Refactor and remove sqlite and replace with MySQL

2025-10-23 18:43:31 +01:00
parent d53e27eea8
commit 21ebc9c34b
139 changed files with 1013 additions and 529 deletions
--- a/internal/handlers/account/authentication.go
+++ b/internal/handlers/account/authentication.go
@@ -0,0 +1,141 @@
+package handlers
+
+import (
+	"database/sql"
+	"log"
+	"net/http"
+	"time"
+
+	httpHelpers "synlotto-website/helpers/http"
+	securityHelpers "synlotto-website/helpers/security"
+	templateHelpers "synlotto-website/helpers/template"
+
+	"synlotto-website/logging"
+	"synlotto-website/models"
+	"synlotto-website/storage"
+
+	"github.com/gorilla/csrf"
+)
+
+func Login(db *sql.DB) http.HandlerFunc {
+	return func(w http.ResponseWriter, r *http.Request) {
+		if r.Method == http.MethodGet {
+			session, _ := httpHelpers.GetSession(w, r)
+			if _, ok := session.Values["user_id"].(int); ok {
+				http.Redirect(w, r, "/", http.StatusSeeOther)
+				return
+			}
+
+			tmpl := templateHelpers.LoadTemplateFiles("login.html", "templates/account/login.html")
+			data := models.TemplateData{}
+			context := templateHelpers.TemplateContext(w, r, data)
+			context["csrfField"] = csrf.TemplateField(r)
+
+			if err := tmpl.ExecuteTemplate(w, "layout", context); err != nil {
+				logging.Info("❌ Template render error:", err)
+				http.Error(w, "Error rendering login page", http.StatusInternalServerError)
+			}
+			return
+		}
+
+		username := r.FormValue("username")
+		password := r.FormValue("password")
+
+		// ToDo: this outputs password in clear text remove or obscure!
+		logging.Info("🔐 Login attempt - Username: %s, Password: %s", username, password)
+
+		user := storage.GetUserByUsername(db, username)
+		if user == nil {
+			logging.Info("❌ User not found: %s", username)
+			storage.LogLoginAttempt(r, username, false)
+
+			session, _ := httpHelpers.GetSession(w, r)
+			session.Values["flash"] = "Invalid username or password."
+			session.Save(r, w)
+			http.Redirect(w, r, "/account/login", http.StatusSeeOther)
+			return
+		}
+
+		if !securityHelpers.CheckPasswordHash(user.PasswordHash, password) {
+			logging.Info("❌ Password mismatch for user: %s", username)
+			storage.LogLoginAttempt(r, username, false)
+
+			session, _ := httpHelpers.GetSession(w, r)
+			session.Values["flash"] = "Invalid username or password."
+			session.Save(r, w)
+			log.Printf("login has  did it")
+			http.Redirect(w, r, "/account/login", http.StatusSeeOther)
+			return
+		}
+
+		logging.Info("✅ Login successful for user: %s", username)
+		storage.LogLoginAttempt(r, username, true)
+
+		session, _ := httpHelpers.GetSession(w, r)
+		for k := range session.Values {
+			delete(session.Values, k)
+		}
+
+		session.Values["user_id"] = user.Id
+		session.Values["last_activity"] = time.Now().UTC()
+
+		if r.FormValue("remember") == "on" {
+			session.Options.MaxAge = 60 * 60 * 24 * 30
+		} else {
+			session.Options.MaxAge = 0
+		}
+
+		if err := session.Save(r, w); err != nil {
+			logging.Info("❌ Failed to save session: %v", err)
+		} else {
+			logging.Info("✅ Session saved for user: %s", username)
+		}
+
+		http.Redirect(w, r, "/", http.StatusSeeOther)
+	}
+}
+
+func Logout(w http.ResponseWriter, r *http.Request) {
+	session, _ := httpHelpers.GetSession(w, r)
+
+	for k := range session.Values {
+		delete(session.Values, k)
+	}
+
+	session.Values["flash"] = "You've been logged out."
+	session.Options.MaxAge = 5
+
+	err := session.Save(r, w)
+	if err != nil {
+		logging.Error("❌ Logout session save failed:", err)
+	}
+	http.Redirect(w, r, "/account/login", http.StatusSeeOther)
+}
+
+func Signup(w http.ResponseWriter, r *http.Request) {
+	if r.Method == http.MethodGet {
+		tmpl := templateHelpers.LoadTemplateFiles("signup.html", "templates/account/signup.html")
+
+		tmpl.ExecuteTemplate(w, "layout", map[string]interface{}{
+			"csrfField": csrf.TemplateField(r),
+		})
+		return
+	}
+
+	username := r.FormValue("username")
+	password := r.FormValue("password")
+
+	hashed, err := securityHelpers.HashPassword(password)
+	if err != nil {
+		http.Error(w, "Server error", http.StatusInternalServerError)
+		return
+	}
+
+	err = models.CreateUser(username, hashed)
+	if err != nil {
+		http.Error(w, "Could not create user", http.StatusInternalServerError)
+		return
+	}
+
+	http.Redirect(w, r, "/account/login", http.StatusSeeOther)
+}