x/web-app-template
Archived
Template
2
0
Fork 0
Code Issues 13 Pull Requests 4 Actions Packages Activity

fix: more refactoring #181
Some checks failed
Build Docker Image / Build-Docker-Image (push) Failing after 2m8s
Details

Browse Source
This commit is contained in:
Tim Wundenberg
2024-10-12 21:57:39 +02:00
parent 0fab1e1f2e
commit d3ff302d3e
13 changed files with 779 additions and 561 deletions
Download Patch File Download Diff File Expand all files Collapse all files

201
db/auth.go
View File

@@ -13,8 +13,9 @@ import (
)
var (
ErrUserNotFound = errors.New("User not found")
ErrUserExists = errors.New("User already exists")
ErrUserNotFound = errors.New("User not found")
ErrUserExists = errors.New("User already exists")
ErrSessionNotFound = errors.New("Session not found")
)
type User struct {
@@ -41,12 +42,34 @@ func NewUser(id uuid.UUID, email string, emailVerified bool, emailVerifiedAt *ti
}
}
type DbAuth interface {
GetUser(email string) (*User, error)
InsertUser(user *User) error
type Session struct {
Id string
UserId uuid.UUID
CreatedAt time.Time
}
func NewSession(id string, userId uuid.UUID, createdAt time.Time) *Session {
return &Session{
Id: id,
UserId: userId,
CreatedAt: createdAt,
}
}
type DbAuth interface {
InsertUser(user *User) error
GetUser(email string) (*User, error)
GetUserById(userId uuid.UUID) (*User, error)
DeleteUser(userId uuid.UUID) error
UpdateUserPassword(userId uuid.UUID, newHash []byte) error
GetEmailVerificationToken(userId uuid.UUID) (string, error)
InsertEmailVerificationToken(userId uuid.UUID, token string) error
GetEmailVerificationToken(userId uuid.UUID) (string, error)
InsertSession(session *Session) error
GetSession(sessionId string) (*Session, error)
DeleteOldSessions(userId uuid.UUID) error
DeleteSession(sessionId string) error
}
type DbAuthSqlite struct {
@@ -57,6 +80,24 @@ func NewDbAuthSqlite(db *sql.DB) *DbAuthSqlite {
return &DbAuthSqlite{db: db}
}
func (db DbAuthSqlite) InsertUser(user *User) error {
_, err := db.db.Exec(`
INSERT INTO user (user_uuid, email, email_verified, email_verified_at, is_admin, password, salt, created_at)
VALUES (?, ?, ?, ?, ?, ?, ?, ?)`,
user.Id, user.Email, user.EmailVerified, user.EmailVerifiedAt, user.IsAdmin, user.Password, user.Salt, user.CreateAt)
if err != nil {
if strings.Contains(err.Error(), "email") {
return ErrUserExists
}
utils.LogError("SQL error InsertUser", err)
return types.ErrInternal
}
return nil
}
func (db DbAuthSqlite) GetUser(email string) (*User, error) {
var (
userId uuid.UUID
@@ -83,18 +124,95 @@ func (db DbAuthSqlite) GetUser(email string) (*User, error) {
return NewUser(userId, email, emailVerified, emailVerifiedAt, isAdmin, password, salt, createdAt), nil
}
func (db DbAuthSqlite) InsertUser(user *User) error {
func (db DbAuthSqlite) GetUserById(userId uuid.UUID) (*User, error) {
var (
email string
emailVerified bool
emailVerifiedAt *time.Time
isAdmin bool
password []byte
salt []byte
createdAt time.Time
)
err := db.db.QueryRow(`
SELECT email, email_verified, email_verified_at, password, salt, created_at
FROM user
WHERE user_uuid = ?`, userId).Scan(&email, &emailVerified, &emailVerifiedAt, &password, &salt, &createdAt)
if err != nil {
if err == sql.ErrNoRows {
return nil, ErrUserNotFound
} else {
utils.LogError("SQL error GetUser", err)
return nil, types.ErrInternal
}
}
return NewUser(userId, email, emailVerified, emailVerifiedAt, isAdmin, password, salt, createdAt), nil
}
func (db DbAuthSqlite) DeleteUser(userId uuid.UUID) error {
tx, err := db.db.Begin()
if err != nil {
utils.LogError("Could not start transaction", err)
return types.ErrInternal
}
_, err = tx.Exec("DELETE FROM workout WHERE user_id = ?", userId)
if err != nil {
tx.Rollback()
utils.LogError("Could not delete workouts", err)
return types.ErrInternal
}
_, err = tx.Exec("DELETE FROM user_token WHERE user_uuid = ?", userId)
if err != nil {
tx.Rollback()
utils.LogError("Could not delete user tokens", err)
return types.ErrInternal
}
_, err = tx.Exec("DELETE FROM session WHERE user_uuid = ?", userId)
if err != nil {
tx.Rollback()
utils.LogError("Could not delete sessions", err)
return types.ErrInternal
}
_, err = tx.Exec("DELETE FROM user WHERE user_uuid = ?", userId)
if err != nil {
tx.Rollback()
utils.LogError("Could not delete user", err)
return types.ErrInternal
}
err = tx.Commit()
if err != nil {
utils.LogError("Could not commit transaction", err)
return types.ErrInternal
}
return nil
}
func (db DbAuthSqlite) UpdateUserPassword(userId uuid.UUID, newHash []byte) error {
_, err := db.db.Exec("UPDATE user SET password = ? WHERE user_uuid = ?", newHash, userId)
if err != nil {
utils.LogError("Could not update password", err)
return types.ErrInternal
}
return nil
}
func (db DbAuthSqlite) InsertEmailVerificationToken(userId uuid.UUID, token string) error {
_, err := db.db.Exec(`
INSERT INTO user (user_uuid, email, email_verified, email_verified_at, is_admin, password, salt, created_at)
VALUES (?, ?, ?, ?, ?, ?, ?, ?)`,
user.Id, user.Email, user.EmailVerified, user.EmailVerifiedAt, user.IsAdmin, user.Password, user.Salt, user.CreateAt)
INSERT INTO user_token (user_uuid, type, token, created_at)
VALUES (?, 'email_verify', ?, datetime())`, userId, token)
if err != nil {
if strings.Contains(err.Error(), "email") {
return ErrUserExists
}
utils.LogError("SQL error InsertUser", err)
utils.LogError("Could not insert token", err)
return types.ErrInternal
}
@@ -117,15 +235,60 @@ func (db DbAuthSqlite) GetEmailVerificationToken(userId uuid.UUID) (string, erro
return token, nil
}
func (db DbAuthSqlite) InsertEmailVerificationToken(userId uuid.UUID, token string) error {
func (db DbAuthSqlite) InsertSession(session *Session) error {
_, err := db.db.Exec(`
INSERT INTO user_token (user_uuid, type, token, created_at)
VALUES (?, 'email_verify', ?, datetime())`, userId, token)
INSERT INTO session (session_id, user_uuid, created_at)
VALUES (?, ?, ?)`, session.Id, session.UserId, session.CreatedAt)
if err != nil {
utils.LogError("Could not insert token", err)
utils.LogError("Could not insert new session", err)
return types.ErrInternal
}
return nil
}
func (db DbAuthSqlite) GetSession(sessionId string) (*Session, error) {
var (
userId uuid.UUID
sessionCreatedAt time.Time
)
err := db.db.QueryRow(`
SELECT u.user_uuid, s.created_at
FROM session s
INNER JOIN user u ON s.user_uuid = u.user_uuid
WHERE session_id = ?`, sessionId).Scan(&userId, &sessionCreatedAt)
if err != nil {
return nil, ErrSessionNotFound
}
return NewSession(sessionId, userId, sessionCreatedAt), nil
}
func (db DbAuthSqlite) DeleteOldSessions(userId uuid.UUID) error {
// Delete old inactive sessions
_, err := db.db.Exec("DELETE FROM session WHERE created_at < datetime('now','-8 hours') AND user_uuid = ?", userId)
if err != nil {
utils.LogError("Could not delete old sessions", err)
return types.ErrInternal
}
return nil
}
func (db DbAuthSqlite) DeleteSession(sessionId string) error {
if sessionId != "" {
_, err := db.db.Exec("DELETE FROM session WHERE session_id = ?", sessionId)
if err != nil {
utils.LogError("Could not delete session", err)
return types.ErrInternal
}
}
return nil
}

