summary refs log tree commit diff stats
path: root/handler
diff options
context:
space:
mode:
Diffstat (limited to 'handler')
-rw-r--r--handler/web/login.go81
-rw-r--r--handler/web/page.go7
-rw-r--r--handler/web/register.go80
3 files changed, 163 insertions, 5 deletions
diff --git a/handler/web/login.go b/handler/web/login.go
new file mode 100644
index 0000000..3ad15a1
--- /dev/null
+++ b/handler/web/login.go
@@ -0,0 +1,81 @@
+package web
+
+import (
+	"fmt"
+	"html/template"
+	"log"
+	"net/http"
+	"time"
+
+	"tildegit.org/andinus/perseus/account"
+	"tildegit.org/andinus/perseus/storage"
+)
+
+// LoginHandler handles login.
+func LoginHandler(w http.ResponseWriter, r *http.Request, db *storage.DB) {
+	p := Page{}
+	var err error
+
+	t, err := template.ParseFiles("web/templates/login.html")
+	if err != nil {
+		log.Printf("web/login.go: 500 Internal Server Error :: %s", err.Error())
+		http.Error(w, "500 Internal Server Error", http.StatusInternalServerError)
+		return
+	}
+
+	switch r.Method {
+	case http.MethodGet:
+		t.Execute(w, p)
+
+	case http.MethodPost:
+		if err = r.ParseForm(); err != nil {
+			log.Printf("web/login.go: 400 Bad Request :: %s", err.Error())
+			http.Error(w, "400 Bad Request", http.StatusBadRequest)
+			return
+		}
+
+		// Get form values
+		u := account.User{}
+		u.Username = r.FormValue("username")
+		u.Password = r.FormValue("password")
+
+		// Perform login
+		err = u.Login(db)
+
+		if err != nil {
+			log.Printf("web/login.go: %s :: %s",
+				"login failed",
+				err.Error())
+
+			error := []string{}
+			error = append(error,
+				fmt.Sprintf("Login failed"))
+
+			p.Error = error
+			t.Execute(w, p)
+			return
+		}
+
+		// Login successful, set token
+		cookie := http.Cookie{
+			Name:  "token",
+			Value: u.Token,
+			// Expire the cookie after 16 days from
+			// current UTC time.
+			Expires:  time.Now().UTC().Add(16 * 24 * time.Hour),
+			SameSite: http.SameSiteLaxMode,
+			HttpOnly: true,
+		}
+		http.SetCookie(w, &cookie)
+		success := []string{}
+		success = append(success,
+			fmt.Sprintf("Login successful"))
+		p.Success = success
+		t.Execute(w, p)
+
+	default:
+		w.WriteHeader(http.StatusMethodNotAllowed)
+		log.Printf("web/login.go: %v not allowed on %v", r.Method, r.URL)
+	}
+
+}
diff --git a/handler/web/page.go b/handler/web/page.go
index 1f457de..91e8e56 100644
--- a/handler/web/page.go
+++ b/handler/web/page.go
@@ -1,11 +1,8 @@
 package web
 
-import (
-	"html/template"
-)
+import "html/template"
 
-// Page holds page information that is sent to all webpages rendered
-// by perseus.
+// Page holds page information.
 type Page struct {
 	SafeList []template.HTML
 	List     []string
diff --git a/handler/web/register.go b/handler/web/register.go
new file mode 100644
index 0000000..1a80651
--- /dev/null
+++ b/handler/web/register.go
@@ -0,0 +1,80 @@
+package web
+
+import (
+	"fmt"
+	"html/template"
+	"log"
+	"net/http"
+	"strings"
+
+	"tildegit.org/andinus/perseus/account"
+	"tildegit.org/andinus/perseus/storage"
+)
+
+// RegisterHandler handles registration.
+func RegisterHandler(w http.ResponseWriter, r *http.Request, db *storage.DB) {
+	p := Page{}
+	var err error
+
+	t, err := template.ParseFiles("web/templates/register.html")
+	if err != nil {
+		log.Printf("web/register.go: 500 Internal Server Error :: %s", err.Error())
+		http.Error(w, "500 Internal Server Error", http.StatusInternalServerError)
+		return
+	}
+
+	p.Notice = []string{
+		"Only [a-z] & [0-9] allowed for username",
+		"Password length must be greater than 8 characters",
+	}
+
+	switch r.Method {
+	case http.MethodGet:
+		t.Execute(w, p)
+
+	case http.MethodPost:
+		if err = r.ParseForm(); err != nil {
+			log.Printf("web/register.go: 400 Bad Request :: %s", err.Error())
+			http.Error(w, "400 Bad Request", http.StatusBadRequest)
+			return
+		}
+
+		// Get form values
+		u := account.User{}
+		u.Username = r.FormValue("username")
+		u.Password = r.FormValue("password")
+
+		// Perform registration
+		err = u.Register(db)
+
+		if err != nil {
+			log.Printf("web/register.go: %s :: %s",
+				"registration failed",
+				err.Error())
+
+			error := []string{}
+			error = append(error,
+				fmt.Sprintf("Registration failed"))
+
+			// Check if the error was because of username
+			// not being unique.
+			if strings.HasPrefix(err.Error(), "UNIQUE constraint failed") {
+				error = append(error,
+					fmt.Sprintf("Username not unique"))
+			}
+			p.Error = error
+		} else {
+			success := []string{}
+			success = append(success,
+				fmt.Sprintf("Registration successful"))
+			p.Success = success
+		}
+
+		t.Execute(w, p)
+
+	default:
+		w.WriteHeader(http.StatusMethodNotAllowed)
+		log.Printf("web/register.go: %v not allowed on %v", r.Method, r.URL)
+	}
+
+}