Refactoring for Gin, NoSurf and SCS continues.
This commit is contained in:
@@ -9,12 +9,13 @@ import (
|
||||
httpHelpers "synlotto-website/internal/helpers/http"
|
||||
securityHelpers "synlotto-website/internal/helpers/security"
|
||||
templateHelpers "synlotto-website/internal/helpers/template"
|
||||
|
||||
"synlotto-website/internal/logging"
|
||||
"synlotto-website/internal/models"
|
||||
"synlotto-website/internal/storage"
|
||||
auditlogStorage "synlotto-website/internal/storage/auditlog"
|
||||
usersStorage "synlotto-website/internal/storage/users"
|
||||
|
||||
"github.com/gorilla/csrf"
|
||||
"github.com/justinas/nosurf"
|
||||
)
|
||||
|
||||
func Login(db *sql.DB) http.HandlerFunc {
|
||||
@@ -29,7 +30,7 @@ func Login(db *sql.DB) http.HandlerFunc {
|
||||
tmpl := templateHelpers.LoadTemplateFiles("login.html", "templates/account/login.html")
|
||||
data := models.TemplateData{}
|
||||
context := templateHelpers.TemplateContext(w, r, data)
|
||||
context["csrfField"] = csrf.TemplateField(r)
|
||||
context["CSRFToken"] = nosurf.Token(r)
|
||||
|
||||
if err := tmpl.ExecuteTemplate(w, "layout", context); err != nil {
|
||||
logging.Info("❌ Template render error:", err)
|
||||
@@ -44,10 +45,10 @@ func Login(db *sql.DB) http.HandlerFunc {
|
||||
// ToDo: this outputs password in clear text remove or obscure!
|
||||
logging.Info("🔐 Login attempt - Username: %s, Password: %s", username, password)
|
||||
|
||||
user := storage.GetUserByUsername(db, username)
|
||||
user := usersStorage.GetUserByUsername(db, username)
|
||||
if user == nil {
|
||||
logging.Info("❌ User not found: %s", username)
|
||||
storage.LogLoginAttempt(r, username, false)
|
||||
auditlogStorage.LogLoginAttempt(db, r, username, false)
|
||||
|
||||
session, _ := httpHelpers.GetSession(w, r)
|
||||
session.Values["flash"] = "Invalid username or password."
|
||||
@@ -58,7 +59,7 @@ func Login(db *sql.DB) http.HandlerFunc {
|
||||
|
||||
if !securityHelpers.CheckPasswordHash(user.PasswordHash, password) {
|
||||
logging.Info("❌ Password mismatch for user: %s", username)
|
||||
storage.LogLoginAttempt(r, username, false)
|
||||
auditlogStorage.LogLoginAttempt(db, r, username, false)
|
||||
|
||||
session, _ := httpHelpers.GetSession(w, r)
|
||||
session.Values["flash"] = "Invalid username or password."
|
||||
@@ -69,7 +70,7 @@ func Login(db *sql.DB) http.HandlerFunc {
|
||||
}
|
||||
|
||||
logging.Info("✅ Login successful for user: %s", username)
|
||||
storage.LogLoginAttempt(r, username, true)
|
||||
auditlogStorage.LogLoginAttempt(db, r, username, true)
|
||||
|
||||
session, _ := httpHelpers.GetSession(w, r)
|
||||
for k := range session.Values {
|
||||
@@ -112,30 +113,39 @@ func Logout(w http.ResponseWriter, r *http.Request) {
|
||||
http.Redirect(w, r, "/account/login", http.StatusSeeOther)
|
||||
}
|
||||
|
||||
func Signup(w http.ResponseWriter, r *http.Request) {
|
||||
if r.Method == http.MethodGet {
|
||||
tmpl := templateHelpers.LoadTemplateFiles("signup.html", "templates/account/signup.html")
|
||||
// ToDo: opted to inject the repo which is better for tests/DI rather than taking the *sql.DB
|
||||
func Signup(usersRepo *usersStorage.UsersRepo) http.HandlerFunc {
|
||||
return func(w http.ResponseWriter, r *http.Request) {
|
||||
if r.Method == http.MethodGet {
|
||||
tmpl := templateHelpers.LoadTemplateFiles("signup.html", "templates/account/signup.html")
|
||||
if err := tmpl.ExecuteTemplate(w, "layout", map[string]interface{}{
|
||||
"csrfField": csrf.TemplateField(r), // ToDo: this is the olf Gorilla thing
|
||||
}); err != nil {
|
||||
logging.Info("❌ Template render error: %v", err)
|
||||
http.Error(w, "Error rendering signup page", http.StatusInternalServerError)
|
||||
}
|
||||
return
|
||||
}
|
||||
|
||||
tmpl.ExecuteTemplate(w, "layout", map[string]interface{}{
|
||||
"csrfField": csrf.TemplateField(r),
|
||||
})
|
||||
return
|
||||
username := r.FormValue("username")
|
||||
password := r.FormValue("password")
|
||||
|
||||
if username == "" || password == "" {
|
||||
http.Error(w, "Username and password are required", http.StatusBadRequest)
|
||||
return
|
||||
}
|
||||
|
||||
hashed, err := securityHelpers.HashPassword(password)
|
||||
if err != nil {
|
||||
http.Error(w, "Server error", http.StatusInternalServerError)
|
||||
return
|
||||
}
|
||||
|
||||
if err := usersRepo.Create(r.Context(), username, hashed, false); err != nil {
|
||||
http.Error(w, "Could not create user", http.StatusInternalServerError)
|
||||
return
|
||||
}
|
||||
|
||||
http.Redirect(w, r, "/account/login", http.StatusSeeOther)
|
||||
}
|
||||
|
||||
username := r.FormValue("username")
|
||||
password := r.FormValue("password")
|
||||
|
||||
hashed, err := securityHelpers.HashPassword(password)
|
||||
if err != nil {
|
||||
http.Error(w, "Server error", http.StatusInternalServerError)
|
||||
return
|
||||
}
|
||||
|
||||
err = models.CreateUser(username, hashed)
|
||||
if err != nil {
|
||||
http.Error(w, "Could not create user", http.StatusInternalServerError)
|
||||
return
|
||||
}
|
||||
|
||||
http.Redirect(w, r, "/account/login", http.StatusSeeOther)
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user