60
db/workout.go Normal file
View File

@@ -0,0 +1,60 @@
package db
import (
"me-fit/types"
"me-fit/utils"
"database/sql"
"time"
"github.com/google/uuid"
)
type DbWorkout interface {
InsertWorkout(userId uuid.UUID, workout *WorkoutInsert) (*Workout, error)
}
type DbWorkoutSqlite struct {
db *sql.DB
}
func NewDbWorkoutSqlite(db *sql.DB) *DbWorkoutSqlite {
return &DbWorkoutSqlite{db: db}
}
type WorkoutInsert struct {
Date time.Time
Type string
Sets int
Reps int
}
type Workout struct {
RowId int
Date time.Time
Type string
Sets int
Reps int
}
func NewWorkoutInsert(date time.Time, workoutType string, sets int, reps int) *WorkoutInsert {
return &WorkoutInsert{Date: date, Type: workoutType, Sets: sets, Reps: reps}
}
func NewWorkoutFromInsert(rowId int, workoutInsert *WorkoutInsert) *Workout {
return &Workout{RowId: rowId, Date: workoutInsert.Date, Type: workoutInsert.Type, Sets: workoutInsert.Sets, Reps: workoutInsert.Reps}
}
func (db DbWorkoutSqlite) InsertWorkout(userId uuid.UUID, workout *WorkoutInsert) (*Workout, error) {
var rowId int
err := db.db.QueryRow(`
INSERT INTO workout (user_id, date, type, sets, reps)
VALUES (?, ?, ?, ?, ?)
RETURNING rowid`, userId, workout.Date, workout.Type, workout.Sets, workout.Reps).Scan(&rowId)
if err != nil {
utils.LogError("Error inserting workout", err)
return nil, types.ErrInternal
}
return NewWorkoutFromInsert(rowId, workout), nil
}

