softplayer-backend/internal/controllers/accounts.go

package controllers

import (
	"context"
	"errors"
	"fmt"
	"time"

	"git.badhouseplants.net/softplayer/softplayer-backend/internal/helpers/email"
	"git.badhouseplants.net/softplayer/softplayer-backend/internal/helpers/hash"
	"git.badhouseplants.net/softplayer/softplayer-backend/internal/helpers/kube"
	"github.com/google/uuid"
	corev1 "k8s.io/api/core/v1"
	rbacv1 "k8s.io/api/rbac/v1"
	k8serrors "k8s.io/apimachinery/pkg/api/errors"
	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
	"k8s.io/client-go/kubernetes"

	"k8s.io/apimachinery/pkg/types"
	ctrl "sigs.k8s.io/controller-runtime"
)

type Account struct {
	Controller ctrl.Manager
	Params     AccountParams
	Data       *AccountData
	Token      string
	DevMode    bool
}

type AccountParams struct {
	HashCost int16
}

type AccountData struct {
	Username string
	Password string
	Email    string
	UUID     string
}

func (acc *Account) Create(ctx context.Context) error {
	client := acc.Controller.GetClient()
	acc.Data.UUID = uuid.New().String()

	passwordHash, err := hash.HashPassword(acc.Data.Password, int(acc.Params.HashCost))
	if err != nil {
		return nil
	}

	namespace := &corev1.Namespace{
		ObjectMeta: metav1.ObjectMeta{
			Name: acc.Data.UUID,
			Labels: map[string]string{
				"username":       acc.Data.Username,
				"email-verified": "false",
				"managed-by":     "softplayer",
			},
		},
	}

	if err := kube.Create(ctx, client, namespace, true); err != nil {
		return err
	}

	if err := client.Get(ctx, types.NamespacedName{
		Name: acc.Data.UUID,
	}, namespace); err != nil {
		if err := client.Delete(ctx, namespace); err != nil {
			return err
		}
		return err
	}

	// Create a secret with the account data
	secret := &corev1.Secret{
		ObjectMeta: metav1.ObjectMeta{
			Name:      acc.Data.Username,
			Namespace: "softplayer-accounts",
		},
		StringData: map[string]string{
			"uuid":     acc.Data.UUID,
			"email":    acc.Data.Email,
			"password": passwordHash,
		},
	}

	if err := client.Create(ctx, kube.SetOwnerRef(ctx, client, secret, namespace)); err != nil {
		if err := client.Delete(ctx, namespace); err != nil {
			return err
		}
		return err
	}

	// Prepare RBAC resources for the account
	role := &rbacv1.Role{
		ObjectMeta: metav1.ObjectMeta{Name: acc.Data.Username, Namespace: acc.Data.UUID},
		Rules:      []rbacv1.PolicyRule{{Verbs: []string{"get", "watch", "list", "create", "patch", "delete", "update"}, APIGroups: []string{""}, Resources: []string{"configmaps", "secrets"}}},
	}

	if err := client.Create(ctx, role); err != nil {
		if err := client.Delete(ctx, namespace); err != nil {
			return err
		}
		return err
	}

	sa := &corev1.ServiceAccount{
		ObjectMeta: metav1.ObjectMeta{
			Name:      acc.Data.UUID,
			Namespace: acc.Data.UUID,
		},
	}

	if err := client.Create(ctx, sa); err != nil {
		if err := client.Delete(ctx, namespace); err != nil {
			return err
		}
		return err
	}

	rb := &rbacv1.RoleBinding{
		ObjectMeta: metav1.ObjectMeta{
			Name:      acc.Data.UUID,
			Namespace: acc.Data.UUID,
		},
		Subjects: []rbacv1.Subject{
			{
				Kind:      "ServiceAccount",
				Name:      acc.Data.UUID,
				Namespace: acc.Data.UUID,
			},
		},
		RoleRef: rbacv1.RoleRef{
			APIGroup: "rbac.authorization.k8s.io",
			Kind:     "Role",
			Name:     acc.Data.Username,
		},
	}

