diff --git a/http/http.go b/http/http.go index 7369bf2..9958082 100644 --- a/http/http.go +++ b/http/http.go @@ -1,7 +1,6 @@ package http import ( - "context" "io/fs" "net/http" "time" @@ -126,17 +125,6 @@ func (h *Handler) importYNAB(c *gin.Context) { } } -func (h *Handler) verifyLoginWithRedirect(c *gin.Context) { - token, err := h.verifyLogin(c) - if err != nil { - c.Redirect(http.StatusTemporaryRedirect, "/login") - return - } - - c.Set("token", token) - c.Next() -} - func (h *Handler) newTransaction(c *gin.Context) { transactionMemo, succ := c.GetPostForm("memo") if !succ { @@ -182,118 +170,16 @@ func (h *Handler) newTransaction(c *gin.Context) { } func (h *Handler) newBudget(c *gin.Context) { - token, err := h.verifyLogin(c) - if err != nil { - c.Redirect(http.StatusTemporaryRedirect, "/login") - return - } - budgetName, succ := c.GetPostForm("name") if !succ { c.AbortWithStatus(http.StatusNotAcceptable) return } - _, err = h.Service.NewBudget(budgetName, token.GetID()) + userID := c.MustGet("token").(budgeteer.Token).GetID() + _, err := h.Service.NewBudget(budgetName, userID) if err != nil { c.AbortWithError(http.StatusInternalServerError, err) return } } - -func (h *Handler) verifyLogin(c *gin.Context) (budgeteer.Token, error) { - tokenString, err := c.Cookie(authCookie) - if err != nil { - return nil, err - } - - token, err := h.TokenVerifier.VerifyToken(tokenString) - if err != nil { - c.SetCookie(authCookie, "", -1, "", "", false, false) - return nil, err - } - - return token, nil -} - -func (h *Handler) login(c *gin.Context) { - if _, err := h.verifyLogin(c); err == nil { - c.Redirect(http.StatusTemporaryRedirect, "/dashboard") - return - } - - c.HTML(http.StatusOK, "login.html", nil) -} - -func (h *Handler) register(c *gin.Context) { - if _, err := h.verifyLogin(c); err == nil { - c.Redirect(http.StatusTemporaryRedirect, "/dashboard") - return - } - - c.HTML(http.StatusOK, "register.html", nil) -} - -func logout(c *gin.Context) { - clearLogin(c) -} - -func clearLogin(c *gin.Context) { - c.SetCookie(authCookie, "", -1, "", "", false, true) -} - -func (h *Handler) loginPost(c *gin.Context) { - username, _ := c.GetPostForm("username") - password, _ := c.GetPostForm("password") - - user, err := h.Service.DB.GetUserByUsername(context.Background(), username) - if err != nil { - c.AbortWithError(http.StatusUnauthorized, err) - return - } - - if err = h.CredentialsVerifier.Verify(password, user.Password); err != nil { - c.AbortWithError(http.StatusUnauthorized, err) - return - } - - t, err := h.TokenVerifier.CreateToken(&user) - if err != nil { - c.AbortWithError(http.StatusUnauthorized, err) - } - - maxAge := (int)((expiration * time.Hour).Seconds()) - c.SetCookie(authCookie, t, maxAge, "", "", false, true) - - c.JSON(http.StatusOK, map[string]string{ - "token": t, - }) -} - -func (h *Handler) registerPost(c *gin.Context) { - email, _ := c.GetPostForm("email") - password, _ := c.GetPostForm("password") - name, _ := c.GetPostForm("name") - - _, err := h.Service.DB.GetUserByUsername(context.Background(), email) - if err == nil { - c.AbortWithStatus(http.StatusUnauthorized) - return - } - - hash, err := h.CredentialsVerifier.Hash(password) - if err != nil { - c.AbortWithError(http.StatusUnauthorized, err) - return - } - - createUser := postgres.CreateUserParams{ - Name: name, - Password: hash, - Email: email, - } - _, err = h.Service.DB.CreateUser(context.Background(), createUser) - if err != nil { - c.AbortWithError(http.StatusInternalServerError, err) - } -} diff --git a/http/session.go b/http/session.go new file mode 100644 index 0000000..b53b4cd --- /dev/null +++ b/http/session.go @@ -0,0 +1,119 @@ +package http + +import ( + "context" + "net/http" + "time" + + "git.javil.eu/jacob1123/budgeteer" + "git.javil.eu/jacob1123/budgeteer/postgres" + "github.com/gin-gonic/gin" +) + +func (h *Handler) verifyLogin(c *gin.Context) (budgeteer.Token, error) { + tokenString, err := c.Cookie(authCookie) + if err != nil { + return nil, err + } + + token, err := h.TokenVerifier.VerifyToken(tokenString) + if err != nil { + c.SetCookie(authCookie, "", -1, "", "", false, false) + return nil, err + } + + return token, nil +} + +func (h *Handler) verifyLoginWithRedirect(c *gin.Context) { + token, err := h.verifyLogin(c) + if err != nil { + c.Redirect(http.StatusTemporaryRedirect, "/login") + return + } + + c.Set("token", token) + c.Next() +} + +func (h *Handler) login(c *gin.Context) { + if _, err := h.verifyLogin(c); err == nil { + c.Redirect(http.StatusTemporaryRedirect, "/dashboard") + return + } + + c.HTML(http.StatusOK, "login.html", nil) +} + +func (h *Handler) register(c *gin.Context) { + if _, err := h.verifyLogin(c); err == nil { + c.Redirect(http.StatusTemporaryRedirect, "/dashboard") + return + } + + c.HTML(http.StatusOK, "register.html", nil) +} + +func logout(c *gin.Context) { + clearLogin(c) +} + +func clearLogin(c *gin.Context) { + c.SetCookie(authCookie, "", -1, "", "", false, true) +} + +func (h *Handler) loginPost(c *gin.Context) { + username, _ := c.GetPostForm("username") + password, _ := c.GetPostForm("password") + + user, err := h.Service.DB.GetUserByUsername(context.Background(), username) + if err != nil { + c.AbortWithError(http.StatusUnauthorized, err) + return + } + + if err = h.CredentialsVerifier.Verify(password, user.Password); err != nil { + c.AbortWithError(http.StatusUnauthorized, err) + return + } + + t, err := h.TokenVerifier.CreateToken(&user) + if err != nil { + c.AbortWithError(http.StatusUnauthorized, err) + } + + maxAge := (int)((expiration * time.Hour).Seconds()) + c.SetCookie(authCookie, t, maxAge, "", "", false, true) + + c.JSON(http.StatusOK, map[string]string{ + "token": t, + }) +} + +func (h *Handler) registerPost(c *gin.Context) { + email, _ := c.GetPostForm("email") + password, _ := c.GetPostForm("password") + name, _ := c.GetPostForm("name") + + _, err := h.Service.DB.GetUserByUsername(context.Background(), email) + if err == nil { + c.AbortWithStatus(http.StatusUnauthorized) + return + } + + hash, err := h.CredentialsVerifier.Hash(password) + if err != nil { + c.AbortWithError(http.StatusUnauthorized, err) + return + } + + createUser := postgres.CreateUserParams{ + Name: name, + Password: hash, + Email: email, + } + _, err = h.Service.DB.CreateUser(context.Background(), createUser) + if err != nil { + c.AbortWithError(http.StatusInternalServerError, err) + } +}