Move login, logout and register to /api/v1/user

2017-01-19 22:17:53 +01:00
parent 2619566a62
commit a504e4d382
3 changed files with 166 additions and 159 deletions
--- a/http/http.go
+++ b/http/http.go
@ -1,155 +1,162 @@
-package http
+package http
-
+
-import (
+import (
-	"net/http"
+	"net/http"
-	"time"
+	"time"
-
+
-	"git.javil.eu/jacob1123/budgeteer"
+	"git.javil.eu/jacob1123/budgeteer"
-
+
-	"gopkg.in/gin-gonic/gin.v1"
+	"gopkg.in/gin-gonic/gin.v1"
-)
+)
-
+
-// Handler handles incoming requests
+// Handler handles incoming requests
-type Handler struct {
+type Handler struct {
-	Service             budgeteer.ModelService
+	Service             budgeteer.ModelService
-	TokenVerifier       budgeteer.TokenVerifier
+	TokenVerifier       budgeteer.TokenVerifier
-	CredentialsVerifier budgeteer.CredentialVerifier
+	CredentialsVerifier budgeteer.CredentialVerifier
-}
+}
-
+
-const (
+const (
-	expiration = 72
+	expiration = 72
-	authCookie = "authentication"
+	authCookie = "authentication"
-)
+)
-
+
-// Serve starts the HTTP Server
+// Serve starts the HTTP Server
-func (h *Handler) Serve() {
+func (h *Handler) Serve() {
-	router := gin.Default()
+	router := gin.Default()
-
+
-	router.LoadHTMLGlob("./templates/*")
+	router.LoadHTMLGlob("./templates/*")
-	router.Static("/static", "./static")
+	router.Static("/static", "./static")
-
+
-	router.GET("/", func(c *gin.Context) { c.HTML(http.StatusOK, "index", nil) })
+	router.GET("/", func(c *gin.Context) { c.HTML(http.StatusOK, "index", nil) })
-	router.GET("/login", h.login)
+	router.GET("/login", h.login)
-	router.GET("/register", h.register)
+	router.GET("/register", h.register)
-	router.GET("/dashboard", h.dashboard)
+	router.GET("/dashboard", h.dashboard)
-	api := router.Group("/api/v1")
+	api := router.Group("/api/v1")
-	{
+	{
-		api.GET("/logout", logout)
+		user := api.Group("/user")
-		api.GET("/login", func(c *gin.Context) { c.Redirect(http.StatusPermanentRedirect, "/login") })
+		{
-		api.POST("/login", h.loginPost)
+			user.GET("/logout", logout)
-		api.POST("/register", h.registerPost)
+			user.GET("/login", func(c *gin.Context) { c.Redirect(http.StatusPermanentRedirect, "/login") })
-	}
+			user.POST("/login", h.loginPost)
-
+			user.POST("/register", h.registerPost)
-	router.Run(":1323")
+		}
-}
+		budget := api.Group("budget")
-
+		{
-func (h *Handler) dashboard(c *gin.Context) {
+			budget.POST("")
-	token, err := h.verifyLogin(c)
+		}
-	if err != nil {
+	}
-		c.Redirect(http.StatusTemporaryRedirect, "/login")
+
-		return
+	router.Run(":1323")
-	}
+}
-
+
-	d := TemplateData{
+func (h *Handler) dashboard(c *gin.Context) {
-		Token:         token,
+	token, err := h.verifyLogin(c)
-		budgetService: h.Service,
+	if err != nil {
-	}
+		c.Redirect(http.StatusTemporaryRedirect, "/login")
-	c.HTML(http.StatusOK, "dashboard", d)
+		return
-}
+	}
-
+
-func (h *Handler) verifyLogin(c *gin.Context) (budgeteer.Token, error) {
+	d := TemplateData{
-	tokenString, err := c.Cookie(authCookie)
+		Token:         token,
-	if err != nil {
+		budgetService: h.Service,
-		return nil, err
+	}
-	}
+	c.HTML(http.StatusOK, "dashboard", d)
-
+}
-	token, err := h.TokenVerifier.VerifyToken(tokenString)
+
-	if err != nil {
+func (h *Handler) verifyLogin(c *gin.Context) (budgeteer.Token, error) {
-		c.SetCookie(authCookie, "", -1, "", "", false, false)
+	tokenString, err := c.Cookie(authCookie)
-		return nil, err
+	if err != nil {
-	}
+		return nil, err
-
+	}
-	return token, nil
+
-}
+	token, err := h.TokenVerifier.VerifyToken(tokenString)
-
+	if err != nil {
-func (h *Handler) login(c *gin.Context) {
+		c.SetCookie(authCookie, "", -1, "", "", false, false)
-	if _, err := h.verifyLogin(c); err == nil {
+		return nil, err
-		c.Redirect(http.StatusTemporaryRedirect, "/dashboard")
+	}
-		return
+
-	}
+	return token, nil
-
+}
-	c.HTML(http.StatusOK, "login", nil)
+
-}
+func (h *Handler) login(c *gin.Context) {
-
+	if _, err := h.verifyLogin(c); err == nil {
-func (h *Handler) register(c *gin.Context) {
+		c.Redirect(http.StatusTemporaryRedirect, "/dashboard")
-	if _, err := h.verifyLogin(c); err == nil {
+		return
-		c.Redirect(http.StatusTemporaryRedirect, "/dashboard")
+	}
-		return
+
-	}
+	c.HTML(http.StatusOK, "login", nil)
-
+}
-	c.HTML(http.StatusOK, "register", nil)
+
-}
+func (h *Handler) register(c *gin.Context) {
-
+	if _, err := h.verifyLogin(c); err == nil {
-func logout(c *gin.Context) {
+		c.Redirect(http.StatusTemporaryRedirect, "/dashboard")
-	clearLogin(c)
+		return
-}
+	}
-
+
-func clearLogin(c *gin.Context) {
+	c.HTML(http.StatusOK, "register", nil)