	if err := client.Create(ctx, rb); err != nil {
		if err := client.Delete(ctx, namespace); err != nil {
			return err
		}
		return err
	}

	tokenName := fmt.Sprintf("sa-%s", acc.Data.UUID)
	saSec := &corev1.Secret{
		ObjectMeta: metav1.ObjectMeta{
			Name:      tokenName,
			Namespace: acc.Data.UUID,
			Annotations: map[string]string{
				"kubernetes.io/service-account.name": acc.Data.UUID,
			},
		},
		Type: "kubernetes.io/service-account-token",
	}

	if err := client.Create(ctx, saSec); err != nil {
		if err := client.Delete(ctx, namespace); err != nil {
			return err
		}
		return err
	}
	if err := kube.WaitUntilCreated(ctx, client, saSec, 10, time.Millisecond*50); err != nil {
		return err
	}

	acc.Token, err = acc.getToken(ctx, saSec)
	if err != nil {
		if err := client.Delete(ctx, namespace); err != nil {
			return err
		}
		return err
	}
	return nil
}

func (acc *Account) Login(ctx context.Context) error {
	client := acc.Controller.GetClient()
	sec := &corev1.Secret{}

	if err := client.Get(ctx, types.NamespacedName{
		Namespace: "softplayer-accounts",
		Name:      acc.Data.Username,
	}, sec); err != nil {
		return err
	}

	if err := hash.CheckPasswordHash(acc.Data.Password, string(sec.Data["password"])); err != nil {
		return err
	}

	acc.Data.UUID = string(sec.Data["uuid"])
	tokenName := fmt.Sprintf("sa-%s", acc.Data.UUID)
	saSec := &corev1.Secret{
		ObjectMeta: metav1.ObjectMeta{
			Name:      tokenName,
			Namespace: acc.Data.UUID,
			Annotations: map[string]string{
				"kubernetes.io/service-account.name": acc.Data.UUID,
			},
		},
		Type: "kubernetes.io/service-account-token",
	}
	var err error
	acc.Token, err = acc.getToken(ctx, saSec)
	if err != nil {
		return err
	}
	return nil
}

func (acc *Account) ResetPassword(ctx context.Context, emailConfig email.EmailConf) (string, error) {
	clientset, err := kubernetes.NewForConfig(acc.Controller.GetConfig())
	if err != nil {
		return "", err
	}

	userdata, err := clientset.CoreV1().Secrets("softplayer-accounts").Get(ctx, acc.Data.Username, metav1.GetOptions{})
	if err != nil {
		return "", err
	}
	if string(userdata.Data["email"]) != acc.Data.Email {
		return "", errors.New("user or email not found")
	}

	acc.Data.UUID = string(userdata.Data["uuid"])

	secretName := "password-reset-code"
	number := encodeToString(6)
	secret := corev1.Secret{
		ObjectMeta: metav1.ObjectMeta{
			Name: secretName,
		},
		StringData: map[string]string{
			"code": number,
		},
	}
	sec, err := clientset.CoreV1().Secrets(acc.Data.UUID).Create(ctx, &secret, metav1.CreateOptions{})
	if !k8serrors.IsAlreadyExists(err) {
		return "", err
	} else if k8serrors.IsAlreadyExists(err) {
		timestamp := sec.CreationTimestamp.Time
		now := time.Now()
		if timestamp.Add(time.Minute).After(now) {
			return "", errors.New("you can send an email once per minute, please wait")
		}

