#73 copy server side logic from other branch

2024-08-25 23:17:52 +02:00
parent 111cd2daab
commit 038d28bad4
5 changed files with 181 additions and 51 deletions
--- a/handler.go
+++ b/handler.go
@@ -17,11 +17,13 @@ func getHandler(db *sql.DB) http.Handler {
 	router.Handle("/static/", http.StripPrefix("/static/", http.FileServer(http.Dir("./static/"))))

 	router.HandleFunc("/app", service.WorkoutPage)
-	router.HandleFunc("/auth/signin", service.SignInPage)
-	// router.HandleFunc("/auth/signup", service.SignUpPage)
 	router.HandleFunc("POST /api/workout", service.NewWorkout(db))
 	router.HandleFunc("GET /api/workout", service.GetWorkouts(db))
 	router.HandleFunc("DELETE /api/workout", service.DeleteWorkout(db))

+	router.HandleFunc("/auth/signin", service.SignInPage)
+	router.HandleFunc("/auth/signup", service.SignUpPage)
+	router.HandleFunc("/api/auth/signup", service.SignUp(db))
+
 	return middleware.Logging(middleware.EnableCors(router))
 }
--- a/service/auth.go
+++ b/service/auth.go
@@ -1,18 +1,124 @@
 package service

 import (
+	"crypto/rand"
+	"database/sql"
+	"log"
 	"net/http"
+	"net/mail"
+	"strings"

 	"me-fit/template"
 	"me-fit/template/auth"
+
+	"github.com/google/uuid"
+	"golang.org/x/crypto/argon2"
 )

 func SignInPage(w http.ResponseWriter, r *http.Request) {
-	signIn := auth.SignIn()
+	signIn := auth.SignInOrUp(true)
 	template.Layout(signIn).Render(r.Context(), w)
 }

