refactor(handlers): break out signin funcs
All checks were successful
continuous-integration/drone/push Build is passing

This commit is contained in:
leo 2023-05-07 00:19:10 +02:00
parent e122e26596
commit 0490786f11
Signed by: wanderer
SSH Key Fingerprint: SHA256:Dp8+iwKHSlrMEHzE3bJnPng70I7LEsa3IJXRH/U+idQ
2 changed files with 120 additions and 108 deletions

@ -7,11 +7,9 @@ import (
"io/fs"
"net/http"
"path/filepath"
"strconv"
"strings"
"git.dotya.ml/mirre-mt/pcmt/ent"
passwd "git.dotya.ml/mirre-mt/pcmt/modules/password"
moduser "git.dotya.ml/mirre-mt/pcmt/modules/user"
"github.com/gorilla/sessions"
"github.com/labstack/echo-contrib/session"
@ -148,112 +146,6 @@ func Index() echo.HandlerFunc {
}
}
func Signin() echo.HandlerFunc {
return func(c echo.Context) error {
sess, _ := session.Get(setting.SessionCookieName(), c)
username := sess.Values["username"]
if username != nil {
return c.Redirect(http.StatusFound, "/home")
}
return c.Render(
http.StatusOK,
"signin.tmpl",
page{
AppName: setting.AppName(),
AppVer: appver,
Title: "Sign in",
DevelMode: setting.IsDevel(),
Current: "signin",
},
)
}
}
func SigninPost(client *ent.Client) echo.HandlerFunc {
return func(c echo.Context) error {
err := c.Request().ParseForm()
if err != nil {
return err
}
var username string
var password string
if uname := c.Request().FormValue("username"); uname != "" {
username = uname
log.Infof("authenticating user '%s' at /signin", username)
} else {
log.Info("username was not set, returning to /signin")
return c.Redirect(http.StatusFound, "/signin")
}
if passwd := c.Request().FormValue("password"); passwd != "" {
password = passwd
} else {
log.Info("password was not set, returning to /signin")
return c.Redirect(http.StatusFound, "/signin")
}
ctx := context.WithValue(context.Background(), moduser.CtxKey{}, log)
if usr, err := moduser.QueryUser(ctx, client, username); err == nil {
log.Info("queried user:", &usr.ID)
if !passwd.Compare(usr.Password, password) {
log.Warn("wrong user credentials, redirecting to /signin")
return c.Redirect(http.StatusFound, "/signin")
}
} else {
if ent.IsNotFound(err) {
c.Logger().Error("user not found")
return c.Redirect(http.StatusFound, "/signin")
}
// just log the error instead of returning it to the user and
// redirect back to /signin.
c.Logger().Error(
http.StatusText(http.StatusUnauthorized)+" "+err.Error(),
strconv.Itoa(http.StatusUnauthorized)+" "+http.StatusText(http.StatusUnauthorized)+" "+err.Error(),
)
return c.Redirect(http.StatusFound, "/signin")
}
secure := c.Request().URL.Scheme == "https" //nolint:goconst
sess, _ := session.Get(setting.SessionCookieName(), c)
if sess != nil {
sess.Options = &sessions.Options{
Path: "/",
MaxAge: 3600,
HttpOnly: true,
Secure: secure,
SameSite: http.SameSiteStrictMode,
}
sess.Values["foo"] = "bar"
sess.Values["username"] = username
err := sess.Save(c.Request(), c.Response())
if err != nil {
c.Logger().Error("failed to save session")
return renderErrorPage(
c,
http.StatusInternalServerError,
http.StatusText(http.StatusInternalServerError)+" (make sure you've got cookies enabled)",
err.Error(),
)
}
}
return c.Redirect(http.StatusMovedPermanently, "/home")
}
}
func Signup() echo.HandlerFunc {
return func(c echo.Context) error {
sess, _ := session.Get(setting.SessionCookieName(), c)

120
handlers/signin.go Normal file

@ -0,0 +1,120 @@
package handlers
import (
"context"
"net/http"
"strconv"
"git.dotya.ml/mirre-mt/pcmt/ent"
passwd "git.dotya.ml/mirre-mt/pcmt/modules/password"
moduser "git.dotya.ml/mirre-mt/pcmt/modules/user"
"github.com/gorilla/sessions"
"github.com/labstack/echo-contrib/session"
"github.com/labstack/echo/v4"
)
func Signin() echo.HandlerFunc {
return func(c echo.Context) error {
sess, _ := session.Get(setting.SessionCookieName(), c)
username := sess.Values["username"]
if username != nil {
return c.Redirect(http.StatusFound, "/home")
}
return c.Render(
http.StatusOK,
"signin.tmpl",
page{
AppName: setting.AppName(),
AppVer: appver,
Title: "Sign in",
DevelMode: setting.IsDevel(),
Current: "signin",
},
)
}
}
func SigninPost(client *ent.Client) echo.HandlerFunc {
return func(c echo.Context) error {
err := c.Request().ParseForm()
if err != nil {
return err
}
var username string
var password string
if uname := c.Request().FormValue("username"); uname != "" {
username = uname
log.Infof("authenticating user '%s' at /signin", username)
} else {
log.Info("username was not set, returning to /signin")
return c.Redirect(http.StatusFound, "/signin")
}
if passwd := c.Request().FormValue("password"); passwd != "" {
password = passwd
} else {
log.Info("password was not set, returning to /signin")
return c.Redirect(http.StatusFound, "/signin")
}
ctx := context.WithValue(context.Background(), moduser.CtxKey{}, log)
if usr, err := moduser.QueryUser(ctx, client, username); err == nil {
log.Info("queried user:", &usr.ID)
if !passwd.Compare(usr.Password, password) {
log.Warn("wrong user credentials, redirecting to /signin")
return c.Redirect(http.StatusFound, "/signin")
}
} else {
if ent.IsNotFound(err) {
c.Logger().Error("user not found")
return c.Redirect(http.StatusFound, "/signin")
}
// just log the error instead of returning it to the user and
// redirect back to /signin.
c.Logger().Error(
http.StatusText(http.StatusUnauthorized)+" "+err.Error(),
strconv.Itoa(http.StatusUnauthorized)+" "+http.StatusText(http.StatusUnauthorized)+" "+err.Error(),
)
return c.Redirect(http.StatusFound, "/signin")
}
secure := c.Request().URL.Scheme == "https" //nolint:goconst
sess, _ := session.Get(setting.SessionCookieName(), c)
if sess != nil {
sess.Options = &sessions.Options{
Path: "/",
MaxAge: 3600,
HttpOnly: true,
Secure: secure,
SameSite: http.SameSiteStrictMode,
}
sess.Values["foo"] = "bar"
sess.Values["username"] = username
err := sess.Save(c.Request(), c.Response())
if err != nil {
c.Logger().Error("failed to save session")
return renderErrorPage(
c,
http.StatusInternalServerError,
http.StatusText(http.StatusInternalServerError)+" (make sure you've got cookies enabled)",
err.Error(),
)
}
}
return c.Redirect(http.StatusMovedPermanently, "/home")
}
}