		_, err := clientset.CoreV1().Secrets(acc.Data.UUID).Update(ctx, &secret, metav1.UpdateOptions{})
		if err != nil {
			return "", err
		}
	}

	if !acc.DevMode {
		emailContent := "Subject: Softplayer verification code\r\n" + "\r\n" + fmt.Sprintf("Your verification code is %s", number)
		email := string(userdata.Data["email"])
		if err := emailConfig.SendEmail(email, emailContent); err != nil {
			return "", err
		}
	}

	return number, nil
}

func (acc *Account) NewPassword(ctx context.Context, code string) error {
	clientset, err := kubernetes.NewForConfig(acc.Controller.GetConfig())
	if err != nil {
		return err
	}
	userdata, err := clientset.CoreV1().Secrets("softplayer-accounts").Get(ctx, acc.Data.Username, metav1.GetOptions{})
	if err != nil {
		return err
	}
	acc.Data.UUID = string(userdata.Data["uuid"])
	secretName := "password-reset-code"
	sec, err := clientset.CoreV1().Secrets(acc.Data.UUID).Get(ctx, secretName, metav1.GetOptions{})
	if err != nil {
		return err
	}
	if realCode, ok := sec.Data["code"]; ok {
		if string(realCode) != code {
			return errors.New("wrong code")
		}
	} else {
		return errors.New("secret not found")
	}

	passwordHash, err := hash.HashPassword(acc.Data.Password, int(acc.Params.HashCost))
	if err != nil {
		return nil
	}

	userdata.Data["password"] = []byte(passwordHash)
	_, err = clientset.CoreV1().Secrets(acc.Data.UUID).Update(ctx, userdata, metav1.UpdateOptions{})
	if err != nil {
		return err
	}

	return nil

}

func (acc *Account) getToken(ctx context.Context, saSec *corev1.Secret) (string, error) {
	client := acc.Controller.GetClient()
	if err := client.Get(ctx, types.NamespacedName{
		Namespace: acc.Data.UUID,
		Name:      saSec.ObjectMeta.Name,
	}, saSec); err != nil {
		return "", err
	}
	return string(saSec.Data["token"]), nil
}
Init commit 2024-03-19 15:49:29 +00:00			`package controllers`

			`import (`
			`"context"`
Add an API to reset the password 2024-05-21 22:00:31 +00:00			`"errors"`
Init commit 2024-03-19 15:49:29 +00:00			`"fmt"`
This is a combination of 4 commits. Fix the image 2024-03-19 16:20:32 +00:00			`"time"`
Init commit 2024-03-19 15:49:29 +00:00
Add an API to reset the password 2024-05-21 22:00:31 +00:00			`"git.badhouseplants.net/softplayer/softplayer-backend/internal/helpers/email"`
WIP: Something is going on 2024-03-21 17:39:32 +00:00			`"git.badhouseplants.net/softplayer/softplayer-backend/internal/helpers/hash"`
Verification emails 2024-03-21 20:10:56 +00:00			`"git.badhouseplants.net/softplayer/softplayer-backend/internal/helpers/kube"`
Init commit 2024-03-19 15:49:29 +00:00			`"github.com/google/uuid"`
			`corev1 "k8s.io/api/core/v1"`
			`rbacv1 "k8s.io/api/rbac/v1"`
Add an API to reset the password 2024-05-21 22:00:31 +00:00			`k8serrors "k8s.io/apimachinery/pkg/api/errors"`
Init commit 2024-03-19 15:49:29 +00:00			`metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"`
Add an API to reset the password 2024-05-21 22:00:31 +00:00			`"k8s.io/client-go/kubernetes"`
This is a combination of 4 commits. Fix the image 2024-03-19 16:20:32 +00:00
Init commit 2024-03-19 15:49:29 +00:00			`"k8s.io/apimachinery/pkg/types"`
			`ctrl "sigs.k8s.io/controller-runtime"`
			`)`

			`type Account struct {`
			`Controller ctrl.Manager`
WIP: Something is going on 2024-03-21 17:39:32 +00:00			`Params AccountParams`
Init commit 2024-03-19 15:49:29 +00:00			`Data *AccountData`
WIP: Something is going on 2024-03-21 17:39:32 +00:00			`Token string`
Add an API to reset the password 2024-05-21 22:00:31 +00:00			`DevMode bool`
Init commit 2024-03-19 15:49:29 +00:00			`}`

