M_Kececi/bssapp
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
a514f4dcfa75a2efcc96f73970f5b3480ac8d6d3
bssapp/svc/routes/password_forgot.go
MEHMETKECECI eacfacb13b ilk
2026-02-11 17:46:22 +03:00

117 lines
2.8 KiB
Go
Raw Blame History

This file contains invisible Unicode characters
This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
package routes
import (
"bssapp-backend/internal/auditlog"
"bssapp-backend/internal/mailer"
"bssapp-backend/internal/security"
"database/sql"
"encoding/json"
"fmt"
"net/http"
"os"
"strings"
"time"
)
func ForgotPasswordHandler(
db *sql.DB,
mailer *mailer.GraphMailer,
) http.HandlerFunc {
type request struct {
Email string `json:"email"`
}
return func(w http.ResponseWriter, r *http.Request) {
w.Header().Set("Content-Type", "application/json; charset=utf-8")
// -------------------------------------------------------
// 1⃣ Request parse (enumeration yok)
// -------------------------------------------------------
var req request
if err := json.NewDecoder(r.Body).Decode(&req); err != nil {
respondOK(w)
return
}
email := strings.TrimSpace(strings.ToLower(req.Email))
if email == "" {
respondOK(w)
return
}
// -------------------------------------------------------
// 2⃣ Aktif kullanıcıyı bul
// -------------------------------------------------------
var userID int64
err := db.QueryRow(`
SELECT id
FROM mk_dfusr
WHERE email = $1
AND is_active = true
`, email).Scan(&userID)
if err != nil {
// ❗ kullanıcı yok → bilgi sızdırma yok
respondOK(w)
return
}
// -------------------------------------------------------
// 3⃣ Reset token üret
// -------------------------------------------------------
plain, hash, err := security.GenerateResetToken()
if err != nil {
respondOK(w)
return
}
expires := time.Now().Add(30 * time.Minute)
// -------------------------------------------------------
// 4⃣ DBye SADECE HASH kaydet
// -------------------------------------------------------
_, _ = db.Exec(`
INSERT INTO dfusr_password_reset (
dfusr_id,
token,
expires_at
)
VALUES ($1, $2, $3)
`, userID, hash, expires)
// -------------------------------------------------------
// 5⃣ Reset URL (PLAIN token)
// -------------------------------------------------------
resetURL := fmt.Sprintf(
"%s/password-reset/%s",
os.Getenv("FRONTEND_URL"),
plain,
)
// -------------------------------------------------------
// 6⃣ Mail gönder (fail olsa bile enumeration yok)
// -------------------------------------------------------
_ = mailer.SendPasswordResetMail(email, resetURL)
// -------------------------------------------------------
// 7⃣ AUDIT LOG
// -------------------------------------------------------
auditlog.Write(auditlog.ActivityLog{
ActionType: "PASSWORD_FORGOT_REQUEST",
ActionCategory: "security",
ActionTarget: email,
IsSuccess: true,
})
respondOK(w)
}
}
func respondOK(w http.ResponseWriter) {
_ = json.NewEncoder(w).Encode(map[string]bool{
"success": true,
})
}
Reference in New Issue View Git Blame Copy Permalink