PNArchives/Memoh
1
0
Fork 0
mirror of https://github.com/memohai/Memoh.git synced 2026-04-27 07:16:19 +09:00
Code Issues Packages Projects Releases Wiki Activity
Files
c3cfdc40967dc8bd7121ed83565d79658809be76
Memoh/internal/handlers/auth.go
T
BBQ 6aebbe9279 feat: refactor User/Bot architecture and implement multi-channel gateway 
Major changes:
1. Core Architecture: Decoupled Bots from Users. Bots now have independent lifecycles, member management (bot_members), and dedicated configurations.
2. Channel Gateway:
   - Implemented a unified Channel Manager supporting Feishu, Telegram, and Local (Web/CLI) adapters.
   - Added message processing pipeline to normalize interactions across different platforms.
   - Introduced a Contact system for identity binding and guest access policies.
3. Database & Tooling:
   - Consolidated all migrations into 0001_init with updated schema for bots, channels, and contacts.
   - Optimized sqlc.yaml to automatically track the migrations directory.
4. Agent Enhancements:
   - Introduced ToolContext to provide Agents with platform-aware execution capabilities (e.g., messaging, contact lookups).
   - Added tool logging and fallback mechanisms for toolChoice execution.
5. UI & Docs: Updated frontend stores, UI components, and Swagger documentation to align with the new Bot-centric model.
2026-02-04 23:49:50 +08:00

106 lines
3.0 KiB
Go
Raw Blame History

package handlers
import (
"errors"
"log/slog"
"net/http"
"strings"
"time"
"github.com/labstack/echo/v4"
"github.com/memohai/memoh/internal/auth"
"github.com/memohai/memoh/internal/users"
)
type AuthHandler struct {
userService *users.Service
jwtSecret string
expiresIn time.Duration
logger *slog.Logger
}
type LoginRequest struct {
Username string `json:"username"`
Password string `json:"password"`
}
type LoginResponse struct {
AccessToken string `json:"access_token"`
TokenType string `json:"token_type"`
ExpiresAt string `json:"expires_at"`
UserID string `json:"user_id"`
Role string `json:"role"`
DisplayName string `json:"display_name"`
Username string `json:"username"`
}
func NewAuthHandler(log *slog.Logger, userService *users.Service, jwtSecret string, expiresIn time.Duration) *AuthHandler {
return &AuthHandler{
userService: userService,
jwtSecret: jwtSecret,
expiresIn: expiresIn,
logger: log.With(slog.String("handler", "auth")),
}
}
func (h *AuthHandler) Register(e *echo.Echo) {
e.POST("/auth/login", h.Login)
}
// Login godoc
// @Summary Login
// @Description Validate user credentials and issue a JWT
// @Tags auth
// @Param payload body LoginRequest true "Login request"
// @Success 200 {object} LoginResponse
// @Failure 400 {object} ErrorResponse
// @Failure 401 {object} ErrorResponse
// @Failure 500 {object} ErrorResponse
// @Router /auth/login [post]
func (h *AuthHandler) Login(c echo.Context) error {
if h.userService == nil {
return echo.NewHTTPError(http.StatusInternalServerError, "user service not configured")
}
if strings.TrimSpace(h.jwtSecret) == "" {
return echo.NewHTTPError(http.StatusInternalServerError, "jwt secret not configured")
}
if h.expiresIn <= 0 {
return echo.NewHTTPError(http.StatusInternalServerError, "jwt expiry not configured")
}
var req LoginRequest
if err := c.Bind(&req); err != nil {
return echo.NewHTTPError(http.StatusBadRequest, err.Error())
}
req.Username = strings.TrimSpace(req.Username)
if req.Username == "" || strings.TrimSpace(req.Password) == "" {
return echo.NewHTTPError(http.StatusBadRequest, "username and password are required")
}
user, err := h.userService.Login(c.Request().Context(), req.Username, req.Password)
if err != nil {
if errors.Is(err, users.ErrInvalidCredentials) {
return echo.NewHTTPError(http.StatusUnauthorized, "invalid credentials")
}
if errors.Is(err, users.ErrInactiveUser) {
return echo.NewHTTPError(http.StatusUnauthorized, "user is inactive")
}
return echo.NewHTTPError(http.StatusInternalServerError, err.Error())
}
token, expiresAt, err := auth.GenerateToken(user.ID, h.jwtSecret, h.expiresIn)
if err != nil {
return echo.NewHTTPError(http.StatusInternalServerError, err.Error())
}
return c.JSON(http.StatusOK, LoginResponse{
AccessToken: token,
TokenType: "Bearer",
ExpiresAt: expiresAt.Format(time.RFC3339),
UserID: user.ID,
Username: user.Username,
Role: user.Role,
DisplayName: user.DisplayName,
})
}
Reference in New Issue View Git Blame Copy Permalink