This is a combination of 4 commits. Fix the image 2024-03-19 16:20:32 +00:00			`type AccountParams struct {`
			`HashCost int16`
			`}`
WIP: Something is going on 2024-03-21 17:39:32 +00:00
Init commit 2024-03-19 15:49:29 +00:00			`type AccountData struct {`
			`Username string`
			`Password string`
			`Email string`
			`UUID string`
			`}`

			`func (acc *Account) Create(ctx context.Context) error {`
			`client := acc.Controller.GetClient()`
			`acc.Data.UUID = uuid.New().String()`
Verification emails 2024-03-21 20:10:56 +00:00
WIP: Something is going on 2024-03-21 17:39:32 +00:00			`passwordHash, err := hash.HashPassword(acc.Data.Password, int(acc.Params.HashCost))`
Init commit 2024-03-19 15:49:29 +00:00			`if err != nil {`
			`return nil`
			`}`
WIP: Something is going on 2024-03-21 17:39:32 +00:00
Verification emails 2024-03-21 20:10:56 +00:00			`namespace := &corev1.Namespace{`
Init commit 2024-03-19 15:49:29 +00:00			`ObjectMeta: metav1.ObjectMeta{`
			`Name: acc.Data.UUID,`
Verification emails 2024-03-21 20:10:56 +00:00			`Labels: map[string]string{`
Create an env using api 2024-04-03 18:05:23 +00:00			`"username": acc.Data.Username,`
Verification emails 2024-03-21 20:10:56 +00:00			`"email-verified": "false",`
Add a list function 2024-04-15 13:45:05 +00:00			`"managed-by": "softplayer",`
Verification emails 2024-03-21 20:10:56 +00:00			`},`
Init commit 2024-03-19 15:49:29 +00:00			`},`
			`}`
Create an env using api 2024-04-03 18:05:23 +00:00
			`if err := kube.Create(ctx, client, namespace, true); err != nil {`
This is a combination of 4 commits. Fix the image 2024-03-19 16:20:32 +00:00			`return err`
			`}`

Init commit 2024-03-19 15:49:29 +00:00			`if err := client.Get(ctx, types.NamespacedName{`
WIP: Something is going on 2024-03-21 17:39:32 +00:00			`Name: acc.Data.UUID,`
Verification emails 2024-03-21 20:10:56 +00:00			`}, namespace); err != nil {`
			`if err := client.Delete(ctx, namespace); err != nil {`
Init commit 2024-03-19 15:49:29 +00:00			`return err`
			`}`
			`return err`
			`}`
Verification emails 2024-03-21 20:10:56 +00:00
Init commit 2024-03-19 15:49:29 +00:00			`// Create a secret with the account data`
Verification emails 2024-03-21 20:10:56 +00:00			`secret := &corev1.Secret{`
Init commit 2024-03-19 15:49:29 +00:00			`ObjectMeta: metav1.ObjectMeta{`
WIP: Something is going on 2024-03-21 17:39:32 +00:00			`Name: acc.Data.Username,`
Init commit 2024-03-19 15:49:29 +00:00			`Namespace: "softplayer-accounts",`
			`},`
			`StringData: map[string]string{`
Revert "Move email and uuid to labels" This reverts commit 89dbe6120af77f099406cc63de81f29eb29bde6e. 2024-05-01 10:09:32 +00:00			`"uuid": acc.Data.UUID,`
			`"email": acc.Data.Email,`
Init commit 2024-03-19 15:49:29 +00:00			`"password": passwordHash,`
			`},`
			`}`
Verification emails 2024-03-21 20:10:56 +00:00
			`if err := client.Create(ctx, kube.SetOwnerRef(ctx, client, secret, namespace)); err != nil {`
			`if err := client.Delete(ctx, namespace); err != nil {`
Init commit 2024-03-19 15:49:29 +00:00			`return err`
			`}`
			`return err`
			`}`
Create an env using api 2024-04-03 18:05:23 +00:00
Verification emails 2024-03-21 20:10:56 +00:00			`// Prepare RBAC resources for the account`
Init commit 2024-03-19 15:49:29 +00:00			`role := &rbacv1.Role{`
			`ObjectMeta: metav1.ObjectMeta{Name: acc.Data.Username, Namespace: acc.Data.UUID},`
Let users update resources 2024-05-02 11:46:01 +00:00			`Rules: []rbacv1.PolicyRule{{Verbs: []string{"get", "watch", "list", "create", "patch", "delete", "update"}, APIGroups: []string{""}, Resources: []string{"configmaps", "secrets"}}},`
Init commit 2024-03-19 15:49:29 +00:00			`}`
Verification emails 2024-03-21 20:10:56 +00:00
Init commit 2024-03-19 15:49:29 +00:00			`if err := client.Create(ctx, role); err != nil {`
Verification emails 2024-03-21 20:10:56 +00:00			`if err := client.Delete(ctx, namespace); err != nil {`
Init commit 2024-03-19 15:49:29 +00:00			`return err`
			`}`
			`return err`
			`}`

