M_Kececi/bssapp
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
a1ab7508c6f8e6738d5e8e00425cd769dcf800b1
bssapp/svc/routes/password_forgot.go
MEHMETKECECI eacfacb13b ilk
2026-02-11 17:46:22 +03:00

117 lines
2.8 KiB
Go
Raw Blame History

This file contains invisible Unicode characters
This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
package routes
import (
"bssapp-backend/internal/auditlog"
"bssapp-backend/internal/mailer"
"bssapp-backend/internal/security"
"database/sql"
"encoding/json"
"fmt"
"net/http"
"os"
"strings"
"time"
)
func ForgotPasswordHandler(
db *sql.DB,
mailer *mailer.GraphMailer,
) http.HandlerFunc {
type request struct {
Email string `json:"email"`
}
return func(w http.ResponseWriter, r *http.Request) {
w.Header().Set("Content-Type", "application/json; charset=utf-8")
// -------------------------------------------------------
// 1⃣ Request parse (enumeration yok)
// -------------------------------------------------------
var req request
if err := json.NewDecoder(r.Body).Decode(&req); err != nil {
respondOK(w)
return
}
email := strings.TrimSpace(strings.ToLower(req.Email))
if email == "" {
respondOK(w)
return
}
// -------------------------------------------------------
// 2⃣ Aktif kullanıcıyı bul
// -------------------------------------------------------
var userID int64
err := db.QueryRow(`
SELECT id
FROM mk_dfusr
WHERE email = $1
AND is_active = true
`, email).Scan(&userID)
if err != nil {
// ❗ kullanıcı yok → bilgi sızdırma yok
respondOK(w)
return
}
// -------------------------------------------------------
// 3⃣ Reset token üret
// -------------------------------------------------------
plain, hash, err := security.GenerateResetToken()
if err != nil {
respondOK(w)
return
}
expires := time.Now().Add(30 * time.Minute)
// -------------------------------------------------------
// 4⃣ DBye SADECE HASH kaydet
// -------------------------------------------------------
_, _ = db.Exec(`
INSERT INTO dfusr_password_reset (
dfusr_id,
token,
expires_at
)
VALUES ($1, $2, $3)
`, userID, hash, expires)
// -------------------------------------------------------
// 5⃣ Reset URL (PLAIN token)
// -------------------------------------------------------
resetURL := fmt.Sprintf(
"%s/password-reset/%s",
os.Getenv("FRONTEND_URL"),
plain,
)
// -------------------------------------------------------
// 6⃣ Mail gönder (fail olsa bile enumeration yok)
// -------------------------------------------------------
_ = mailer.SendPasswordResetMail(email, resetURL)
// -------------------------------------------------------
// 7⃣ AUDIT LOG
// -------------------------------------------------------
auditlog.Write(auditlog.ActivityLog{
ActionType: "PASSWORD_FORGOT_REQUEST",
ActionCategory: "security",
ActionTarget: email,
IsSuccess: true,
})
respondOK(w)
}
}
func respondOK(w http.ResponseWriter) {
_ = json.NewEncoder(w).Encode(map[string]bool{
"success": true,
})
}
Reference in New Issue View Git Blame Copy Permalink