Compare commits
31 Commits
331-test-s
...
fix-tests
| Author | SHA1 | Date | |
|---|---|---|---|
| 28460a6bac | |||
| 3039d66295 | |||
| 9b96e8f0a5 | |||
| b86b737a82 | |||
| f2951985c2 | |||
| a88ed4bb47 | |||
| 7ac910aec6 | |||
| 15ccd4ef01 | |||
| 54f8082430 | |||
| 0d5143b91b | |||
| 3d094154ce | |||
| 3d1111256c | |||
| bc82ad123b | |||
| cb01d5e0d4 | |||
| 7cb46aad36 | |||
| 92bb836e87 | |||
| 1d89f45ff9 | |||
| bc70babaca | |||
| d3700d5a3b | |||
| 9a8dfc96db | |||
| 52f6d3d706 | |||
| 508aa3038b | |||
| 0b155af4c9 | |||
| 917218da82 | |||
| fe7f01e035 | |||
| 55408da398 | |||
| b0f183aeed | |||
| 42a910df4b | |||
| 73333256c5 | |||
| 14b477f560 | |||
| 87188724ac |
@@ -11,5 +11,5 @@ jobs:
|
||||
steps:
|
||||
- name: Check out repository code
|
||||
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
|
||||
- run: docker build . -t me-fit-test
|
||||
- run: docker rmi me-fit-test
|
||||
- run: docker build . -t web-app-template-test
|
||||
- run: docker rmi web-app-template-test
|
||||
|
||||
@@ -11,8 +11,8 @@ jobs:
|
||||
- name: Check out repository code
|
||||
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
|
||||
- run: docker login git.wundenbergs.de -u tim -p ${{ secrets.DOCKER_GITEA_TOKEN }}
|
||||
- run: docker build . -t git.wundenbergs.de/x/me-fit:latest -t git.wundenbergs.de/x/me-fit:$GITHUB_SHA
|
||||
- run: docker push git.wundenbergs.de/x/me-fit:latest
|
||||
- run: docker push git.wundenbergs.de/x/me-fit:$GITHUB_SHA
|
||||
- run: docker rmi git.wundenbergs.de/x/me-fit:latest git.wundenbergs.de/x/me-fit:$GITHUB_SHA
|
||||
- run: docker build . -t git.wundenbergs.de/x/web-app-template:latest -t git.wundenbergs.de/x/web-app-template:$GITHUB_SHA
|
||||
- run: docker push git.wundenbergs.de/x/web-app-template:latest
|
||||
- run: docker push git.wundenbergs.de/x/web-app-template:$GITHUB_SHA
|
||||
- run: docker rmi git.wundenbergs.de/x/web-app-template:latest git.wundenbergs.de/x/web-app-template:$GITHUB_SHA
|
||||
|
||||
|
||||
@@ -3,11 +3,11 @@ dir: mocks/
|
||||
outpkg: mocks
|
||||
issue-845-fix: True
|
||||
packages:
|
||||
me-fit/service:
|
||||
web-app-template/service:
|
||||
interfaces:
|
||||
Random:
|
||||
Clock:
|
||||
Mail:
|
||||
me-fit/db:
|
||||
web-app-template/db:
|
||||
interfaces:
|
||||
Auth:
|
||||
|
||||
20
Dockerfile
20
Dockerfile
@@ -1,5 +1,5 @@
|
||||
FROM golang:1.23.4@sha256:70031844b8c225351d0bb63e2c383f80db85d92ba894e3da7e13bcf80efa9a37 AS builder_go
|
||||
WORKDIR /me-fit
|
||||
FROM golang:1.23.5@sha256:e213430692e5c31aba27473cdc84cfff2896d0c097e984bef67b6a44c75a8181 AS builder_go
|
||||
WORKDIR /web-app-template
|
||||
RUN curl -sSfL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | sh -s -- -b $(go env GOPATH)/bin v1.62.2
|
||||
RUN go install github.com/a-h/templ/cmd/templ@latest
|
||||
RUN go install github.com/vektra/mockery/v2@latest
|
||||
@@ -10,23 +10,23 @@ RUN templ generate
|
||||
RUN mockery --log-level warn
|
||||
RUN go test ./...
|
||||
RUN golangci-lint run ./...
|
||||
RUN go build -o /me-fit/me-fit .
|
||||
RUN go build -o /web-app-template/web-app-template .
|
||||
|
||||
|
||||
FROM node:22.12.0@sha256:35a5dd72bcac4bce43266408b58a02be6ff0b6098ffa6f5435aeea980a8951d7 AS builder_node
|
||||
WORKDIR /me-fit
|
||||
FROM node:22.13.1@sha256:ae2f3d4cc65d251352eca01ba668824f651a2ee4d2a37e2efb22649521a483fd AS builder_node
|
||||
WORKDIR /web-app-template
|
||||
COPY package.json package-lock.json ./
|
||||
RUN npm clean-install
|
||||
COPY . ./
|
||||
RUN npm run build
|
||||
|
||||
|
||||
FROM debian:12.8@sha256:17122fe3d66916e55c0cbd5bbf54bb3f87b3582f4d86a755a0fd3498d360f91b
|
||||
WORKDIR /me-fit
|
||||
FROM debian:12.9@sha256:4abf773f2a570e6873259c4e3ba16de6c6268fb571fd46ec80be7c67822823b3
|
||||
WORKDIR /web-app-template
|
||||
RUN apt-get update && apt-get install -y ca-certificates && echo "" > .env
|
||||
COPY migration ./migration
|
||||
COPY --from=builder_go /me-fit/me-fit ./me-fit
|
||||
COPY --from=builder_node /me-fit/static ./static
|
||||
COPY --from=builder_go /web-app-template/web-app-template ./web-app-template
|
||||
COPY --from=builder_node /web-app-template/static ./static
|
||||
EXPOSE 8080
|
||||
ENTRYPOINT ["/me-fit/me-fit"]
|
||||
ENTRYPOINT ["/web-app-template/web-app-template"]
|
||||
|
||||
|
||||
92
Readme.md
92
Readme.md
@@ -1,44 +1,98 @@
|
||||
|
||||
# stackFAST
|
||||
# Web-App-Template
|
||||
|
||||
Your (almost) independent tech stack to host on a VPC.
|
||||
A basic template with authentication to easily host on a VPC.
|
||||
|
||||
## Features
|
||||
|
||||
stackFAST includes everything you need to build your App. Focus yourself on developing your idea, instead of "wasting" time on things like setting up auth and observability. This blueprint tries to include as much as possible, but still keep it simple.
|
||||
This template includes everything essential to build an app. It includes the following features:
|
||||
|
||||
The blueprint contains the following features:
|
||||
- Authentication: Users can login, logout, register and reset their password. For increased security TOTP is available aswell.
|
||||
- Observability: The stack contains an Grafana+Prometheus instance for basic monitoring. You are able to add alerts and get notified on your phone. For web analytics umami is included, which is an lighweight self hosted alternative to google analytics.
|
||||
- Authentication: Users can login, logout, register and reset their password. (for increased security TOTP is planned aswell.)
|
||||
- Observability: The stack contains an Grafana+Prometheus instance for basic monitoring. You are able to add alerts and get notified on your phone.
|
||||
- Mail: You are able to send mail with SMTP. You still need an external Mail Server, but a guide on how to set that up with a custom domain is included.
|
||||
- SSL: This is included by using traefik as reverse proxy. It handles SSL certificates automatically. Furthermore all services are accessible through subdomains. Best thing is, you can add your more with 3 lines of code
|
||||
- Actual Stack: SSG SvelteKit + Tailwindcss + DaisyUI + GO Backend for easy and fast feature development
|
||||
- SSL: This is included by using traefik as reverse proxy. It handles SSL certificates automatically. Furthermore all services are accessible through subdomains.
