SynLotto/website
1
0
Fork 0
Code Issues 19 Pull Requests Actions Packages Projects 5 Releases Wiki Activity

Refactoring cont.

Browse Source
This commit is contained in:
Ross Healy
2025-04-23 09:44:19 +01:00
parent 5c3a847900
commit 2ce810a4dd
19 changed files with 117 additions and 150 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
bootstrap/session.go
View File

@@ -4,11 +4,15 @@ import (
"bytes"
"crypto/rand"
"encoding/base64"
"encoding/gob"
"fmt"
"net/http"
"os"
"time"
sessionHandlers "synlotto-website/handlers/session"
sessionHelpers "synlotto-website/helpers/session"
helpers "synlotto-website/helpers/session"
"synlotto-website/logging"
"synlotto-website/models"
@@ -17,12 +21,13 @@ import (
var (
sessionStore *sessions.CookieStore
sessionName string
Name string
authKey []byte
encryptKey []byte
)
func InitSession(cfg *models.Config) error {
gob.Register(time.Time{})
authPath := cfg.Session.AuthKeyPath
encPath := cfg.Session.EncryptionKeyPath
@@ -32,7 +37,7 @@ func InitSession(cfg *models.Config) error {
if err != nil {
return err
}
encoded := helpers.EncodeKey(key)
encoded := sessionHelpers.EncodeKey(key)
err = os.WriteFile(authPath, []byte(encoded), 0600)
if err != nil {
return err
@@ -45,7 +50,7 @@ func InitSession(cfg *models.Config) error {
if err != nil {
return err
}
encoded := helpers.EncodeKey(key)
encoded := sessionHelpers.EncodeKey(key)
err = os.WriteFile(encPath, []byte(encoded), 0600)
if err != nil {
return err
@@ -96,15 +101,15 @@ func loadSessionKeys(authPath, encryptionPath, name string, isProduction bool) e
return fmt.Errorf("auth and encryption keys must be 32 bytes each (got auth=%d, enc=%d)", len(authKey), len(encryptKey))
}
sessionStore = sessions.NewCookieStore(authKey, encryptKey)
sessionStore.Options = &sessions.Options{
sessionHandlers.SessionStore = sessions.NewCookieStore(authKey, encryptKey)
sessionHandlers.SessionStore.Options = &sessions.Options{
Path: "/",
MaxAge: 86400 * 1,
MaxAge: 86400,
HttpOnly: true,
Secure: isProduction,
SameSite: http.SameSiteLaxMode,
}
sessionName = name
sessionHandlers.Name = name
return nil
}

6
handlers/account/authentication.go
View File

@@ -5,8 +5,8 @@ import (
"net/http"
"time"
securityHelpers "license-server/helpers/security"
httpHelpers "synlotto-website/helpers/http"
securityHelpers "synlotto-website/helpers/security"
templateHelpers "synlotto-website/helpers/template"
"synlotto-website/models"
"synlotto-website/storage"
@@ -70,11 +70,11 @@ func Login(w http.ResponseWriter, r *http.Request) {
}
if user == nil || !securityHelpers.CheckPasswordHash(user.PasswordHash, password) {
storage.LogLoginAttempt(username, false)
storage.LogLoginAttempt(r, username, false)
http.Error(w, "Invalid credentials", http.StatusUnauthorized)
return
}
storage.LogLoginAttempt(username, true)
storage.LogLoginAttempt(r, username, true)
http.Redirect(w, r, "/", http.StatusSeeOther)
}

5
handlers/admin/dashboard.go
View File

@@ -5,13 +5,14 @@ import (
"log"
"net/http"
helpers "synlotto-website/helpers"
httpHelpers "synlotto-website/helpers/http"
templateHelpers "synlotto-website/helpers/template"
"synlotto-website/models"
)
func AdminDashboardHandler(db *sql.DB) http.HandlerFunc {
return helpers.AuthMiddleware(func(w http.ResponseWriter, r *http.Request) {
return httpHelpers.AuthMiddleware(func(w http.ResponseWriter, r *http.Request) {
// userID, ok := securityHelpers.GetCurrentUserID(r)
// if !ok {
// http.Redirect(w, r, "/login", http.StatusSeeOther)

