diff --git a/handlers/handlers.go b/handlers/handlers.go index 3f17ac9..3b8b72b 100644 --- a/handlers/handlers.go +++ b/handlers/handlers.go @@ -7,11 +7,9 @@ import ( "io/fs" "net/http" "path/filepath" - "strconv" "strings" "git.dotya.ml/mirre-mt/pcmt/ent" - passwd "git.dotya.ml/mirre-mt/pcmt/modules/password" moduser "git.dotya.ml/mirre-mt/pcmt/modules/user" "github.com/gorilla/sessions" "github.com/labstack/echo-contrib/session" @@ -148,112 +146,6 @@ func Index() echo.HandlerFunc { } } -func Signin() echo.HandlerFunc { - return func(c echo.Context) error { - sess, _ := session.Get(setting.SessionCookieName(), c) - - username := sess.Values["username"] - if username != nil { - return c.Redirect(http.StatusFound, "/home") - } - - return c.Render( - http.StatusOK, - "signin.tmpl", - page{ - AppName: setting.AppName(), - AppVer: appver, - Title: "Sign in", - DevelMode: setting.IsDevel(), - Current: "signin", - }, - ) - } -} - -func SigninPost(client *ent.Client) echo.HandlerFunc { - return func(c echo.Context) error { - err := c.Request().ParseForm() - if err != nil { - return err - } - - var username string - - var password string - - if uname := c.Request().FormValue("username"); uname != "" { - username = uname - log.Infof("authenticating user '%s' at /signin", username) - } else { - log.Info("username was not set, returning to /signin") - - return c.Redirect(http.StatusFound, "/signin") - } - - if passwd := c.Request().FormValue("password"); passwd != "" { - password = passwd - } else { - log.Info("password was not set, returning to /signin") - - return c.Redirect(http.StatusFound, "/signin") - } - - ctx := context.WithValue(context.Background(), moduser.CtxKey{}, log) - if usr, err := moduser.QueryUser(ctx, client, username); err == nil { - log.Info("queried user:", &usr.ID) - - if !passwd.Compare(usr.Password, password) { - log.Warn("wrong user credentials, redirecting to /signin") - - return c.Redirect(http.StatusFound, "/signin") - } - } else { - if ent.IsNotFound(err) { - c.Logger().Error("user not found") - return c.Redirect(http.StatusFound, "/signin") - } - // just log the error instead of returning it to the user and - // redirect back to /signin. - c.Logger().Error( - http.StatusText(http.StatusUnauthorized)+" "+err.Error(), - strconv.Itoa(http.StatusUnauthorized)+" "+http.StatusText(http.StatusUnauthorized)+" "+err.Error(), - ) - - return c.Redirect(http.StatusFound, "/signin") - } - - secure := c.Request().URL.Scheme == "https" //nolint:goconst - - sess, _ := session.Get(setting.SessionCookieName(), c) - if sess != nil { - sess.Options = &sessions.Options{ - Path: "/", - MaxAge: 3600, - HttpOnly: true, - Secure: secure, - SameSite: http.SameSiteStrictMode, - } - sess.Values["foo"] = "bar" - sess.Values["username"] = username - - err := sess.Save(c.Request(), c.Response()) - if err != nil { - c.Logger().Error("failed to save session") - - return renderErrorPage( - c, - http.StatusInternalServerError, - http.StatusText(http.StatusInternalServerError)+" (make sure you've got cookies enabled)", - err.Error(), - ) - } - } - - return c.Redirect(http.StatusMovedPermanently, "/home") - } -} - func Signup() echo.HandlerFunc { return func(c echo.Context) error { sess, _ := session.Get(setting.SessionCookieName(), c) diff --git a/handlers/signin.go b/handlers/signin.go new file mode 100644 index 0000000..eaf30c2 --- /dev/null +++ b/handlers/signin.go @@ -0,0 +1,120 @@ +package handlers + +import ( + "context" + "net/http" + "strconv" + + "git.dotya.ml/mirre-mt/pcmt/ent" + passwd "git.dotya.ml/mirre-mt/pcmt/modules/password" + moduser "git.dotya.ml/mirre-mt/pcmt/modules/user" + "github.com/gorilla/sessions" + "github.com/labstack/echo-contrib/session" + "github.com/labstack/echo/v4" +) + +func Signin() echo.HandlerFunc { + return func(c echo.Context) error { + sess, _ := session.Get(setting.SessionCookieName(), c) + + username := sess.Values["username"] + if username != nil { + return c.Redirect(http.StatusFound, "/home") + } + + return c.Render( + http.StatusOK, + "signin.tmpl", + page{ + AppName: setting.AppName(), + AppVer: appver, + Title: "Sign in", + DevelMode: setting.IsDevel(), + Current: "signin", + }, + ) + } +} + +func SigninPost(client *ent.Client) echo.HandlerFunc { + return func(c echo.Context) error { + err := c.Request().ParseForm() + if err != nil { + return err + } + + var username string + + var password string + + if uname := c.Request().FormValue("username"); uname != "" { + username = uname + log.Infof("authenticating user '%s' at /signin", username) + } else { + log.Info("username was not set, returning to /signin") + + return c.Redirect(http.StatusFound, "/signin") + } + + if passwd := c.Request().FormValue("password"); passwd != "" { + password = passwd + } else { + log.Info("password was not set, returning to /signin") + + return c.Redirect(http.StatusFound, "/signin") + } + + ctx := context.WithValue(context.Background(), moduser.CtxKey{}, log) + if usr, err := moduser.QueryUser(ctx, client, username); err == nil { + log.Info("queried user:", &usr.ID) + + if !passwd.Compare(usr.Password, password) { + log.Warn("wrong user credentials, redirecting to /signin") + + return c.Redirect(http.StatusFound, "/signin") + } + } else { + if ent.IsNotFound(err) { + c.Logger().Error("user not found") + return c.Redirect(http.StatusFound, "/signin") + } + // just log the error instead of returning it to the user and + // redirect back to /signin. + c.Logger().Error( + http.StatusText(http.StatusUnauthorized)+" "+err.Error(), + strconv.Itoa(http.StatusUnauthorized)+" "+http.StatusText(http.StatusUnauthorized)+" "+err.Error(), + ) + + return c.Redirect(http.StatusFound, "/signin") + } + + secure := c.Request().URL.Scheme == "https" //nolint:goconst + + sess, _ := session.Get(setting.SessionCookieName(), c) + if sess != nil { + sess.Options = &sessions.Options{ + Path: "/", + MaxAge: 3600, + HttpOnly: true, + Secure: secure, + SameSite: http.SameSiteStrictMode, + } + sess.Values["foo"] = "bar" + sess.Values["username"] = username + + err := sess.Save(c.Request(), c.Response()) + if err != nil { + c.Logger().Error("failed to save session") + + return renderErrorPage( + c, + http.StatusInternalServerError, + http.StatusText(http.StatusInternalServerError)+" (make sure you've got cookies enabled)", + err.Error(), + ) + } + } + + return c.Redirect(http.StatusMovedPermanently, "/home") + } +}