|
||||
- Stack: Tailwindcss + HTMX + GO Backend with templ and sqlite
|
||||
|
||||
|
||||
## Architecture Design Decisions
|
||||
|
||||
### Authentication
|
||||
|
||||
Authentication is a broad topic. Many people think you should not consider implementing authentication yourself. On the other hand, experts at OWASP don't recommend this in their cheat sheet on that topic. I'm going to explain my criterions and afterwards take a decision.
|
||||
Authentication is a broad topic. Many people think you should not consider implementing authentication yourself. On the other hand, If only security experts are allowed to write software, what does that result in? I'm going to explain my criterions and afterwards take a decision.
|
||||
|
||||
There are a few restrictions I would like to contain:
|
||||
- I want this blueprint do as much as as possible without relying on external services. This way the things needs to be done on other website are very minimal. Furthermore I would like to take back privacy from BigTech.
|
||||
- I think most cloud services are overpriced. I want to provide an alternative approach with self holsting. But I don't like the idea to spin up 30 services for a small app with 0 users. It should still be possible to run on a small VPC (2vcpu, 2GB).
|
||||
- I want this template do as much as as possible without relying on external services. This way the setup cost and dependencies can be minimized.
|
||||
- It should still be possible to run on a small VPC (2vcpu, 2GB).
|
||||
- It should be as secure as possible
|
||||
|
||||
As of 2024 there are 4 options:
|
||||
- Implement the authentication myself: If I'm holding thight to the cheat sheet, I "should" be able to doge "most" security risks and attacks according to this topic. Unfortanatly I'm not an expert in this field and will do some errors. If people will buy this blueprint, I probably can't sleep well. Especially if real users start using it. At least this has the advantage of not adding adittional services or configuration to the project.
|
||||
- Using OAuth2 with Google and Apple: Using OAuth2 is the standard for secure applications. Google and Apple has their experts. They deal with attacks every hour of the day. This has the advantage, that users don't have to create new credentials. The only disatvantage is my personal hate on big tech.
|
||||
- Using OAuth2 with Keycloak: Same as above, just that the OAuth2 endpoint is another self hosted service. The only advantage is, it's not proprietary and self hosted. But users are not used to get redirected to a key cloak on sign up. They are used to sign in with Google though. Furthermore Google et. al are protecting themselves against credential stuffing attacks etc.
|
||||
- Firebase, Clerk, etc.: Users have to sign up again AND blueprint users have to setup another project.
|
||||
I determined 4 options:
|
||||
1. Implement the authentication myself
|
||||
2. Using OAuth2 with Keycloak
|
||||
3. Using OAuth2 with Google and Apple
|
||||
4. Firebase, Clerk, etc.
|
||||
|
||||
Even though I would really implement authentication myself, I think OAuth2 with external providers is the best bet. Especially because my reasoning is privacy, which most people just don't care about enough. Using this approach, adding in a keycloak is possible without breaking changes at a later point, as long as I keep the Google Sign In.
|
||||
|
||||
#### 1. Implement the authentication myself
|
||||
|
||||
It's always possible to implement it myself. The topic of authentication is something special though.
|
||||
|
||||
Pros:
|
||||
- Great Cheat cheets from OWASP
|
||||
- No adittional configuration or services needed
|
||||
- Great learning experience on the topic "security"
|
||||
Cons:
|
||||
- Great attack vector
|
||||
- Introcution of vlunerabillities is possible
|
||||
- No DDOS protection
|
||||
|
||||
#### 2. Using OAuth2 with Google and Apple
|
||||
|
||||
Instead of implementing authentication from scratch, an external OAuth2 provider is embedded into the application.
|
||||
|
||||
Pros:
|
||||
- The Systems of BigTech are probably safer. They have security experts employed.
|
||||
- The other external system is responsible to prevent credential stuffing attacks, etc.
|
||||
- Users don't have to create new credentials
|
||||
Cons:
|
||||
- High dependency on those providers
|
||||
- Single Point of failure (If your account is banned, your application access get's lost as well.)
|
||||
- It's possible that these providers ban the whole application (All users lose access)
|
||||
- There still needs to be implemented some logic
|
||||
- Full application integration can be difficult
|
||||
|
||||
#### 3. Using OAuth2 with Keycloak
|
||||
|
||||
This option is almost identical with the previois one, but the provider is self hosted.
|
||||
|
||||
Pros:
|
||||
- Indipendent from 3rd party providers
|
||||
- The credentials are stored safly
|
||||
Cons:
|
||||
- Self hosted (no DDOS protection, etc.)
|
||||
- There still needs to be implemented some logic server side
|
||||
- Full application integration can be difficult
|
||||
|
||||
|
||||
#### 4. Firebase, Clerk, etc.
|
||||
|
||||
Users can sign in with a seperate sdk on your website
|
||||
|
||||
Pros:
|
||||
- Safe and Sound authentication
|
||||
Cons:
|
||||
- Dependent on those providers / adittional setup needed
|
||||
- Application can be banned
|
||||
- Still some integration code needed
|
||||
|
||||
#### Decision
|
||||
|
||||
I've decided on implementing authentication myself, as this is a great learning opportunity. It may not be as secure as other solutions, but if I keep tighly to the OWASP recommendations, it should should good enough.
|
||||
|
||||
|
||||
### Email
|
||||
|
||||
For Email verification, etc. a mail server is needed, that can send a whole lot of mails. Aditionally, a mail account is needed for incoming mails. I thought about self hosting, but unfortunatly this is a hastle to maintain. Not only you have to setup a mail server, which is not as easy as it sounds, you also have to "register" your mail server for diffrent providers. Otherwise you are not able to send and receive emails. Thus, the first external service is needed.
|
||||
For Email verification, etc. a mail server is needed, that can send a whole lot of mails. Aditionally, a mail account is needed for incoming emails. I thought about self hosting, but unfortunatly this is a hastle to maintain. Not only you have to setup a mail server, which is not as easy as it sounds, you also have to "register" your mail server for diffrent providers. Otherwise you are not able to send and receive emails.
|
||||
|
||||
In order to not vendor lock in, I decided to use an SMTP relay in favor of a vendor specific API. You are free to choose a transactional mail provider. I chose brevo.com. They have a generous free tier of 300 mails per day. You can either upgrade to a monthly plan 10$ for 20k mails or buy credits for 30$ for 5k mails. Most provider provide 100 mails / day for free.
|
||||
In order to not vendor lock in, I decided to use an SMTP relay in favor of a vendor specific API. I chose brevo.com. They have a generous free tier of 300 mails per day. You can either upgrade to a monthly plan 10$ for 20k mails or buy credits for 30$ for 5k mails.