10
handlers/admin/draws.go
View File

@@ -5,14 +5,14 @@ import (
"log"
"net/http"
helpers "synlotto-website/helpers"
httpHelpers "synlotto-website/helpers/http"
templateHelpers "synlotto-website/helpers/template"
"synlotto-website/models"
)
func NewDrawHandler(db *sql.DB) http.HandlerFunc {
return helpers.AuthMiddleware(func(w http.ResponseWriter, r *http.Request) {
return httpHelpers.AuthMiddleware(func(w http.ResponseWriter, r *http.Request) {
context := templateHelpers.TemplateContext(w, r, models.TemplateData{})
if r.Method == http.MethodPost {
@@ -39,7 +39,7 @@ func NewDrawHandler(db *sql.DB) http.HandlerFunc {
}
func ModifyDrawHandler(db *sql.DB) http.HandlerFunc {
return helpers.AuthMiddleware(func(w http.ResponseWriter, r *http.Request) {
return httpHelpers.AuthMiddleware(func(w http.ResponseWriter, r *http.Request) {
if r.Method == http.MethodPost {
id := r.FormValue("id")
_, err := db.Exec(`UPDATE results_thunderball SET game_type=?, draw_date=?, ball_set=?, machine=? WHERE id=?`,
@@ -58,7 +58,7 @@ func ModifyDrawHandler(db *sql.DB) http.HandlerFunc {
}
func DeleteDrawHandler(db *sql.DB) http.HandlerFunc {
return helpers.AuthMiddleware(func(w http.ResponseWriter, r *http.Request) {
return httpHelpers.AuthMiddleware(func(w http.ResponseWriter, r *http.Request) {
if r.Method == http.MethodPost {
id := r.FormValue("id")
_, err := db.Exec(`DELETE FROM results_thunderball WHERE id = ?`, id)
@@ -73,7 +73,7 @@ func DeleteDrawHandler(db *sql.DB) http.HandlerFunc {
}
func ListDrawsHandler(db *sql.DB) http.HandlerFunc {
return helpers.AuthMiddleware(func(w http.ResponseWriter, r *http.Request) {
return httpHelpers.AuthMiddleware(func(w http.ResponseWriter, r *http.Request) {
context := templateHelpers.TemplateContext(w, r, models.TemplateData{})
draws := []models.DrawSummary{}

8
handlers/admin/prizes.go
View File

@@ -5,13 +5,15 @@ import (
"fmt"
"net/http"
"strconv"
helpers "synlotto-website/helpers"
httpHelpers "synlotto-website/helpers/http"
templateHelpers "synlotto-website/helpers/template"
"synlotto-website/models"
)
func AddPrizesHandler(db *sql.DB) http.HandlerFunc {
return helpers.AuthMiddleware(func(w http.ResponseWriter, r *http.Request) {
return httpHelpers.AuthMiddleware(func(w http.ResponseWriter, r *http.Request) {
if r.Method == http.MethodGet {
tmpl := templateHelpers.LoadTemplateFiles("add_prizes.html", "templates/admin/draws/prizes/add_prizes.html")
@@ -43,7 +45,7 @@ func AddPrizesHandler(db *sql.DB) http.HandlerFunc {
}
func ModifyPrizesHandler(db *sql.DB) http.HandlerFunc {
return helpers.AuthMiddleware(func(w http.ResponseWriter, r *http.Request) {
return httpHelpers.AuthMiddleware(func(w http.ResponseWriter, r *http.Request) {
if r.Method == http.MethodGet {
tmpl := templateHelpers.LoadTemplateFiles("modify_prizes.html", "templates/admin/draws/prizes/modify_prizes.html")

