Massive refactor!

handlers/account/authentication.go

@@ -0,0 +1,126 @@
+package handlers
+
+import (
+	"log"
+	"net/http"
+	"time"
+
+	securityHelpers "license-server/helpers/security"
+	httpHelpers "synlotto-website/helpers/http"
+	templateHelpers "synlotto-website/helpers/template"
+	"synlotto-website/models"
+	"synlotto-website/storage"
+
+	"github.com/gorilla/csrf"
+)
+
+func Login(w http.ResponseWriter, r *http.Request) {
+	if r.Method == http.MethodGet {
+		session, _ := httpHelpers.GetSession(w, r)
+		if _, ok := session.Values["user_id"].(int); ok {
+			http.Redirect(w, r, "/", http.StatusSeeOther)
+			return
+		}
+		tmpl := templateHelpers.LoadTemplateFiles("login.html", "templates/account/login.html")
+
+		context := templateHelpers.TemplateContext(w, r, models.TemplateData{})
+		context["csrfField"] = csrf.TemplateField(r)
+
+		err := tmpl.ExecuteTemplate(w, "layout", context)
+		if err != nil {
+			log.Println("❌ Template render error:", err)
+			http.Error(w, "Error rendering login page", http.StatusInternalServerError) // Take hte flash message from licnse server this just does a black page also should be using db ahain see licvense server
+		}
+		return
+	}
+
+	username := r.FormValue("username")
+	password := r.FormValue("password")
+
+	user := models.GetUserByUsername(username)
+	if user == nil || !securityHelpers.CheckPasswordHash(user.PasswordHash, password) {
+		http.Error(w, "Invalid credentials", http.StatusUnauthorized)
+		return
+	}
+
+	session, _ := httpHelpers.GetSession(w, r)
+
+	for k := range session.Values {
+		delete(session.Values, k)
+	}
+
+	session.Values["user_id"] = user.Id
+	session.Values["last_activity"] = time.Now()
+
+	remember := r.FormValue("remember") == "on"
+	if remember {
+		session.Options.MaxAge = 60 * 60 * 24 * 30
+	} else {
+		session.Options.MaxAge = 0
+	}
+
+	err := session.Save(r, w)
+	if err != nil {
+		log.Println("❌ Failed to save session:", err)
+	} else {
+		log.Printf("✅ Login saved: user_id=%d, maxAge=%d", user.Id, session.Options.MaxAge)
+		for _, c := range r.Cookies() {
+			log.Printf("🍪 Cookie after login: %s = %s", c.Name, c.Value)
+		}
+	}
+
+	if user == nil || !securityHelpers.CheckPasswordHash(user.PasswordHash, password) {
+		storage.LogLoginAttempt(username, false)
+		http.Error(w, "Invalid credentials", http.StatusUnauthorized)
+		return
+	}
+	storage.LogLoginAttempt(username, true)
+
+	http.Redirect(w, r, "/", http.StatusSeeOther)
+}
+
+func Logout(w http.ResponseWriter, r *http.Request) {
+	session, _ := httpHelpers.GetSession(w, r)
+
+	for k := range session.Values {
+		delete(session.Values, k)
+	}
+
+	session.Values["flash"] = "You've been logged out."
+	session.Options.MaxAge = 5
+
+	err := session.Save(r, w)
+	if err != nil {
+		log.Println("❌ Logout session save failed:", err)
+	}
+
+	http.Redirect(w, r, "/login", http.StatusSeeOther)
+}
+
+func Signup(w http.ResponseWriter, r *http.Request) {
+	if r.Method == http.MethodGet {
+		tmpl := templateHelpers.LoadTemplateFiles("signup.html", "templates/account/signup.html")
+
+		tmpl.ExecuteTemplate(w, "layout", map[string]interface{}{
+			"csrfField": csrf.TemplateField(r),
+		})
+		return
+	}
+
+	username := r.FormValue("username")
+	password := r.FormValue("password")
+
+	hashed, err := securityHelpers.HashPassword(password)
+	if err != nil {
+		http.Error(w, "Server error", http.StatusInternalServerError)
+		return
+	}
+
+	err = models.CreateUser(username, hashed)
+	if err != nil {
+		http.Error(w, "Could not create user", http.StatusInternalServerError)
+		return
+	}
+
+	http.Redirect(w, r, "/login", http.StatusSeeOther)
+}