228
handler/auth.go
View File

@@ -35,14 +35,14 @@ func (handler HandlerAuthImpl) handle(router *http.ServeMux) {
// Don't use auth middleware for these routes, as it makes redirecting very difficult, if the mail is not yet verified
router.Handle("/auth/signin", handler.handleSignInPage())
router.Handle("/auth/signup", handler.handleSignUpPage())
router.Handle("/auth/verify", service.HandleSignUpVerifyPage(handler.db, handler.serverSettings)) // Hint for the user to verify their email
router.Handle("/auth/delete-account", service.HandleDeleteAccountPage(handler.db, handler.serverSettings))
router.Handle("/auth/verify", handler.handleSignUpVerifyPage()) // Hint for the user to verify their email
router.Handle("/auth/delete-account", handler.handleDeleteAccountPage())
router.Handle("/auth/verify-email", service.HandleSignUpVerifyResponsePage(handler.db)) // The link contained in the email
router.Handle("/auth/change-password", service.HandleChangePasswordPage(handler.db, handler.serverSettings))
router.Handle("/auth/reset-password", service.HandleResetPasswordPage(handler.db, handler.serverSettings))
router.Handle("/auth/change-password", handler.handleChangePasswordPage())
router.Handle("/auth/reset-password", handler.handleResetPasswordPage())
router.Handle("/api/auth/signup", handler.handleSignUp())
router.Handle("/api/auth/signin", handler.handleSignIn())
router.Handle("/api/auth/signout", service.HandleSignOutComp(handler.db))
router.Handle("/api/auth/signout", handler.handleSignOut())
router.Handle("/api/auth/delete-account", service.HandleDeleteAccountComp(handler.db, handler.serverSettings))
router.Handle("/api/auth/verify-resend", service.HandleVerifyResendComp(handler.db, handler.serverSettings))
router.Handle("/api/auth/change-password", service.HandleChangePasswordComp(handler.db))
@@ -56,9 +56,8 @@ var (
func (handler HandlerAuthImpl) handleSignInPage() http.HandlerFunc {
return func(w http.ResponseWriter, r *http.Request) {
user := utils.GetUserFromSession(handler.db, r)
if user == nil {
user, err := handler.service.GetUserFromSessionId(utils.GetSessionID(r))
if err != nil {
userComp := service.UserInfoComp(nil)
signIn := auth.SignInOrUpComp(true)
err := template.Layout(signIn, userComp, handler.serverSettings.Environment).Render(r.Context(), w)
@@ -67,31 +66,40 @@ func (handler HandlerAuthImpl) handleSignInPage() http.HandlerFunc {
utils.LogError("Failed to render sign in page", err)
http.Error(w, "Internal Server Error", http.StatusInternalServerError)
}
}
} else if !user.EmailVerified {
if !user.EmailVerified {
utils.DoRedirect(w, r, "/auth/verify")
} else {
utils.DoRedirect(w, r, "/")
}
}
}
func (handler HandlerAuthImpl) handleSignIn() http.HandlerFunc {
return func(w http.ResponseWriter, r *http.Request) {
user, err := utils.WaitMinimumTime(securityWaitDuration, func() (*service.User, error) {
var email = r.FormValue("email")
var password = r.FormValue("password")
user, err := handler.service.SignIn(email, password)
session, err := handler.service.SignIn(email, password)
if err != nil {
return nil, err
}
err = service.TryCreateSessionAndSetCookie(r, w, handler.db, user.Id)
if err != nil {
return nil, err
cookie := http.Cookie{
Name: "id",
Value: session.Id,
MaxAge: 60 * 60 * 8, // 8 hours
Secure: true,
HttpOnly: true,
SameSite: http.SameSiteStrictMode,
Path: "/",
}
return user, nil
http.SetCookie(w, &cookie)
return session.User, nil
})
if err != nil {
@@ -115,9 +123,8 @@ func (handler HandlerAuthImpl) handleSignIn() http.HandlerFunc {
func (handler HandlerAuthImpl) handleSignUpPage() http.HandlerFunc {
return func(w http.ResponseWriter, r *http.Request) {
user := utils.GetUserFromSession(handler.db, r)
if user == nil {
user, err := handler.service.GetUserFromSessionId(utils.GetSessionID(r))
if err != nil {
userComp := service.UserInfoComp(nil)
signUpComp := auth.SignInOrUpComp(false)
err := template.Layout(signUpComp, userComp, handler.serverSettings.Environment).Render(r.Context(), w)
@@ -126,14 +133,16 @@ func (handler HandlerAuthImpl) handleSignUpPage() http.HandlerFunc {
utils.LogError("Failed to render sign up page", err)
http.Error(w, "Internal Server Error", http.StatusInternalServerError)
}
}
} else if !user.EmailVerified {
if !user.EmailVerified {
utils.DoRedirect(w, r, "/auth/verify")
} else {
utils.DoRedirect(w, r, "/")
}
}
}
func (handler HandlerAuthImpl) handleSignUp() http.HandlerFunc {
return func(w http.ResponseWriter, r *http.Request) {
var email = r.FormValue("email")
@@ -163,3 +172,186 @@ func (handler HandlerAuthImpl) handleSignUp() http.HandlerFunc {
utils.TriggerToast(w, r, "success", "A link to activate your account has been emailed to the address provided.")
}
}
func (handler HandlerAuthImpl) handleSignOut() http.HandlerFunc {
return func(w http.ResponseWriter, r *http.Request) {
err := handler.service.SignOut(utils.GetSessionID(r))
if err != nil {
utils.TriggerToast(w, r, "error", "Internal Server Error")