12
handlers/lottery/draws/draw_handler.go
View File

@@ -9,6 +9,7 @@ import (
"synlotto-website/helpers"
"synlotto-website/models"
"synlotto-website/storage"
)
func NewDraw(db *sql.DB) http.HandlerFunc {
@@ -19,7 +20,7 @@ func NewDraw(db *sql.DB) http.HandlerFunc {
context["Page"] = "new_draw"
context["Data"] = nil
tmpl := templateHelpers.LoadTemplateFiles("new_draw.html", "templates/new_draw.html") // ToDo: may need removing or moving add draw should be admin functionality and only when manually required. Potential live drawing of numbers in the future.
tmpl := templateHelpers.LoadTemplateFiles("new_draw.html", "templates/admin/draws/new_draw.html") // ToDo: may need removing or moving add draw should be admin functionality and only when manually required. Potential live drawing of numbers in the future.
err := tmpl.ExecuteTemplate(w, "layout", context)
if err != nil {
@@ -29,7 +30,7 @@ func NewDraw(db *sql.DB) http.HandlerFunc {
}
}
func Submit(w http.ResponseWriter, r *http.Request) {
func Submit(db *sql.DB, w http.ResponseWriter, r *http.Request) {
log.Println("📝 Form submission received")
_ = r.ParseForm()
@@ -45,7 +46,12 @@ func Submit(w http.ResponseWriter, r *http.Request) {
Thunderball: helpers.Atoi(r.FormValue("thunderball")),
}
Draws = append(Draws, draw)
err := storage.InsertThunderballResult(db, draw)
if err != nil {
log.Println("❌ Failed to insert draw:", err)
http.Error(w, "Failed to save draw", http.StatusInternalServerError)
return
}
log.Printf("📅 %s | 🛠 %s | 🎱 %d | 🔢 %d,%d,%d,%d,%d | ⚡ %d\n",
draw.DrawDate, draw.Machine, draw.BallSet,

7
handlers/lottery/tickets/ticket_handler.go
View File

@@ -10,6 +10,7 @@ import (
"strconv"
"time"
httpHelpers "synlotto-website/helpers/http"
securityHelpers "synlotto-website/helpers/security"
templateHelpers "synlotto-website/helpers/template"
draws "synlotto-website/services/draws"
@@ -21,7 +22,7 @@ import (
)
func AddTicket(db *sql.DB) http.HandlerFunc {
return helpers.AuthMiddleware(func(w http.ResponseWriter, r *http.Request) {
return httpHelpers.AuthMiddleware(func(w http.ResponseWriter, r *http.Request) {
if r.Method == http.MethodGet {
rows, err := db.Query(`
SELECT DISTINCT draw_date
@@ -180,7 +181,7 @@ func AddTicket(db *sql.DB) http.HandlerFunc {
}
func SubmitTicket(db *sql.DB) http.HandlerFunc {
return helpers.AuthMiddleware(func(w http.ResponseWriter, r *http.Request) {
return httpHelpers.AuthMiddleware(func(w http.ResponseWriter, r *http.Request) {
err := r.ParseMultipartForm(10 << 20)
if err != nil {
http.Error(w, "Invalid form", http.StatusBadRequest)
@@ -268,7 +269,7 @@ func SubmitTicket(db *sql.DB) http.HandlerFunc {
}
func GetMyTickets(db *sql.DB) http.HandlerFunc {
return helpers.AuthMiddleware(func(w http.ResponseWriter, r *http.Request) {
return httpHelpers.AuthMiddleware(func(w http.ResponseWriter, r *http.Request) {
userID, ok := securityHelpers.GetCurrentUserID(r)
if !ok {
http.Redirect(w, r, "/login", http.StatusSeeOther)

3
handlers/messages.go
View File

@@ -4,7 +4,6 @@ import (
"database/sql"
"log"
"net/http"
"strconv"
templateHandlers "synlotto-website/handlers/template"
"synlotto-website/helpers"
@@ -23,7 +22,7 @@ func MessagesInboxHandler(db *sql.DB) http.HandlerFunc {
return
}
page := strconv.Atoi(r.URL.Query().Get("page"))
page := helpers.Atoi(r.URL.Query().Get("page"))
if page < 1 {
page = 1
}

4
handlers/notifications.go
View File

@@ -7,9 +7,9 @@ import (
"strconv"
templateHandlers "synlotto-website/handlers/template"
httpHelpers "synlotto-website/helpers/http"
templateHelpers "synlotto-website/helpers/template"
"synlotto-website/helpers"
"synlotto-website/storage"
)
@@ -37,7 +37,7 @@ func MarkNotificationReadHandler(db *sql.DB) http.HandlerFunc {
return
}
session, _ := helpers.GetSession(w, r)
session, _ := httpHelpers.GetSession(w, r)
userID, ok := session.Values["user_id"].(int)
if !ok {
http.Error(w, "Unauthorized", http.StatusUnauthorized)

2
handlers/results.go
View File

@@ -65,7 +65,7 @@ func ResultsThunderball(db *sql.DB) http.HandlerFunc {
args = append(args, ballSetFilter)
}
totalPages, totalResults := helpers.GetTotalPages(db, "results_thunderball", whereClause, args, pageSize)
totalPages, totalResults := templateHelpers.GetTotalPages(db, "results_thunderball", whereClause, args, pageSize)
if page < 1 || page > totalPages {
http.NotFound(w, r)
return

