2023-05-20 20:15:57 +02:00
|
|
|
// Copyright 2023 wanderer <a_mirre at utb dot cz>
|
|
|
|
// SPDX-License-Identifier: AGPL-3.0-only
|
|
|
|
|
2023-05-10 19:09:41 +02:00
|
|
|
package handlers
|
|
|
|
|
|
|
|
import (
|
|
|
|
"context"
|
|
|
|
"errors"
|
|
|
|
"net/http"
|
|
|
|
|
|
|
|
"git.dotya.ml/mirre-mt/pcmt/ent"
|
|
|
|
moduser "git.dotya.ml/mirre-mt/pcmt/modules/user"
|
|
|
|
"github.com/gorilla/sessions"
|
|
|
|
"github.com/labstack/echo-contrib/session"
|
|
|
|
"github.com/labstack/echo/v4"
|
|
|
|
)
|
|
|
|
|
|
|
|
func Signup() echo.HandlerFunc {
|
|
|
|
return func(c echo.Context) error {
|
2023-09-08 17:22:20 +02:00
|
|
|
defer addHeaders(c)
|
2023-05-11 23:50:40 +02:00
|
|
|
|
2023-05-10 19:09:41 +02:00
|
|
|
sess, _ := session.Get(setting.SessionCookieName(), c)
|
|
|
|
if sess != nil {
|
2023-09-08 17:22:20 +02:00
|
|
|
if uname, ok := sess.Values["username"].(string); ok && uname != "" {
|
2023-05-10 19:09:41 +02:00
|
|
|
return c.Redirect(http.StatusFound, "/home")
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
csrf := c.Get("csrf").(string)
|
2023-08-15 18:33:48 +02:00
|
|
|
p := newPage()
|
|
|
|
|
|
|
|
p.Title = "Sign up"
|
|
|
|
p.Current = "signup"
|
|
|
|
p.CSRF = csrf
|
|
|
|
|
2023-05-10 19:09:41 +02:00
|
|
|
err := c.Render(
|
|
|
|
http.StatusOK,
|
|
|
|
"signup.tmpl",
|
2023-08-15 18:33:48 +02:00
|
|
|
p,
|
2023-05-10 19:09:41 +02:00
|
|
|
)
|
|
|
|
if err != nil {
|
|
|
|
log.Warnf("error: %q", err)
|
|
|
|
|
|
|
|
return renderErrorPage(
|
|
|
|
c,
|
|
|
|
http.StatusInternalServerError,
|
|
|
|
http.StatusText(http.StatusInternalServerError),
|
|
|
|
err.Error(),
|
|
|
|
)
|
|
|
|
}
|
|
|
|
|
|
|
|
return nil
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
func SignupPost(client *ent.Client) echo.HandlerFunc {
|
|
|
|
return func(c echo.Context) error {
|
2023-09-08 17:22:20 +02:00
|
|
|
defer addHeaders(c)
|
2023-05-11 23:50:40 +02:00
|
|
|
|
2023-05-15 23:57:38 +02:00
|
|
|
cu := new(userSignup)
|
|
|
|
if err := c.Bind(cu); err != nil {
|
|
|
|
return renderErrorPage(
|
|
|
|
c,
|
|
|
|
http.StatusBadRequest,
|
|
|
|
http.StatusText(http.StatusBadRequest),
|
|
|
|
err.Error(),
|
|
|
|
)
|
2023-05-10 19:09:41 +02:00
|
|
|
}
|
|
|
|
|
2023-05-15 23:57:38 +02:00
|
|
|
if cu.Username == "" || cu.Email == "" || cu.Password == "" {
|
|
|
|
c.Logger().Error("username or email or password not set, returning to /singup")
|
|
|
|
return c.Redirect(http.StatusFound, "/singup")
|
2023-05-10 19:09:41 +02:00
|
|
|
}
|
|
|
|
|
2023-09-08 22:56:17 +02:00
|
|
|
if err := c.Validate(cu); err != nil {
|
|
|
|
return renderErrorPage(
|
|
|
|
c,
|
|
|
|
http.StatusBadRequest,
|
|
