pcmt/handlers/signup.go
leo b77c2fe941
All checks were successful
continuous-integration/drone/push Build is passing
handlers: add func addHeaders
2023-05-11 23:50:40 +02:00

181 lines
4.0 KiB
Go

package handlers
import (
"context"
"errors"
"net/http"
"git.dotya.ml/mirre-mt/pcmt/ent"
moduser "git.dotya.ml/mirre-mt/pcmt/modules/user"
"github.com/gorilla/sessions"
"github.com/labstack/echo-contrib/session"
"github.com/labstack/echo/v4"
)
func Signup() echo.HandlerFunc {
return func(c echo.Context) error {
addHeaders(c)
sess, _ := session.Get(setting.SessionCookieName(), c)
if sess != nil {
log.Info("gorilla session", "endpoint", "signup")
username := sess.Values["username"]
if username != nil {
return c.Redirect(http.StatusFound, "/home")
}
}
// tpl := getTmpl("signup.tmpl")
csrf := c.Get("csrf").(string)
// secure := c.Request().URL.Scheme == "https"
// cookieCSRF := &http.Cookie{
// Name: "_csrf",
// Value: csrf,
// // SameSite: http.SameSiteStrictMode,
// SameSite: http.SameSiteLaxMode,
// MaxAge: 3600,
// Secure: secure,
// HttpOnly: true,
// }
// c.SetCookie(cookieCSRF)
err := c.Render(
http.StatusOK,
"signup.tmpl",
page{
AppName: setting.AppName(),
AppVer: appver,
Title: "Sign up",
CSRF: csrf,
DevelMode: setting.IsDevel(),
Current: "signup",
},
)
if err != nil {
log.Warnf("error: %q", err)
return renderErrorPage(
c,
http.StatusInternalServerError,
http.StatusText(http.StatusInternalServerError),
err.Error(),
)
}
return nil
}
}
func SignupPost(client *ent.Client) echo.HandlerFunc {
return func(c echo.Context) error {
addHeaders(c)
err := c.Request().ParseForm()
if err != nil {
return err
}
var username string
var email string
uname := c.Request().FormValue("username")
if uname == "" {
c.Logger().Error("signup: username was not set, returning to /signup")
return c.Redirect(http.StatusSeeOther, "/signup")
}
username = uname
mail := c.Request().FormValue("email")
if mail == "" {
c.Logger().Error("signup: email not set")
return c.Redirect(http.StatusSeeOther, "/signup")
}
email = mail
passwd := c.Request().FormValue("password")
if passwd == "" {
log.Info("signup: password was not set, returning to /signup")
return c.Redirect(http.StatusSeeOther, "/signup")
}
ctx := context.WithValue(context.Background(), moduser.CtxKey{}, slogger)
exists, err := moduser.Exists(ctx, client, username, email)
if err != nil {
c.Logger().Error("error checking whether user exists", err)
return renderErrorPage(
c,
http.StatusInternalServerError,
http.StatusText(http.StatusInternalServerError),
err.Error(),
)
}
if exists {
c.Logger().Error("username/email already taken")
return c.Redirect(http.StatusSeeOther, "/signup")
}
u, err := moduser.CreateUser(
ctx,
client,
email,
username,
passwd,
)
if err != nil {
if errors.Is(err, errors.New("username is not unique")) {
c.Logger().Error("username already taken")
// TODO: re-render signup page with a flash message
// stating what went wrong.
return c.Redirect(http.StatusSeeOther, "/signup")
}
return renderErrorPage(
c,
http.StatusInternalServerError,
http.StatusText(http.StatusInternalServerError)+" - failed to create schema resources",
err.Error(),
)
}
log.Infof("successfully registered user '%s'", username)
log.Debug("user details", "id", u.ID, "email", u.Email, "isAdmin", u.IsAdmin)
secure := c.Request().URL.Scheme == "https" //nolint:goconst
sess, _ := session.Get(setting.SessionCookieName(), c)
sess.Options = &sessions.Options{
Path: "/",
MaxAge: 3600,
HttpOnly: true,
Secure: secure,
SameSite: http.SameSiteStrictMode,
}
sess.Values["foo"] = "bar"
sess.Values["username"] = username
err = sess.Save(c.Request(), c.Response())
if err != nil {
c.Logger().Error("failed to save session")
return renderErrorPage(
c,
http.StatusInternalServerError,
http.StatusText(http.StatusInternalServerError)+" (make sure you've got cookies enabled)",
err.Error(),
)
}
return c.Redirect(http.StatusMovedPermanently, "/home")
}
}