13
handlers/session/account.go
View File

@@ -1,16 +1,23 @@
package handlers
import (
"fmt"
"net/http"
"github.com/gorilla/sessions"
)
var (
sessionStore *sessions.CookieStore
sessionName string
SessionStore *sessions.CookieStore
Name string
)
func GetSession(w http.ResponseWriter, r *http.Request) (*sessions.Session, error) {
return sessionStore.Get(r, sessionName)
if SessionStore == nil {
return nil, fmt.Errorf("session store not initialized")
}
if Name == "" {
return nil, fmt.Errorf("session name not configured")
}
return SessionStore.Get(r, Name)
}

67
helpers/session.go
View File

@@ -1,67 +0,0 @@
package helpers
import (
"encoding/gob"
"net/http"
"time"
"github.com/gorilla/sessions"
)
var authKey = []byte("12345678901234567890123456789012") // ToDo: Make env var
var encryptKey = []byte("abcdefghijklmnopqrstuvwx12345678") // ToDo: Make env var
var sessionName = "synlotto-session"
var store = sessions.NewCookieStore(authKey, encryptKey)
const SessionTimeout = 30 * time.Minute
func init() {
gob.Register(time.Time{})
store.Options = &sessions.Options{
Path: "/",
MaxAge: 86400 * 1,
HttpOnly: true,
Secure: false, // TODO: make env-configurable
SameSite: http.SameSiteLaxMode,
}
}
func GetSession(w http.ResponseWriter, r *http.Request) (*sessions.Session, error) {
return store.Get(r, sessionName)
}
func IsSessionExpired(session *sessions.Session) bool {
last, ok := session.Values["last_activity"].(time.Time)
if !ok {
return false
}
return time.Since(last) > SessionTimeout
}
func UpdateSessionActivity(session *sessions.Session, r *http.Request, w http.ResponseWriter) {
session.Values["last_activity"] = time.Now()
session.Save(r, w)
}
func AuthMiddleware(next http.HandlerFunc) http.HandlerFunc {
return func(w http.ResponseWriter, r *http.Request) {
session, _ := GetSession(w, r)
if IsSessionExpired(session) {
session.Options.MaxAge = -1
session.Save(r, w)
newSession, _ := GetSession(w, r)
newSession.Values["flash"] = "Your session has timed out."
newSession.Save(r, w)
http.Redirect(w, r, "/login", http.StatusSeeOther)
return
}
UpdateSessionActivity(session, r, w)
next(w, r)
}
}

2
helpers/template/build.go
View File

@@ -38,7 +38,7 @@ func TemplateContext(w http.ResponseWriter, r *http.Request, data models.Templat
"MessageCount": data.MessageCount,
"Messages": data.Messages,
"SiteName": cfg.Site.SiteName,
"YearStart": cfg.Site.CopyrightStart,
"CopyrightYearStart": cfg.Site.CopyrightYearStart,
}
}

7
middleware/auth.go
View File

@@ -4,14 +4,15 @@ import (
"net/http"
"time"
httpHelpers "synlotto-website/helpers/http"
"synlotto-website/constants"
"synlotto-website/helpers"
)
func Auth(required bool) func(http.HandlerFunc) http.HandlerFunc {
return func(next http.HandlerFunc) http.HandlerFunc {
return func(w http.ResponseWriter, r *http.Request) {
session, _ := helpers.GetSession(w, r)
session, _ := httpHelpers.GetSession(w, r)
_, ok := session.Values["user_id"].(int)
@@ -26,7 +27,7 @@ func Auth(required bool) func(http.HandlerFunc) http.HandlerFunc {
session.Options.MaxAge = -1
session.Save(r, w)
newSession, _ := helpers.GetSession(w, r)
newSession, _ := httpHelpers.GetSession(w, r)
newSession.Values["flash"] = "Your session has timed out."
newSession.Save(r, w)

