From cba9967af0a0b266e13f253e9ae030efef2f8499 Mon Sep 17 00:00:00 2001
From: Asara <amarpreet@minhas.io>
Date: Mon, 20 Jan 2020 13:40:05 -0500
Subject: [PATCH] Add postal backend integration

---
 packages/auth/auth.go       | 113 +++++++++++++++++++++++++++---------
 settings/website.env-sample |   2 +
 2 files changed, 86 insertions(+), 29 deletions(-)

diff --git a/packages/auth/auth.go b/packages/auth/auth.go
index 507bf74..58ad64e 100644
--- a/packages/auth/auth.go
+++ b/packages/auth/auth.go
@@ -1,6 +1,7 @@
 package auth
 
 import (
+	"bytes"
 	"database/sql"
 	"encoding/json"
 	"fmt"
@@ -12,6 +13,7 @@ import (
 	"github.com/go-chi/jwtauth"
 	"github.com/go-chi/render"
 	"golang.org/x/crypto/bcrypt"
+	"io/ioutil"
 	"net/http"
 	"os"
 	"strings"
@@ -25,26 +27,27 @@ var (
 	PostalEnabled bool
 	PostalKey     string
 	PostalAPI     string
+	PostalEmail   string
 )
 
 func Init() {
 	if postal_key, ok := os.LookupEnv("POSTAL_KEY"); ok {
 		if postal_api, ok := os.LookupEnv("POSTAL_API"); ok {
-			if email_auth, ok := os.LookupEnv("EMAIL_SECRET"); ok {
-				EmailAuth = jwtauth.New("HS256", []byte(os.Getenv(email_auth)), nil)
-				PostalKey = postal_key
-				PostalAPI = postal_api
-				PostalEnabled = true
+			if email_src, ok := os.LookupEnv("POSTAL_SRC_EMAIL"); ok {
+				if email_auth, ok := os.LookupEnv("EMAIL_SECRET"); ok {
+					EmailAuth = jwtauth.New("HS256", []byte(os.Getenv(email_auth)), nil)
+					PostalKey = postal_key
+					PostalAPI = postal_api
+					PostalEmail = email_src
+					PostalEnabled = true
+					fmt.Println("Postal Enabled")
+				}
 			}
 		}
 	}
 }
 
-type ReturnError struct {
-	Message string `json:"error"`
-}
-
-type ReturnSuccess struct {
+type ReturnMessage struct {
 	Message string `json:"msg"`
 }
 
@@ -68,6 +71,13 @@ type JWT struct {
 	JWT string `json:"jwt"`
 }
 
+type ComposedEmail struct {
+	To         [1]string `json:"to"`
+	From       string    `json:"from"`
+	Subject    string    `json:"subject"`
+	Plain_body string    `json:"plain_body"`
+}
+
 func Routes() *chi.Mux {
 	r := chi.NewRouter()
 	r.Post("/signin", signin)
@@ -81,40 +91,39 @@ func Routes() *chi.Mux {
 }
 
 func register(w http.ResponseWriter, r *http.Request) {
-	returnError := ReturnError{}
-	returnSuccess := ReturnSuccess{}
+	returnMessage := ReturnMessage{}
 	creds := &SignUpCredentials{}
 	err := json.NewDecoder(r.Body).Decode(creds)
 	if err != nil {
 		fmt.Println(err)
 		w.WriteHeader(http.StatusInternalServerError)
-		returnError.Message = "unexpected error. please contact the administrator"
-		render.JSON(w, r, returnError)
+		returnMessage.Message = "unexpected error. please contact the administrator"
+		render.JSON(w, r, returnMessage)
 		return
 	}
 	if creds.Username == "" {
-		returnError.Message = "username is required"
+		returnMessage.Message = "username is required"
 		w.WriteHeader(http.StatusBadRequest)
-		render.JSON(w, r, returnError)
+		render.JSON(w, r, returnMessage)
 		return
 	}
 	if creds.Password == "" {
-		returnError.Message = "password is required"
+		returnMessage.Message = "password is required"
 		w.WriteHeader(http.StatusBadRequest)
-		render.JSON(w, r, returnError)
+		render.JSON(w, r, returnMessage)
 		return
 	}
 	if creds.Email == "" {
-		returnError.Message = "email is required"
+		returnMessage.Message = "email is required"
 		w.WriteHeader(http.StatusBadRequest)
-		render.JSON(w, r, returnError)
+		render.JSON(w, r, returnMessage)
 		return
 	}
 	err = checkmail.ValidateFormat(creds.Email)
 	if err != nil {
-		returnError.Message = "email not valid"
+		returnMessage.Message = "email not valid"
 		w.WriteHeader(http.StatusBadRequest)
-		render.JSON(w, r, returnError)
+		render.JSON(w, r, returnMessage)
 		return
 	}
 