http.Error(w, err.Error(), http.StatusInternalServerError)
return
}
c := http.Cookie{
Name: "id",
Value: "",
MaxAge: -1,
Secure: true,
HttpOnly: true,
SameSite: http.SameSiteStrictMode,
Path: "/",
}
http.SetCookie(w, &c)
utils.DoRedirect(w, r, "/")
}
}
func (handler HandlerAuthImpl) handleSignUpVerifyPage() http.HandlerFunc {
return func(w http.ResponseWriter, r *http.Request) {
user, err := handler.service.GetUserFromSessionId(utils.GetSessionID(r))
if err != nil {
utils.DoRedirect(w, r, "/auth/signin")
}
if user.EmailVerified {
utils.DoRedirect(w, r, "/")
} else {
userComp := service.UserInfoComp(user)
signIn := auth.VerifyComp()
err := template.Layout(signIn, userComp, handler.serverSettings.Environment).Render(r.Context(), w)
if err != nil {
utils.LogError("Failed to render verify page", err)
http.Error(w, "Internal Server Error", http.StatusInternalServerError)
}
}
}
}
func (handler HandlerAuthImpl) handleDeleteAccountPage() http.HandlerFunc {
return func(w http.ResponseWriter, r *http.Request) {
// An unverified email should be able to delete their account
user, err := handler.service.GetUserFromSessionId(utils.GetSessionID(r))
if err != nil {
utils.DoRedirect(w, r, "/auth/signin")
}
userComp := service.UserInfoComp(user)
comp := auth.DeleteAccountComp()
err = template.Layout(comp, userComp, handler.serverSettings.Environment).Render(r.Context(), w)
if err != nil {
utils.LogError("Failed to render delete account page", err)
http.Error(w, "Internal Server Error", http.StatusInternalServerError)
}
}
}
func (handler HandlerAuthImpl) handleChangePasswordPage() http.HandlerFunc {
return func(w http.ResponseWriter, r *http.Request) {
isPasswordReset := r.URL.Query().Has("token")
user, _ := handler.service.GetUserFromSessionId(utils.GetSessionID(r))
if user == nil && !isPasswordReset {
utils.DoRedirect(w, r, "/auth/signin")
} else {
userComp := service.UserInfoComp(user)
comp := auth.ChangePasswordComp(isPasswordReset)
err := template.Layout(comp, userComp, handler.serverSettings.Environment).Render(r.Context(), w)
if err != nil {
utils.LogError("Failed to render change password page", err)
http.Error(w, "Internal Server Error", http.StatusInternalServerError)
}
}
}
}
func (handler HandlerAuthImpl) handleResetPasswordPage() http.HandlerFunc {
return func(w http.ResponseWriter, r *http.Request) {
user, err := handler.service.GetUserFromSessionId(utils.GetSessionID(r))
if err != nil {
utils.DoRedirect(w, r, "/auth/signin")
}
userComp := service.UserInfoComp(user)
comp := auth.ResetPasswordComp()
err = template.Layout(comp, userComp, handler.serverSettings.Environment).Render(r.Context(), w)
if err != nil {
utils.LogError("Failed to render change password page", err)
http.Error(w, "Internal Server Error", http.StatusInternalServerError)
}
}
}
func (handler HandlerAuthImpl) HandleResetPasswordPage() http.HandlerFunc {
return func(w http.ResponseWriter, r *http.Request) {
user, err := handler.service.GetUserFromSessionId(utils.GetSessionID(r))
if err != nil {
utils.DoRedirect(w, r, "/auth/signin")
return
}
userComp := service.UserInfoComp(user)
comp := auth.ResetPasswordComp()
err = template.Layout(comp, userComp, handler.serverSettings.Environment).Render(r.Context(), w)
if err != nil {
utils.LogError("Failed to render change password page", err)
http.Error(w, "Internal Server Error", http.StatusInternalServerError)
}
}
}
func (handler HandlerAuthImpl) HandleDeleteAccountComp() http.HandlerFunc {
return func(w http.ResponseWriter, r *http.Request) {
user, err := handler.service.GetUserFromSessionId(utils.GetSessionID(r))
if err != nil {
utils.DoRedirect(w, r, "/auth/signin")
return
}
password := r.FormValue("password")
_, err = handler.service.SignIn(user.Email, password)
if err != nil {
utils.TriggerToast(w, r, "error", "Password not correct")
return
}
err = handler.service.DeleteAccount(user)
if err != nil {
utils.TriggerToast(w, r, "error", "Internal Server Error")
return
}
utils.DoRedirect(w, r, "/")
}
}
func (handler HandlerAuthImpl) HandleVerifyResendComp() http.HandlerFunc {
return func(w http.ResponseWriter, r *http.Request) {
user, err := handler.service.GetUserFromSessionId(utils.GetSessionID(r))
if err != nil {
utils.DoRedirect(w, r, "/auth/signin")
return
}
go handler.service.SendVerificationMail(user.Id, user.Email)
w.Write([]byte("<p class=\"mt-8\">Verification email sent</p>"))
}
}
func (handler HandlerAuthImpl) HandleChangePasswordComp() http.HandlerFunc {
return func(w http.ResponseWriter, r *http.Request) {
user, err := handler.service.GetUserFromSessionId(utils.GetSessionID(r))
if err != nil {
utils.DoRedirect(w, r, "/auth/signin")
return
}
currPass := r.FormValue("current-password")
newPass := r.FormValue("new-password")
err = handler.service.ChangePassword(user, currPass, newPass)
if err != nil {
utils.TriggerToast(w, r, "error", "Password not correct")
return
}
utils.TriggerToast(w, r, "success", "Password changed")
}
}