			`sa := &corev1.ServiceAccount{`
WIP: Something is going on 2024-03-21 17:39:32 +00:00			`ObjectMeta: metav1.ObjectMeta{`
			`Name: acc.Data.UUID,`
Init commit 2024-03-19 15:49:29 +00:00			`Namespace: acc.Data.UUID,`
			`},`
			`}`
Create an env using api 2024-04-03 18:05:23 +00:00
Verification emails 2024-03-21 20:10:56 +00:00			`if err := client.Create(ctx, sa); err != nil {`
			`if err := client.Delete(ctx, namespace); err != nil {`
			`return err`
			`}`
			`return err`
			`}`

Init commit 2024-03-19 15:49:29 +00:00			`rb := &rbacv1.RoleBinding{`
			`ObjectMeta: metav1.ObjectMeta{`
WIP: Something is going on 2024-03-21 17:39:32 +00:00			`Name: acc.Data.UUID,`
			`Namespace: acc.Data.UUID,`
Init commit 2024-03-19 15:49:29 +00:00			`},`
WIP: Something is going on 2024-03-21 17:39:32 +00:00			`Subjects: []rbacv1.Subject{`
Try using ids 2024-05-02 11:02:38 +00:00			`{`
Init commit 2024-03-19 15:49:29 +00:00			`Kind: "ServiceAccount",`
			`Name: acc.Data.UUID,`
			`Namespace: acc.Data.UUID,`
			`},`
			`},`
WIP: Something is going on 2024-03-21 17:39:32 +00:00			`RoleRef: rbacv1.RoleRef{`
Init commit 2024-03-19 15:49:29 +00:00			`APIGroup: "rbac.authorization.k8s.io",`
			`Kind: "Role",`
			`Name: acc.Data.Username,`
			`},`
			`}`

			`if err := client.Create(ctx, rb); err != nil {`
Verification emails 2024-03-21 20:10:56 +00:00			`if err := client.Delete(ctx, namespace); err != nil {`
Init commit 2024-03-19 15:49:29 +00:00			`return err`
			`}`
			`return err`
			`}`

			`tokenName := fmt.Sprintf("sa-%s", acc.Data.UUID)`
			`saSec := &corev1.Secret{`
			`ObjectMeta: metav1.ObjectMeta{`
WIP: Something is going on 2024-03-21 17:39:32 +00:00			`Name: tokenName,`
Init commit 2024-03-19 15:49:29 +00:00			`Namespace: acc.Data.UUID,`
			`Annotations: map[string]string{`
			`"kubernetes.io/service-account.name": acc.Data.UUID,`
			`},`
			`},`
WIP: Something is going on 2024-03-21 17:39:32 +00:00			`Type: "kubernetes.io/service-account-token",`
Init commit 2024-03-19 15:49:29 +00:00			`}`