|
||||
|
||||
|
||||
|
||||
@@ -1,8 +1,8 @@
|
||||
package db
|
||||
|
||||
import (
|
||||
"me-fit/log"
|
||||
"me-fit/types"
|
||||
"web-app-template/log"
|
||||
"web-app-template/types"
|
||||
|
||||
"database/sql"
|
||||
"errors"
|
||||
|
||||
@@ -2,7 +2,7 @@ package db
|
||||
|
||||
import (
|
||||
"database/sql"
|
||||
"me-fit/types"
|
||||
"web-app-template/types"
|
||||
"testing"
|
||||
"time"
|
||||
|
||||
|
||||
@@ -1,8 +1,8 @@
|
||||
package db
|
||||
|
||||
import (
|
||||
"me-fit/log"
|
||||
"me-fit/types"
|
||||
"web-app-template/log"
|
||||
"web-app-template/types"
|
||||
|
||||
"database/sql"
|
||||
"errors"
|
||||
|
||||
@@ -1,8 +1,8 @@
|
||||
package db
|
||||
|
||||
import (
|
||||
"me-fit/log"
|
||||
"me-fit/types"
|
||||
"web-app-template/log"
|
||||
"web-app-template/types"
|
||||
|
||||
"database/sql"
|
||||
"errors"
|
||||
|
||||
16
go.mod
16
go.mod
@@ -1,17 +1,19 @@
|
||||
module me-fit
|
||||
module web-app-template
|
||||
|
||||
go 1.22.5
|
||||
go 1.23
|
||||
|
||||
toolchain go1.23.5
|
||||
|
||||
require (
|
||||
github.com/a-h/templ v0.2.793
|
||||
github.com/golang-migrate/migrate/v4 v4.18.1
|
||||
github.com/a-h/templ v0.3.833
|
||||
github.com/golang-migrate/migrate/v4 v4.18.2
|
||||
github.com/google/uuid v1.6.0
|
||||
github.com/joho/godotenv v1.5.1
|
||||
github.com/mattn/go-sqlite3 v1.14.24
|
||||
github.com/prometheus/client_golang v1.20.5
|
||||
github.com/stretchr/testify v1.10.0
|
||||
golang.org/x/crypto v0.31.0
|
||||
golang.org/x/net v0.33.0
|
||||
golang.org/x/crypto v0.32.0
|
||||
golang.org/x/net v0.34.0
|
||||
)
|
||||
|
||||
require (
|
||||
@@ -28,7 +30,7 @@ require (
|
||||
github.com/prometheus/procfs v0.15.1 // indirect
|
||||
github.com/stretchr/objx v0.5.2 // indirect
|
||||
go.uber.org/atomic v1.11.0 // indirect
|
||||
golang.org/x/sys v0.28.0 // indirect
|
||||
golang.org/x/sys v0.29.0 // indirect
|
||||
google.golang.org/protobuf v1.34.2 // indirect
|
||||
gopkg.in/yaml.v3 v3.0.1 // indirect
|
||||
)
|
||||
|
||||
20
go.sum
20
go.sum
@@ -1,13 +1,13 @@
|
||||
github.com/a-h/templ v0.2.793 h1:Io+/ocnfGWYO4VHdR0zBbf39PQlnzVCVVD+wEEs6/qY=
|
||||
github.com/a-h/templ v0.2.793/go.mod h1:lq48JXoUvuQrU0VThrK31yFwdRjTCnIE5bcPCM9IP1w=
|
||||
github.com/a-h/templ v0.3.833 h1:L/KOk/0VvVTBegtE0fp2RJQiBm7/52Zxv5fqlEHiQUU=
|
||||
github.com/a-h/templ v0.3.833/go.mod h1:cAu4AiZhtJfBjMY0HASlyzvkrtjnHWPeEsyGK2YYmfk=
|
||||
github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM=
|
||||
github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw=
|
||||
github.com/cespare/xxhash/v2 v2.3.0 h1:UL815xU9SqsFlibzuggzjXhog7bL6oX9BbNZnL2UFvs=
|
||||
github.com/cespare/xxhash/v2 v2.3.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
|
||||
github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
|
||||
github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
|
||||
github.com/golang-migrate/migrate/v4 v4.18.1 h1:JML/k+t4tpHCpQTCAD62Nu43NUFzHY4CV3uAuvHGC+Y=
|
||||
github.com/golang-migrate/migrate/v4 v4.18.1/go.mod h1:HAX6m3sQgcdO81tdjn5exv20+3Kb13cmGli1hrD6hks=
|
||||
github.com/golang-migrate/migrate/v4 v4.18.2 h1:2VSCMz7x7mjyTXx3m2zPokOY82LTRgxK1yQYKo6wWQ8=
|
||||
github.com/golang-migrate/migrate/v4 v4.18.2/go.mod h1:2CM6tJvn2kqPXwnXO/d3rAQYiyoIm180VsO8PRX6Rpk=
|
||||
github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI=
|
||||
github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
|
||||
github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0=
|
||||
@@ -51,12 +51,12 @@ github.com/stretchr/testify v1.10.0 h1:Xv5erBjTwe/5IxqUQTdXv5kgmIvbHo3QQyRwhJsOf
|
||||
github.com/stretchr/testify v1.10.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY=
|
||||
go.uber.org/atomic v1.11.0 h1:ZvwS0R+56ePWxUNi+Atn9dWONBPp/AUETXlHW0DxSjE=
|
||||
go.uber.org/atomic v1.11.0/go.mod h1:LUxbIzbOniOlMKjJjyPfpl4v+PKK2cNJn91OQbhoJI0=
|
||||
golang.org/x/crypto v0.31.0 h1:ihbySMvVjLAeSH1IbfcRTkD/iNscyz8rGzjF/E5hV6U=
|
||||
golang.org/x/crypto v0.31.0/go.mod h1:kDsLvtWBEx7MV9tJOj9bnXsPbxwJQ6csT/x4KIN4Ssk=
|
||||
golang.org/x/net v0.33.0 h1:74SYHlV8BIgHIFC/LrYkOGIwL19eTYXQ5wc6TBuO36I=
|
||||
golang.org/x/net v0.33.0/go.mod h1:HXLR5J+9DxmrqMwG9qjGCxZ+zKXxBru04zlTvWlWuN4=
|
||||
golang.org/x/sys v0.28.0 h1:Fksou7UEQUWlKvIdsqzJmUmCX3cZuD2+P3XyyzwMhlA=
|
||||
golang.org/x/sys v0.28.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
|
||||
golang.org/x/crypto v0.32.0 h1:euUpcYgM8WcP71gNpTqQCn6rC2t6ULUPiOzfWaXVVfc=
|
||||
golang.org/x/crypto v0.32.0/go.mod h1:ZnnJkOaASj8g0AjIduWNlq2NRxL0PlBrbKVyZ6V/Ugc=
|
||||
golang.org/x/net v0.34.0 h1:Mb7Mrk043xzHgnRM88suvJFwzVrRfHEHJEl5/71CKw0=
|
||||
golang.org/x/net v0.34.0/go.mod h1:di0qlW3YNM5oh6GqDGQr92MyTozJPmybPK4Ev/Gm31k=
|
||||
golang.org/x/sys v0.29.0 h1:TPYlXGxvx1MGTn2GiZDhnjPA9wZzZeGKHHmKhHYvgaU=
|
||||
golang.org/x/sys v0.29.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
|
||||
google.golang.org/protobuf v1.34.2 h1:6xV6lTsCfpGD21XK49h7MhtcApnLqkfYgPcdHftf6hg=
|
||||
google.golang.org/protobuf v1.34.2/go.mod h1:qYOHts0dSfpeUzUFpOMr/WGzszTmLH+DiWniOlNbLDw=
|
||||
gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
|
||||
|
||||
@@ -1,12 +1,12 @@
|
||||
package handler
|
||||
|
||||
import (
|
||||
"me-fit/handler/middleware"
|
||||
"me-fit/log"
|
||||
"me-fit/service"
|
||||
"me-fit/template/auth"
|
||||
"me-fit/types"
|
||||
"me-fit/utils"
|
||||
"web-app-template/handler/middleware"
|
||||
"web-app-template/log"
|
||||
"web-app-template/service"
|
||||
"web-app-template/template/auth"
|
||||
"web-app-template/types"
|
||||
"web-app-template/utils"
|
||||
|
||||
"errors"
|
||||
"net/http"
|
||||
@@ -45,12 +45,12 @@ func (handler AuthImpl) Handle(router *http.ServeMux) {
|
||||
router.Handle("/auth/delete-account", handler.handleDeleteAccountPage())
|
||||
router.Handle("/api/auth/delete-account", handler.handleDeleteAccountComp())
|
||||
|
||||
router.Handle("/auth/change-password", handler.handleChangePasswordPage())
|
||||
router.Handle("/api/auth/change-password", handler.handleChangePasswordComp())
|
||||
router.Handle("GET /auth/change-password", handler.handleChangePasswordPage())
|
||||
router.Handle("POST /api/auth/change-password", handler.handleChangePasswordComp())
