diff --git a/svc/main.go b/svc/main.go index 95301da..d754445 100644 --- a/svc/main.go +++ b/svc/main.go @@ -207,6 +207,23 @@ func InitRoutes(pgDB *sql.DB, mssql *sql.DB, ml *mailer.GraphMailer) *mux.Router routes.AuthRefreshHandler(pgDB), ) + // Password reset flow (public) + bindV3(r, pgDB, + "/api/password/forgot", "POST", + "auth", "update", + routes.ForgotPasswordHandler(pgDB, ml), + ) + bindV3(r, pgDB, + "/api/password/reset/validate/{token}", "GET", + "auth", "view", + routes.ValidatePasswordResetTokenHandler(pgDB), + ) + bindV3(r, pgDB, + "/api/password/reset", "POST", + "auth", "update", + routes.CompletePasswordResetHandler(pgDB), + ) + // ============================================================ // SYSTEM // ============================================================ diff --git a/svc/routes/password_forgot.go b/svc/routes/password_forgot.go index d6ec04a..53e8583 100644 --- a/svc/routes/password_forgot.go +++ b/svc/routes/password_forgot.go @@ -73,7 +73,7 @@ func ForgotPasswordHandler( _, _ = db.Exec(` INSERT INTO dfusr_password_reset ( dfusr_id, - token, + token_hash, expires_at ) VALUES ($1, $2, $3) diff --git a/svc/routes/password_reset_complete.go b/svc/routes/password_reset_complete.go index bdcab3a..051faed 100644 --- a/svc/routes/password_reset_complete.go +++ b/svc/routes/password_reset_complete.go @@ -43,9 +43,9 @@ func CompletePasswordResetHandler(db *sql.DB) http.HandlerFunc { var expiresAt time.Time err := db.QueryRow(` - SELECT mk_dfusr_id, expires_at - FROM mk_dfusr_password_reset - WHERE token = $1 + SELECT dfusr_id, expires_at + FROM dfusr_password_reset + WHERE token_hash = $1 AND used_at IS NULL `, tokenHash).Scan(&userID, &expiresAt) @@ -84,9 +84,10 @@ func CompletePasswordResetHandler(db *sql.DB) http.HandlerFunc { // token tüket if _, err := tx.Exec(` - UPDATE mk_dfusr_password_reset + UPDATE dfusr_password_reset SET used_at = now() - WHERE token = $1 + WHERE token_hash = $1 + AND used_at IS NULL `, tokenHash); err != nil { http.Error(w, "token update failed", http.StatusInternalServerError) return diff --git a/svc/routes/password_reset_validate.go b/svc/routes/password_reset_validate.go index 9c50ead..f4531c9 100644 --- a/svc/routes/password_reset_validate.go +++ b/svc/routes/password_reset_validate.go @@ -1,9 +1,8 @@ package routes import ( - "crypto/sha256" + "bssapp-backend/internal/security" "database/sql" - "encoding/hex" "net/http" "time" @@ -21,8 +20,7 @@ func ValidatePasswordResetTokenHandler(db *sql.DB) http.HandlerFunc { } // 🔐 plain token -> hash - h := sha256.Sum256([]byte(token)) - tokenHash := hex.EncodeToString(h[:]) + tokenHash := security.HashToken(token) var ( userID int64 @@ -31,8 +29,8 @@ func ValidatePasswordResetTokenHandler(db *sql.DB) http.HandlerFunc { ) err := db.QueryRow(` - SELECT user_id, expires_at, used_at - FROM password_reset_tokens + SELECT dfusr_id, expires_at, used_at + FROM dfusr_password_reset WHERE token_hash = $1 LIMIT 1 `, tokenHash).Scan(&userID, &expiresAt, &usedAt) diff --git a/svc/routes/user_detail.go b/svc/routes/user_detail.go index 675c64e..c2ae7c0 100644 --- a/svc/routes/user_detail.go +++ b/svc/routes/user_detail.go @@ -456,7 +456,7 @@ func SendPasswordResetMailHandler( // 💾 DB → SADECE HASH _, _ = db.Exec(` - INSERT INTO dfusr_password_reset (dfusr_id, token, expires_at) + INSERT INTO dfusr_password_reset (dfusr_id, token_hash, expires_at) VALUES ($1,$2,$3) `, userID, hash, expires)