beeta/backend/src/services/AuthService.h

#pragma once
#include <string>
#include <functional>
#include <memory>
#include <optional>
#include <jwt-cpp/jwt.h>
#include <bcrypt/BCrypt.hpp>

struct UserInfo {
    int64_t id = 0;
    std::string username;
    bool isAdmin = false;
    bool isModerator = false;  // Site-wide moderator role
    bool isStreamer = false;
    bool isRestreamer = false;
    bool isBot = false;
    bool isTexter = false;
    bool isPgpOnly = false;
    bool isDisabled = false;   // SECURITY FIX #26: Track disabled status
    std::string bio;
    std::string avatarUrl;
    std::string bannerUrl;
    int bannerPosition = 50;   // Y position percentage (0-100) for object-position
    int bannerZoom = 100;      // Zoom percentage (100-200)
    int bannerPositionX = 50;  // X position percentage (0-100) for object-position
    std::string graffitiUrl;
    std::string pgpOnlyEnabledAt;
    std::string colorCode;
    double ubercoinBalance = 0.0;  // Übercoin balance (3 decimal places)
    std::string createdAt;         // Account creation date (for burn rate calculation)
    int tokenVersion = 1;          // SECURITY FIX #10: Token version for revocation
};

// Result structure for refresh token operations
struct RefreshTokenResult {
    bool success = false;
    std::string error;
    std::string accessToken;
    std::string refreshToken;
    std::string familyId;
    UserInfo user;
};

// Chat service compatibility struct
struct UserClaims {
    std::string userId;
    std::string username;
    std::string userColor;
    bool isAdmin;
    bool isModerator;  // Site-wide moderator role
    bool isStreamer;
    bool isRestreamer;

    UserClaims() : isAdmin(false), isModerator(false), isStreamer(false), isRestreamer(false) {}
};

class AuthService {
public:
    static AuthService& getInstance() {
        static AuthService instance;
        return instance;
    }
    
    void registerUser(const std::string& username, const std::string& password,
                     const std::string& publicKey, const std::string& fingerprint,
                     std::function<void(bool, const std::string&, int64_t)> callback);
    
    void loginUser(const std::string& username, const std::string& password,
                  std::function<void(bool, const std::string&, const UserInfo&)> callback);
    
    void initiatePgpLogin(const std::string& username,
                         std::function<void(bool, const std::string&, const std::string&)> callback);
    
    void verifyPgpLogin(const std::string& username, const std::string& signature, 
                       const std::string& challenge,
                       std::function<void(bool, const std::string&, const UserInfo&)> callback);
    
    std::string generateToken(const UserInfo& user);
    bool validateToken(const std::string& token, UserInfo& userInfo);

    // Chat service compatibility method
    std::optional<UserClaims> verifyToken(const std::string& token);

    // Refresh token methods
    void createRefreshTokenFamily(int64_t userId,
                                  std::function<void(bool success, const std::string& refreshToken,
                                                    const std::string& familyId)> callback);

    void validateAndRotateRefreshToken(const std::string& refreshToken,
                                       std::function<void(RefreshTokenResult)> callback);

    void revokeTokenFamily(const std::string& familyId,
                          std::function<void(bool success)> callback);

    void revokeAllUserTokenFamilies(int64_t userId,
                                    std::function<void(bool success)> callback);

    // New method to fetch complete user info including color
    void fetchUserInfo(int64_t userId, std::function<void(bool, const UserInfo&)> callback);
    
    void updatePassword(int64_t userId, const std::string& oldPassword, 
                       const std::string& newPassword,
                       std::function<void(bool, const std::string&)> callback);
    
    void updateUserColor(int64_t userId, const std::string& newColor,
                        std::function<void(bool, const std::string&, const std::string&)> callback);
    
    void generateUniqueColor(std::function<void(const std::string& color)> callback);

private:
    AuthService() = default;
    std::string jwtSecret_;

    bool validatePassword(const std::string& password, std::string& error);
    void validateAndLoadJwtSecret();  // SECURITY FIX #5

