more customer
This commit is contained in:
@@ -0,0 +1,119 @@
|
||||
package customerauth
|
||||
|
||||
import (
|
||||
"encoding/json"
|
||||
"errors"
|
||||
"fmt"
|
||||
"os"
|
||||
"path/filepath"
|
||||
"strings"
|
||||
"sync"
|
||||
)
|
||||
|
||||
// ErrEmailExists is returned by Register when the (normalized) email is already
|
||||
// associated with a credential record.
|
||||
var ErrEmailExists = errors.New("customerauth: email already registered")
|
||||
|
||||
// Record is a single stored credential: which profile an email belongs to and
|
||||
// its password hash. It deliberately does not embed any profile data — the
|
||||
// profile grain remains the source of truth for that.
|
||||
type Record struct {
|
||||
Email string `json:"email"`
|
||||
ProfileID uint64 `json:"profileId"`
|
||||
Hash string `json:"hash"`
|
||||
CreatedAt string `json:"createdAt,omitempty"`
|
||||
}
|
||||
|
||||
// CredentialStore is a small email→credential index persisted to a JSON file.
|
||||
// It is the email lookup that the event-sourced profile grains intentionally
|
||||
// lack. Concurrency-safe; writes are atomic (temp file + rename).
|
||||
type CredentialStore struct {
|
||||
mu sync.RWMutex
|
||||
path string
|
||||
byMail map[string]Record // key: normalized email
|
||||
}
|
||||
|
||||
// LoadCredentialStore opens (or initializes) the store backed by path. A
|
||||
// missing file is treated as an empty store; the file is created on first write.
|
||||
func LoadCredentialStore(path string) (*CredentialStore, error) {
|
||||
s := &CredentialStore{path: path, byMail: make(map[string]Record)}
|
||||
data, err := os.ReadFile(path)
|
||||
if err != nil {
|
||||
if errors.Is(err, os.ErrNotExist) {
|
||||
return s, nil
|
||||
}
|
||||
return nil, fmt.Errorf("customerauth: read %s: %w", path, err)
|
||||
}
|
||||
var records []Record
|
||||
if len(data) > 0 {
|
||||
if err := json.Unmarshal(data, &records); err != nil {
|
||||
return nil, fmt.Errorf("customerauth: parse %s: %w", path, err)
|
||||
}
|
||||
}
|
||||
for _, r := range records {
|
||||
s.byMail[NormalizeEmail(r.Email)] = r
|
||||
}
|
||||
return s, nil
|
||||
}
|
||||
|
||||
// NormalizeEmail lower-cases and trims an email for use as a lookup key.
|
||||
func NormalizeEmail(email string) string {
|
||||
return strings.ToLower(strings.TrimSpace(email))
|
||||
}
|
||||
|
||||
// Get returns the record for email and whether it exists.
|
||||
func (s *CredentialStore) Get(email string) (Record, bool) {
|
||||
s.mu.RLock()
|
||||
defer s.mu.RUnlock()
|
||||
r, ok := s.byMail[NormalizeEmail(email)]
|
||||
return r, ok
|
||||
}
|
||||
|
||||
// Register adds a new credential record and persists the store. It returns
|
||||
// ErrEmailExists if the email is already taken.
|
||||
func (s *CredentialStore) Register(email string, profileID uint64, hash, createdAt string) error {
|
||||
key := NormalizeEmail(email)
|
||||
s.mu.Lock()
|
||||
defer s.mu.Unlock()
|
||||
if _, exists := s.byMail[key]; exists {
|
||||
return ErrEmailExists
|
||||
}
|
||||
s.byMail[key] = Record{Email: key, ProfileID: profileID, Hash: hash, CreatedAt: createdAt}
|
||||
return s.persistLocked()
|
||||
}
|
||||
|
||||
// persistLocked writes the whole store to disk atomically. Caller holds s.mu.
|
||||
func (s *CredentialStore) persistLocked() error {
|
||||
records := make([]Record, 0, len(s.byMail))
|
||||
for _, r := range s.byMail {
|
||||
records = append(records, r)
|
||||
}
|
||||
data, err := json.MarshalIndent(records, "", " ")
|
||||
if err != nil {
|
||||
return fmt.Errorf("customerauth: marshal store: %w", err)
|
||||
}
|
||||
if dir := filepath.Dir(s.path); dir != "" {
|
||||
if err := os.MkdirAll(dir, 0o755); err != nil {
|
||||
return fmt.Errorf("customerauth: mkdir %s: %w", dir, err)
|
||||
}
|
||||
}
|
||||
tmp, err := os.CreateTemp(filepath.Dir(s.path), ".credentials-*.tmp")
|
||||
if err != nil {
|
||||
return fmt.Errorf("customerauth: temp file: %w", err)
|
||||
}
|
||||
tmpName := tmp.Name()
|
||||
if _, err := tmp.Write(data); err != nil {
|
||||
tmp.Close()
|
||||
os.Remove(tmpName)
|
||||
return fmt.Errorf("customerauth: write temp: %w", err)
|
||||
}
|
||||
if err := tmp.Close(); err != nil {
|
||||
os.Remove(tmpName)
|
||||
return fmt.Errorf("customerauth: close temp: %w", err)
|
||||
}
|
||||
if err := os.Rename(tmpName, s.path); err != nil {
|
||||
os.Remove(tmpName)
|
||||
return fmt.Errorf("customerauth: rename temp: %w", err)
|
||||
}
|
||||
return nil
|
||||
}
|
||||
Reference in New Issue
Block a user