15
models/config.go
View File

@@ -1,16 +1,16 @@
package models
type Config struct {
CSRF struct {
CSRFKey string `json:"csrfKey"`
} `json:"csrf"`
HttpServer struct {
Port int `json:"port"`
Address string `json:"address"`
ProductionMode bool `json:"productionMode"`
} `json:"httpServer"`
CSRF struct {
CSRFKey string `json:"csrfKey"`
} `json:"csrf"`
License struct {
APIURL string `json:"apiUrl"`
APIKey string `json:"apiKey"`
@@ -19,6 +19,11 @@ type Config struct {
Session struct {
AuthKeyPath string `json:"authKeyPath"`
EncryptionKeyPath string `json:"encryptionKeyPath"`
Name string `json:"sessionName"`
Name string `json:"name"`
} `json:"session"`
Site struct {
SiteName string `json:"siteName"`
CopyrightYearStart int `json:"copyrightYearStart"`
} `json:"site"`
}

5
routes/accountroutes.go
View File

@@ -5,6 +5,7 @@ import (
"net/http"
account "synlotto-website/handlers/account"
lotteryDrawHandlers "synlotto-website/handlers/lottery/tickets"
"synlotto-website/handlers"
"synlotto-website/middleware"
@@ -14,8 +15,8 @@ func SetupAccountRoutes(mux *http.ServeMux, db *sql.DB) {
mux.HandleFunc("/login", middleware.Protected(account.Login))
mux.HandleFunc("/logout", account.Logout)
mux.HandleFunc("/signup", middleware.Protected(account.Signup))
mux.HandleFunc("/account/tickets/add_ticket", handlers.AddTicket(db))
mux.HandleFunc("/account/tickets/my_tickets", handlers.GetMyTickets(db))
mux.HandleFunc("/account/tickets/add_ticket", lotteryDrawHandlers.AddTicket(db))
mux.HandleFunc("/account/tickets/my_tickets", lotteryDrawHandlers.GetMyTickets(db))
mux.HandleFunc("/account/messages", middleware.Protected(handlers.MessagesInboxHandler(db)))
mux.HandleFunc("/account/messages/read", middleware.Protected(handlers.ReadMessageHandler(db)))
mux.HandleFunc("/account/messages/archive", middleware.Protected(handlers.ArchiveMessageHandler(db)))

2
storage/db.go
View File

@@ -10,6 +10,8 @@ import (
_ "modernc.org/sqlite"
)
var db *sql.DB
func InitDB(filepath string) *sql.DB {
var err error
cfg := config.Get()

31
templates/admin/draws/new_draw.html
View File

@@ -9,3 +9,34 @@
<button class="btn">Create Draw</button>
</form>
{{ end }}
<!-- Old new draw
{{ define "content" }}
<a href="/">← Back</a>
<h2>Add New Thunderball Draw</h2>
<form method="POST" action="/submit">
{{ .csrfField }}
<div class="form-section">
<label>Date: <input type="date" name="date" required></label>
</div>
<div class="form-section">
<label>Machine: <input type="text" name="machine" required></label>
</div>
<div class="form-section">
<label>Ball Set: <input type="text" name="ballset" required></label>
</div>
<div class="form-section">
<label>Ball 1: <input type="text" name="ball1" required></label>
<label>Ball 2: <input type="text" name="ball2" required></label>
<label>Ball 3: <input type="text" name="ball3" required></label>
<label>Ball 4: <input type="text" name="ball4" required></label>
<label>Ball 5: <input type="text" name="ball5" required></label>
</div>
<div class="form-section">
<label>Thunderball: <input type="text" name="thunderball" required></label>
</div>
<button type="submit">Save Draw</button>
</form>
{{ end }} -->

27
templates/new_draw.html
View File

@@ -1,27 +0,0 @@
{{ define "content" }}
<a href="/">← Back</a>
<h2>Add New Thunderball Draw</h2>
<form method="POST" action="/submit">
{{ .csrfField }}
<div class="form-section">
<label>Date: <input type="date" name="date" required></label>
</div>
<div class="form-section">
<label>Machine: <input type="text" name="machine" required></label>
</div>
<div class="form-section">
<label>Ball Set: <input type="text" name="ballset" required></label>
</div>
<div class="form-section">
<label>Ball 1: <input type="text" name="ball1" required></label>
<label>Ball 2: <input type="text" name="ball2" required></label>
<label>Ball 3: <input type="text" name="ball3" required></label>
<label>Ball 4: <input type="text" name="ball4" required></label>
<label>Ball 5: <input type="text" name="ball5" required></label>
</div>
<div class="form-section">
<label>Thunderball: <input type="text" name="thunderball" required></label>
</div>
<button type="submit">Save Draw</button>
</form>
{{ end }}