    // Refresh token helpers
    std::string generateRefreshToken();  // Generates random 256-bit token
    std::string hashToken(const std::string& token);  // SHA256 hash for storage
    std::string generateUUID();  // Generate UUID for family_id

    static constexpr int ACCESS_TOKEN_EXPIRY_MINUTES = 150;  // 2.5 hours (gives buffer for 2-hour refresh)
    static constexpr int REFRESH_TOKEN_EXPIRY_DAYS = 90;
};
Replace master branch with local files 2025-08-03 21:53:15 -04:00			`#pragma once`
			`#include <string>`
nu 2025-08-10 07:55:39 -04:00			`#include <functional>`
Replace master branch with local files 2025-08-03 21:53:15 -04:00			`#include <memory>`
Initial commit - realms platform 2026-01-05 22:54:27 -05:00			`#include <optional>`
nu 2025-08-10 07:55:39 -04:00			`#include <jwt-cpp/jwt.h>`
			`#include <bcrypt/BCrypt.hpp>`
Replace master branch with local files 2025-08-03 21:53:15 -04:00
			`struct UserInfo {`
nu 2025-08-10 07:55:39 -04:00			`int64_t id = 0;`
Replace master branch with local files 2025-08-03 21:53:15 -04:00			`std::string username;`
nu 2025-08-10 07:55:39 -04:00			`bool isAdmin = false;`
Initial commit - realms platform 2026-01-05 22:54:27 -05:00			`bool isModerator = false; // Site-wide moderator role`
nu 2025-08-10 07:55:39 -04:00			`bool isStreamer = false;`
Initial commit - realms platform 2026-01-05 22:54:27 -05:00			`bool isRestreamer = false;`
			`bool isBot = false;`
			`bool isTexter = false;`
nu 2025-08-10 07:55:39 -04:00			`bool isPgpOnly = false;`
Initial commit - realms platform 2026-01-05 22:54:27 -05:00			`bool isDisabled = false; // SECURITY FIX #26: Track disabled status`
Replace master branch with local files 2025-08-03 21:53:15 -04:00			`std::string bio;`
			`std::string avatarUrl;`
Initial commit - realms platform 2026-01-05 22:54:27 -05:00			`std::string bannerUrl;`
			`int bannerPosition = 50; // Y position percentage (0-100) for object-position`
			`int bannerZoom = 100; // Zoom percentage (100-200)`
			`int bannerPositionX = 50; // X position percentage (0-100) for object-position`
			`std::string graffitiUrl;`
Replace master branch with local files 2025-08-03 21:53:15 -04:00			`std::string pgpOnlyEnabledAt;`
nu 2025-08-10 07:55:39 -04:00			`std::string colorCode;`
Initial commit - realms platform 2026-01-05 22:54:27 -05:00			`double ubercoinBalance = 0.0; // Übercoin balance (3 decimal places)`
			`std::string createdAt; // Account creation date (for burn rate calculation)`
			`int tokenVersion = 1; // SECURITY FIX #10: Token version for revocation`
			`};`

fixes lol 2026-01-07 02:14:34 -05:00			`// Result structure for refresh token operations`
			`struct RefreshTokenResult {`
			`bool success = false;`
			`std::string error;`
			`std::string accessToken;`
			`std::string refreshToken;`
			`std::string familyId;`
			`UserInfo user;`
			`};`

Initial commit - realms platform 2026-01-05 22:54:27 -05:00			`// Chat service compatibility struct`
			`struct UserClaims {`
			`std::string userId;`
			`std::string username;`
			`std::string userColor;`
			`bool isAdmin;`
			`bool isModerator; // Site-wide moderator role`
			`bool isStreamer;`
			`bool isRestreamer;`

			`UserClaims() : isAdmin(false), isModerator(false), isStreamer(false), isRestreamer(false) {}`
Replace master branch with local files 2025-08-03 21:53:15 -04:00			`};`

			`class AuthService {`
			`public:`
			`static AuthService& getInstance() {`
			`static AuthService instance;`
			`return instance;`
			`}`