@@ -123,9 +132,9 @@ func register(w http.ResponseWriter, r *http.Request) {
           VALUES ($1, $2, $3, $4, $5)`
 	if _, err = DB.Exec(s, creds.Username, creds.Email, string(hashedPassword), false, false); err != nil {
 		fmt.Println(err)
-		returnError.Message = "unexpected error. please contact the administrator"
+		returnMessage.Message = "unexpected error. please contact the administrator"
 		w.WriteHeader(http.StatusInternalServerError)
-		render.JSON(w, r, returnError)
+		render.JSON(w, r, returnMessage)
 		return
 	}
 	users.CreateProfile(creds.Username, creds.Email)
@@ -138,17 +147,21 @@ func register(w http.ResponseWriter, r *http.Request) {
 	}
 	if PostalEnabled {
 		_, emailToken, _ := EmailAuth.Encode(claims)
+		returnMessage, ok := sendEmailToken(w, emailToken, creds.Username, creds.Email)
+		if !ok {
+			w.WriteHeader(http.StatusInternalServerError)
+			render.JSON(w, r, returnMessage)
+			return
+		}
 		w.WriteHeader(http.StatusCreated)
-		//returnSuccess.Message = "User added. Please check your email for a verification link"
-		returnSuccess.Message = emailToken
-		render.JSON(w, r, returnSuccess)
+		render.JSON(w, r, returnMessage)
 		return
 	}
 	_, tokenString, _ := TokenAuth.Encode(claims)
 	setCookies(w, tokenString, expirationTime)
 	w.WriteHeader(http.StatusCreated)
-	returnSuccess.Message = "User created! Welcome to the site!"
-	render.JSON(w, r, returnSuccess)
+	returnMessage.Message = "User created! Welcome to the site!"
+	render.JSON(w, r, returnMessage)
 	return
 }
 
@@ -210,3 +223,45 @@ func setCookies(w http.ResponseWriter, jwt string, expiration time.Time) string
 	http.SetCookie(w, &signatureCookie)
 	return strings.Join(splitToken[:2], ".")
 }
+
+func sendEmailToken(w http.ResponseWriter, token string, name string, email string) (returnMessage ReturnMessage, ok bool) {
+	header := "Thanks for joining sudoscientist, " + name + "!"
+	body := "\n\nPlease click the following link to verify your email: "
+	link := os.Getenv("WEB_ADDR") + "/v1/api/auth/verify/" + token
+	email_array := [1]string{email}
+	composed_email := ComposedEmail{
+		To:         email_array,
+		From:       PostalEmail,
+		Subject:    "sudoscientist: Please confirm your e-mail address",
+		Plain_body: header + body + link,
+	}
+	postal_req, err := json.Marshal(&composed_email)
+	if err != nil {
+		fmt.Println(err)
+		returnMessage.Message = "unexpected error. your account may be in limbo. please contact the administrator"
+		ok = false
+		return returnMessage, ok
+	}
+	req, err := http.NewRequest("POST", fmt.Sprintf("%s/api/v1/send/message", PostalAPI), bytes.NewBuffer(postal_req))
+	req.Header.Set("Content-Type", "application/json")
+	req.Header.Set("X-Server-API-Key", PostalKey)
+	if err != nil {
+		fmt.Println(err)
+		returnMessage.Message = "unexpected error. your account may be in limbo. please contact the administrator"
+		ok = false
+		return returnMessage, ok
+	}
+	client := &http.Client{}
+	resp, err := client.Do(req)
+	if err != nil {
+		fmt.Println(err)
+		returnMessage.Message = "unexpected error. your account may be in limbo. please contact the administrator"
+		ok = false
+		return returnMessage, ok
+	}
+	defer resp.Body.Close()
+	respbody, _ := ioutil.ReadAll(resp.Body)
+	returnMessage.Message = "verification email sent"
+	ok = true
+	return returnMessage, ok
+}
diff --git a/settings/website.env-sample b/settings/website.env-sample
index 0f4ab07..e29667e 100644
--- a/settings/website.env-sample
+++ b/settings/website.env-sample
@@ -2,3 +2,5 @@ export API_PORT="8080"
 export EMAIL_SECRET="CHANGEMEALSOPLS"
 export JWT_SECRET="CHANGEMEALSO"
 export POSTAL_API="https://POSTAL_URL"
+export POSTAL_SRC_EMAIL="postal-source@domain.com"
+export WEB_ADDR="https://domain.tld"