-// func SignUpPage(w http.ResponseWriter, r *http.Request) {
-// 	signIn := auth.SignUp()
-// 	template.Layout(signIn).Render(r.Context(), w)
+func SignUpPage(w http.ResponseWriter, r *http.Request) {
+	signIn := auth.SignInOrUp(false)
+	template.Layout(signIn).Render(r.Context(), w)
+}
+
+func SignUp(db *sql.DB) http.HandlerFunc {
+	return func(w http.ResponseWriter, r *http.Request) {
+
+	}
+}
+
+// var (
+// 	metricsAuthSignUp = promauto.NewCounterVec(
+// 		prometheus.CounterOpts{
+// 			Name: "mefit_api_auth_signup_total",
+// 			Help: "The total number of auth signup api requests processed",
+// 		},
+// 		[]string{"result"},
+// 	)
+//
+// 	metricsError = promauto.NewCounterVec(
+// 		prometheus.CounterOpts{
+// 			Name: "mefit_api_error_total",
+// 			Help: "The total number of errors",
+// 		},
+// 		[]string{"result"},
+// 	)
+//
+// 	// metricsAuthSignIn = promauto.NewCounterVec(
+// 	// 	prometheus.CounterOpts{
+// 	// 		Name: "mefit_api_auth_signin_total",
+// 	// 	},
+// 	// 	[]string{"result"},
+// 	// )
+//
+// 	privateKey = func() *ecdsa.PrivateKey {
+// 		keyBase64 := os.Getenv("PRIVATE_KEY")
+// 		if keyBase64 == "" {
+// 			log.Fatal("PRIVATE_KEY not defined")
 // 		}
+// 		keyData, err := base64.StdEncoding.DecodeString(keyBase64)
+// 		if err != nil {
+// 			log.Fatalf("Could not decode private key: %v", err)
+// 		}
+// 		key, err := x509.ParseECPrivateKey(keyData)
+// 		if err != nil {
+// 			log.Fatalf("Could not parse private key: %v", err)
+// 		}
+// 		log.Println("Successfully imported private key")
+// 		return key
+// 	}()
+// )
+
+func PostSignup(db *sql.DB) http.HandlerFunc {
+	return func(w http.ResponseWriter, r *http.Request) {
+
+		var email = r.FormValue("email")
+		var password = r.FormValue("password")
+
+		_, err := mail.ParseAddress(email)
+		if err != nil {
+			http.Error(w, "Invalid email", http.StatusBadRequest)
+			return
+		}
+
+		if len(password) < 8 ||
+			!strings.ContainsAny(password, "0123456789") ||
+			!strings.ContainsAny(password, "ABCDEFGHIJKLMNOPQRSTUVWXYZ") ||
+			!strings.ContainsAny(password, "abcdefghijklmnopqrstuvwxyz") ||
+			!strings.ContainsAny(password, "!@#$%^&*()_+-=[]{}\\|;:'\",.<>/?") {
+			http.Error(w, "Password needs to be 8 characters long, contain at least one number, one special, one uppercase and one lowercase character", http.StatusBadRequest)
+			return
+		}
+
+		user_uuid, err := uuid.NewRandom()
+		if err != nil {
+			http.Error(w, err.Error(), http.StatusInternalServerError)
+			log.Printf("Could not generate UUID: %v", err)
+			return
+		}
+
+		salt := make([]byte, 16)
+		rand.Read(salt)
+
+		hash := argon2.IDKey([]byte(password), salt, 1, 64*1024, 1, 16)
+
+		_, err = db.Exec("INSERT INTO user (user_uuid, email, email_verified, is_admin, password, salt, created_at) VALUES (?, ?, FALSE, FALSE, ?, ?, datetime())", user_uuid, email, hash, salt)
+		if err != nil {
+			if strings.Contains(err.Error(), "email") {
+				http.Error(w, "Email already exists", http.StatusBadRequest)
+				return
+			}
+
+			http.Error(w, err.Error(), http.StatusInternalServerError)
+			log.Printf("Could not insert user: %v", err)
+			return
+		}
+
+		w.WriteHeader(http.StatusOK)
+		// w.Write([]byte(token))
+	}
+}
--- a/template/auth/sign_in.templ
+++ b/template/auth/sign_in.templ
@@ -1,44 +0,0 @@
-package auth
-
-templ SignIn() {
-	<form
-		class="max-w-xl px-2 mx-auto flex flex-col gap-4 h-full justify-center"
-	>
-		<h2 class="text-6xl mb-10">Sign In</h2>
-		<label class="input input-bordered flex items-center gap-2">
-			<!-- <svg -->
-			<!-- 	xmlns="http://www.w3.org/2000/svg" -->
-			<!-- 	viewBox="0 0 16 16" -->
-			<!-- 	fill="currentColor" -->
-			<!-- 	class="h-4 w-4 opacity-70" -->
-			<!-- > -->
-			<!-- 	<path -->
-			<!-- 		d="M2.5 3A1.5 1.5 0 0 0 1 4.5v.793c.026.009.051.02.076.032L7.674 8.51c.206.1.446.1.652 0l6.598-3.185A.755.755 0 0 1 15 5.293V4.5A1.5 1.5 0 0 0 13.5 3h-11Z" -->
-			<!-- 	></path> -->
