33 lines
885 B
Go
33 lines
885 B
Go
package usecase
|
|
|
|
import (
|
|
"context"
|
|
"errors"
|
|
"strings"
|
|
"time"
|
|
|
|
"golang.org/x/crypto/bcrypt"
|
|
)
|
|
|
|
// Login validates credentials using username or email and returns a signed JWT.
|
|
func (s *Service) Login(ctx context.Context, identifier, password string) (string, time.Time, error) {
|
|
if strings.TrimSpace(identifier) == "" {
|
|
return "", time.Time{}, errors.New("identifier is required")
|
|
}
|
|
|
|
// Try fetching by username first
|
|
user, err := s.repo.GetUserByUsername(ctx, identifier)
|
|
if err != nil {
|
|
// Try fetching by email
|
|
user, err = s.repo.GetUserByEmail(ctx, identifier)
|
|
if err != nil {
|
|
return "", time.Time{}, errors.New("invalid credentials")
|
|
}
|
|
}
|
|
|
|
if err := bcrypt.CompareHashAndPassword([]byte(user.PasswordHash), []byte(s.pepperPassword(password))); err != nil {
|
|
return "", time.Time{}, errors.New("invalid credentials")
|
|
}
|
|
|
|
return s.issueAccessToken(user)
|
|
}
|