			`if err := client.Create(ctx, saSec); err != nil {`
Verification emails 2024-03-21 20:10:56 +00:00			`if err := client.Delete(ctx, namespace); err != nil {`
Init commit 2024-03-19 15:49:29 +00:00			`return err`
			`}`
			`return err`
			`}`
Verification emails 2024-03-21 20:10:56 +00:00			`if err := kube.WaitUntilCreated(ctx, client, saSec, 10, time.Millisecond*50); err != nil {`
This is a combination of 4 commits. Fix the image 2024-03-19 16:20:32 +00:00			`return err`
			`}`
Init commit 2024-03-19 15:49:29 +00:00
This is a combination of 4 commits. Fix the image 2024-03-19 16:20:32 +00:00			`acc.Token, err = acc.getToken(ctx, saSec)`
Init commit 2024-03-19 15:49:29 +00:00			`if err != nil {`
Verification emails 2024-03-21 20:10:56 +00:00			`if err := client.Delete(ctx, namespace); err != nil {`
Init commit 2024-03-19 15:49:29 +00:00			`return err`
			`}`
			`return err`
			`}`
			`return nil`
			`}`

WIP: Something is going on 2024-03-21 17:39:32 +00:00			`func (acc *Account) Login(ctx context.Context) error {`
Init commit 2024-03-19 15:49:29 +00:00			`client := acc.Controller.GetClient()`
			`sec := &corev1.Secret{}`
Verification emails 2024-03-21 20:10:56 +00:00
Init commit 2024-03-19 15:49:29 +00:00			`if err := client.Get(ctx, types.NamespacedName{`
			`Namespace: "softplayer-accounts",`
			`Name: acc.Data.Username,`
			`}, sec); err != nil {`
			`return err`
			`}`
Verification emails 2024-03-21 20:10:56 +00:00
			`if err := hash.CheckPasswordHash(acc.Data.Password, string(sec.Data["password"])); err != nil {`
Init commit 2024-03-19 15:49:29 +00:00			`return err`
			`}`
Verification emails 2024-03-21 20:10:56 +00:00
Revert "Move email and uuid to labels" This reverts commit 89dbe6120af77f099406cc63de81f29eb29bde6e. 2024-05-01 10:09:32 +00:00			`acc.Data.UUID = string(sec.Data["uuid"])`
Init commit 2024-03-19 15:49:29 +00:00			`tokenName := fmt.Sprintf("sa-%s", acc.Data.UUID)`
			`saSec := &corev1.Secret{`
			`ObjectMeta: metav1.ObjectMeta{`
WIP: Something is going on 2024-03-21 17:39:32 +00:00			`Name: tokenName,`
Init commit 2024-03-19 15:49:29 +00:00			`Namespace: acc.Data.UUID,`
			`Annotations: map[string]string{`
			`"kubernetes.io/service-account.name": acc.Data.UUID,`
			`},`
			`},`
WIP: Something is going on 2024-03-21 17:39:32 +00:00			`Type: "kubernetes.io/service-account-token",`
Init commit 2024-03-19 15:49:29 +00:00			`}`
			`var err error`
This is a combination of 4 commits. Fix the image 2024-03-19 16:20:32 +00:00			`acc.Token, err = acc.getToken(ctx, saSec)`
WIP: Something is going on 2024-03-21 17:39:32 +00:00			`if err != nil {`
			`return err`
Init commit 2024-03-19 15:49:29 +00:00			`}`
			`return nil`
			`}`

Add an API to reset the password 2024-05-21 22:00:31 +00:00			`func (acc *Account) ResetPassword(ctx context.Context, emailConfig email.EmailConf) (string, error) {`
			`clientset, err := kubernetes.NewForConfig(acc.Controller.GetConfig())`
			`if err != nil {`
			`return "", err`
			`}`

