diff options
Diffstat (limited to 'handler')
-rw-r--r-- | handler/web/login.go | 81 | ||||
-rw-r--r-- | handler/web/page.go | 7 | ||||
-rw-r--r-- | handler/web/register.go | 80 |
3 files changed, 163 insertions, 5 deletions
diff --git a/handler/web/login.go b/handler/web/login.go new file mode 100644 index 0000000..3ad15a1 --- /dev/null +++ b/handler/web/login.go @@ -0,0 +1,81 @@ +package web + +import ( + "fmt" + "html/template" + "log" + "net/http" + "time" + + "tildegit.org/andinus/perseus/account" + "tildegit.org/andinus/perseus/storage" +) + +// LoginHandler handles login. +func LoginHandler(w http.ResponseWriter, r *http.Request, db *storage.DB) { + p := Page{} + var err error + + t, err := template.ParseFiles("web/templates/login.html") + if err != nil { + log.Printf("web/login.go: 500 Internal Server Error :: %s", err.Error()) + http.Error(w, "500 Internal Server Error", http.StatusInternalServerError) + return + } + + switch r.Method { + case http.MethodGet: + t.Execute(w, p) + + case http.MethodPost: + if err = r.ParseForm(); err != nil { + log.Printf("web/login.go: 400 Bad Request :: %s", err.Error()) + http.Error(w, "400 Bad Request", http.StatusBadRequest) + return + } + + // Get form values + u := account.User{} + u.Username = r.FormValue("username") + u.Password = r.FormValue("password") + + // Perform login + err = u.Login(db) + + if err != nil { + log.Printf("web/login.go: %s :: %s", + "login failed", + err.Error()) + + error := []string{} + error = append(error, + fmt.Sprintf("Login failed")) + + p.Error = error + t.Execute(w, p) + return + } + + // Login successful, set token + cookie := http.Cookie{ + Name: "token", + Value: u.Token, + // Expire the cookie after 16 days from + // current UTC time. + Expires: time.Now().UTC().Add(16 * 24 * time.Hour), + SameSite: http.SameSiteLaxMode, + HttpOnly: true, + } + http.SetCookie(w, &cookie) + success := []string{} + success = append(success, + fmt.Sprintf("Login successful")) + p.Success = success + t.Execute(w, p) + + default: + w.WriteHeader(http.StatusMethodNotAllowed) + log.Printf("web/login.go: %v not allowed on %v", r.Method, r.URL) + } + +} diff --git a/handler/web/page.go b/handler/web/page.go index 1f457de..91e8e56 100644 --- a/handler/web/page.go +++ b/handler/web/page.go @@ -1,11 +1,8 @@ package web -import ( - "html/template" -) +import "html/template" -// Page holds page information that is sent to all webpages rendered -// by perseus. +// Page holds page information. type Page struct { SafeList []template.HTML List []string diff --git a/handler/web/register.go b/handler/web/register.go new file mode 100644 index 0000000..1a80651 --- /dev/null +++ b/handler/web/register.go @@ -0,0 +1,80 @@ +package web + +import ( + "fmt" + "html/template" + "log" + "net/http" + "strings" + + "tildegit.org/andinus/perseus/account" + "tildegit.org/andinus/perseus/storage" +) + +// RegisterHandler handles registration. +func RegisterHandler(w http.ResponseWriter, r *http.Request, db *storage.DB) { + p := Page{} + var err error + + t, err := template.ParseFiles("web/templates/register.html") + if err != nil { + log.Printf("web/register.go: 500 Internal Server Error :: %s", err.Error()) + http.Error(w, "500 Internal Server Error", http.StatusInternalServerError) + return + } + + p.Notice = []string{ + "Only [a-z] & [0-9] allowed for username", + "Password length must be greater than 8 characters", + } + + switch r.Method { + case http.MethodGet: + t.Execute(w, p) + + case http.MethodPost: + if err = r.ParseForm(); err != nil { + log.Printf("web/register.go: 400 Bad Request :: %s", err.Error()) + http.Error(w, "400 Bad Request", http.StatusBadRequest) + return + } + + // Get form values + u := account.User{} + u.Username = r.FormValue("username") + u.Password = r.FormValue("password") + + // Perform registration + err = u.Register(db) + + if err != nil { + log.Printf("web/register.go: %s :: %s", + "registration failed", + err.Error()) + + error := []string{} + error = append(error, + fmt.Sprintf("Registration failed")) + + // Check if the error was because of username + // not being unique. + if strings.HasPrefix(err.Error(), "UNIQUE constraint failed") { + error = append(error, + fmt.Sprintf("Username not unique")) + } + p.Error = error + } else { + success := []string{} + success = append(success, + fmt.Sprintf("Registration successful")) + p.Success = success + } + + t.Execute(w, p) + + default: + w.WriteHeader(http.StatusMethodNotAllowed) + log.Printf("web/register.go: %v not allowed on %v", r.Method, r.URL) + } + +} |