go-urlsh/internal/web/multifactor-remove.go

50 lines
1.3 KiB
Go
Raw Normal View History

package web
import (
"log"
"net/http"
"code.lila.network/adoralaura/go-urlsh/internal/constants"
"code.lila.network/adoralaura/go-urlsh/internal/db"
"code.lila.network/adoralaura/go-urlsh/internal/misc"
"github.com/gofiber/fiber/v2"
)
// HandleAdminAccountMFARemove is a DELETE endpoint that handles the deletion
// of the logged in users MFA configuration.
//
// Returns HTTP 401 if no valid user cookie, HTTP 400 if no MFA is configured for the user,
// HTTP 500 if a DB error happened or HTTP 204 if the deletion request succeeded.
func HandleAdminAccountMFARemove(c *fiber.Ctx) error {
if !db.IsCookieValid(c.Cookies(constants.LoginCookieName, "")) {
c.Status(http.StatusUnauthorized)
return nil
}
user, err := db.GetUserFromCookie(c.Cookies(constants.LoginCookieName))
if err != nil {
log.Println(err)
return fiber.NewError(fiber.StatusInternalServerError, "500 Internal Server Error")
}
hasMfa, err := db.UserHasMFA(user)
if err != nil {
log.Println(err)
return fiber.NewError(fiber.StatusInternalServerError, "500 Internal Server Error")
}
if !hasMfa {
return misc.New400Error()
}
err = db.RemoveMFAFromDB(user)
if err != nil {
log.Println(err)
return fiber.NewError(fiber.StatusInternalServerError, "500 Internal Server Error")
}
c.Status(fiber.StatusNoContent)
return nil
}