Merge pull request #11 from hammercode-dev/be-02/login-logout

AfandyW · web-flow · commit 24192ecb3256 · 2025-05-22T20:40:42.000+08:00
[BE-02] - Login and Logout
diff --git a/app/middlewares/auth_middleware.go b/app/middlewares/auth_middleware.go
@@ -31,15 +31,24 @@ func (m *Middleware) AuthMiddleware(allowedRole string) domain.MiddlewareFunc {
 				return
 			}
 	
-			// tokenLogoutErr := m.UserRepo.ExpiredToken(request.Context(), *token)
-			// if tokenLogoutErr == nil {
-			// 	utils.Response(domain.HttpResponse{
-			// 		Code:    401,
-			// 		Message: "Token expired",
-			// 		Data:    nil,
-			// 	}, writer)
-			// 	return
-			// }
+			logoutToken, err := m.UserRepo.GetToken(request.Context(), *token)
+			if err != nil {
+				utils.Response(domain.HttpResponse{
+					Code:    401,
+					Message: "Unauthorized",
+					Data:    nil,
+				}, writer)
+				return
+			}
+			if logoutToken.Status == 0 {
+				utils.Response(domain.HttpResponse{
+					Code:    401,
+					Message: "Unauthorized",
+					Data:    nil,
+				}, writer)
+				return
+			}
+
 	
 			user, err := m.UserRepo.FindByEmail(request.Context(), verifyToken.Email)
 			if err != nil {
diff --git a/app/users/delivery/http/logout_users.go b/app/users/delivery/http/logout_users.go
@@ -22,11 +22,8 @@ func (h Handler) Logout(w http.ResponseWriter, r *http.Request) {
 
 	err := h.usecase.Logout(r.Context(), *token)
 	if err != nil {
-		utils.Response(domain.HttpResponse{
-			Code:    500,
-			Message: err.Error(),
-			Data:    nil,
-		}, w)
+		resp := utils.CostumErr(err.Error())
+		utils.Response(resp, w)
 		return
 	}
 
diff --git a/app/users/repository/cleanup_logout_token.go b/app/users/repository/cleanup_logout_token.go
@@ -0,0 +1,17 @@
+package repository
+
+import (
+	"context"
+	"time"
+
+	"github.com/hammer-code/lms-be/domain"
+)
+
+func (repo *repository) CleanupLogoutToken(ctx context.Context) error {
+	token := &domain.LogoutToken{}
+	if err := repo.db.DB(ctx).Delete(token, "expired_at < ?", time.Now()).Error; err != nil {
+		return err
+	}
+
+	return nil
+}
diff --git a/app/users/repository/expired_token.go b/app/users/repository/expired_token.go
diff --git a/app/users/repository/get_token.go b/app/users/repository/get_token.go
@@ -0,0 +1,14 @@
+package repository
+
+import (
+	"context"
+
+	"github.com/hammer-code/lms-be/domain"
+)
+
+func (repo *repository) GetToken(ctx context.Context, token string) (logoutToken domain.LogoutToken, err error) {
+	if err = repo.db.DB(ctx).Find(&logoutToken, "token = ?", token).Error; err != nil {
+		return
+	}
+	return
+}
diff --git a/app/users/repository/logout_users.go b/app/users/repository/logout_users.go
@@ -2,18 +2,13 @@ package repository
 
 import (
 	"context"
-	"github.com/hammer-code/lms-be/domain"
 	"time"
+
+	"github.com/hammer-code/lms-be/domain"
 )
 
 func (repo *repository) LogoutUser(ctx context.Context, token string, expiredAt time.Time) error {
-	err := repo.db.DB(ctx).Create(&domain.LogoutToken{
-		Token:     token,
-		ExpiredAt: expiredAt,
-		CreatedAt: time.Now(),
-	}).Error
-
-	if err != nil {
+	if err := repo.db.DB(ctx).Model(&domain.LogoutToken{}).Where("token = ?", token).Update("status", 0).Error; err != nil {
 		return err
 	}
 
