201 lines
6.4 KiB
Go
201 lines
6.4 KiB
Go
package server
|
|
|
|
import (
|
|
"context"
|
|
"net/http"
|
|
|
|
"github.com/gin-gonic/gin"
|
|
"github.com/google/uuid"
|
|
|
|
"scrabble/backend/internal/link"
|
|
)
|
|
|
|
// The /api/v1/user/link handlers drive account linking & merge (Stage 11). The
|
|
// request step always mails a code (no pre-send "taken" signal, so a probe cannot
|
|
// enumerate registered emails); confirm reveals a required merge only after the
|
|
// code is verified; merge performs the irreversible consolidation behind an
|
|
// explicit step. A merge into a guest initiator's durable counterpart switches the
|
|
// active session — the new token rides back in the result for the client to adopt.
|
|
|
|
// linkEmailRequestBody starts a link/merge by mailing a code to email.
|
|
type linkEmailRequestBody struct {
|
|
Email string `json:"email"`
|
|
}
|
|
|
|
// linkEmailConfirmBody carries the email and its confirm code.
|
|
type linkEmailConfirmBody struct {
|
|
Email string `json:"email"`
|
|
Code string `json:"code"`
|
|
}
|
|
|
|
// linkTelegramBody carries a gateway-validated Telegram identity.
|
|
type linkTelegramBody struct {
|
|
ExternalID string `json:"external_id"`
|
|
}
|
|
|
|
// linkResultResponse is the unified result of a confirm or merge step. Status is
|
|
// "linked" (bound to the caller), "merge_required" (the identity belongs to another
|
|
// account — the secondary_* fields summarise it for the irreversible confirmation),
|
|
// or "merged" (done; token is non-empty when the active account switched).
|
|
type linkResultResponse struct {
|
|
Status string `json:"status"`
|
|
SecondaryUserID string `json:"secondary_user_id,omitempty"`
|
|
SecondaryName string `json:"secondary_display_name,omitempty"`
|
|
SecondaryGames int `json:"secondary_games"`
|
|
SecondaryFriends int `json:"secondary_friends"`
|
|
Token string `json:"token,omitempty"`
|
|
Profile *profileResponse `json:"profile,omitempty"`
|
|
}
|
|
|
|
// handleLinkEmailRequest mails a confirm-code to email for a later link or merge.
|
|
func (s *Server) handleLinkEmailRequest(c *gin.Context) {
|
|
uid, ok := userID(c)
|
|
if !ok {
|
|
abortBadRequest(c, "missing identity")
|
|
return
|
|
}
|
|
var req linkEmailRequestBody
|
|
if err := c.ShouldBindJSON(&req); err != nil {
|
|
abortBadRequest(c, "invalid request body")
|
|
return
|
|
}
|
|
if err := s.links.RequestEmail(c.Request.Context(), uid, req.Email); err != nil {
|
|
s.abortErr(c, err)
|
|
return
|
|
}
|
|
c.JSON(http.StatusOK, okResponse{OK: true})
|
|
}
|
|
|
|
// handleLinkEmailConfirm verifies the code and binds a free email or reports a
|
|
// required merge.
|
|
func (s *Server) handleLinkEmailConfirm(c *gin.Context) {
|
|
uid, ok := userID(c)
|
|
if !ok {
|
|
abortBadRequest(c, "missing identity")
|
|
return
|
|
}
|
|
var req linkEmailConfirmBody
|
|
if err := c.ShouldBindJSON(&req); err != nil {
|
|
abortBadRequest(c, "invalid request body")
|
|
return
|
|
}
|
|
res, err := s.links.ConfirmEmail(c.Request.Context(), uid, req.Email, req.Code)
|
|
if err != nil {
|
|
s.abortErr(c, err)
|
|
return
|
|
}
|
|
c.JSON(http.StatusOK, s.confirmResultResponse(c, uid, res))
|
|
}
|
|
|
|
// handleLinkEmailMerge re-verifies the code and performs the merge.
|
|
func (s *Server) handleLinkEmailMerge(c *gin.Context) {
|
|
uid, ok := userID(c)
|
|
if !ok {
|
|
abortBadRequest(c, "missing identity")
|
|
return
|
|
}
|
|
var req linkEmailConfirmBody
|
|
if err := c.ShouldBindJSON(&req); err != nil {
|
|
abortBadRequest(c, "invalid request body")
|
|
return
|
|
}
|
|
res, err := s.links.MergeEmail(c.Request.Context(), uid, req.Email, req.Code)
|
|
if err != nil {
|
|
s.abortErr(c, err)
|
|
return
|
|
}
|
|
c.JSON(http.StatusOK, s.mergeResultResponse(c, res))
|
|
}
|
|
|
|
// handleLinkTelegram attaches a gateway-validated Telegram identity to the caller
|
|
// or reports a required merge.