10
handler/default.go
View File

@@ -13,15 +13,17 @@ import (
func GetHandler(d *sql.DB, serverSettings *types.ServerSettings) http.Handler {
var router = http.NewServeMux()
router.HandleFunc("/", service.HandleIndexAnd404(d, serverSettings))
randomGenerator := service.NewRandomGeneratorImpl()
clock := service.NewClockImpl()
dbAuth := db.NewDbAuthSqlite(d)
mailService := service.NewMailServiceImpl(serverSettings)
serviceAuth := service.NewServiceAuthImpl(dbAuth, randomGenerator, clock, mailService, serverSettings)
handlerIndex := NewHandlerIndex(d, serviceAuth, serverSettings)
handlerAuth := NewHandlerAuth(d, serviceAuth, serverSettings)
handlerIndex.handle(router)
// Serve static files (CSS, JS and images)
router.Handle("/static/", http.StripPrefix("/static/", http.FileServer(http.Dir("./static/"))))
@@ -31,7 +33,3 @@ func GetHandler(d *sql.DB, serverSettings *types.ServerSettings) http.Handler {
return middleware.Logging(middleware.EnableCors(serverSettings, router))
}
func authMiddleware(db *sql.DB, h http.Handler) http.Handler {
return middleware.EnsureValidSession(db, h)
}

58
handler/index_and_404.go Normal file
View File

@@ -0,0 +1,58 @@
package handler
import (
"me-fit/service"
"me-fit/template"
"me-fit/template/auth"
"me-fit/types"
"me-fit/utils"
"database/sql"
"net/http"
"github.com/a-h/templ"
)
type HandlerIndex interface {
handle(router *http.ServeMux)
}
type HandlerIndexImpl struct {
db *sql.DB
service service.ServiceAuth
serverSettings *types.ServerSettings
}
func NewHandlerIndex(db *sql.DB, service service.ServiceAuth, serverSettings *types.ServerSettings) HandlerAuth {
return HandlerAuthImpl{
db: db,
service: service,
serverSettings: serverSettings,
}
}
func (handler HandlerIndexImpl) handle(router *http.ServeMux) {
router.Handle("/", handler handleIndexAnd404())
}
func (handler HanHandlerIndexImpl) handleIndexAnd404() http.HandlerFunc {
return func(w http.ResponseWriter, r *http.Request) {
user, err := handler.service.GetUserFromSessionId(utils.GetSessionID(r))
var comp templ.Component = nil
userComp := service.UserInfoComp(user)
if r.URL.Path != "/" {
comp = template.Layout(template.NotFound(), userComp, handler.serverSettings.Environment)
w.WriteHeader(http.StatusNotFound)
} else {
comp = template.Layout(template.Index(), userComp, handler.serverSettings.Environment)
}
err = comp.Render(r.Context(), w)
if err != nil {
utils.LogError("Failed to render index", err)
http.Error(w, "Failed to render index", http.StatusInternalServerError)
}
}
}

84
handler/workout.go
View File

@@ -2,15 +2,89 @@ package handler
import (
"me-fit/service"
"me-fit/template"
"me-fit/template/workout"
"me-fit/types"
"me-fit/utils"
"time"
"database/sql"
"net/http"
)
func handleWorkout(db *sql.DB, router *http.ServeMux, serverSettings *types.ServerSettings) {
router.Handle("/workout", authMiddleware(db, service.HandleWorkoutPage(db, serverSettings)))
router.Handle("POST /api/workout", authMiddleware(db, service.HandleWorkoutNewComp(db)))
router.Handle("GET /api/workout", authMiddleware(db, service.HandleWorkoutGetComp(db)))
router.Handle("DELETE /api/workout/{id}", authMiddleware(db, service.HandleWorkoutDeleteComp(db)))
type HandlerWorkout interface {
handle(router *http.ServeMux)
}
type HandlerWorkoutImpl struct {
db *sql.DB
service service.ServiceWorkout
auth service.ServiceAuth
serverSettings *types.ServerSettings
}
func NewHandlerWorkout(db *sql.DB, service service.ServiceWorkout, auth service.ServiceAuth, serverSettings *types.ServerSettings) HandlerAuth {
return HandlerWorkoutImpl{
db: db,
service: service,
auth: auth,
serverSettings: serverSettings,
}
}
func (handler HandlerWorkoutImpl) handle(router *http.ServeMux) {
router.Handle("/workout", handler.handleWorkoutPage())
router.Handle("POST /api/workout", handler.handleAddWorkout())
router.Handle("GET /api/workout", service.HandleWorkoutGetComp(handler.db))
router.Handle("DELETE /api/workout/{id}", service.HandleWorkoutDeleteComp(handler.db))
}
func (handler HandlerWorkoutImpl) handleWorkoutPage() http.HandlerFunc {
return func(w http.ResponseWriter, r *http.Request) {
user, err := handler.auth.GetUserFromSessionId(utils.GetSessionID(r))
if err != nil {
utils.DoRedirect(w, r, "/auth/signin")
return
}
currentDate := time.Now().Format("2006-01-02")
inner := workout.WorkoutComp(currentDate)
userComp := service.UserInfoComp(user)
err = template.Layout(inner, userComp, handler.serverSettings.Environment).Render(r.Context(), w)
if err != nil {
utils.LogError("Failed to render workout page", err)
http.Error(w, "Internal Server Error", http.StatusInternalServerError)
}
}
}
func (handler HandlerWorkoutImpl) handleAddWorkout() http.HandlerFunc {
return func(w http.ResponseWriter, r *http.Request) {
user, err := handler.auth.GetUserFromSessionId(utils.GetSessionID(r))
if err != nil {
utils.DoRedirect(w, r, "/auth/signin")
return
}
var dateStr = r.FormValue("date")
var typeStr = r.FormValue("type")
var setsStr = r.FormValue("sets")
var repsStr = r.FormValue("reps")
wo := service.NewWorkoutDto("", dateStr, typeStr, setsStr, repsStr)
wo, err = handler.service.AddWorkout(user, wo)
if err != nil {
utils.TriggerToast(w, r, "error", "Invalid input values")
http.Error(w, "Invalid input values", http.StatusBadRequest)
return
}
wor := workout.Workout{Id: wo.RowId, Date: wo.Date, Type: wo.Type, Sets: wo.Sets, Reps: wo.Reps}
err = workout.WorkoutItemComp(wor, true).Render(r.Context(), w)
if err != nil {
utils.LogError("Could not render workoutitem", err)
utils.TriggerToast(w, r, "error", "Internal Server Error")
http.Error(w, err.Error(), http.StatusInternalServerError)
}
}
}

