feat: password reset support

2025-03-30 21:28:01 +08:00
parent 128cdcee52
commit f6ac467265
20 changed files with 2598 additions and 1387 deletions
--- a/router/init.go
+++ b/router/init.go
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2022-2023. Gardel <sunxinao@hotmail.com> and contributors
+ * Copyright (C) 2022-2025. Gardel <sunxinao@hotmail.com> and contributors
 *
 * This program is free software: you can redistribute it and/or modify
 * it under the terms of the GNU Affero General Public License as published by
@@ -25,7 +25,7 @@ import (
 	"yggdrasil-go/service"
 )

-func InitRouters(router *gin.Engine, db *gorm.DB, meta *ServerMeta, skinRootUrl string) {
+func InitRouters(router *gin.Engine, db *gorm.DB, meta *ServerMeta, smtpCfg *service.SmtpConfig, skinRootUrl string) {
 	router.Use(cors.New(cors.Config{
 		AllowAllOrigins:  true,
 		AllowMethods:     []string{"GET", "POST", "PUT", "DELETE", "HEAD"},
@@ -36,7 +36,8 @@ func InitRouters(router *gin.Engine, db *gorm.DB, meta *ServerMeta, skinRootUrl
 	}))

 	tokenService := service.NewTokenService()
-	userService := service.NewUserService(tokenService, db)
+	regTokenService := service.NewRegTokenService(smtpCfg)
+	userService := service.NewUserService(tokenService, regTokenService, db)
 	sessionService := service.NewSessionService(tokenService)
 	textureService := service.NewTextureService(tokenService, db)
 	homeRouter := NewHomeRouter(meta)
@@ -46,6 +47,7 @@ func InitRouters(router *gin.Engine, db *gorm.DB, meta *ServerMeta, skinRootUrl

 	router.GET("/", homeRouter.Home)
 	router.HEAD("/", homeRouter.Home)
+	router.GET("/yggdrasil", homeRouter.Home)
 	authserver := router.Group("/authserver")
 	{
 		authserver.POST("/register", userRouter.Register)
@@ -55,6 +57,9 @@ func InitRouters(router *gin.Engine, db *gorm.DB, meta *ServerMeta, skinRootUrl
 		authserver.POST("/validate", userRouter.Validate)
 		authserver.POST("/invalidate", userRouter.Invalidate)
 		authserver.POST("/signout", userRouter.Signout)
+		authserver.POST("/sendEmail", userRouter.SendEmail)
+		authserver.GET("/verifyEmail", userRouter.VerifyEmail)
+		authserver.POST("/resetPassword", userRouter.ResetPassword)
 	}
 	router.GET("/users/profiles/minecraft/:username", userRouter.UsernameToUUID)
 	sessionserver := router.Group("/sessionserver/session/minecraft")
@@ -76,5 +81,8 @@ func InitRouters(router *gin.Engine, db *gorm.DB, meta *ServerMeta, skinRootUrl
 	{
 		minecraftservices.POST("/player/certificates", userRouter.ProfileKey)
 		minecraftservices.GET("/publickeys", homeRouter.PublicKeys)
+		minecraftservices.GET("/minecraft/profile/lookup/:uuid", userRouter.UUIDToUUID)
+		minecraftservices.GET("/minecraft/profile/lookup/name/:username", userRouter.UsernameToUUID)
+		minecraftservices.POST("/minecraft/profile/lookup/bulk/byname", userRouter.QueryUUIDs)
 	}
 }
--- a/router/user_router.go
+++ b/router/user_router.go
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2022. Gardel <sunxinao@hotmail.com> and contributors
+ * Copyright (C) 2022-2025. Gardel <sunxinao@hotmail.com> and contributors
 *
 * This program is free software: you can redistribute it and/or modify
 * it under the terms of the GNU Affero General Public License as published by
@@ -35,9 +35,13 @@ type UserRouter interface {
 	Invalidate(c *gin.Context)
 	Signout(c *gin.Context)
 	UsernameToUUID(c *gin.Context)
+	UUIDToUUID(c *gin.Context)
 	QueryUUIDs(c *gin.Context)
 	QueryProfile(c *gin.Context)
 	ProfileKey(c *gin.Context)
+	SendEmail(c *gin.Context)
+	VerifyEmail(c *gin.Context)
+	ResetPassword(c *gin.Context)
 }

 type userRouterImpl struct {
@@ -109,6 +113,17 @@ type SignoutRequest struct {
 	Password string `json:"password" binding:"required"`
 }