			`void registerUser(const std::string& username, const std::string& password,`
			`const std::string& publicKey, const std::string& fingerprint,`
nu 2025-08-10 07:55:39 -04:00			`std::function<void(bool, const std::string&, int64_t)> callback);`
Replace master branch with local files 2025-08-03 21:53:15 -04:00
			`void loginUser(const std::string& username, const std::string& password,`
nu 2025-08-10 07:55:39 -04:00			`std::function<void(bool, const std::string&, const UserInfo&)> callback);`
Replace master branch with local files 2025-08-03 21:53:15 -04:00
			`void initiatePgpLogin(const std::string& username,`
nu 2025-08-10 07:55:39 -04:00			`std::function<void(bool, const std::string&, const std::string&)> callback);`
Replace master branch with local files 2025-08-03 21:53:15 -04:00
nu 2025-08-10 07:55:39 -04:00			`void verifyPgpLogin(const std::string& username, const std::string& signature,`
			`const std::string& challenge,`
			`std::function<void(bool, const std::string&, const UserInfo&)> callback);`
Replace master branch with local files 2025-08-03 21:53:15 -04:00
nu 2025-08-10 07:55:39 -04:00			`std::string generateToken(const UserInfo& user);`
Replace master branch with local files 2025-08-03 21:53:15 -04:00			`bool validateToken(const std::string& token, UserInfo& userInfo);`
Initial commit - realms platform 2026-01-05 22:54:27 -05:00
			`// Chat service compatibility method`
			`std::optional<UserClaims> verifyToken(const std::string& token);`

fixes lol 2026-01-07 02:14:34 -05:00			`// Refresh token methods`
			`void createRefreshTokenFamily(int64_t userId,`
			`std::function<void(bool success, const std::string& refreshToken,`
			`const std::string& familyId)> callback);`

			`void validateAndRotateRefreshToken(const std::string& refreshToken,`
			`std::function<void(RefreshTokenResult)> callback);`

			`void revokeTokenFamily(const std::string& familyId,`
			`std::function<void(bool success)> callback);`

			`void revokeAllUserTokenFamilies(int64_t userId,`
			`std::function<void(bool success)> callback);`

nu 2025-08-10 07:55:39 -04:00			`// New method to fetch complete user info including color`
			`void fetchUserInfo(int64_t userId, std::function<void(bool, const UserInfo&)> callback);`
Replace master branch with local files 2025-08-03 21:53:15 -04:00
nu 2025-08-10 07:55:39 -04:00			`void updatePassword(int64_t userId, const std::string& oldPassword,`
			`const std::string& newPassword,`
			`std::function<void(bool, const std::string&)> callback);`
Replace master branch with local files 2025-08-03 21:53:15 -04:00
nu 2025-08-10 07:55:39 -04:00			`void updateUserColor(int64_t userId, const std::string& newColor,`
			`std::function<void(bool, const std::string&, const std::string&)> callback);`

			`void generateUniqueColor(std::function<void(const std::string& color)> callback);`
Replace master branch with local files 2025-08-03 21:53:15 -04:00
			`private:`
			`AuthService() = default;`
			`std::string jwtSecret_;`
Initial commit - realms platform 2026-01-05 22:54:27 -05:00
nu 2025-08-10 07:55:39 -04:00			`bool validatePassword(const std::string& password, std::string& error);`
Initial commit - realms platform 2026-01-05 22:54:27 -05:00			`void validateAndLoadJwtSecret(); // SECURITY FIX #5`
fixes lol 2026-01-07 02:14:34 -05:00
			`// Refresh token helpers`
			`std::string generateRefreshToken(); // Generates random 256-bit token`
			`std::string hashToken(const std::string& token); // SHA256 hash for storage`
			`std::string generateUUID(); // Generate UUID for family_id`

			`static constexpr int ACCESS_TOKEN_EXPIRY_MINUTES = 150; // 2.5 hours (gives buffer for 2-hour refresh)`
			`static constexpr int REFRESH_TOKEN_EXPIRY_DAYS = 90;`
Replace master branch with local files 2025-08-03 21:53:15 -04:00			`};`