30
middleware/auth.go
View File

@@ -1,30 +0,0 @@
package middleware
import (
"me-fit/utils"
"context"
"database/sql"
"net/http"
)
func EnsureValidSession(db *sql.DB, next http.Handler) http.Handler {
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
user := utils.GetUserFromSession(db, r)
if user == nil {
utils.DoRedirect(w, r, "/auth/signin")
return
}
if !user.EmailVerified && r.URL.Path != "/auth/verify" {
utils.DoRedirect(w, r, "/auth/verify")
return
}
ctx := context.WithValue(r.Context(), utils.ContextKeyUser, user)
next.ServeHTTP(w, r.WithContext(ctx))
})
}

373
service/auth.go
View File

@@ -10,9 +10,9 @@ import (
"net/mail"
"net/url"
"strings"
"time"
"me-fit/db"
"me-fit/template"
"me-fit/template/auth"
tempMail "me-fit/template/mail"
"me-fit/types"
@@ -28,6 +28,7 @@ var (
ErrInvalidPassword = errors.New("Password needs to be 8 characters long, contain at least one number, one special, one uppercase and one lowercase character")
ErrInvalidEmail = errors.New("Invalid email")
ErrAccountExists = errors.New("Account already exists")
ErrSessionIdInvalid = errors.New("Session ID is invalid")
)
type User struct {
@@ -44,10 +45,29 @@ func NewUser(user *db.User) *User {
}
}
type Session struct {
Id string
CreatedAt time.Time
User *User
}
func NewSession(session *db.Session, user *User) *Session {
return &Session{
Id: session.Id,
CreatedAt: session.CreatedAt,
User: user,
}
}
type ServiceAuth interface {
SignIn(email string, password string) (*User, error)
SignIn(email string, password string) (*Session, error)
SignUp(email string, password string) (*User, error)
SendVerificationMail(userId uuid.UUID, email string)
SignOut(sessionId string) error
DeleteAccount(user *User) error
ChangePassword(user *User, currPass, newPass string) error
GetUserFromSessionId(sessionId string) (*User, error)
}
type ServiceAuthImpl struct {
@@ -68,7 +88,7 @@ func NewServiceAuthImpl(dbAuth db.DbAuth, randomGenerator RandomGenerator, clock
}
}
func (service ServiceAuthImpl) SignIn(email string, password string) (*User, error) {
func (service ServiceAuthImpl) SignIn(email string, password string) (*Session, error) {
user, err := service.dbAuth.GetUser(email)
if err != nil {
if errors.Is(err, db.ErrUserNotFound) {
@@ -84,7 +104,33 @@ func (service ServiceAuthImpl) SignIn(email string, password string) (*User, err
return nil, ErrInvaidCredentials
}
return NewUser(user), nil
session, err := service.createSession(user.Id)
if err != nil {
return nil, types.ErrInternal
}
return NewSession(session, NewUser(user)), nil
}
func (service ServiceAuthImpl) createSession(userId uuid.UUID) (*db.Session, error) {
sessionId, err := service.randomGenerator.String(32)
if err != nil {
return nil, types.ErrInternal
}
err = service.dbAuth.DeleteOldSessions(userId)
if err != nil {
return nil, types.ErrInternal
}
session := db.NewSession(sessionId, userId, service.clock.Now())
err = service.dbAuth.InsertSession(session)
if err != nil {
return nil, types.ErrInternal
}
return nil, nil
}
func (service ServiceAuthImpl) SignUp(email string, password string) (*User, error) {
@@ -153,45 +199,35 @@ func (service ServiceAuthImpl) SendVerificationMail(userId uuid.UUID, email stri
service.mailService.SendMail(email, "Welcome to ME-FIT", w.String())
}
func (service ServiceAuthImpl) SignOut(sessionId string) error {
return service.dbAuth.DeleteSession(sessionId)
}
func (service ServiceAuthImpl) GetUserFromSessionId(sessionId string) (*User, error) {
if sessionId == "" {
return nil, ErrSessionIdInvalid
}
session, err := service.dbAuth.GetSession(sessionId)
if err != nil {
return nil, types.ErrInternal
}
user, err := service.dbAuth.GetUserById(session.UserId)
if err != nil {
return nil, types.ErrInternal
}
if session.CreatedAt.Add(time.Duration(8 * time.Hour)).Before(service.clock.Now()) {
return nil, nil
} else {
return NewUser(user), nil
}
}
// TODO
func HandleSignUpVerifyPage(db *sql.DB, serverSettings *types.ServerSettings) http.HandlerFunc {
return func(w http.ResponseWriter, r *http.Request) {
user := utils.GetUserFromSession(db, r)
if user == nil {
utils.DoRedirect(w, r, "/auth/signin")
} else if user.EmailVerified {
utils.DoRedirect(w, r, "/")
} else {
userComp := UserInfoComp(user)
signIn := auth.VerifyComp()
err := template.Layout(signIn, userComp, serverSettings.Environment).Render(r.Context(), w)
if err != nil {
utils.LogError("Failed to render verify page", err)
http.Error(w, "Internal Server Error", http.StatusInternalServerError)
}
}
}
}
func HandleDeleteAccountPage(db *sql.DB, serverSettings *types.ServerSettings) http.HandlerFunc {
return func(w http.ResponseWriter, r *http.Request) {
// An unverified email should be able to delete their account
user := utils.GetUserFromSession(db, r)
if user == nil {
utils.DoRedirect(w, r, "/auth/signin")
} else {
userComp := UserInfoComp(user)
comp := auth.DeleteAccountComp()
err := template.Layout(comp, userComp, serverSettings.Environment).Render(r.Context(), w)
if err != nil {
utils.LogError("Failed to render delete account page", err)
http.Error(w, "Internal Server Error", http.StatusInternalServerError)
}
}
}
}
func HandleSignUpVerifyResponsePage(db *sql.DB) http.HandlerFunc {
return func(w http.ResponseWriter, r *http.Request) {
@@ -234,45 +270,7 @@ func HandleSignUpVerifyResponsePage(db *sql.DB) http.HandlerFunc {
}
}
func HandleChangePasswordPage(db *sql.DB, serverSettings *types.ServerSettings) http.HandlerFunc {
return func(w http.ResponseWriter, r *http.Request) {
isPasswordReset := r.URL.Query().Has("token")
user := utils.GetUserFromSession(db, r)
if user == nil && !isPasswordReset {
utils.DoRedirect(w, r, "/auth/signin")
} else {
userComp := UserInfoComp(user)
comp := auth.ChangePasswordComp(isPasswordReset)
err := template.Layout(comp, userComp, serverSettings.Environment).Render(r.Context(), w)
if err != nil {
utils.LogError("Failed to render change password page", err)
http.Error(w, "Internal Server Error", http.StatusInternalServerError)
}
}
}
}
func HandleResetPasswordPage(db *sql.DB, serverSettings *types.ServerSettings) http.HandlerFunc {
return func(w http.ResponseWriter, r *http.Request) {
user := utils.GetUserFromSession(db, r)
if user != nil {
utils.DoRedirect(w, r, "/auth/signin")
} else {
userComp := UserInfoComp(nil)
comp := auth.ResetPasswordComp()
err := template.Layout(comp, userComp, serverSettings.Environment).Render(r.Context(), w)
if err != nil {
