M_Kececi/bssapp
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
76e7ca2e4a6b5dd0ff2b55de9d132851def9883b
bssapp/svc/routes/admin_reset_password.go
M_Kececi 0136e6638b Merge remote-tracking branch 'origin/master'
2026-02-19 01:34:56 +03:00

123 lines
3.2 KiB
Go
Raw Blame History

This file contains invisible Unicode characters
This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
package routes
import (
"bssapp-backend/auth"
"bssapp-backend/internal/auditlog"
"bssapp-backend/repository"
"database/sql"
"encoding/json"
"github.com/gorilla/mux"
"golang.org/x/crypto/bcrypt"
"net/http"
"strconv"
)
type AdminResetPasswordRequest struct {
Password string `json:"password"` // opsiyonel
}
func AdminResetPasswordHandler(db *sql.DB) http.HandlerFunc {
return func(w http.ResponseWriter, r *http.Request) {
w.Header().Set("Content-Type", "application/json; charset=utf-8")
claims, ok := auth.GetClaimsFromContext(r.Context())
if !ok || claims == nil {
http.Error(w, "unauthorized", http.StatusUnauthorized)
return
}
// ---------------------------------------------------
// 1⃣ USER ID
// ---------------------------------------------------
idStr := mux.Vars(r)["id"]
userID, err := strconv.ParseInt(idStr, 10, 64)
if err != nil || userID <= 0 {
http.Error(w, "invalid user id", http.StatusBadRequest)
return
}
// ---------------------------------------------------
// 2⃣ PAYLOAD (opsiyonel)
// ---------------------------------------------------
var req AdminResetPasswordRequest
_ = json.NewDecoder(r.Body).Decode(&req)
// parola verilmediyse backend üretir
password := req.Password
if password == "" {
password = "Temp123!" // 👉 istersek random generator ekleriz
}
// ---------------------------------------------------
// 3⃣ HASH
// ---------------------------------------------------
hash, err := bcrypt.GenerateFromPassword(
[]byte(password),
bcrypt.DefaultCost,
)
if err != nil {
http.Error(w, "password hash error", http.StatusInternalServerError)
return
}
// ---------------------------------------------------
// 4⃣ UPDATE mk_dfusr
// ---------------------------------------------------
res, err := db.Exec(`
UPDATE mk_dfusr
SET
password_hash = $1,
force_password_change = true,
password_updated_at = NOW(),
updated_at = NOW()
WHERE id = $2
`, string(hash), userID)
if err != nil {
http.Error(w, "password reset failed", http.StatusInternalServerError)
return
}
affected, _ := res.RowsAffected()
if affected == 0 {
_, err = db.Exec(`
UPDATE dfusr
SET
upass = $1,
force_password_change = true,
last_updated_date = NOW()
WHERE id = $2
AND is_active = true
`, string(hash), userID)
if err != nil {
http.Error(w, "legacy password reset failed", http.StatusInternalServerError)
return
}
}
// ---------------------------------------------------
// 5⃣ REFRESH TOKEN REVOKE
// ---------------------------------------------------
_ = repository.
NewRefreshTokenRepository(db).
RevokeAllForUser(userID)
// ---------------------------------------------------
// 6⃣ AUDIT
// ---------------------------------------------------
auditlog.Write(auditlog.ActivityLog{
ActionType: "ADMIN_PASSWORD_RESET",
ActionCategory: "security",
ActionTarget: "mk_dfusr.id",
IsSuccess: true,
})
// ---------------------------------------------------
// 7⃣ RESPONSE
// ---------------------------------------------------
_ = json.NewEncoder(w).Encode(map[string]any{
"success": true,
})
}
}
Reference in New Issue View Git Blame Copy Permalink