-			<!-- 	<path -->
-			<!-- 		d="M15 6.954 8.978 9.86a2.25 2.25 0 0 1-1.956 0L1 6.954V11.5A1.5 1.5 0 0 0 2.5 13h11a1.5 1.5 0 0 0 1.5-1.5V6.954Z" -->
-			<!-- 	></path> -->
-			<!-- </svg> -->
-			<input type="text" class="grow" placeholder="Email" name="email"/>
-		</label>
-		<label class="input input-bordered flex items-center gap-2">
-			<!-- <svg -->
-			<!-- 	xmlns="http://www.w3.org/2000/svg" -->
-			<!-- 	viewBox="0 0 16 16" -->
-			<!-- 	fill="currentColor" -->
-			<!-- 	class="h-4 w-4 opacity-70" -->
-			<!-- > -->
-			<!-- 	<path -->
-			<!-- 		fill-rule="evenodd" -->
-			<!-- 		d="M14 6a4 4 0 0 1-4.899 3.899l-1.955 1.955a.5.5 0 0 1-.353.146H5v1.5a.5.5 0 0 1-.5.5h-2a.5.5 0 0 1-.5-.5v-2.293a.5.5 0 0 1 .146-.353l3.955-3.955A4 4 0 1 1 14 6Zm-4-2a.75.75 0 0 0 0 1.5.5.5 0 0 1 .5.5.75.75 0 0 0 1.5 0 2 2 0 0 0-2-2Z" -->
-			<!-- 		clip-rule="evenodd" -->
-			<!-- 	></path> -->
-			<!-- </svg> -->
-			<input type="password" class="grow" placeholder="Password" name="password"/>
-		</label>
-		<div class="flex justify-end items-center gap-2">
-			<a href="/auth/signup" class="link text-gray-500 text-sm">Don't have an account? Sign Up</a>
-			<button class="btn btn-primary self-end">Sign In</button>
-		</div>
-	</form>
-}
--- a/template/auth/sign_in_or_up.templ
+++ b/template/auth/sign_in_or_up.templ
@@ -0,0 +1,65 @@
+package auth
+
+templ SignInOrUp(isSignIn bool) {
+	<form
+		class="max-w-xl px-2 mx-auto flex flex-col gap-4 h-full justify-center"
+		method="POST"
+		if isSignIn {
+			hx-post="/api/auth/signin"
+		} else {
+			hx-post="/api/auth/signup"
+		}
+	>
+		<h2 class="text-6xl mb-10">
+			if isSignIn {
+				Sign In
+			} else {
+				Sign Up
+			}
+		</h2>
+		<label class="input input-bordered flex items-center gap-2">
+			<svg
+				xmlns="http://www.w3.org/2000/svg"
+				viewBox="0 0 16 16"
+				fill="currentColor"
+				class="h-4 w-4 opacity-70"
+			>
+				<path
+					d="M2.5 3A1.5 1.5 0 0 0 1 4.5v.793c.026.009.051.02.076.032L7.674 8.51c.206.1.446.1.652 0l6.598-3.185A.755.755 0 0 1 15 5.293V4.5A1.5 1.5 0 0 0 13.5 3h-11Z"
+				></path>
+				<path
+					d="M15 6.954 8.978 9.86a2.25 2.25 0 0 1-1.956 0L1 6.954V11.5A1.5 1.5 0 0 0 2.5 13h11a1.5 1.5 0 0 0 1.5-1.5V6.954Z"
+				></path>
+			</svg>
+			<input type="text" class="grow" placeholder="Email" name="email"/>
+		</label>
+		<label class="input input-bordered flex items-center gap-2">
+			<svg
+				xmlns="http://www.w3.org/2000/svg"
+				viewBox="0 0 16 16"
+				fill="currentColor"
+				class="h-4 w-4 opacity-70"
+			>
+				<path
+					fill-rule="evenodd"
+					d="M14 6a4 4 0 0 1-4.899 3.899l-1.955 1.955a.5.5 0 0 1-.353.146H5v1.5a.5.5 0 0 1-.5.5h-2a.5.5 0 0 1-.5-.5v-2.293a.5.5 0 0 1 .146-.353l3.955-3.955A4 4 0 1 1 14 6Zm-4-2a.75.75 0 0 0 0 1.5.5.5 0 0 1 .5.5.75.75 0 0 0 1.5 0 2 2 0 0 0-2-2Z"
+					clip-rule="evenodd"
+				></path>
+			</svg>
+			<input type="password" class="grow" placeholder="Password" name="password"/>
+		</label>
+		<div class="flex justify-end items-center gap-2">
+			if isSignIn {
+				<a href="/auth/signup" class="link text-gray-500 text-sm">Don't have an account? Sign Up</a>
+				<button class="btn btn-primary self-end">
+					Sign In
+				</button>
+			} else {
+				<a href="/auth/signin" class="link text-gray-500 text-sm">Already have an account? Sign In</a>
+				<button class="btn btn-primary self-end">
+					Sign Up
+				</button>
+			}
+		</div>
+	</form>
+}
--- a/template/layout.templ
+++ b/template/layout.templ
@@ -10,6 +10,7 @@ templ Layout(comp templ.Component) {
 			<link rel="stylesheet" href="/static/css/tailwind.css"/>
 			<meta name="viewport" content="width=device-width, initial-scale=1"/>
 			<script defer src="https://umami.me-fit.eu/script.js" data-website-id="3c8efb09-44e4-4372-8a1e-c3bc675cd89a"></script>
+			<script src="/static/js/htmx.min.js" data-website-id="3c8efb09-44e4-4372-8a1e-c3bc675cd89a"></script>
 		</head>
 		<body>
 			<div class="h-screen flex flex-col">