utils.LogError("Failed to render change password page", err)
http.Error(w, "Internal Server Error", http.StatusInternalServerError)
}
}
}
}
func UserInfoComp(user *types.User) templ.Component {
func UserInfoComp(user *User) templ.Component {
if user != nil {
return auth.UserComp(user.Email)
@@ -281,168 +279,46 @@ func UserInfoComp(user *types.User) templ.Component {
}
}
func HandleSignOutComp(db *sql.DB) http.HandlerFunc {
return func(w http.ResponseWriter, r *http.Request) {
user := utils.GetUserFromSession(db, r)
func (service ServiceAuthImpl) DeleteAccount(user *User) error {
if user != nil {
_, err := db.Exec("DELETE FROM session WHERE session_id = ?", user.SessionId)
if err != nil {
utils.LogError("Could not delete session", err)
utils.TriggerToast(w, r, "error", "Internal Server Error")
http.Error(w, err.Error(), http.StatusInternalServerError)
return
}
}
c := http.Cookie{
Name: "id",
Value: "",
MaxAge: -1,
Secure: true,
HttpOnly: true,
SameSite: http.SameSiteStrictMode,
Path: "/",
}
http.SetCookie(w, &c)
utils.DoRedirect(w, r, "/")
err := service.dbAuth.DeleteUser(user.Id)
if err != nil {
return err
}
go service.mailService.SendMail(user.Email, "Account deleted", "Your account has been deleted")
return nil
}
func HandleDeleteAccountComp(db *sql.DB, serverSettings *types.ServerSettings) http.HandlerFunc {
mailService := NewMailServiceImpl(serverSettings)
return func(w http.ResponseWriter, r *http.Request) {
user := utils.GetUserFromSession(db, r)
if user == nil {
utils.DoRedirect(w, r, "/auth/signin")
return
}
func (service ServiceAuthImpl) ChangePassword(user *User, currPass, newPass string) error {
password := r.FormValue("password")
if password == "" {
utils.TriggerToast(w, r, "error", "Password is required")
return
}
var (
storedHash []byte
salt []byte
)
err := db.QueryRow("SELECT password, salt FROM user WHERE user_uuid = ?", user.Id).Scan(&storedHash, &salt)
if err != nil {
utils.LogError("Could not get password", err)
utils.TriggerToast(w, r, "error", "Internal Server Error")
return
}
currHash := GetHashPassword(password, salt)
if subtle.ConstantTimeCompare(currHash, storedHash) == 0 {
utils.TriggerToast(w, r, "error", "Password is not correct")
return
}
_, err = db.Exec("DELETE FROM workout WHERE user_id = ?", user.Id)
if err != nil {
utils.LogError("Could not delete workouts", err)
utils.TriggerToast(w, r, "error", "Internal Server Error")
return
}
_, err = db.Exec("DELETE FROM user_token WHERE user_uuid = ?", user.Id)
if err != nil {
utils.LogError("Could not delete user tokens", err)
utils.TriggerToast(w, r, "error", "Internal Server Error")
return
}
_, err = db.Exec("DELETE FROM session WHERE user_uuid = ?", user.Id)
if err != nil {
utils.LogError("Could not delete sessions", err)
utils.TriggerToast(w, r, "error", "Internal Server Error")
return
}
_, err = db.Exec("DELETE FROM user WHERE user_uuid = ?", user.Id)
if err != nil {
utils.LogError("Could not delete user", err)
utils.TriggerToast(w, r, "error", "Internal Server Error")
return
}
go mailService.SendMail(user.Email, "Account deleted", "Your account has been deleted")
utils.DoRedirect(w, r, "/")
if !isPasswordValid(newPass) {
return ErrInvalidPassword
}
}
func HandleVerifyResendComp(db *sql.DB, serverSettings *types.ServerSettings) http.HandlerFunc {
return func(w http.ResponseWriter, r *http.Request) {
user := utils.GetUserFromSession(db, r)
if user == nil || user.EmailVerified {
utils.DoRedirect(w, r, "/auth/signin")
return
}
// TODO
// go sendVerificationEmail(db, user.Id.String(), user.Email, serverSettings)
w.Write([]byte("<p class=\"mt-8\">Verification email sent</p>"))
if currPass == newPass {
return ErrInvalidPassword
}
}
func HandleChangePasswordComp(db *sql.DB) http.HandlerFunc {
return func(w http.ResponseWriter, r *http.Request) {
user := utils.GetUserFromSession(db, r)
if user == nil {
utils.DoRedirect(w, r, "/auth/signin")
return
}
currPass := r.FormValue("current-password")
newPass := r.FormValue("new-password")
if !isPasswordValid(newPass) {
utils.TriggerToast(w, r, "error", ErrInvalidPassword.Error())
return
}
if currPass == newPass {
utils.TriggerToast(w, r, "error", "Please use a new password")
return
}
var (
storedHash []byte
salt []byte
)
err := db.QueryRow("SELECT password, salt FROM user WHERE user_uuid = ?", user.Id).Scan(&storedHash, &salt)
if err != nil {
utils.LogError("Could not get password", err)
utils.TriggerToast(w, r, "error", "Internal Server Error")
return
}
currHash := GetHashPassword(currPass, salt)
if subtle.ConstantTimeCompare(currHash, storedHash) == 0 {
utils.TriggerToast(w, r, "error", "Current Password is not correct")
return
}
newHash := GetHashPassword(newPass, salt)
_, err = db.Exec("UPDATE user SET password = ? WHERE user_uuid = ?", newHash, user.Id)
if err != nil {
utils.LogError("Could not update password", err)
utils.TriggerToast(w, r, "error", "Internal Server Error")
return
}
utils.TriggerToast(w, r, "success", "Password changed")
_, err := service.SignIn(user.Email, currPass)
if err != nil {
return err
}
userDb, err := service.dbAuth.GetUserById(user.Id)
if err != nil {
return err
}
newHash := GetHashPassword(newPass, userDb.Salt)
err = service.dbAuth.UpdateUserPassword(user.Id, newHash)
if err != nil {
return err
}
return nil
}
func HandleActualResetPasswordComp(db *sql.DB) http.HandlerFunc {
@@ -556,39 +432,6 @@ func HandleResetPasswordComp(db *sql.DB, serverSettings *types.ServerSettings) h
}
}
func TryCreateSessionAndSetCookie(r *http.Request, w http.ResponseWriter, db *sql.DB, user_uuid uuid.UUID) error {
sessionId, err := NewRandomGeneratorImpl().String(32)
if err != nil {
return types.ErrInternal
}
// Delete old inactive sessions
_, err = db.Exec("DELETE FROM session WHERE created_at < datetime('now','-8 hours') AND user_uuid = ?", user_uuid)
if err != nil {
utils.LogError("Could not delete old sessions", err)
return types.ErrInternal
}
_, err = db.Exec("INSERT INTO session (session_id, user_uuid, created_at) VALUES (?, ?, datetime())", sessionId, user_uuid)
if err != nil {
utils.LogError("Could not insert session", err)
return types.ErrInternal
}
cookie := http.Cookie{
Name: "id",
Value: sessionId,
MaxAge: 60 * 60 * 8, // 8 hours
Secure: true,
HttpOnly: true,
SameSite: http.SameSiteStrictMode,
Path: "/",
}
http.SetCookie(w, &cookie)
return nil
}
func GetHashPassword(password string, salt []byte) []byte {
return argon2.IDKey([]byte(password), salt, 1, 64*1024, 1, 16)
}

