package handlers import ( "log" "net/http" "time" securityHelpers "license-server/helpers/security" httpHelpers "synlotto-website/helpers/http" templateHelpers "synlotto-website/helpers/template" "synlotto-website/models" "synlotto-website/storage" "github.com/gorilla/csrf" ) func Login(w http.ResponseWriter, r *http.Request) { if r.Method == http.MethodGet { session, _ := httpHelpers.GetSession(w, r) if _, ok := session.Values["user_id"].(int); ok { http.Redirect(w, r, "/", http.StatusSeeOther) return } tmpl := templateHelpers.LoadTemplateFiles("login.html", "templates/account/login.html") context := templateHelpers.TemplateContext(w, r, models.TemplateData{}) context["csrfField"] = csrf.TemplateField(r) err := tmpl.ExecuteTemplate(w, "layout", context) if err != nil { log.Println("❌ Template render error:", err) http.Error(w, "Error rendering login page", http.StatusInternalServerError) // Take hte flash message from licnse server this just does a black page also should be using db ahain see licvense server } return } username := r.FormValue("username") password := r.FormValue("password") user := models.GetUserByUsername(username) if user == nil || !securityHelpers.CheckPasswordHash(user.PasswordHash, password) { http.Error(w, "Invalid credentials", http.StatusUnauthorized) return } session, _ := httpHelpers.GetSession(w, r) for k := range session.Values { delete(session.Values, k) } session.Values["user_id"] = user.Id session.Values["last_activity"] = time.Now() remember := r.FormValue("remember") == "on" if remember { session.Options.MaxAge = 60 * 60 * 24 * 30 } else { session.Options.MaxAge = 0 } err := session.Save(r, w) if err != nil { log.Println("❌ Failed to save session:", err) } else { log.Printf("✅ Login saved: user_id=%d, maxAge=%d", user.Id, session.Options.MaxAge) for _, c := range r.Cookies() { log.Printf("🍪 Cookie after login: %s = %s", c.Name, c.Value) } } if user == nil || !securityHelpers.CheckPasswordHash(user.PasswordHash, password) { storage.LogLoginAttempt(username, false) http.Error(w, "Invalid credentials", http.StatusUnauthorized) return } storage.LogLoginAttempt(username, true) http.Redirect(w, r, "/", http.StatusSeeOther) } func Logout(w http.ResponseWriter, r *http.Request) { session, _ := httpHelpers.GetSession(w, r) for k := range session.Values { delete(session.Values, k) } session.Values["flash"] = "You've been logged out." session.Options.MaxAge = 5 err := session.Save(r, w) if err != nil { log.Println("❌ Logout session save failed:", err) } http.Redirect(w, r, "/login", http.StatusSeeOther) } func Signup(w http.ResponseWriter, r *http.Request) { if r.Method == http.MethodGet { tmpl := templateHelpers.LoadTemplateFiles("signup.html", "templates/account/signup.html") tmpl.ExecuteTemplate(w, "layout", map[string]interface{}{ "csrfField": csrf.TemplateField(r), }) return } username := r.FormValue("username") password := r.FormValue("password") hashed, err := securityHelpers.HashPassword(password) if err != nil { http.Error(w, "Server error", http.StatusInternalServerError) return } err = models.CreateUser(username, hashed) if err != nil { http.Error(w, "Could not create user", http.StatusInternalServerError) return } http.Redirect(w, r, "/login", http.StatusSeeOther) }