Kyle Isom
115802cbe2
All import paths updated to git.wntrmute.dev/mc/. Bumps mcdsl to v1.2.0. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
63 lines
1.5 KiB
Go
63 lines
1.5 KiB
Go
package server
|
|
|
|
import (
|
|
"encoding/json"
|
|
"errors"
|
|
"net/http"
|
|
|
|
mcdslauth "git.wntrmute.dev/mc/mcdsl/auth"
|
|
)
|
|
|
|
type loginRequest struct {
|
|
Username string `json:"username"`
|
|
Password string `json:"password"`
|
|
TOTPCode string `json:"totp_code"`
|
|
}
|
|
|
|
type loginResponse struct {
|
|
Token string `json:"token"`
|
|
}
|
|
|
|
func loginHandler(auth *mcdslauth.Authenticator) http.HandlerFunc {
|
|
return func(w http.ResponseWriter, r *http.Request) {
|
|
var req loginRequest
|
|
if err := json.NewDecoder(r.Body).Decode(&req); err != nil {
|
|
writeError(w, http.StatusBadRequest, "invalid request body")
|
|
return
|
|
}
|
|
|
|
token, _, err := auth.Login(req.Username, req.Password, req.TOTPCode)
|
|
if err != nil {
|
|
if errors.Is(err, mcdslauth.ErrInvalidCredentials) {
|
|
writeError(w, http.StatusUnauthorized, "invalid credentials")
|
|
return
|
|
}
|
|
if errors.Is(err, mcdslauth.ErrForbidden) {
|
|
writeError(w, http.StatusForbidden, "access denied by login policy")
|
|
return
|
|
}
|
|
writeError(w, http.StatusServiceUnavailable, "authentication service unavailable")
|
|
return
|
|
}
|
|
|
|
writeJSON(w, http.StatusOK, loginResponse{Token: token})
|
|
}
|
|
}
|
|
|
|
func logoutHandler(auth *mcdslauth.Authenticator) http.HandlerFunc {
|
|
return func(w http.ResponseWriter, r *http.Request) {
|
|
token := extractBearerToken(r)
|
|
if token == "" {
|
|
writeError(w, http.StatusUnauthorized, "authentication required")
|
|
return
|
|
}
|
|
|
|
if err := auth.Logout(token); err != nil {
|
|
writeError(w, http.StatusInternalServerError, "logout failed")
|
|
return
|
|
}
|
|
|
|
w.WriteHeader(http.StatusNoContent)
|
|
}
|
|
}
|