33
service/index_and_404.go
View File

@@ -1,33 +0,0 @@
package service
import (
"database/sql"
"me-fit/template"
"me-fit/types"
"me-fit/utils"
"net/http"
"github.com/a-h/templ"
)
func HandleIndexAnd404(db *sql.DB, serverSettings *types.ServerSettings) http.HandlerFunc {
return func(w http.ResponseWriter, r *http.Request) {
user := utils.GetUserFromSession(db, r)
var comp templ.Component = nil
userComp := UserInfoComp(user)
if r.URL.Path != "/" {
comp = template.Layout(template.NotFound(), userComp, serverSettings.Environment)
w.WriteHeader(http.StatusNotFound)
} else {
comp = template.Layout(template.Index(), userComp, serverSettings.Environment)
}
err := comp.Render(r.Context(), w)
if err != nil {
utils.LogError("Failed to render index", err)
http.Error(w, "Failed to render index", http.StatusInternalServerError)
}
}
}

190
service/workout.go
View File

@@ -1,142 +1,100 @@
package service
import (
"log/slog"
"me-fit/template"
"me-fit/template/workout"
"me-fit/db"
"me-fit/types"
"me-fit/utils"
"database/sql"
"errors"
"log/slog"
"net/http"
"strconv"
"time"
)
func HandleWorkoutPage(db *sql.DB, serverSettings *types.ServerSettings) http.HandlerFunc {
return func(w http.ResponseWriter, r *http.Request) {
user := utils.GetUser(r)
if user == nil {
utils.DoRedirect(w, r, "/auth/signin")
return
}
type ServiceWorkout interface {
AddWorkout(user *User, workoutDto *WorkoutDto) (*WorkoutDto, error)
}
currentDate := time.Now().Format("2006-01-02")
inner := workout.WorkoutComp(currentDate)
userComp := UserInfoComp(user)
err := template.Layout(inner, userComp, serverSettings.Environment).Render(r.Context(), w)
if err != nil {
utils.LogError("Failed to render workout page", err)
http.Error(w, "Internal Server Error", http.StatusInternalServerError)
}
type ServiceWorkoutImpl struct {
dbWorkout db.DbWorkout
randomGenerator RandomGenerator
clock Clock
mailService MailService
serverSettings *types.ServerSettings
}
func NewServiceWorkoutImpl(dbAuth db.DbAuth, randomGenerator RandomGenerator, clock Clock, mailService MailService, serverSettings *types.ServerSettings) *ServiceAuthImpl {
return &ServiceAuthImpl{
dbAuth: dbAuth,
randomGenerator: randomGenerator,
clock: clock,
mailService: mailService,
serverSettings: serverSettings,
}
}
func HandleWorkoutNewComp(db *sql.DB) http.HandlerFunc {
return func(w http.ResponseWriter, r *http.Request) {
user := utils.GetUser(r)
if user == nil {
utils.DoRedirect(w, r, "/auth/signin")
return
}
type WorkoutDto struct {
RowId string
Date string
Type string
Sets string
Reps string
}
var dateStr = r.FormValue("date")
var typeStr = r.FormValue("type")
var setsStr = r.FormValue("sets")
var repsStr = r.FormValue("reps")
if dateStr == "" || typeStr == "" || setsStr == "" || repsStr == "" {
utils.TriggerToast(w, r, "error", "Missing required fields")
http.Error(w, "Missing required fields", http.StatusBadRequest)
return
}
date, err := time.Parse("2006-01-02", dateStr)
if err != nil {
utils.TriggerToast(w, r, "error", "Invalid date")
http.Error(w, err.Error(), http.StatusBadRequest)
return
}
sets, err := strconv.Atoi(setsStr)
if err != nil {
utils.TriggerToast(w, r, "error", "Invalid number")
http.Error(w, err.Error(), http.StatusBadRequest)
return
}
reps, err := strconv.Atoi(repsStr)
if err != nil {
utils.TriggerToast(w, r, "error", "Invalid number")
http.Error(w, err.Error(), http.StatusBadRequest)
return
}
var rowId int
err = db.QueryRow("INSERT INTO workout (user_id, date, type, sets, reps) VALUES (?, ?, ?, ?, ?) RETURNING rowid", user.Id, date, typeStr, sets, reps).Scan(&rowId)
if err != nil {
utils.LogError("Could not insert workout", err)
utils.TriggerToast(w, r, "error", "Internal Server Error")
http.Error(w, err.Error(), http.StatusInternalServerError)
return
}
wo := workout.Workout{
Id: strconv.Itoa(rowId),
Date: renderDate(date),
Type: r.FormValue("type"),
Sets: r.FormValue("sets"),
Reps: r.FormValue("reps"),
}
err = workout.WorkoutItemComp(wo, true).Render(r.Context(), w)
if err != nil {
utils.LogError("Could not render workoutitem", err)
utils.TriggerToast(w, r, "error", "Internal Server Error")
http.Error(w, err.Error(), http.StatusInternalServerError)
}
func NewWorkoutDtoFromDb(workout *db.Workout) *WorkoutDto {
return &WorkoutDto{
RowId: strconv.Itoa(workout.RowId),
Date: renderDate(workout.Date),
Type: workout.Type,
Sets: strconv.Itoa(workout.Sets),
Reps: strconv.Itoa(workout.Reps),
}
}
func NewWorkoutDto(rowId string, date string, workoutType string, sets string, reps string) *WorkoutDto {
return &WorkoutDto{
RowId: rowId,
Date: date,
Type: workoutType,
Sets: sets,
Reps: reps,
}
}
func HandleWorkoutGetComp(db *sql.DB) http.HandlerFunc {
return func(w http.ResponseWriter, r *http.Request) {
user := utils.GetUser(r)
if user == nil {
utils.DoRedirect(w, r, "/auth/signin")
return
}
var (
ErrInputValues = errors.New("Invalid input values")
)
rows, err := db.Query("SELECT rowid, date, type, sets, reps FROM workout WHERE user_id = ? ORDER BY date desc", user.Id)
if err != nil {
utils.LogError("Could not get workouts", err)
utils.TriggerToast(w, r, "error", "Internal Server Error")
http.Error(w, err.Error(), http.StatusInternalServerError)
return
}
func (service ServiceWorkoutImpl) AddWorkout(user *User, workoutDto WorkoutDto) (*WorkoutDto, error) {
var workouts = make([]workout.Workout, 0)
for rows.Next() {
var workout workout.Workout
err = rows.Scan(&workout.Id, &workout.Date, &workout.Type, &workout.Sets, &workout.Reps)
if err != nil {
utils.LogError("Could not scan workout", err)
utils.TriggerToast(w, r, "error", "Internal Server Error")
http.Error(w, err.Error(), http.StatusInternalServerError)
return
}
workout.Date, err = renderDateStr(workout.Date)
if err != nil {
utils.LogError("Could not render date", err)
utils.TriggerToast(w, r, "error", "Internal Server Error")
http.Error(w, err.Error(), http.StatusInternalServerError)
return
}
workouts = append(workouts, workout)
}
workout.WorkoutListComp(workouts).Render(r.Context(), w)
if workoutDto.Date == "" || workoutDto.Type == "" || workoutDto.Sets == "" || workoutDto.Reps == "" {
return nil, ErrInputValues
}
date, err := time.Parse("2006-01-02", workoutDto.Date)
if err != nil {
return nil, ErrInputValues
}
sets, err := strconv.Atoi(workoutDto.Sets)
if err != nil {
return nil, ErrInputValues
}
reps, err := strconv.Atoi(workoutDto.Reps)
if err != nil {
return nil, ErrInputValues
}
workoutInsert := db.NewWorkoutInsert(date, workoutDto.Type, sets, reps)
workout, err := service.dbWorkout.InsertWorkout(user.Id, workoutInsert)
if err != nil {
return nil, err
}
return NewWorkoutDtoFromDb(workout), nil
}
func HandleWorkoutDeleteComp(db *sql.DB) http.HandlerFunc {

22
template/workout/workout.templ
View File

@@ -9,29 +9,13 @@ templ WorkoutComp(currentDate string) {
hx-swap="outerHTML"
>
<h2 class="text-4xl mb-8">Track your workout</h2>
<input
id="date"
type="date"
class="input input-bordered"
value={ currentDate }
name="date"
/>
<input id="date" type="date" class="input input-bordered" value={ currentDate } name="date"/>
<select class="select select-bordered w-full" name="type">
<option>Push Ups</option>
<option>Pull Ups</option>
</select>
<input
type="number"
class="input input-bordered"
placeholder="Sets"
name="sets"
/>
<input
type="number"
class="input input-bordered"
placeholder="Reps"
name="reps"
/>
<input type="number" class="input input-bordered" placeholder="Sets" name="sets"/>
<input type="number" class="input input-bordered" placeholder="Reps" name="reps"/>
<button class="btn btn-primary self-end">Save</button>
</form>
<div hx-get="/api/workout" hx-trigger="load"></div>

9
types/types.go
View File

@@ -2,17 +2,8 @@ package types
import (
"errors"
"github.com/google/uuid"
)
var (
ErrInternal = errors.New("Internal server error")
)
type User struct {
Id uuid.UUID
Email string
SessionId string
EmailVerified bool
}

42
utils/http.go
View File

@@ -1,10 +1,8 @@
package utils
import (
"database/sql"
"fmt"
"log/slog"
"me-fit/types"
"net/http"
"time"
@@ -52,44 +50,6 @@ func DoRedirect(w http.ResponseWriter, r *http.Request, url string) {
}
}
func GetUser(r *http.Request) *types.User {
user := r.Context().Value(ContextKeyUser)
if user != nil {
return user.(*types.User)
} else {
return nil
}
}
func GetUserFromSession(db *sql.DB, r *http.Request) *types.User {
sessionId := getSessionID(r)
if sessionId == "" {
return nil
}
var user types.User
var createdAt time.Time
user.SessionId = sessionId
err := db.QueryRow(`
SELECT u.user_uuid, u.email, u.email_verified, s.created_at
FROM session s
INNER JOIN user u ON s.user_uuid = u.user_uuid
WHERE session_id = ?`, sessionId).Scan(&user.Id, &user.Email, &user.EmailVerified, &createdAt)
if err != nil {
slog.Warn("Could not verify session: " + err.Error())
return nil
}
if createdAt.Add(time.Duration(8 * time.Hour)).Before(time.Now()) {
return nil
} else {
return &user
}
}
func WaitMinimumTime[T interface{}](waitTime time.Duration, function func() (T, error)) (T, error) {
start := time.Now()
result, err := function()
@@ -97,7 +57,7 @@ func WaitMinimumTime[T interface{}](waitTime time.Duration, function func() (T,
return result, err
}
func getSessionID(r *http.Request) string {
func GetSessionID(r *http.Request) string {
for _, c := range r.Cookies() {
if c.Name == "id" {
return c.Value