refactor: ensure we set a cookie, auth header and json response in both login and otp validate

2024-03-14 12:54:41 -04:00 · 2024-03-14 12:54:41 -04:00 · e11340ad2b
parent e380dacced
commit e11340ad2b
2 changed files with 23 additions and 1 deletions
--- a/api/account/account.go
+++ b/api/account/account.go
@ -5,6 +5,7 @@ import (
 	"crypto/ed25519"
 	_ "embed"
 	"net/http"
+	"time"

 	"git.lumeweb.com/LumeWeb/portal/api/swagger"

@ -103,13 +104,22 @@ func (a AccountAPI) login(jc jape.Context) {
 		return
 	}

-	jwt, _, err := a.accounts.LoginPassword(request.Email, request.Password, jc.Request.RemoteAddr)
+	jwt, user, err := a.accounts.LoginPassword(request.Email, request.Password, jc.Request.RemoteAddr)
 	if err != nil {
 		return
 	}

+	http.SetCookie(jc.ResponseWriter, &http.Cookie{
+		Name:     "jwt",
+		Value:    jwt,
+		Expires:  time.Now().Add(24 * time.Hour),
+		HttpOnly: true,
+	})
+	account.SendJWT(jc, jwt)
+
 	jc.Encode(&LoginResponse{
 		Token: jwt,
+		Otp:   user.OTPEnabled && user.OTPVerified,
 	})
 }

@ -199,7 +209,18 @@ func (a AccountAPI) otpValidate(jc jape.Context) {
 		return
 	}

+	http.SetCookie(jc.ResponseWriter, &http.Cookie{
+		Name:     "jwt",
+		Value:    jwt,
+		Expires:  time.Now().Add(24 * time.Hour),
+		HttpOnly: true,
+	})
 	account.SendJWT(jc, jwt)
+
+	jc.Encode(&LoginResponse{
+		Token: jwt,
+		Otp:   false,
+	})
 }

 func (a AccountAPI) otpDisable(jc jape.Context) {
--- a/api/account/messages.go
+++ b/api/account/messages.go
@ -7,6 +7,7 @@ type LoginRequest struct {

 type LoginResponse struct {
 	Token string `json:"token"`
+	Otp   bool   `json:"otp"`
 }

 type RegisterRequest struct {