			`userdata, err := clientset.CoreV1().Secrets("softplayer-accounts").Get(ctx, acc.Data.Username, metav1.GetOptions{})`
			`if err != nil {`
			`return "", err`
			`}`
			`if string(userdata.Data["email"]) != acc.Data.Email {`
			`return "", errors.New("user or email not found")`
			`}`

			`acc.Data.UUID = string(userdata.Data["uuid"])`

			`secretName := "password-reset-code"`
			`number := encodeToString(6)`
			`secret := corev1.Secret{`
			`ObjectMeta: metav1.ObjectMeta{`
			`Name: secretName,`
			`},`
			`StringData: map[string]string{`
			`"code": number,`
			`},`
			`}`
			`sec, err := clientset.CoreV1().Secrets(acc.Data.UUID).Create(ctx, &secret, metav1.CreateOptions{})`
			`if !k8serrors.IsAlreadyExists(err) {`
			`return "", err`
			`} else if k8serrors.IsAlreadyExists(err) {`
			`timestamp := sec.CreationTimestamp.Time`
			`now := time.Now()`
Add an API to reset the password 2024-05-22 07:55:10 +00:00			`if timestamp.Add(time.Minute).After(now) {`
			`return "", errors.New("you can send an email once per minute, please wait")`
			`}`

			`_, err := clientset.CoreV1().Secrets(acc.Data.UUID).Update(ctx, &secret, metav1.UpdateOptions{})`
			`if err != nil {`
			`return "", err`
Add an API to reset the password 2024-05-21 22:00:31 +00:00			`}`
			`}`

			`if !acc.DevMode {`
			`emailContent := "Subject: Softplayer verification code\r\n" + "\r\n" + fmt.Sprintf("Your verification code is %s", number)`
			`email := string(userdata.Data["email"])`
			`if err := emailConfig.SendEmail(email, emailContent); err != nil {`
			`return "", err`
			`}`
			`}`

			`return number, nil`
			`}`

Add an API to reset the password 2024-05-22 08:42:17 +00:00			`func (acc *Account) NewPassword(ctx context.Context, code string) error {`
			`clientset, err := kubernetes.NewForConfig(acc.Controller.GetConfig())`
			`if err != nil {`
			`return err`
			`}`
			`userdata, err := clientset.CoreV1().Secrets("softplayer-accounts").Get(ctx, acc.Data.Username, metav1.GetOptions{})`
			`if err != nil {`
			`return err`
			`}`
			`acc.Data.UUID = string(userdata.Data["uuid"])`
			`secretName := "password-reset-code"`
			`sec, err := clientset.CoreV1().Secrets(acc.Data.UUID).Get(ctx, secretName, metav1.GetOptions{})`
			`if err != nil {`
			`return err`
			`}`
			`if realCode, ok := sec.Data["code"]; ok {`
			`if string(realCode) != code {`
			`return errors.New("wrong code")`
			`}`
			`} else {`
			`return errors.New("secret not found")`
			`}`

			`passwordHash, err := hash.HashPassword(acc.Data.Password, int(acc.Params.HashCost))`
			`if err != nil {`
			`return nil`
			`}`

			`userdata.Data["password"] = []byte(passwordHash)`
			`_, err = clientset.CoreV1().Secrets(acc.Data.UUID).Update(ctx, userdata, metav1.UpdateOptions{})`
			`if err != nil {`
			`return err`
			`}`

			`return nil`

			`}`

WIP: Something is going on 2024-03-21 17:39:32 +00:00			`func (acc Account) getToken(ctx context.Context, saSec corev1.Secret) (string, error) {`
Init commit 2024-03-19 15:49:29 +00:00			`client := acc.Controller.GetClient()`
			`if err := client.Get(ctx, types.NamespacedName{`
			`Namespace: acc.Data.UUID,`
WIP: Something is going on 2024-03-21 17:39:32 +00:00			`Name: saSec.ObjectMeta.Name,`
Init commit 2024-03-19 15:49:29 +00:00			`}, saSec); err != nil {`
			`return "", err`
			`}`
			`return string(saSec.Data["token"]), nil`
			`}`