|
||||
|
||||
router.Handle("/auth/forgot-password", handler.handleForgotPasswordPage())
|
||||
router.Handle("/api/auth/forgot-password", handler.handleForgotPasswordComp())
|
||||
router.Handle("/api/auth/forgot-password-actual", handler.handleForgotPasswordResponseComp())
|
||||
router.Handle("GET /auth/forgot-password", handler.handleForgotPasswordPage())
|
||||
router.Handle("POST /api/auth/forgot-password", handler.handleForgotPasswordComp())
|
||||
router.Handle("POST /api/auth/forgot-password-actual", handler.handleForgotPasswordResponseComp())
|
||||
}
|
||||
|
||||
var (
|
||||
@@ -307,7 +307,7 @@ func (handler AuthImpl) handleChangePasswordComp() http.HandlerFunc {
|
||||
session := middleware.GetSession(r)
|
||||
user := middleware.GetUser(r)
|
||||
if session == nil || user == nil {
|
||||
utils.DoRedirect(w, r, "/auth/signin")
|
||||
utils.TriggerToast(w, r, "error", "Unathorized", http.StatusUnauthorized)
|
||||
return
|
||||
}
|
||||
|
||||
@@ -316,7 +316,7 @@ func (handler AuthImpl) handleChangePasswordComp() http.HandlerFunc {
|
||||
|
||||
err := handler.service.ChangePassword(user, session.Id, currPass, newPass)
|
||||
if err != nil {
|
||||
utils.TriggerToast(w, r, "error", "Password not correct", http.StatusUnauthorized)
|
||||
utils.TriggerToast(w, r, "error", "Password not correct", http.StatusBadRequest)
|
||||
return
|
||||
}
|
||||
|
||||
@@ -355,14 +355,13 @@ func (handler AuthImpl) handleForgotPasswordComp() http.HandlerFunc {
|
||||
if err != nil {
|
||||
utils.TriggerToast(w, r, "error", "Internal Server Error", http.StatusInternalServerError)
|
||||
} else {
|
||||
utils.TriggerToast(w, r, "info", "If the email exists, an email has been sent", http.StatusOK)
|
||||
utils.TriggerToast(w, r, "info", "If the address exists, an email has been sent.", http.StatusOK)
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
func (handler AuthImpl) handleForgotPasswordResponseComp() http.HandlerFunc {
|
||||
return func(w http.ResponseWriter, r *http.Request) {
|
||||
|
||||
pageUrl, err := url.Parse(r.Header.Get("HX-Current-URL"))
|
||||
if err != nil {
|
||||
log.Error("Could not get current URL: %v", err)
|
||||
@@ -375,7 +374,7 @@ func (handler AuthImpl) handleForgotPasswordResponseComp() http.HandlerFunc {
|
||||
|
||||
err = handler.service.ForgotPassword(token, newPass)
|
||||
if err != nil {
|
||||
utils.TriggerToast(w, r, "error", err.Error(), http.StatusInternalServerError)
|
||||
utils.TriggerToast(w, r, "error", err.Error(), http.StatusBadRequest)
|
||||
} else {
|
||||
utils.TriggerToast(w, r, "success", "Password changed", http.StatusOK)
|
||||
}
|
||||
|
||||
@@ -1,9 +1,9 @@
|
||||
package handler
|
||||
|
||||
import (
|
||||
"me-fit/handler/middleware"
|
||||
"me-fit/service"
|
||||
"me-fit/template"
|
||||
"web-app-template/handler/middleware"
|
||||
"web-app-template/service"
|
||||
"web-app-template/template"
|
||||
|
||||
"net/http"
|
||||
|
||||
@@ -36,13 +36,15 @@ func (handler IndexImpl) handleIndexAnd404() http.HandlerFunc {
|
||||
|
||||
var comp templ.Component
|
||||
|
||||
var status int
|
||||
if r.URL.Path != "/" {
|
||||
comp = template.NotFound()
|
||||
w.WriteHeader(http.StatusNotFound)
|
||||
status = http.StatusNotFound
|
||||
} else {
|
||||
comp = template.Index()
|
||||
status = http.StatusOK
|
||||
}
|
||||
|
||||
handler.render.RenderLayout(r, w, comp, user)
|
||||
handler.render.RenderLayoutWithStatus(r, w, comp, user, status)
|
||||
}
|
||||
}
|
||||
|
||||
@@ -4,8 +4,8 @@ import (
|
||||
"context"
|
||||
"net/http"
|
||||
|
||||
"me-fit/service"
|
||||
"me-fit/types"
|
||||
"web-app-template/service"
|
||||
"web-app-template/types"
|
||||
)
|
||||
|
||||
type ContextKey string
|
||||
|
||||
@@ -5,10 +5,10 @@ import (
|
||||
"net/http"
|
||||
"strings"
|
||||
|
||||
"me-fit/log"
|
||||
"me-fit/service"
|
||||
"me-fit/types"
|
||||
"me-fit/utils"
|
||||
"web-app-template/log"
|
||||
"web-app-template/service"
|
||||
"web-app-template/types"
|
||||
"web-app-template/utils"
|
||||
)
|
||||
|
||||
type csrfResponseWriter struct {
|
||||
|
||||
@@ -5,7 +5,7 @@ import (
|
||||
"strconv"
|
||||
"time"
|
||||
|
||||
"me-fit/log"
|
||||
"web-app-template/log"
|
||||
|
||||
"github.com/prometheus/client_golang/prometheus"
|
||||
"github.com/prometheus/client_golang/prometheus/promauto"
|
||||
|
||||
@@ -3,7 +3,7 @@ package middleware
|
||||
import (
|
||||
"net/http"
|
||||
|
||||
"me-fit/types"
|
||||
"web-app-template/types"
|
||||
)
|
||||
|
||||
func SecurityHeaders(serverSettings *types.Settings) func(http.Handler) http.Handler {
|
||||
@@ -15,14 +15,14 @@ func SecurityHeaders(serverSettings *types.Settings) func(http.Handler) http.Han
|
||||
w.Header().Set("Access-Control-Allow-Methods", "GET, POST, DELETE")
|
||||
w.Header().Set("Content-Security-Policy",
|
||||
"default-src 'none'; "+
|
||||
"script-src 'self' https://umami.me-fit.eu; "+
|
||||
"connect-src 'self' https://umami.me-fit.eu; "+
|
||||
"script-src 'self'; "+
|
||||
"connect-src 'self'; "+
|
||||
"img-src 'self'; "+
|
||||
"style-src 'self'; "+
|
||||
"form-action 'self'; "+
|
||||
"frame-ancestors 'none'; ",
|
||||
)
|
||||
w.Header().Set("Cross-Origin-Resource-Policy", "same-site") // same-site, as same origin prohibits umami
|
||||
w.Header().Set("Cross-Origin-Resource-Policy", "same-origin")
|
||||
w.Header().Set("Cross-Origin-Opener-Policy", "same-origin")
|
||||
w.Header().Set("Cross-Origin-Embedder-Policy", "require-corp")
|
||||
w.Header().Set("Permissions-Policy", "geolocation=(), camera=(), microphone=(), interest-cohort=()")
|
||||
|
||||
@@ -1,10 +1,10 @@
|
||||
package handler
|
||||
|
||||
import (
|
||||
"me-fit/log"
|
||||
"me-fit/template"
|
||||
"me-fit/template/auth"
|
||||
"me-fit/types"
|
||||
"web-app-template/log"
|
||||
"web-app-template/template"
|
||||
"web-app-template/template/auth"
|
||||
"web-app-template/types"
|
||||
|
||||
"net/http"
|
||||
|
||||
@@ -12,13 +12,10 @@ import (
|
||||
)
|
||||
|
||||
type Render struct {
|
||||
settings *types.Settings
|
||||
}
|
||||
|
||||
func NewRender(settings *types.Settings) *Render {
|
||||
return &Render{
|