-	c.SetCookie(authCookie, "", -1, "", "", false, true)
+}
-}
+
-
+func logout(c *gin.Context) {
-func (h *Handler) loginPost(c *gin.Context) {
+	clearLogin(c)
-	username, _ := c.GetPostForm("username")
+}
-	password, _ := c.GetPostForm("password")
+
-
+func clearLogin(c *gin.Context) {
-	user, err := h.Service.UserByUsername(username)
+	c.SetCookie(authCookie, "", -1, "", "", false, true)
-	if err != nil {
+}
-		c.AbortWithError(http.StatusUnauthorized, err)
+
-		return
+func (h *Handler) loginPost(c *gin.Context) {
-	}
+	username, _ := c.GetPostForm("username")
-
+	password, _ := c.GetPostForm("password")
-	if err = h.CredentialsVerifier.Verify(password, user.Password); err != nil {
+
-		c.AbortWithError(http.StatusUnauthorized, err)
+	user, err := h.Service.UserByUsername(username)
-		return
+	if err != nil {
-	}
+		c.AbortWithError(http.StatusUnauthorized, err)
-
+		return
-	t, err := h.TokenVerifier.CreateToken(user)
+	}
-	if err != nil {
+
-		c.AbortWithError(http.StatusUnauthorized, err)
+	if err = h.CredentialsVerifier.Verify(password, user.Password); err != nil {
-	}
+		c.AbortWithError(http.StatusUnauthorized, err)
-
+		return
-	maxAge := (int)((expiration * time.Hour).Seconds())
+	}
-	c.SetCookie(authCookie, t, maxAge, "", "", false, true)
+
-
+	t, err := h.TokenVerifier.CreateToken(user)
-	c.JSON(http.StatusOK, map[string]string{
+	if err != nil {
-		"token": t,
+		c.AbortWithError(http.StatusUnauthorized, err)
-	})
+	}
-}
+
-
+	maxAge := (int)((expiration * time.Hour).Seconds())
-func (h *Handler) registerPost(c *gin.Context) {
+	c.SetCookie(authCookie, t, maxAge, "", "", false, true)
-	email, _ := c.GetPostForm("email")
+
-	password, _ := c.GetPostForm("password")
+	c.JSON(http.StatusOK, map[string]string{
-	name, _ := c.GetPostForm("name")
+		"token": t,
-
+	})
-	user, err := h.Service.UserByUsername(email)
+}
-	if err == nil {
+
-		c.AbortWithStatus(http.StatusUnauthorized)
+func (h *Handler) registerPost(c *gin.Context) {
-		return
+	email, _ := c.GetPostForm("email")
-	}
+	password, _ := c.GetPostForm("password")
-
+	name, _ := c.GetPostForm("name")
-	hash, err := h.CredentialsVerifier.Hash(password)
+
-	if err != nil {
+	user, err := h.Service.UserByUsername(email)
-		c.AbortWithError(http.StatusUnauthorized, err)
+	if err == nil {
-		return
+		c.AbortWithStatus(http.StatusUnauthorized)
-	}
+		return
-
+	}
-	user = &budgeteer.User{
+
-		Name:     name,
+	hash, err := h.CredentialsVerifier.Hash(password)
-		Password: hash,
+	if err != nil {
-		Email:    email,
+		c.AbortWithError(http.StatusUnauthorized, err)
-	}
+		return
-	err = h.Service.CreateUser(user)
+	}
-	if err != nil {
+
-		c.AbortWithError(http.StatusInternalServerError, err)
+	user = &budgeteer.User{
-	}
+		Name:     name,
-}
+		Password: hash,
 		Email:    email,
 	}
 	err = h.Service.CreateUser(user)
 	if err != nil {
 		c.AbortWithError(http.StatusInternalServerError, err)
 	}
 }
--- a/templates/login.html
+++ b/templates/login.html
@ -11,7 +11,7 @@
 				$('#invalidCredentials').hide(); 
 				$('#loginForm').ajaxForm({
 					success:    function() {
-						window.location.href = "/api/v1/restricted";
+						window.location.href = "/dashboard";
 					},
 					error: function() {
 						$('#invalidCredentials').show();
@ -25,7 +25,7 @@
 			Budgeteer
 		</div>
 		<div class="container col-lg-12" id="content">
-			<form id="loginForm" action="/api/v1/login" method="POST" class="center-block">
+			<form id="loginForm" action="/api/v1/user/login" method="POST" class="center-block">
 				<div class="form-group">
 					<label for="username">User</label>
 					<input type="text" name="username" class="form-control" placeholder="User" />
--- a/templates/register.html
+++ b/templates/register.html
@ -33,7 +33,7 @@
                        return match;
                    },
                    success: function() {
-                        window.location.href = "/api/v1/restricted";
+                        window.location.href = "/dashboard";
                    },
                    error: function() {
                        $('#invalidCredentials').show();
@ -47,7 +47,7 @@
            Budgeteer
        </div>
        <div class="container col-lg-12" id="content">
-            <form id="loginForm" action="/api/v1/register" method="POST" class="center-block">
+            <form id="loginForm" action="/api/v1/user/register" method="POST" class="center-block">
                <div class="form-group">
                    <label for="email">E-Mail</label>
                    <input type="text" name="email" class="form-control" placeholder="E-Mail" />