Stack of changes to get gin, scs, nosurf running.
This commit is contained in:
81
internal/handlers/account/login.go
Normal file
81
internal/handlers/account/login.go
Normal file
@@ -0,0 +1,81 @@
|
||||
package accountHandler
|
||||
|
||||
import (
|
||||
"net/http"
|
||||
"time"
|
||||
|
||||
"github.com/gin-gonic/gin"
|
||||
"github.com/justinas/nosurf"
|
||||
|
||||
securityHelpers "synlotto-website/internal/helpers/security"
|
||||
templateHelpers "synlotto-website/internal/helpers/template"
|
||||
"synlotto-website/internal/logging"
|
||||
"synlotto-website/internal/models"
|
||||
"synlotto-website/internal/platform/bootstrap"
|
||||
auditlogStorage "synlotto-website/internal/storage/auditlog"
|
||||
usersStorage "synlotto-website/internal/storage/users"
|
||||
)
|
||||
|
||||
func LoginGet(c *gin.Context) {
|
||||
app := c.MustGet("app").(*bootstrap.App)
|
||||
sm := app.SessionManager
|
||||
|
||||
ctx := templateHelpers.TemplateContext(c.Writer, c.Request, models.TemplateData{})
|
||||
|
||||
if f := sm.PopString(c.Request.Context(), "flash"); f != "" {
|
||||
ctx["Flash"] = f
|
||||
}
|
||||
|
||||
ctx["CSRFToken"] = nosurf.Token(c.Request)
|
||||
|
||||
tmpl := templateHelpers.LoadTemplateFiles("layout.html", "web/templates/account/login.html")
|
||||
|
||||
c.Status(http.StatusOK)
|
||||
if err := tmpl.ExecuteTemplate(c.Writer, "layout", ctx); err != nil {
|
||||
logging.Info("❌ Template render error: %v", err)
|
||||
c.String(http.StatusInternalServerError, "Error rendering login page")
|
||||
}
|
||||
}
|
||||
|
||||
func LoginPost(c *gin.Context) {
|
||||
app := c.MustGet("app").(*bootstrap.App)
|
||||
sm := app.SessionManager
|
||||
db := app.DB
|
||||
|
||||
r := c.Request
|
||||
w := c.Writer
|
||||
|
||||
username := r.FormValue("username")
|
||||
password := r.FormValue("password")
|
||||
|
||||
logging.Info("🔐 Login attempt - Username: %s", username)
|
||||
|
||||
user := usersStorage.GetUserByUsername(db, username)
|
||||
if user == nil {
|
||||
logging.Info("❌ User not found: %s", username)
|
||||
auditlogStorage.LogLoginAttempt(db, r.RemoteAddr, r.UserAgent(), username, false)
|
||||
sm.Put(r.Context(), "flash", "Invalid username or password.")
|
||||
c.Redirect(http.StatusSeeOther, "/account/login")
|
||||
return
|
||||
}
|
||||
|
||||
if !securityHelpers.CheckPasswordHash(user.PasswordHash, password) {
|
||||
logging.Info("❌ Password mismatch for user: %s", username)
|
||||
auditlogStorage.LogLoginAttempt(db, r.RemoteAddr, r.UserAgent(), username, false)
|
||||
sm.Put(r.Context(), "flash", "Invalid username or password.")
|
||||
c.Redirect(http.StatusSeeOther, "/account/login")
|
||||
return
|
||||
}
|
||||
|
||||
logging.Info("✅ Login successful for user: %s", username)
|
||||
auditlogStorage.LogLoginAttempt(db, r.RemoteAddr, r.UserAgent(), username, true)
|
||||
|
||||
_ = sm.Destroy(r.Context())
|
||||
_ = sm.RenewToken(r.Context())
|
||||
|
||||
sm.Put(r.Context(), "user_id", user.Id)
|
||||
sm.Put(r.Context(), "last_activity", time.Now().UTC())
|
||||
sm.Put(r.Context(), "flash", "Welcome back, "+user.Username+"!")
|
||||
|
||||
http.Redirect(w, r, "/", http.StatusSeeOther)
|
||||
}
|
||||
Reference in New Issue
Block a user