||||
settings: settings,
|
||||
}
|
||||
func NewRender() *Render {
|
||||
return &Render{}
|
||||
}
|
||||
|
||||
func (render *Render) RenderWithStatus(r *http.Request, w http.ResponseWriter, comp templ.Component, status int) {
|
||||
@@ -41,7 +38,7 @@ func (render *Render) RenderLayout(r *http.Request, w http.ResponseWriter, slot
|
||||
|
||||
func (render *Render) RenderLayoutWithStatus(r *http.Request, w http.ResponseWriter, slot templ.Component, user *types.User, status int) {
|
||||
userComp := render.getUserComp(user)
|
||||
layout := template.Layout(slot, userComp, render.settings.Environment)
|
||||
layout := template.Layout(slot, userComp)
|
||||
|
||||
render.RenderWithStatus(r, w, layout, status)
|
||||
}
|
||||
|
||||
@@ -1,10 +1,10 @@
|
||||
package handler
|
||||
|
||||
import (
|
||||
"me-fit/handler/middleware"
|
||||
"me-fit/service"
|
||||
"me-fit/template/workout"
|
||||
"me-fit/utils"
|
||||
"web-app-template/handler/middleware"
|
||||
"web-app-template/service"
|
||||
"web-app-template/template/workout"
|
||||
"web-app-template/utils"
|
||||
|
||||
"net/http"
|
||||
"strconv"
|
||||
|
||||
18
input.css
Normal file
18
input.css
Normal file
@@ -0,0 +1,18 @@
|
||||
@import 'tailwindcss';
|
||||
|
||||
@source './static/**/*.js';
|
||||
@source './template/**/*.templ';
|
||||
|
||||
@theme {
|
||||
--animate-fade: fadeOut 0.25s ease-in;
|
||||
|
||||
@keyframes fadeOut {
|
||||
0% {
|
||||
opacity: 1;
|
||||
}
|
||||
100% {
|
||||
opacity: 0;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
14
main.go
14
main.go
@@ -1,12 +1,12 @@
|
||||
package main
|
||||
|
||||
import (
|
||||
"me-fit/db"
|
||||
"me-fit/handler"
|
||||
"me-fit/handler/middleware"
|
||||
"me-fit/log"
|
||||
"me-fit/service"
|
||||
"me-fit/types"
|
||||
"web-app-template/db"
|
||||
"web-app-template/handler"
|
||||
"web-app-template/handler/middleware"
|
||||
"web-app-template/log"
|
||||
"web-app-template/service"
|
||||
"web-app-template/types"
|
||||
|
||||
"context"
|
||||
"database/sql"
|
||||
@@ -113,7 +113,7 @@ func createHandler(d *sql.DB, serverSettings *types.Settings) http.Handler {
|
||||
authService := service.NewAuthImpl(authDb, randomService, clockService, mailService, serverSettings)
|
||||
workoutService := service.NewWorkoutImpl(workoutDb, randomService, clockService, mailService, serverSettings)
|
||||
|
||||
render := handler.NewRender(serverSettings)
|
||||
render := handler.NewRender()
|
||||
indexHandler := handler.NewIndex(authService, render)
|
||||
authHandler := handler.NewAuth(authService, render)
|
||||
workoutHandler := handler.NewWorkout(workoutService, authService, render)
|
||||
|
||||
489
main_test.go
489
main_test.go
@@ -11,8 +11,8 @@ import (
|
||||
"testing"
|
||||
"time"
|
||||
|
||||
"me-fit/service"
|
||||
"me-fit/types"
|
||||
"web-app-template/service"
|
||||
"web-app-template/types"
|
||||
|
||||
"github.com/google/uuid"
|
||||
"github.com/stretchr/testify/assert"
|
||||
@@ -82,15 +82,15 @@ func TestIntegrationSecurityHeader(t *testing.T) {
|
||||
|
||||
value = resp.Header.Get("Content-Security-Policy")
|
||||
assert.Equal(t, "default-src 'none'; "+
|
||||
"script-src 'self' https://umami.me-fit.eu; "+
|
||||
"connect-src 'self' https://umami.me-fit.eu; "+
|
||||
"script-src 'self'; "+
|
||||
"connect-src 'self'; "+
|
||||
"img-src 'self'; "+
|
||||
"style-src 'self'; "+
|
||||
"form-action 'self'; "+
|
||||
"frame-ancestors 'none';", value)
|
||||
|
||||
value = resp.Header.Get("Cross-Origin-Resource-Policy")
|
||||
assert.Equal(t, "same-site", value)
|
||||
assert.Equal(t, "same-origin", value)
|
||||
|
||||
value = resp.Header.Get("Cross-Origin-Opener-Policy")
|
||||
assert.Equal(t, "same-origin", value)
|
||||
@@ -333,7 +333,7 @@ func TestIntegrationAuth(t *testing.T) {
|
||||
resp, err = httpClient.Do(req)
|
||||
timeEnd := time.Now()
|
||||
assert.Nil(t, err)
|
||||
if timeEnd.Sub(timeStart) > 253*time.Millisecond || timeEnd.Sub(timeStart) <= 250*time.Millisecond {
|
||||
if timeEnd.Sub(timeStart) > 260*time.Millisecond || timeEnd.Sub(timeStart) <= 250*time.Millisecond {
|
||||
t.Fail()
|
||||
t.Logf("Time did not match: %v", timeEnd.Sub(timeStart))
|
||||
}
|
||||
@@ -367,7 +367,7 @@ func TestIntegrationAuth(t *testing.T) {
|
||||
resp, err = httpClient.Do(req)
|
||||
timeEnd = time.Now()
|
||||
assert.Nil(t, err)
|
||||
if timeEnd.Sub(timeStart) > 253*time.Millisecond || timeEnd.Sub(timeStart) <= 250*time.Millisecond {
|
||||
if timeEnd.Sub(timeStart) > 260*time.Millisecond || timeEnd.Sub(timeStart) <= 250*time.Millisecond {
|
||||
t.Fail()
|
||||
t.Logf("Time did not match: %v", timeEnd.Sub(timeStart))
|
||||
}
|
||||
@@ -401,7 +401,7 @@ func TestIntegrationAuth(t *testing.T) {
|
||||
resp, err = httpClient.Do(req)
|
||||
timeEnd = time.Now()
|
||||
assert.Nil(t, err)
|
||||
if timeEnd.Sub(timeStart) > 253*time.Millisecond || timeEnd.Sub(timeStart) <= 250*time.Millisecond {
|
||||
if timeEnd.Sub(timeStart) > 260*time.Millisecond || timeEnd.Sub(timeStart) <= 250*time.Millisecond {
|
||||
t.Fail()
|
||||
t.Logf("Time did not match: %v", timeEnd.Sub(timeStart))
|
||||
}
|
||||
@@ -571,7 +571,7 @@ func TestIntegrationAuth(t *testing.T) {
|
||||
timeEnd := time.Now()
|
||||
assert.Nil(t, err)
|
||||
timeTaken := timeEnd.Sub(timeStart)
|
||||
assert.LessOrEqual(t, timeTaken, 253*time.Millisecond)
|
||||
assert.LessOrEqual(t, timeTaken, 260*time.Millisecond)
|
||||
assert.GreaterOrEqual(t, timeTaken, 250*time.Millisecond)
|
||||
|
||||
assert.Equal(t, http.StatusOK, resp.StatusCode)
|
||||
@@ -608,7 +608,7 @@ func TestIntegrationAuth(t *testing.T) {
|
||||
timeEnd := time.Now()
|
||||
assert.Nil(t, err)
|
||||
timeTaken := timeEnd.Sub(timeStart)
|
||||
assert.LessOrEqual(t, timeTaken, 253*time.Millisecond)
|
||||
assert.LessOrEqual(t, timeTaken, 260*time.Millisecond)
|
||||
assert.GreaterOrEqual(t, timeTaken, 250*time.Millisecond)
|
||||
|
||||
assert.Equal(t, http.StatusOK, resp.StatusCode)
|
||||
@@ -933,7 +933,187 @@ func TestIntegrationAuth(t *testing.T) {
|
||||
assert.Equal(t, 0, rows)
|
||||
})
|
||||
})
|
||||
|
||||
t.Run("ChangePassword", func(t *testing.T) {
|
||||