|
|
func (s *Server) handleLinkTelegram(c *gin.Context) {
|
|
uid, ok := userID(c)
|
|
if !ok {
|
|
abortBadRequest(c, "missing identity")
|
|
return
|
|
}
|
|
var req linkTelegramBody
|
|
if err := c.ShouldBindJSON(&req); err != nil || req.ExternalID == "" {
|
|
abortBadRequest(c, "missing external_id")
|
|
return
|
|
}
|
|
res, err := s.links.ConfirmTelegram(c.Request.Context(), uid, req.ExternalID)
|
|
if err != nil {
|
|
s.abortErr(c, err)
|
|
return
|
|
}
|
|
c.JSON(http.StatusOK, s.confirmResultResponse(c, uid, res))
|
|
}
|
|
|
|
// handleLinkTelegramMerge merges the account owning a gateway-validated Telegram
|
|
// identity into the caller's.
|
|
func (s *Server) handleLinkTelegramMerge(c *gin.Context) {
|
|
uid, ok := userID(c)
|
|
if !ok {
|
|
abortBadRequest(c, "missing identity")
|
|
return
|
|
}
|
|
var req linkTelegramBody
|
|
if err := c.ShouldBindJSON(&req); err != nil || req.ExternalID == "" {
|
|
abortBadRequest(c, "missing external_id")
|
|
return
|
|
}
|
|
res, err := s.links.MergeTelegram(c.Request.Context(), uid, req.ExternalID)
|
|
if err != nil {
|
|
s.abortErr(c, err)
|
|
return
|
|
}
|
|
c.JSON(http.StatusOK, s.mergeResultResponse(c, res))
|
|
}
|
|
|
|
// confirmResultResponse renders a confirm step: a merge preview (secondary summary)
|
|
// or a completed link (the active account's refreshed profile).
|
|
func (s *Server) confirmResultResponse(c *gin.Context, activeID uuid.UUID, res link.ConfirmResult) linkResultResponse {
|
|
ctx := c.Request.Context()
|
|
if res.MergeRequired {
|
|
out := linkResultResponse{Status: "merge_required", SecondaryUserID: res.SecondaryID.String()}
|
|
if acc, err := s.accounts.GetByID(ctx, res.SecondaryID); err == nil {
|
|
out.SecondaryName = acc.DisplayName
|
|
}
|
|
out.SecondaryGames, out.SecondaryFriends = s.secondaryCounts(ctx, res.SecondaryID)
|
|
return out
|
|
}
|
|
return linkResultResponse{Status: "linked", Profile: s.profileFor(ctx, activeID)}
|
|
}
|
|
|
|
// mergeResultResponse renders a completed merge: the surviving account's profile
|
|
// plus a switched-session token when the active account changed.
|
|
func (s *Server) mergeResultResponse(c *gin.Context, res link.MergeResult) linkResultResponse {
|
|
return linkResultResponse{
|
|
Status: "merged",
|
|
Token: res.SwitchedToken,
|
|
Profile: s.profileFor(c.Request.Context(), res.PrimaryID),
|
|
}
|
|
}
|
|
|
|
// profileFor loads an account's profile DTO, or nil when it cannot be read.
|
|
func (s *Server) profileFor(ctx context.Context, id uuid.UUID) *profileResponse {
|
|
acc, err := s.accounts.GetByID(ctx, id)
|
|
if err != nil {
|
|
return nil
|
|
}
|
|
p := profileResponseFor(acc)
|
|
return &p
|
|
}
|
|
|
|
// secondaryCounts summarises the to-be-retired account for the merge confirmation.
|
|
func (s *Server) secondaryCounts(ctx context.Context, id uuid.UUID) (games, friends int) {
|
|
if s.games != nil {
|
|
if gs, err := s.games.ListForAccount(ctx, id); err == nil {
|
|
games = len(gs)
|
|
}
|
|
}
|
|
if s.social != nil {
|
|
if fs, err := s.social.ListFriends(ctx, id); err == nil {
|
|
friends = len(fs)
|
|
}
|
|
}
|
|
return games, friends
|
|
}
|