diff options
Diffstat (limited to 'handler/web/login.go')
-rw-r--r-- | handler/web/login.go | 81 |
1 files changed, 81 insertions, 0 deletions
diff --git a/handler/web/login.go b/handler/web/login.go new file mode 100644 index 0000000..3ad15a1 --- /dev/null +++ b/handler/web/login.go @@ -0,0 +1,81 @@ +package web + +import ( + "fmt" + "html/template" + "log" + "net/http" + "time" + + "tildegit.org/andinus/perseus/account" + "tildegit.org/andinus/perseus/storage" +) + +// LoginHandler handles login. +func LoginHandler(w http.ResponseWriter, r *http.Request, db *storage.DB) { + p := Page{} + var err error + + t, err := template.ParseFiles("web/templates/login.html") + if err != nil { + log.Printf("web/login.go: 500 Internal Server Error :: %s", err.Error()) + http.Error(w, "500 Internal Server Error", http.StatusInternalServerError) + return + } + + switch r.Method { + case http.MethodGet: + t.Execute(w, p) + + case http.MethodPost: + if err = r.ParseForm(); err != nil { + log.Printf("web/login.go: 400 Bad Request :: %s", err.Error()) + http.Error(w, "400 Bad Request", http.StatusBadRequest) + return + } + + // Get form values + u := account.User{} + u.Username = r.FormValue("username") + u.Password = r.FormValue("password") + + // Perform login + err = u.Login(db) + + if err != nil { + log.Printf("web/login.go: %s :: %s", + "login failed", + err.Error()) + + error := []string{} + error = append(error, + fmt.Sprintf("Login failed")) + + p.Error = error + t.Execute(w, p) + return + } + + // Login successful, set token + cookie := http.Cookie{ + Name: "token", + Value: u.Token, + // Expire the cookie after 16 days from + // current UTC time. + Expires: time.Now().UTC().Add(16 * 24 * time.Hour), + SameSite: http.SameSiteLaxMode, + HttpOnly: true, + } + http.SetCookie(w, &cookie) + success := []string{} + success = append(success, + fmt.Sprintf("Login successful")) + p.Success = success + t.Execute(w, p) + + default: + w.WriteHeader(http.StatusMethodNotAllowed) + log.Printf("web/login.go: %v not allowed on %v", r.Method, r.URL) + } + +} |