t.Run(`should redirect to "/" if not signed in`, func(t *testing.T) {
|
||||
t.Parallel()
|
||||
|
||||
_, basePath, ctx := setupIntegrationTest(t)
|
||||
|
||||
req, err := http.NewRequestWithContext(ctx, "GET", basePath+"/auth/change-password", nil)
|
||||
assert.Nil(t, err)
|
||||
resp, err := httpClient.Do(req)
|
||||
assert.Nil(t, err)
|
||||
|
||||
assert.Equal(t, http.StatusSeeOther, resp.StatusCode)
|
||||
assert.Equal(t, "/auth/signin", resp.Header.Get("Location"))
|
||||
})
|
||||
t.Run(`should throw unautohorized if not signed in`, func(t *testing.T) {
|
||||
t.Parallel()
|
||||
|
||||
_, basePath, ctx := setupIntegrationTest(t)
|
||||
|
||||
req, err := http.NewRequestWithContext(ctx, "GET", basePath+"/auth/signin", nil)
|
||||
assert.Nil(t, err)
|
||||
resp, err := httpClient.Do(req)
|
||||
assert.Nil(t, err)
|
||||
html, err := html.Parse(resp.Body)
|
||||
assert.Nil(t, err)
|
||||
anonymousCsrfToken := findCsrfToken(html)
|
||||
assert.NotEqual(t, "", anonymousCsrfToken)
|
||||
anonymousSessionId := findCookie(resp, "id").Value
|
||||
assert.NotEqual(t, "", anonymousSessionId)
|
||||
|
||||
formData := url.Values{
|
||||
"current-password": {"password"},
|
||||
"new-password": {"MyNewSecurePassword1!"},
|
||||
"csrf-token": {anonymousCsrfToken},
|
||||
}
|
||||
req, err = http.NewRequestWithContext(ctx, "POST", basePath+"/api/auth/change-password", strings.NewReader(formData.Encode()))
|
||||
assert.Nil(t, err)
|
||||
req.Header.Set("Content-Type", "application/x-www-form-urlencoded")
|
||||
req.Header.Set("Cookie", "id="+anonymousSessionId)
|
||||
req.Header.Set("HX-Request", "true")
|
||||
resp, err = httpClient.Do(req)
|
||||
assert.Nil(t, err)
|
||||
|
||||
assert.Equal(t, http.StatusUnauthorized, resp.StatusCode)
|
||||
})
|
||||
t.Run(`should fail if csrf token is invalid`, func(t *testing.T) {
|
||||
t.Parallel()
|
||||
|
||||
db, basePath, ctx := setupIntegrationTest(t)
|
||||
userId := uuid.New()
|
||||
|
||||
pass := service.GetHashPassword("password", []byte("salt"))
|
||||
_, err := db.Exec(`
|
||||
INSERT INTO user (user_id, email, email_verified, is_admin, password, salt, created_at)
|
||||
VALUES (?, "mail@mail.de", FALSE, FALSE, ?, ?, datetime())`, userId, pass, []byte("salt"))
|
||||
|
||||
sessionId := "session-id"
|
||||
assert.Nil(t, err)
|
||||
_, err = db.Exec(`
|
||||
INSERT INTO session (session_id, user_id, created_at, expires_at)
|
||||
VALUES (?, ?, datetime(), datetime("now", "+1 day"))`, sessionId, userId)
|
||||
assert.Nil(t, err)
|
||||
|
||||
formData := url.Values{
|
||||
"current-password": {"password"},
|
||||
"new-password": {"MyNewSecurePassword1!"},
|
||||
"csrf-token": {"invalid-csrf-token"},
|
||||
}
|
||||
|
||||
req, err := http.NewRequestWithContext(ctx, "POST", basePath+"/api/auth/change-password", strings.NewReader(formData.Encode()))
|
||||
assert.Nil(t, err)
|
||||
req.Header.Set("Content-Type", "application/x-www-form-urlencoded")
|
||||
req.Header.Set("Cookie", "id="+sessionId)
|
||||
req.Header.Set("HX-Request", "true")
|
||||
resp, err := httpClient.Do(req)
|
||||
assert.Nil(t, err)
|
||||
|
||||
assert.Equal(t, http.StatusBadRequest, resp.StatusCode)
|
||||
|
||||
var rows int
|
||||
err = db.QueryRow("SELECT COUNT(*) FROM user WHERE user_id = ? AND password = ?", userId, pass).Scan(&rows)
|
||||
assert.Nil(t, err)
|
||||
assert.Equal(t, 1, rows)
|
||||
})
|
||||
t.Run("should fail if current password does not match", func(t *testing.T) {
|
||||
t.Parallel()
|
||||
|
||||
db, basePath, ctx := setupIntegrationTest(t)
|
||||
userId := uuid.New()
|
||||
pass := service.GetHashPassword("password", []byte("salt"))
|
||||
|
||||
_, err := db.Exec(`
|
||||
INSERT INTO user (user_id, email, email_verified, is_admin, password, salt, created_at)
|
||||
VALUES (?, "mail@mail.de", FALSE, FALSE, ?, ?, datetime())`, userId, pass, []byte("salt"))
|
||||
|
||||
sessionId := "session-id"
|
||||
assert.Nil(t, err)
|
||||
_, err = db.Exec(`
|
||||
INSERT INTO session (session_id, user_id, created_at, expires_at)
|
||||
VALUES (?, ?, datetime(), datetime("now", "+1 day"))`, sessionId, userId)
|
||||
assert.Nil(t, err)
|
||||
|
||||
req, err := http.NewRequestWithContext(ctx, "GET", basePath+"/auth/change-password", nil)
|
||||
assert.Nil(t, err)
|
||||
req.Header.Set("Cookie", "id="+sessionId)
|
||||
resp, err := httpClient.Do(req)
|
||||
assert.Nil(t, err)
|
||||
html, err := html.Parse(resp.Body)
|
||||
assert.Nil(t, err)
|
||||
csrfToken := findCsrfToken(html)
|
||||
assert.NotEqual(t, "", csrfToken)
|
||||
|
||||
formData := url.Values{
|
||||
"current-password": {"wrong-password"},
|
||||
"new-password": {"MyNewSecurePassword1!"},
|
||||
"csrf-token": {csrfToken},
|
||||
}
|
||||
req, err = http.NewRequestWithContext(ctx, "POST", basePath+"/api/auth/change-password", strings.NewReader(formData.Encode()))
|
||||
assert.Nil(t, err)
|
||||
req.Header.Set("Content-Type", "application/x-www-form-urlencoded")
|
||||
req.Header.Set("Cookie", "id="+sessionId)
|
||||
req.Header.Set("HX-Request", "true")
|
||||
resp, err = httpClient.Do(req)
|
||||
assert.Nil(t, err)
|
||||
|
||||
assert.Equal(t, http.StatusBadRequest, resp.StatusCode)
|
||||
|
||||
var rows int
|
||||
err = db.QueryRow("SELECT COUNT(*) FROM user WHERE user_id = ? AND password = ?", userId, pass).Scan(&rows)
|
||||
assert.Nil(t, err)
|
||||
assert.Equal(t, 1, rows)
|
||||
})
|
||||
t.Run("should fail if new password is insecure", func(t *testing.T) {
|
||||
t.Parallel()
|
||||
|
||||
db, basePath, ctx := setupIntegrationTest(t)
|
||||
userId := uuid.New()
|
||||
pass := service.GetHashPassword("password", []byte("salt"))
|
||||
|
||||
_, err := db.Exec(`
|
||||
INSERT INTO user (user_id, email, email_verified, is_admin, password, salt, created_at)
|
||||
VALUES (?, "mail@mail.de", FALSE, FALSE, ?, ?, datetime())`, userId, pass, []byte("salt"))
|
||||
|
||||
sessionId := "session-id"
|
||||
assert.Nil(t, err)
|
||||
_, err = db.Exec(`
|
||||
INSERT INTO session (session_id, user_id, created_at, expires_at)
|
||||
VALUES (?, ?, datetime(), datetime("now", "+1 day"))`, sessionId, userId)
|
||||
assert.Nil(t, err)
|
||||
|
||||