diff --git a/app/users/repository/store_token.go b/app/users/repository/store_token.go
@@ -0,0 +1,24 @@
+package repository
+
+import (
+	"context"
+	"time"
+
+	"github.com/hammer-code/lms-be/domain"
+)
+
+func (repo *repository) StoreToken(ctx context.Context, token string, expiredAt time.Time, uid int) error {
+	err := repo.db.DB(ctx).Create(&domain.LogoutToken{
+		Token:     token,
+		ExpiredAt: expiredAt,
+		CreatedAt: time.Now(),
+		UserId:    uid,
+		Status:    1,
+	}).Error
+
+	if err != nil {
+		return err
+	}
+
+	return nil
+}
diff --git a/app/users/repository/unactivate_token.go b/app/users/repository/unactivate_token.go
@@ -0,0 +1,15 @@
+package repository
+
+import (
+	"context"
+
+	"github.com/hammer-code/lms-be/domain"
+)
+
+func (repo *repository) UnactivateTokenByUser(ctx context.Context, uid int) error {
+	if err := repo.db.DB(ctx).Model(&domain.LogoutToken{}).Where("user_id = ? AND status = 1", uid).Update("status", 0).Error; err != nil {
+		return err
+	}
+
+	return nil
+}
diff --git a/app/users/usecase/forgot_password.go b/app/users/usecase/forgot_password.go
@@ -28,7 +28,7 @@ func (us *usecase) ForgotPassword(ctx context.Context, emailForgot domain.Forgot
 		return
 	}
 
-	resetToken, err := us.jwt.GenerateAccessToken(ctx, &user, 30)
+	resetToken, _, err := us.jwt.GenerateAccessToken(ctx, &user, 30)
 	if err != nil {
 		logrus.Error("us.ForgotPassword: failed to generate token", err)
 		return
diff --git a/app/users/usecase/login_users.go b/app/users/usecase/login_users.go
@@ -2,6 +2,7 @@ package usecase
 
 import (
 	"context"
+
 	"github.com/hammer-code/lms-be/domain"
 	"github.com/sirupsen/logrus"
 	"golang.org/x/crypto/bcrypt"
@@ -14,24 +15,37 @@ func (us *usecase) Login(ctx context.Context, userReq domain.Login) (user domain
 			logrus.Error("us.LoginUser: failed to login", err)
 			return err
 		}
-		return nil
-	})
+	
+		if err = bcrypt.CompareHashAndPassword([]byte(user.Password), []byte(userReq.Password)); err != nil {
+			logrus.Error("us.Login: invalid password")
+			return err
+		}
+	
+		
+		tokenPtr, expiredTime, err := us.jwt.GenerateAccessToken(ctx, &user, 60)
+		token = *tokenPtr
+		
+		if err != nil {
+			logrus.Error("us.Login: failed to login. ", err)
+			return err
+		}
 
-	if err = bcrypt.CompareHashAndPassword([]byte(user.Password), []byte(userReq.Password)); err != nil {
-		logrus.Error("us.Login: invalid password")
-		return
-	}
+		if err = us.userRepo.UnactivateTokenByUser(ctx, user.ID); err != nil {
+			logrus.Error("us.Login: failed to login. ", err)
+			return err
+		}
+		if err = us.userRepo.StoreToken(ctx, token, expiredTime, user.ID); err != nil {
+			logrus.Error("us.Login: failed to login. ", err)
+			return err
+		}
 
-	if err != nil {
-		logrus.Error("us.Login: failed to login. ", err)
-		return
-	}
+		return nil
+	})
 
-	signToken, err := us.jwt.GenerateAccessToken(ctx, &user, 60)
 	if err != nil {
 		logrus.Error("us.Login: failed to login. ", err)
 		return
 	}
 
-	return user, *signToken, nil
+	return user, token, nil
 }
diff --git a/database/migration/20250522034141_table_add_status_and_userid_to_logout.sql b/database/migration/20250522034141_table_add_status_and_userid_to_logout.sql
@@ -0,0 +1,24 @@
+-- +goose Up
+-- +goose StatementBegin
+ALTER TABLE public.logout
+ADD COLUMN status smallint DEFAULT 1,
+ADD COLUMN user_id int8;
+
+ALTER TABLE public.logout
+ADD CONSTRAINT fk_logout_user FOREIGN KEY (user_id) REFERENCES public.users(id) ON DELETE SET NULL;
+
+ALTER TABLE public.logout
+ADD CONSTRAINT chk_logout_status CHECK (status IN (0, 1));
+-- +goose StatementEnd
+
+-- +goose Down
+-- +goose StatementBegin
+ALTER TABLE public.logout
+DROP CONSTRAINT IF EXISTS fk_logout_user;
+ALTER TABLE public.logout
+DROP CONSTRAINT IF EXISTS chk_logout_status;
+
+ALTER TABLE public.logout
+DROP COLUMN IF EXISTS user_id,
+DROP COLUMN IF EXISTS status;
+-- +goose StatementEnd
diff --git a/domain/logout_token.go b/domain/logout_token.go
@@ -8,6 +8,9 @@ type (
 		Token     string    `gorm:"type:varchar(255);not null;unique" json:"token"`
 		ExpiredAt time.Time `json:"expired_at"`
 		CreatedAt time.Time `json:"created_at"`
+		Status 	  int 		`json:"status"`
+		UserId 	  int 		`json:"user_id"`
+
 	}
 )
 