|
|
http.StatusText(http.StatusBadRequest)+" - "+ErrValidationFailed.Error(),
|
|
|
|
err.Error(),
|
|
|
|
)
|
|
|
|
}
|
|
|
|
|
2023-05-15 23:57:38 +02:00
|
|
|
username := cu.Username
|
|
|
|
email := cu.Email
|
|
|
|
passwd := cu.Password
|
2023-05-10 19:09:41 +02:00
|
|
|
|
|
|
|
ctx := context.WithValue(context.Background(), moduser.CtxKey{}, slogger)
|
|
|
|
|
|
|
|
exists, err := moduser.Exists(ctx, client, username, email)
|
|
|
|
if err != nil {
|
|
|
|
c.Logger().Error("error checking whether user exists", err)
|
|
|
|
|
|
|
|
return renderErrorPage(
|
|
|
|
c,
|
|
|
|
http.StatusInternalServerError,
|
|
|
|
http.StatusText(http.StatusInternalServerError),
|
|
|
|
err.Error(),
|
|
|
|
)
|
|
|
|
}
|
|
|
|
|
|
|
|
if exists {
|
|
|
|
c.Logger().Error("username/email already taken")
|
|
|
|
|
|
|
|
return c.Redirect(http.StatusSeeOther, "/signup")
|
|
|
|
}
|
|
|
|
|
|
|
|
u, err := moduser.CreateUser(
|
|
|
|
ctx,
|
|
|
|
client,
|
|
|
|
email,
|
|
|
|
username,
|
|
|
|
passwd,
|
|
|
|
)
|
|
|
|
if err != nil {
|
|
|
|
if errors.Is(err, errors.New("username is not unique")) {
|
|
|
|
c.Logger().Error("username already taken")
|
|
|
|
// TODO: re-render signup page with a flash message
|
|
|
|
// stating what went wrong.
|
|
|
|
return c.Redirect(http.StatusSeeOther, "/signup")
|
|
|
|
}
|
|
|
|
|
|
|
|
return renderErrorPage(
|
|
|
|
c,
|
|
|
|
http.StatusInternalServerError,
|
|
|
|
http.StatusText(http.StatusInternalServerError)+" - failed to create schema resources",
|
|
|
|
err.Error(),
|
|
|
|
)
|
|
|
|
}
|
|
|
|
|
2023-05-15 23:57:38 +02:00
|
|
|
log.Infof("successfully registered user '%s'", u.Username)
|
2023-05-10 19:09:41 +02:00
|
|
|
log.Debug("user details", "id", u.ID, "email", u.Email, "isAdmin", u.IsAdmin)
|
|
|
|
|
|
|
|
sess, _ := session.Get(setting.SessionCookieName(), c)
|
|
|
|
sess.Options = &sessions.Options{
|
|
|
|
Path: "/",
|
2023-08-04 18:28:56 +02:00
|
|
|
MaxAge: setting.SessionMaxAge(),
|
2023-05-10 19:09:41 +02:00
|
|
|
HttpOnly: true,
|
2023-09-08 17:22:20 +02:00
|
|
|
Secure: setting.HTTPSecure(),
|
2023-05-10 19:09:41 +02:00
|
|
|
SameSite: http.SameSiteStrictMode,
|
|
|
|
}
|
|
|
|
sess.Values["username"] = username
|
|
|
|
|
|
|
|
err = sess.Save(c.Request(), c.Response())
|
|
|
|
if err != nil {
|
|
|
|
c.Logger().Error("failed to save session")
|
|
|
|
|
|
|
|
return renderErrorPage(
|
|
|
|
c,
|
|
|
|
http.StatusInternalServerError,
|
|
|
|
http.StatusText(http.StatusInternalServerError)+" (make sure you've got cookies enabled)",
|
|
|
|
err.Error(),
|
|
|
|
)
|
|
|
|
}
|
|
|
|
|
|
|
|
return c.Redirect(http.StatusMovedPermanently, "/home")
|
|
|
|
}
|
|
|
|
}
|