M_Kececi/bssapp
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
1ced1b16496cce82eb2d774777808e21a5e0a516
bssapp/svc/routes/password_reset.go
MEHMETKECECI eacfacb13b ilk
2026-02-11 17:46:22 +03:00

127 lines
3.5 KiB
Go
Raw Blame History

This file contains invisible Unicode characters
This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
package routes
import (
"bssapp-backend/auth"
"bssapp-backend/internal/auditlog"
"bssapp-backend/internal/security"
"database/sql"
"encoding/json"
"net/http"
"golang.org/x/crypto/bcrypt"
)
func ChangeOwnPasswordHandler(db *sql.DB) http.HandlerFunc {
return func(w http.ResponseWriter, r *http.Request) {
w.Header().Set("Content-Type", "application/json; charset=utf-8")
// --------------------------------------------------
// 1⃣ JWT CLAIMS
// --------------------------------------------------
claims, ok := auth.GetClaimsFromContext(r.Context())
if !ok || claims == nil {
http.Error(w, "unauthorized", http.StatusUnauthorized)
return
}
// --------------------------------------------------
// 2⃣ PAYLOAD
// --------------------------------------------------
var req struct {
CurrentPassword string `json:"current_password"`
NewPassword string `json:"new_password"`
}
if err := json.NewDecoder(r.Body).Decode(&req); err != nil {
http.Error(w, "invalid payload", http.StatusBadRequest)
return
}
if req.CurrentPassword == "" || req.NewPassword == "" {
http.Error(w, "current_password and new_password required", http.StatusBadRequest)
return
}
// --------------------------------------------------
// 3⃣ PASSWORD POLICY
// --------------------------------------------------
if err := security.ValidatePassword(req.NewPassword); err != nil {
http.Error(w, err.Error(), http.StatusUnprocessableEntity)
return
}
// --------------------------------------------------
// 4⃣ MEVCUT HASH ÇEK
// --------------------------------------------------
var currentHash string
err := db.QueryRow(`
SELECT password_hash
FROM mk_dfusr
WHERE id = $1
AND is_active = true
`, claims.ID).Scan(&currentHash)
if err != nil {
http.Error(w, "user not found", http.StatusUnauthorized)
return
}
// --------------------------------------------------
// 5⃣ CURRENT PASSWORD CHECK
// --------------------------------------------------
if bcrypt.CompareHashAndPassword(
[]byte(currentHash),
[]byte(req.CurrentPassword),
) != nil {
http.Error(w, "current password incorrect", http.StatusUnauthorized)
return
}
// --------------------------------------------------
// 6⃣ NEW HASH
// --------------------------------------------------
newHash, err := bcrypt.GenerateFromPassword(
[]byte(req.NewPassword),
bcrypt.DefaultCost,
)
if err != nil {
http.Error(w, "hash error", http.StatusInternalServerError)
return
}
// --------------------------------------------------
// 7⃣ UPDATE (⚠️ force_password_change DEĞİŞMEZ)
// --------------------------------------------------
_, err = db.Exec(`
UPDATE mk_dfusr
SET
password_hash = $1,
password_updated_at = now(),
updated_at = now()
WHERE id = $2
`, string(newHash), claims.ID)
if err != nil {
http.Error(w, "password update failed", http.StatusInternalServerError)
return
}
// --------------------------------------------------
// 8⃣ AUDIT
// --------------------------------------------------
auditlog.Write(auditlog.ActivityLog{
ActionType: "PASSWORD_CHANGED",
ActionCategory: "security",
ActionTarget: claims.Username,
IsSuccess: true,
})
// --------------------------------------------------
// 9⃣ RESPONSE
// --------------------------------------------------
_ = json.NewEncoder(w).Encode(map[string]any{
"success": true,
})
}
}
Reference in New Issue View Git Blame Copy Permalink