1 files changed, 81 insertions, 0 deletions

diff --git a/handler/web/login.go b/handler/web/login.go
new file mode 100644
index 0000000..3ad15a1
--- /dev/null
+++ b/handler/web/login.go
@@ -0,0 +1,81 @@
+package web
+
+import (
+	"fmt"
+	"html/template"
+	"log"
+	"net/http"
+	"time"
+
+	"tildegit.org/andinus/perseus/account"
+	"tildegit.org/andinus/perseus/storage"
+)
+
+// LoginHandler handles login.
+func LoginHandler(w http.ResponseWriter, r *http.Request, db *storage.DB) {
+	p := Page{}
+	var err error
+
+	t, err := template.ParseFiles("web/templates/login.html")
+	if err != nil {
+		log.Printf("web/login.go: 500 Internal Server Error :: %s", err.Error())
+		http.Error(w, "500 Internal Server Error", http.StatusInternalServerError)
+		return
+	}
+
+	switch r.Method {
+	case http.MethodGet:
+		t.Execute(w, p)
+
+	case http.MethodPost:
+		if err = r.ParseForm(); err != nil {
+			log.Printf("web/login.go: 400 Bad Request :: %s", err.Error())
+			http.Error(w, "400 Bad Request", http.StatusBadRequest)
+			return
+		}
+
+		// Get form values
+		u := account.User{}
+		u.Username = r.FormValue("username")
+		u.Password = r.FormValue("password")
+
+		// Perform login
+		err = u.Login(db)
+
+		if err != nil {
+			log.Printf("web/login.go: %s :: %s",
+				"login failed",
+				err.Error())
+
+			error := []string{}
+			error = append(error,
+				fmt.Sprintf("Login failed"))
+
+			p.Error = error
+			t.Execute(w, p)
+			return
+		}
+
+		// Login successful, set token
+		cookie := http.Cookie{
+			Name:  "token",
+			Value: u.Token,
+			// Expire the cookie after 16 days from
+			// current UTC time.
+			Expires:  time.Now().UTC().Add(16 * 24 * time.Hour),
+			SameSite: http.SameSiteLaxMode,
+			HttpOnly: true,
+		}
+		http.SetCookie(w, &cookie)
+		success := []string{}
+		success = append(success,
+			fmt.Sprintf("Login successful"))
+		p.Success = success
+		t.Execute(w, p)
+
+	default:
+		w.WriteHeader(http.StatusMethodNotAllowed)
+		log.Printf("web/login.go: %v not allowed on %v", r.Method, r.URL)
+	}
+
+}