website/handlers/account.go

package handlers

import (
	"html/template"
	"log"
	"net/http"
	"synlotto-website/helpers"
	"synlotto-website/models"
	"time"

	"github.com/gorilla/csrf"
)

func Login(w http.ResponseWriter, r *http.Request) {
	if r.Method == http.MethodGet {
		session, _ := helpers.GetSession(w, r)
		if _, ok := session.Values["user_id"].(int); ok {
			http.Redirect(w, r, "/", http.StatusSeeOther)
			return
		}

		tmpl := template.Must(template.New("login.html").Funcs(helpers.TemplateFuncs()).ParseFiles(
			"templates/layout.html",
			"templates/topbar.html",
			"templates/account/login.html",
		))

		context := helpers.TemplateContext(w, r, models.TemplateData{})
		context["csrfField"] = csrf.TemplateField(r)

		err := tmpl.ExecuteTemplate(w, "layout", context)
		if err != nil {
			log.Println("❌ Template render error:", err)
			http.Error(w, "Error rendering login page", http.StatusInternalServerError)
		}
		return
	}

	username := r.FormValue("username")
	password := r.FormValue("password")

	user := models.GetUserByUsername(username)
	if user == nil || !helpers.CheckPasswordHash(user.PasswordHash, password) {
		http.Error(w, "Invalid credentials", http.StatusUnauthorized)
		return
	}

	session, _ := helpers.GetSession(w, r)

	for k := range session.Values {
		delete(session.Values, k)
	}

	session.Values["user_id"] = user.Id
	session.Values["last_activity"] = time.Now()

	remember := r.FormValue("remember") == "on"
	if remember {
		session.Options.MaxAge = 60 * 60 * 24 * 30
	} else {
		session.Options.MaxAge = 0
	}

	err := session.Save(r, w)
	if err != nil {
		log.Println("❌ Failed to save session:", err)
	} else {
		log.Printf("✅ Login saved: user_id=%d, maxAge=%d", user.Id, session.Options.MaxAge)
		for _, c := range r.Cookies() {
			log.Printf("🍪 Cookie after login: %s = %s", c.Name, c.Value)
		}
	}

	if user == nil || !helpers.CheckPasswordHash(user.PasswordHash, password) {
		models.LogLoginAttempt(username, false)
		http.Error(w, "Invalid credentials", http.StatusUnauthorized)
		return
	}
	models.LogLoginAttempt(username, true)

	http.Redirect(w, r, "/", http.StatusSeeOther)
}

func Logout(w http.ResponseWriter, r *http.Request) {
	session, _ := helpers.GetSession(w, r)

	for k := range session.Values {
		delete(session.Values, k)
	}

	session.Values["flash"] = "You've been logged out."
	session.Options.MaxAge = 5

	err := session.Save(r, w)
	if err != nil {
		log.Println("❌ Logout session save failed:", err)
	}

	http.Redirect(w, r, "/login", http.StatusSeeOther)
}

func Signup(w http.ResponseWriter, r *http.Request) {
	if r.Method == http.MethodGet {
		tmpl := template.Must(template.ParseFiles(
			"templates/layout.html",
			"templates/account/signup.html",
		))

		tmpl.ExecuteTemplate(w, "layout", map[string]interface{}{
			"csrfField": csrf.TemplateField(r),
		})
		return
	}

	username := r.FormValue("username")
	password := r.FormValue("password")

	hashed, err := helpers.HashPassword(password)
	if err != nil {
		http.Error(w, "Server error", http.StatusInternalServerError)
		return
	}

	err = models.CreateUser(username, hashed)
	if err != nil {
		http.Error(w, "Could not create user", http.StatusInternalServerError)
		return
	}

	http.Redirect(w, r, "/login", http.StatusSeeOther)
}