req, err := http.NewRequestWithContext(ctx, "GET", basePath+"/auth/change-password", nil)
|
||||
assert.Nil(t, err)
|
||||
req.Header.Set("Cookie", "id="+sessionId)
|
||||
resp, err := httpClient.Do(req)
|
||||
assert.Nil(t, err)
|
||||
html, err := html.Parse(resp.Body)
|
||||
assert.Nil(t, err)
|
||||
csrfToken := findCsrfToken(html)
|
||||
assert.NotEqual(t, "", csrfToken)
|
||||
|
||||
formData := url.Values{
|
||||
"current-password": {"password"},
|
||||
"new-password": {"insecure-password"},
|
||||
"csrf-token": {csrfToken},
|
||||
}
|
||||
req, err = http.NewRequestWithContext(ctx, "POST", basePath+"/api/auth/change-password", strings.NewReader(formData.Encode()))
|
||||
assert.Nil(t, err)
|
||||
req.Header.Set("Content-Type", "application/x-www-form-urlencoded")
|
||||
req.Header.Set("Cookie", "id="+sessionId)
|
||||
req.Header.Set("HX-Request", "true")
|
||||
resp, err = httpClient.Do(req)
|
||||
assert.Nil(t, err)
|
||||
|
||||
assert.Equal(t, http.StatusBadRequest, resp.StatusCode)
|
||||
|
||||
var rows int
|
||||
err = db.QueryRow("SELECT COUNT(*) FROM user WHERE user_id = ? AND password = ?", userId, pass).Scan(&rows)
|
||||
assert.Nil(t, err)
|
||||
assert.Equal(t, 1, rows)
|
||||
})
|
||||
t.Run("should change password and invalidate all other user sessions", func(t *testing.T) {
|
||||
t.Parallel()
|
||||
|
||||
@@ -989,6 +1169,12 @@ func TestIntegrationAuth(t *testing.T) {
|
||||
|
||||
assert.Equal(t, http.StatusOK, resp.StatusCode)
|
||||
|
||||
pass = service.GetHashPassword("MyNewSecurePassword1!", []byte("salt"))
|
||||
var rows int
|
||||
err = db.QueryRow("SELECT COUNT(*) FROM user WHERE user_id = ? AND password = ?", userId, pass).Scan(&rows)
|
||||
assert.Nil(t, err)
|
||||
assert.Equal(t, 1, rows)
|
||||
|
||||
var sessionIds []string
|
||||
sessions, err := db.Query(`SELECT session_id FROM session WHERE NOT user_id = ? ORDER BY session_id`, uuid.Nil)
|
||||
assert.Nil(t, err)
|
||||
@@ -1005,7 +1191,288 @@ func TestIntegrationAuth(t *testing.T) {
|
||||
})
|
||||
})
|
||||
|
||||
t.Run("ForgotPassword", func(t *testing.T) {
|
||||
t.Run("ForgotPasswordMail", func(t *testing.T) {
|
||||
t.Run(`should redirect to "/" if signed in`, func(t *testing.T) {
|
||||
t.Parallel()
|
||||
|
||||
d, basePath, ctx := setupIntegrationTest(t)
|
||||
userId := uuid.New()
|
||||
|
||||
pass := service.GetHashPassword("password", []byte("salt"))
|
||||
_, err := d.Exec(`
|
||||
INSERT INTO user (user_id, email, email_verified, is_admin, password, salt, created_at)
|
||||
VALUES (?, "mail@mail.de", FALSE, FALSE, ?, ?, datetime())`, userId, pass, []byte("salt"))
|
||||
assert.Nil(t, err)
|
||||
|
||||
sessionId := "session-id"
|
||||
_, err = d.Exec(`
|
||||
INSERT INTO session (session_id, user_id, created_at, expires_at)
|
||||
VALUES ("session-id", ?, datetime(), datetime("now", "+1 day"))`, userId)
|
||||
assert.Nil(t, err)
|
||||
|
||||
req, err := http.NewRequestWithContext(ctx, "GET", basePath+"/auth/forgot-password", nil)
|
||||
assert.Nil(t, err)
|
||||
req.Header.Set("Cookie", "id="+sessionId)
|
||||
resp, err := httpClient.Do(req)
|
||||
assert.Nil(t, err)
|
||||
|
||||
assert.Equal(t, http.StatusSeeOther, resp.StatusCode)
|
||||
assert.Equal(t, "/", resp.Header.Get("Location"))
|
||||
})
|
||||
t.Run(`should fail if csrf token is invalid`, func(t *testing.T) {
|
||||
t.Parallel()
|
||||
|
||||
d, basePath, ctx := setupIntegrationTest(t)
|
||||
userId := uuid.New()
|
||||
|
||||
pass := service.GetHashPassword("password", []byte("salt"))
|
||||
_, err := d.Exec(`
|
||||
INSERT INTO user (user_id, email, email_verified, is_admin, password, salt, created_at)
|
||||
VALUES (?, "mail@mail.de", FALSE, FALSE, ?, ?, datetime())`, userId, pass, []byte("salt"))
|
||||
assert.Nil(t, err)
|
||||
|
||||
req, err := http.NewRequestWithContext(ctx, "GET", basePath+"/auth/forgot-password", nil)
|
||||
assert.Nil(t, err)
|
||||
resp, err := httpClient.Do(req)
|
||||
assert.Nil(t, err)
|
||||
assert.Equal(t, http.StatusOK, resp.StatusCode)
|
||||
anonymousSessionId := findCookie(resp, "id").Value
|
||||
assert.NotEqual(t, "", anonymousSessionId)
|
||||
|
||||
formData := url.Values{
|
||||
"email": {"mail@mail.de"},
|
||||
"csrf-token": {"invalid-csrf-token"},
|
||||
}
|
||||
req, err = http.NewRequestWithContext(ctx, "POST", basePath+"/api/auth/forgot-password", strings.NewReader(formData.Encode()))
|
||||
assert.Nil(t, err)
|
||||
req.Header.Set("Content-Type", "application/x-www-form-urlencoded")
|
||||
req.Header.Set("HX-Request", "true")
|
||||
resp, err = httpClient.Do(req)
|
||||
assert.Nil(t, err)
|
||||
|
||||
assert.Equal(t, http.StatusBadRequest, resp.StatusCode)
|
||||
|
||||
var rows int
|
||||
err = d.QueryRow("SELECT COUNT(*) FROM token WHERE user_id = ? AND type = ?", userId, types.TokenTypePasswordReset).Scan(&rows)
|
||||
assert.Nil(t, err)
|
||||
assert.Equal(t, 0, rows)
|
||||
})
|
||||
t.Run(`should fail but respond with uniform message`, func(t *testing.T) {
|
||||
t.Parallel()
|
||||
|
||||
_, basePath, ctx := setupIntegrationTest(t)
|
||||
|
||||
req, err := http.NewRequestWithContext(ctx, "GET", basePath+"/auth/forgot-password", nil)
|
||||
assert.Nil(t, err)
|
||||
resp, err := httpClient.Do(req)
|
||||
assert.Nil(t, err)
|
||||
assert.Equal(t, http.StatusOK, resp.StatusCode)
|
||||
anonymousSessionId := findCookie(resp, "id").Value
|
||||
assert.NotEqual(t, "", anonymousSessionId)
|
||||
body, err := html.Parse(resp.Body)
|
||||
assert.Nil(t, err)
|
||||
anonymousCsrfToken := findCsrfToken(body)
|
||||
|
||||
formData := url.Values{
|
||||
"email": {"non-existent@mail.de"},
|
||||
"csrf-token": {anonymousCsrfToken},
|
||||
}
|
||||
req, err = http.NewRequestWithContext(ctx, "POST", basePath+"/api/auth/forgot-password", strings.NewReader(formData.Encode()))
|
||||
assert.Nil(t, err)
|
||||
req.Header.Set("Content-Type", "application/x-www-form-urlencoded")
|
||||
req.Header.Set("HX-Request", "true")
|
||||
req.Header.Set("Cookie", "id="+anonymousSessionId)
|
||||
resp, err = httpClient.Do(req)
|
||||
assert.Nil(t, err)
|
||||
|
||||
assert.Equal(t, http.StatusOK, resp.StatusCode)
|
||||
|
||||
msg := "If the address exists, an email has been sent."
