package http import ( "context" "io/fs" "net/http" "time" "html/template" "git.javil.eu/jacob1123/budgeteer" "git.javil.eu/jacob1123/budgeteer/bcrypt" "git.javil.eu/jacob1123/budgeteer/postgres" "git.javil.eu/jacob1123/budgeteer/web" "github.com/gin-gonic/gin" ) // Handler handles incoming requests type Handler struct { Service *postgres.Repository TokenVerifier budgeteer.TokenVerifier CredentialsVerifier *bcrypt.Verifier } const ( expiration = 72 authCookie = "authentication" ) // Serve starts the HTTP Server func (h *Handler) Serve() { router := gin.Default() templ := template.Must(template.New("").Funcs(router.FuncMap).ParseFS(web.Templates, "*")) router.SetHTMLTemplate(templ) static, err := fs.Sub(web.Static, "static") if err != nil { panic("couldn't open static files") } router.StaticFS("/static", http.FS(static)) router.GET("/", func(c *gin.Context) { c.HTML(http.StatusOK, "index", nil) }) router.GET("/login", h.login) router.GET("/register", h.register) router.GET("/dashboard", h.dashboard) router.GET("/budget/:budgetid", h.budget) api := router.Group("/api/v1") { user := api.Group("/user") { user.GET("/logout", logout) user.GET("/login", func(c *gin.Context) { c.Redirect(http.StatusPermanentRedirect, "/login") }) user.POST("/login", h.loginPost) user.POST("/register", h.registerPost) } budget := api.Group("/budget") { budget.POST("/new", h.newBudget) } } router.Run(":1323") } func (h *Handler) newBudget(c *gin.Context) { token, err := h.verifyLogin(c) if err != nil { c.Redirect(http.StatusTemporaryRedirect, "/login") return } budgetName, succ := c.GetPostForm("name") if !succ { c.AbortWithStatus(http.StatusNotAcceptable) return } _, err = h.Service.NewBudget(budgetName, token.GetID()) if err != nil { c.AbortWithError(http.StatusInternalServerError, err) return } } func (h *Handler) verifyLogin(c *gin.Context) (budgeteer.Token, error) { tokenString, err := c.Cookie(authCookie) if err != nil { return nil, err } token, err := h.TokenVerifier.VerifyToken(tokenString) if err != nil { c.SetCookie(authCookie, "", -1, "", "", false, false) return nil, err } return token, nil } func (h *Handler) login(c *gin.Context) { if _, err := h.verifyLogin(c); err == nil { c.Redirect(http.StatusTemporaryRedirect, "/dashboard") return } c.HTML(http.StatusOK, "login", nil) } func (h *Handler) register(c *gin.Context) { if _, err := h.verifyLogin(c); err == nil { c.Redirect(http.StatusTemporaryRedirect, "/dashboard") return } c.HTML(http.StatusOK, "register", nil) } func logout(c *gin.Context) { clearLogin(c) } func clearLogin(c *gin.Context) { c.SetCookie(authCookie, "", -1, "", "", false, true) } func (h *Handler) loginPost(c *gin.Context) { username, _ := c.GetPostForm("username") password, _ := c.GetPostForm("password") user, err := h.Service.DB.GetUserByUsername(context.Background(), username) if err != nil { c.AbortWithError(http.StatusUnauthorized, err) return } if err = h.CredentialsVerifier.Verify(password, user.Password); err != nil { c.AbortWithError(http.StatusUnauthorized, err) return } t, err := h.TokenVerifier.CreateToken(&user) if err != nil { c.AbortWithError(http.StatusUnauthorized, err) } maxAge := (int)((expiration * time.Hour).Seconds()) c.SetCookie(authCookie, t, maxAge, "", "", false, true) c.JSON(http.StatusOK, map[string]string{ "token": t, }) } func (h *Handler) registerPost(c *gin.Context) { email, _ := c.GetPostForm("email") password, _ := c.GetPostForm("password") name, _ := c.GetPostForm("name") _, err := h.Service.DB.GetUserByUsername(context.Background(), email) if err == nil { c.AbortWithStatus(http.StatusUnauthorized) return } hash, err := h.CredentialsVerifier.Hash(password) if err != nil { c.AbortWithError(http.StatusUnauthorized, err) return } createUser := postgres.CreateUserParams{ Name: name, Password: hash, Email: email, } _, err = h.Service.DB.CreateUser(context.Background(), createUser) if err != nil { c.AbortWithError(http.StatusInternalServerError, err) } }