diff --git a/domain/user.go b/domain/user.go
@@ -15,10 +15,13 @@ type (
 		UpdateProfileUser(ctx context.Context, userReq UserUpdateProfile, id int) error
 		DeleteUser(ctx context.Context, id int8) error
 		LogoutUser(ctx context.Context, token string, expiredAt time.Time) error
-		ExpiredToken(ctx context.Context, token string) error
+		CleanupLogoutToken(ctx context.Context) error
 		GetUsersGenericConditions(ctx context.Context, filter GetUserBy) (users []User, err error)
 		ResetPassword(ctx context.Context, email, password, token string) error
 		ForgotPassword(ctx context.Context, token string, expiredAt time.Time, user User) error
+		StoreToken(ctx context.Context, token string, expiredAt time.Time, uid int) error
+		UnactivateTokenByUser(ctx context.Context, uid int) error
+		GetToken(ctx context.Context, token string) (logoutToken LogoutToken, err error)
 	}
 	UserUsecase interface {
 		GetUsers(ctx context.Context) (users []User, err error)
diff --git a/pkg/jwt/generate_token.go b/pkg/jwt/generate_token.go
@@ -9,7 +9,7 @@ import (
 )
 
 // JwtCustomClaims represents the custom claims for JWT with durationTime in Minuates
-func (j *jwtConfig) GenerateAccessToken(c context.Context, user *domain.User, durationTokenInMinuates int) (*string, error) {
+func (j *jwtConfig) GenerateAccessToken(c context.Context, user *domain.User, durationTokenInMinuates int) (*string, time.Time, error) {
 	expiredTime := time.Now().Local().Add(time.Duration(durationTokenInMinuates) * time.Minute)
 
 	claims := JwtCustomClaims{
@@ -24,8 +24,8 @@ func (j *jwtConfig) GenerateAccessToken(c context.Context, user *domain.User, du
 
 	token := jwt.NewWithClaims(jwt.SigningMethodHS256, claims)
 	if encodedToken, err := token.SignedString([]byte(j.SecretKey)); err != nil {
-		return nil, err
+		return nil, time.Time{}, err
 	} else {
-		return &encodedToken, err
+		return &encodedToken, expiredTime, err
 	}
 }
diff --git a/pkg/jwt/jwt.go b/pkg/jwt/jwt.go
@@ -2,6 +2,7 @@ package jwt
 
 import (
 	"context"
+	"time"
 
 	"github.com/golang-jwt/jwt/v5"
 	"github.com/hammer-code/lms-be/domain"
@@ -22,7 +23,7 @@ type (
 
 	JWT interface {
 		//GenerateAccessToken generates a new access token for the user with the given expiration time in minutes
-		GenerateAccessToken(c context.Context, user *domain.User, expiredTimeInMinuate int) (*string, error)
+		GenerateAccessToken(c context.Context, user *domain.User, expiredTimeInMinuate int) (*string, time.Time, error)
 		VerifyToken(token string) (*JwtCustomClaims, error)
 	}
 )
@@ -31,4 +32,4 @@ func NewJwt(secretKey string) JWT {
 	return &jwtConfig{
 		SecretKey: secretKey,
 	}
-}
+}
diff --git a/utils/costum_error.go b/utils/costum_error.go
@@ -19,7 +19,12 @@ func CheckError(err, sub, message string, code int) (domain.HttpResponse, bool)
 
 func CostumErr(err string) domain.HttpResponse {
 
-	resp, ok := CheckError(err, "duplicate", "User already exist", 400)
+	resp, ok := CheckError(err, "\"uni_users_email\" (SQLSTATE 23505)", "User already exist", 400)
+	if ok {
+		return resp
+	}
+
+	resp, ok = CheckError(err, "\"uni_logout_token\" (SQLSTATE 23505)", "You have already logged out.", 400)
 	if ok {
 		return resp
 	}

Original file line number	Diff line number	Diff line change
`@@ -28,7 +28,7 @@ func (us *usecase) ForgotPassword(ctx context.Context, emailForgot domain.Forgot`
`28`	`28`	`return`
`29`	`29`	`}`
`30`	`30`
`31`		`- resetToken, err := us.jwt.GenerateAccessToken(ctx, &user, 30)`
	`31`	`+ resetToken, _, err := us.jwt.GenerateAccessToken(ctx, &user, 30)`
`32`	`32`	`if err != nil {`
`33`	`33`	`logrus.Error("us.ForgotPassword: failed to generate token", err)`
`34`	`34`	`return`