Finished password reset workflow. Remove all password tokens upon successful reset.

middleware/auth.go

@@ -2,7 +2,6 @@ package middleware
 
 import (
 	"net/http"
-	"strconv"
 
 	"goweb/auth"
 	"goweb/context"
@@ -35,14 +34,16 @@ func LoadAuthenticatedUser(authClient *auth.Client) echo.MiddlewareFunc {
 func LoadValidPasswordToken(authClient *auth.Client) echo.MiddlewareFunc {
 	return func(next echo.HandlerFunc) echo.HandlerFunc {
 		return func(c echo.Context) error {
-			userID, err := strconv.Atoi(c.Param("user"))
-			if err != nil {
-				return echo.NewHTTPError(http.StatusNotFound, "Not found")
+			var usr *ent.User
+
+			if c.Get(context.UserKey) == nil {
+				return echo.NewHTTPError(http.StatusInternalServerError, "Internal server error")
 			}
+			usr = c.Get(context.UserKey).(*ent.User)
 
 			tokenParam := c.Param("password_token")
+			token, err := authClient.GetValidPasswordToken(c, tokenParam, usr.ID)
 
-			token, err := authClient.GetValidPasswordToken(c, tokenParam, userID)
 			switch err.(type) {
 			case nil:
 			case auth.InvalidTokenError:

middleware/entity.go

@@ -0,0 +1,41 @@
+package middleware
+
+import (
+	"net/http"
+	"strconv"
+
+	"goweb/context"
+	"goweb/ent"
+	"goweb/ent/user"
+
+	"github.com/labstack/echo/v4"
+)
+
+func LoadUser(orm *ent.Client) echo.MiddlewareFunc {
+	return func(next echo.HandlerFunc) echo.HandlerFunc {
+		return func(c echo.Context) error {
+			userID, err := strconv.Atoi(c.Param("user"))
+			if err != nil {
+				return echo.NewHTTPError(http.StatusNotFound, "Not found")
+			}
+
+			u, err := orm.User.
+				Query().
+				Where(user.ID(userID)).
+				Only(c.Request().Context())
+
+			switch err.(type) {
+			case nil:
+			case *ent.NotFoundError:
+				return echo.NewHTTPError(http.StatusNotFound, "Not found")
+			default:
+				c.Logger().Error(err)
+				return echo.NewHTTPError(http.StatusInternalServerError, "Internal server error")
+			}
+
+			c.Set(context.UserKey, u)
+
+			return next(c)
+		}
+	}
+}