+type SendEmailRequest struct {
+	Email     string `json:"email" binding:"required,email"`
+	EmailType string `json:"emailType" binding:"required"`
+}
+
+type PasswordResetRequest struct {
+	Email       string `json:"email" binding:"required,email"`
+	Password    string `json:"password" binding:"required"`
+	AccessToken string `json:"accessToken" binding:"required"`
+}
+
 func (u *userRouterImpl) Register(c *gin.Context) {
 	request := RegRequest{}
 	err := c.ShouldBindJSON(&request)
@@ -116,7 +131,7 @@ func (u *userRouterImpl) Register(c *gin.Context) {
 		c.AbortWithStatusJSON(http.StatusForbidden, util.NewForbiddenOperationError(err.Error()))
 		return
 	}
-	response, err := u.userService.Register(request.Username, request.Password, request.ProfileName)
+	response, err := u.userService.Register(request.Username, request.Password, request.ProfileName, c.ClientIP())
 	if err != nil {
 		util.HandleError(c, err)
 		return
@@ -228,6 +243,25 @@ func (u *userRouterImpl) UsernameToUUID(c *gin.Context) {
 	}
 }

+func (u *userRouterImpl) UUIDToUUID(c *gin.Context) {
+	profileIdStr := c.Param("uuid")
+	profileId, err := util.ToUUID(profileIdStr)
+	if err != nil {
+		c.AbortWithStatusJSON(http.StatusBadRequest, util.NewIllegalArgumentError(err.Error()))
+		return
+	}
+	response, err := u.userService.UUIDToUUID(profileId)
+	if err != nil {
+		util.HandleError(c, err)
+		return
+	}
+	if response != nil {
+		c.JSON(http.StatusOK, response)
+	} else {
+		c.Status(http.StatusNoContent)
+	}
+}
+
 func (u *userRouterImpl) QueryUUIDs(c *gin.Context) {
 	var request []string
 	err := c.ShouldBindJSON(&request)
@@ -279,3 +313,54 @@ func (u *userRouterImpl) ProfileKey(c *gin.Context) {
 	}
 	c.JSON(http.StatusOK, response)
 }
+
+func (u *userRouterImpl) SendEmail(c *gin.Context) {
+	var request SendEmailRequest
+	err := c.ShouldBindJSON(&request)
+	if err != nil {
+		c.AbortWithStatusJSON(http.StatusForbidden, util.NewForbiddenOperationError(err.Error()))
+		return
+	}
+	var tokenType service.RegTokenType
+	switch request.EmailType {
+	case "register":
+		tokenType = service.RegisterToken
+	case "resetPassword":
+		tokenType = service.ResetPasswordToken
+	}
+	err = u.userService.SendEmail(request.Email, tokenType, c.ClientIP())
+	if err != nil {
+		util.HandleError(c, err)
+		return
+	}
+	c.Status(http.StatusNoContent)
+}
+
+func (u *userRouterImpl) VerifyEmail(c *gin.Context) {
+	token, ok := c.GetQuery("access_token")
+	if !ok {
+		c.AbortWithStatusJSON(http.StatusBadRequest, util.NewIllegalArgumentError("access_token is required"))
+		return
+	}
+	err := u.userService.VerifyEmail(token)
+	if err != nil {
+		util.HandleError(c, err)
+		return
+	}
+	c.Status(http.StatusNoContent)
+}
+
+func (u *userRouterImpl) ResetPassword(c *gin.Context) {
+	var request PasswordResetRequest
+	err := c.ShouldBindJSON(&request)
+	if err != nil {
+		c.AbortWithStatusJSON(http.StatusForbidden, util.NewForbiddenOperationError(err.Error()))
+		return
+	}
+	err = u.userService.ResetPassword(request.Email, request.Password, request.AccessToken)
+	if err != nil {
+		util.HandleError(c, err)
+		return
+	}
+	c.Status(http.StatusNoContent)
+}