gabehf
/
Koito
mirror of https://github.com/gabehf/Koito.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '5a8b999f73'
${ noResults }
Koito/engine/handlers/auth.go

187 lines
5.6 KiB
Raw Blame History

package handlers
import (
"net/http"
"strings"
"time"
"github.com/gabehf/koito/engine/middleware"
"github.com/gabehf/koito/internal/db"
"github.com/gabehf/koito/internal/logger"
"github.com/gabehf/koito/internal/utils"
"github.com/google/uuid"
"golang.org/x/crypto/bcrypt"
)
func LoginHandler(store db.DB) http.HandlerFunc {
return func(w http.ResponseWriter, r *http.Request) {
ctx := r.Context()
l := logger.FromContext(ctx)
l.Debug().Msg("LoginHandler: Received login request")
err := r.ParseForm()
if err != nil {
l.Debug().Msg("LoginHandler: Failed to parse request form")
utils.WriteError(w, "failed to parse request", http.StatusInternalServerError)
return
}
username := r.FormValue("username")
password := r.FormValue("password")
if username == "" || password == "" {
l.Debug().Msg("LoginHandler: Missing username or password")
utils.WriteError(w, "username and password are required", http.StatusBadRequest)
return
}
l.Debug().Msgf("LoginHandler: Searching for user with username '%s'", username)
user, err := store.GetUserByUsername(ctx, username)
if err != nil {
l.Err(err).Msg("LoginHandler: Error searching for user in database")
utils.WriteError(w, "internal server error", http.StatusInternalServerError)
return
} else if user == nil {
l.Debug().Msg("LoginHandler: Username or password is incorrect")
utils.WriteError(w, "username or password is incorrect", http.StatusBadRequest)
return
}
err = bcrypt.CompareHashAndPassword(user.Password, []byte(password))
if err != nil {
l.Debug().Msg("LoginHandler: Password comparison failed")
utils.WriteError(w, "username or password is incorrect", http.StatusBadRequest)
return
}
keepSignedIn := false
expiresAt := time.Now().Add(1 * 24 * time.Hour)
if strings.ToLower(r.FormValue("remember_me")) == "true" {
keepSignedIn = true
expiresAt = time.Now().Add(30 * 24 * time.Hour)
}
l.Debug().Msgf("LoginHandler: Creating session for user ID %d", user.ID)
session, err := store.SaveSession(ctx, user.ID, expiresAt, keepSignedIn)
if err != nil {
l.Err(err).Msg("LoginHandler: Failed to create session")
utils.WriteError(w, "failed to create session", http.StatusInternalServerError)
return
}
cookie := &http.Cookie{
Name: "koito_session",
Value: session.ID.String(),
Path: "/",
HttpOnly: true,
Secure: false,
}
if keepSignedIn {
cookie.Expires = expiresAt
}
l.Debug().Msgf("LoginHandler: Session created successfully for user ID %d", user.ID)
http.SetCookie(w, cookie)
w.WriteHeader(http.StatusNoContent)
}
}
func LogoutHandler(store db.DB) http.HandlerFunc {
return func(w http.ResponseWriter, r *http.Request) {
ctx := r.Context()
l := logger.FromContext(ctx)
l.Debug().Msg("LogoutHandler: Received logout request")
cookie, err := r.Cookie("koito_session")
if err == nil {
l.Debug().Msg("LogoutHandler: Found session cookie")
sid, err := uuid.Parse(cookie.Value)
if err != nil {
l.Debug().AnErr("error", err).Msg("LogoutHandler: Invalid session cookie")
utils.WriteError(w, "session cookie is invalid", http.StatusUnauthorized)
return
}
l.Debug().Msgf("LogoutHandler: Deleting session with ID %s", sid)
err = store.DeleteSession(ctx, sid)
if err != nil {
l.Err(err).Msg("LogoutHandler: Failed to delete session")
utils.WriteError(w, "internal server error", http.StatusInternalServerError)
return
}
}
l.Debug().Msg("LogoutHandler: Clearing session cookie")
http.SetCookie(w, &http.Cookie{
Name: "koito_session",
Value: "",
Path: "/",
HttpOnly: true,
MaxAge: -1, // expire immediately
})
w.WriteHeader(http.StatusNoContent)
}
}
func MeHandler(store db.DB) http.HandlerFunc {
return func(w http.ResponseWriter, r *http.Request) {
ctx := r.Context()
l := logger.FromContext(ctx)
l.Debug().Msg("MeHandler: Received request to retrieve user information")
u := middleware.GetUserFromContext(ctx)
if u == nil {
l.Debug().Msg("MeHandler: Invalid user retrieved from context")
utils.WriteError(w, "unauthorized", http.StatusUnauthorized)
return
}
l.Debug().Msgf("MeHandler: Successfully retrieved user with ID %d", u.ID)
utils.WriteJSON(w, http.StatusOK, u)
}
}
func UpdateUserHandler(store db.DB) http.HandlerFunc {
return func(w http.ResponseWriter, r *http.Request) {
ctx := r.Context()
l := logger.FromContext(ctx)
l.Debug().Msg("UpdateUserHandler: Received request to update user information")
u := middleware.GetUserFromContext(ctx)
if u == nil {
l.Debug().Msg("UpdateUserHandler: Unauthorized request (user context is nil)")
utils.WriteError(w, "unauthorized", http.StatusUnauthorized)
return
}
err := r.ParseForm()
if err != nil {
l.Err(err).Msg("UpdateUserHandler: Failed to parse request form")
utils.WriteError(w, "failed to parse request", http.StatusInternalServerError)
return
}
username := r.FormValue("username")
password := r.FormValue("password")
if username == "" && password == "" {
l.Debug().Msg("UpdateUserHandler: No parameters were recieved")
utils.WriteError(w, "all parameters missing", http.StatusBadRequest)
return
}
l.Debug().Msgf("UpdateUserHandler: Updating user with ID %d", u.ID)
err = store.UpdateUser(ctx, db.UpdateUserOpts{
ID: u.ID,
Username: username,
Password: password,
})
if err != nil {
l.Err(err).Msg("UpdateUserHandler: Failed to update user")
utils.WriteError(w, err.Error(), http.StatusBadRequest)
return
}
l.Debug().Msgf("UpdateUserHandler: Successfully updated user with ID %d", u.ID)
w.WriteHeader(http.StatusNoContent)
}
}
Reference in new issue View Git Blame Copy Permalink