nil, merrors.Unauthorized("user not found")
 	}