feat: add support for magic link login (#65)

* feat: add support for magic link login * update readme
2021-11-12 05:22:03 +05:30
parent 4269e2242c
commit 0305a719db
12 changed files with 316 additions and 4 deletions
--- a/server/resolvers/magicLogin.go
+++ b/server/resolvers/magicLogin.go
@@ -0,0 +1,122 @@
+package resolvers
+
+import (
+	"context"
+	"fmt"
+	"log"
+	"strings"
+	"time"
+
+	"github.com/authorizerdev/authorizer/server/constants"
+	"github.com/authorizerdev/authorizer/server/db"
+	"github.com/authorizerdev/authorizer/server/enum"
+	"github.com/authorizerdev/authorizer/server/graph/model"
+	"github.com/authorizerdev/authorizer/server/utils"
+)
+
+func MagicLogin(ctx context.Context, params model.MagicLoginInput) (*model.Response, error) {
+	var res *model.Response
+
+	if constants.DISABLE_MAGIC_LOGIN == "true" {
+		return res, fmt.Errorf(`magic link login is disabled for this instance`)
+	}
+
+	params.Email = strings.ToLower(params.Email)
+
+	if !utils.IsValidEmail(params.Email) {
+		return res, fmt.Errorf(`invalid email address`)
+	}
+
+	inputRoles := []string{}
+
+	user := db.User{
+		Email: params.Email,
+	}
+
+	// find user with email
+	existingUser, err := db.Mgr.GetUserByEmail(params.Email)
+	if err != nil {
+		user.SignupMethod = enum.MagicLink.String()
+		// define roles for new user
+		if len(params.Roles) > 0 {
+			// check if roles exists
+			if !utils.IsValidRoles(constants.ROLES, params.Roles) {
+				return res, fmt.Errorf(`invalid roles`)
+			} else {
+				inputRoles = params.Roles
+			}
+		} else {
+			inputRoles = constants.DEFAULT_ROLES
+		}
+
+		user.Roles = strings.Join(inputRoles, ",")
+	} else {
+		user = existingUser
+		// There multiple scenarios with roles here in magic link login
+		// 1. user has access to protected roles + roles and trying to login
+		// 2. user has not signed up for one of the available role but trying to signup.
+		// 		Need to modify roles in this case
+
+		// find the unassigned roles
+		existingRoles := strings.Split(existingUser.Roles, ",")
+		unasignedRoles := []string{}
+		for _, ir := range inputRoles {
+			if !utils.StringSliceContains(existingRoles, ir) {
+				unasignedRoles = append(unasignedRoles, ir)
+			}
+		}
+
+		if len(unasignedRoles) > 0 {
+			// check if it contains protected unassigned role
+			hasProtectedRole := false
+			for _, ur := range unasignedRoles {
+				if utils.StringSliceContains(constants.PROTECTED_ROLES, ur) {
+					hasProtectedRole = true
+				}
+			}
+
+			if hasProtectedRole {
+				return res, fmt.Errorf(`invalid roles`)
+			} else {
+				user.Roles = existingUser.Roles + "," + strings.Join(unasignedRoles, ",")
+			}
+		} else {
+			user.Roles = existingUser.Roles
+		}
+
+		signupMethod := existingUser.SignupMethod
+		if !strings.Contains(signupMethod, enum.MagicLink.String()) {
+			signupMethod = signupMethod + "," + enum.MagicLink.String()
+		}
+
+		user.SignupMethod = signupMethod
+	}
+
+	user, _ = db.Mgr.SaveUser(user)
+
+	if constants.DISABLE_EMAIL_VERIFICATION != "true" {
+		// insert verification request
+		verificationType := enum.MagicLink.String()
+		token, err := utils.CreateVerificationToken(params.Email, verificationType)
+		if err != nil {
+			log.Println(`Error generating token`, err)
+		}
+		db.Mgr.AddVerification(db.VerificationRequest{
+			Token:      token,
+			Identifier: verificationType,
+			ExpiresAt:  time.Now().Add(time.Minute * 30).Unix(),
+			Email:      params.Email,
+		})
+
+		// exec it as go routin so that we can reduce the api latency
+		go func() {
+			utils.SendVerificationMail(params.Email, token)
+		}()
+	}
+
+	res = &model.Response{
+		Message: `Verification request has been sent. Please check your inbox!`,
+	}
+
+	return res, nil
+}