SynLotto/website
1
0
Fork 0
Code Issues 19 Pull Requests Actions Packages Projects 5 Releases Wiki Activity
Files
752db0b89d790cd45713f70d97dac716c07abc22
website/handlers/account/authentication.go

142 lines
3.8 KiB
Go
Raw Blame History

package handlers
import (
"database/sql"
"log"
"net/http"
"time"
httpHelpers "synlotto-website/helpers/http"
securityHelpers "synlotto-website/helpers/security"
templateHelpers "synlotto-website/helpers/template"
"synlotto-website/logging"
"synlotto-website/models"
"synlotto-website/storage"
"github.com/gorilla/csrf"
)
func Login(db *sql.DB) http.HandlerFunc {
return func(w http.ResponseWriter, r *http.Request) {
if r.Method == http.MethodGet {
session, _ := httpHelpers.GetSession(w, r)
if _, ok := session.Values["user_id"].(int); ok {
http.Redirect(w, r, "/", http.StatusSeeOther)
return
}
tmpl := templateHelpers.LoadTemplateFiles("login.html", "templates/account/login.html")
data := models.TemplateData{}
context := templateHelpers.TemplateContext(w, r, data)
context["csrfField"] = csrf.TemplateField(r)
if err := tmpl.ExecuteTemplate(w, "layout", context); err != nil {
logging.Info("❌ Template render error:", err)
http.Error(w, "Error rendering login page", http.StatusInternalServerError)
}
return
}
username := r.FormValue("username")
password := r.FormValue("password")
// ToDo: this outputs password in clear text remove or obscure!
logging.Info("🔐 Login attempt - Username: %s, Password: %s", username, password)
user := storage.GetUserByUsername(db, username)
if user == nil {
logging.Info("❌ User not found: %s", username)
storage.LogLoginAttempt(r, username, false)
session, _ := httpHelpers.GetSession(w, r)
session.Values["flash"] = "Invalid username or password."
session.Save(r, w)
http.Redirect(w, r, "/account/login", http.StatusSeeOther)
return
}
if !securityHelpers.CheckPasswordHash(user.PasswordHash, password) {
logging.Info("❌ Password mismatch for user: %s", username)
storage.LogLoginAttempt(r, username, false)
session, _ := httpHelpers.GetSession(w, r)
session.Values["flash"] = "Invalid username or password."
session.Save(r, w)
log.Printf("login has did it")
http.Redirect(w, r, "/account/login", http.StatusSeeOther)
return
}
logging.Info("✅ Login successful for user: %s", username)
storage.LogLoginAttempt(r, username, true)
session, _ := httpHelpers.GetSession(w, r)
for k := range session.Values {
delete(session.Values, k)
}
session.Values["user_id"] = user.Id
session.Values["last_activity"] = time.Now().UTC()
if r.FormValue("remember") == "on" {
session.Options.MaxAge = 60 * 60 * 24 * 30
} else {
session.Options.MaxAge = 0
}
if err := session.Save(r, w); err != nil {
logging.Info("❌ Failed to save session: %v", err)
} else {
logging.Info("✅ Session saved for user: %s", username)
}
http.Redirect(w, r, "/", http.StatusSeeOther)
}
}
func Logout(w http.ResponseWriter, r *http.Request) {
session, _ := httpHelpers.GetSession(w, r)
for k := range session.Values {
delete(session.Values, k)
}
session.Values["flash"] = "You've been logged out."
session.Options.MaxAge = 5
err := session.Save(r, w)
if err != nil {
logging.Error("❌ Logout session save failed:", err)
}
http.Redirect(w, r, "/account/login", http.StatusSeeOther)
}
func Signup(w http.ResponseWriter, r *http.Request) {
if r.Method == http.MethodGet {
tmpl := templateHelpers.LoadTemplateFiles("signup.html", "templates/account/signup.html")
tmpl.ExecuteTemplate(w, "layout", map[string]interface{}{
"csrfField": csrf.TemplateField(r),
})
return
}
username := r.FormValue("username")
password := r.FormValue("password")
hashed, err := securityHelpers.HashPassword(password)
if err != nil {
http.Error(w, "Server error", http.StatusInternalServerError)
return
}
err = models.CreateUser(username, hashed)
if err != nil {
http.Error(w, "Could not create user", http.StatusInternalServerError)
return
}
http.Redirect(w, r, "/account/login", http.StatusSeeOther)
}
Reference in New Issue View Git Blame Copy Permalink