|
||||
assert.Contains(t, resp.Header.Get("HX-Trigger"), msg)
|
||||
})
|
||||
t.Run(`should generate token and respond with uniform message`, func(t *testing.T) {
|
||||
t.Parallel()
|
||||
|
||||
db, basePath, ctx := setupIntegrationTest(t)
|
||||
|
||||
userId := uuid.New()
|
||||
pass := service.GetHashPassword("password", []byte("salt"))
|
||||
_, err := db.Exec(`
|
||||
INSERT INTO user (user_id, email, email_verified, is_admin, password, salt, created_at)
|
||||
VALUES (?, "mail@mail.de", TRUE, FALSE, ?, ?, datetime())`, userId, pass, []byte("salt"))
|
||||
assert.Nil(t, err)
|
||||
|
||||
req, err := http.NewRequestWithContext(ctx, "GET", basePath+"/auth/forgot-password", nil)
|
||||
assert.Nil(t, err)
|
||||
resp, err := httpClient.Do(req)
|
||||
assert.Nil(t, err)
|
||||
assert.Equal(t, http.StatusOK, resp.StatusCode)
|
||||
anonymousSessionId := findCookie(resp, "id").Value
|
||||
assert.NotEqual(t, "", anonymousSessionId)
|
||||
body, err := html.Parse(resp.Body)
|
||||
assert.Nil(t, err)
|
||||
anonymousCsrfToken := findCsrfToken(body)
|
||||
|
||||
formData := url.Values{
|
||||
"email": {"mail@mail.de"},
|
||||
"csrf-token": {anonymousCsrfToken},
|
||||
}
|
||||
req, err = http.NewRequestWithContext(ctx, "POST", basePath+"/api/auth/forgot-password", strings.NewReader(formData.Encode()))
|
||||
assert.Nil(t, err)
|
||||
req.Header.Set("Content-Type", "application/x-www-form-urlencoded")
|
||||
req.Header.Set("HX-Request", "true")
|
||||
req.Header.Set("Cookie", "id="+anonymousSessionId)
|
||||
resp, err = httpClient.Do(req)
|
||||
assert.Nil(t, err)
|
||||
|
||||
assert.Equal(t, http.StatusOK, resp.StatusCode)
|
||||
|
||||
msg := "If the address exists, an email has been sent."
|
||||
assert.Contains(t, resp.Header.Get("HX-Trigger"), msg)
|
||||
|
||||
var rows int
|
||||
err = db.QueryRow("SELECT COUNT(*) FROM token WHERE user_id = ? AND type = ?", userId, types.TokenTypePasswordReset).Scan(&rows)
|
||||
assert.Nil(t, err)
|
||||
assert.Equal(t, 1, rows)
|
||||
})
|
||||
})
|
||||
|
||||
t.Run("ForgotPasswordResponse", func(t *testing.T) {
|
||||
t.Run(`should fail if token does not exist`, func(t *testing.T) {
|
||||
t.Parallel()
|
||||
|
||||
d, basePath, ctx := setupIntegrationTest(t)
|
||||
userId := uuid.New()
|
||||
|
||||
pass := service.GetHashPassword("password", []byte("salt"))
|
||||
_, err := d.Exec(`
|
||||
INSERT INTO user (user_id, email, email_verified, is_admin, password, salt, created_at)
|
||||
VALUES (?, "mail@mail.de", FALSE, FALSE, ?, ?, datetime())`, userId, pass, []byte("salt"))
|
||||
assert.Nil(t, err)
|
||||
|
||||
req, err := http.NewRequestWithContext(ctx, "GET", basePath+"/auth/forgot-password", nil)
|
||||
assert.Nil(t, err)
|
||||
resp, err := httpClient.Do(req)
|
||||
assert.Nil(t, err)
|
||||
anonymousSessionId := findCookie(resp, "id").Value
|
||||
html, err := html.Parse(resp.Body)
|
||||
assert.Nil(t, err)
|
||||
anonymousCsrfToken := findCsrfToken(html)
|
||||
assert.NotEqual(t, "", anonymousCsrfToken)
|
||||
|
||||
formData := url.Values{
|
||||
"new-password": {"MyNewSecurePassword1!"},
|
||||
"csrf-token": {anonymousCsrfToken},
|
||||
}
|
||||
req, err = http.NewRequestWithContext(ctx, "POST", basePath+"/api/auth/forgot-password-actual", strings.NewReader(formData.Encode()))
|
||||
assert.Nil(t, err)
|
||||
req.Header.Set("Content-Type", "application/x-www-form-urlencoded")
|
||||
req.Header.Set("Cookie", "id="+anonymousSessionId)
|
||||
req.Header.Set("HX-Request", "true")
|
||||
req.Header.Set("HX-Current-URL", basePath+"/auth/change-password?token=invalidToken")
|
||||
resp, err = httpClient.Do(req)
|
||||
assert.Nil(t, err)
|
||||
assert.Equal(t, http.StatusBadRequest, resp.StatusCode)
|
||||
|
||||
var rows int
|
||||
err = d.QueryRow("SELECT COUNT(*) FROM user WHERE user_id = ? AND password = ?", userId, pass).Scan(&rows)
|
||||
assert.Nil(t, err)
|
||||
assert.Equal(t, 1, rows)
|
||||
})
|
||||
t.Run(`should fail if token is outdated`, func(t *testing.T) {
|
||||
t.Parallel()
|
||||
|
||||
d, basePath, ctx := setupIntegrationTest(t)
|
||||
userId := uuid.New()
|
||||
|
||||
pass := service.GetHashPassword("password", []byte("salt"))
|
||||
_, err := d.Exec(`
|
||||
INSERT INTO user (user_id, email, email_verified, is_admin, password, salt, created_at)
|
||||
VALUES (?, "mail@mail.de", FALSE, FALSE, ?, ?, datetime())`, userId, pass, []byte("salt"))
|
||||
assert.Nil(t, err)
|
||||
|
||||
req, err := http.NewRequestWithContext(ctx, "GET", basePath+"/auth/forgot-password", nil)
|
||||
assert.Nil(t, err)
|
||||
resp, err := httpClient.Do(req)
|
||||
assert.Nil(t, err)
|
||||
anonymousSessionId := findCookie(resp, "id").Value
|
||||
html, err := html.Parse(resp.Body)
|
||||
assert.Nil(t, err)
|
||||
anonymousCsrfToken := findCsrfToken(html)
|
||||
assert.NotEqual(t, "", anonymousCsrfToken)
|
||||
|
||||
token := "password-reset-token"
|
||||
_, err = d.Exec(`
|
||||
INSERT INTO token (token, user_id, session_id, type, created_at, expires_at)
|
||||
VALUES (?, ?, ?, ?, datetime("now", "-16 minute"), datetime("now", "-1 minute"))`, token, userId, "", types.TokenTypePasswordReset)
|
||||
assert.Nil(t, err)
|
||||
|
||||
formData := url.Values{
|
||||
"new-password": {"MyNewSecurePassword1!"},
|
||||
"csrf-token": {anonymousCsrfToken},
|
||||
}
|
||||
req, err = http.NewRequestWithContext(ctx, "POST", basePath+"/api/auth/forgot-password-actual", strings.NewReader(formData.Encode()))
|
||||
assert.Nil(t, err)
|
||||
req.Header.Set("Content-Type", "application/x-www-form-urlencoded")
|
||||
req.Header.Set("Cookie", "id="+anonymousSessionId)
|
||||
req.Header.Set("HX-Request", "true")
|
||||
req.Header.Set("HX-Current-URL", basePath+"/auth/change-password?token="+url.QueryEscape(token))
|
||||
resp, err = httpClient.Do(req)
|
||||
assert.Nil(t, err)
|
||||
assert.Equal(t, http.StatusBadRequest, resp.StatusCode)
|
||||
|
||||
var rows int
|
||||
err = d.QueryRow("SELECT COUNT(*) FROM user WHERE user_id = ? AND password = ?", userId, pass).Scan(&rows)
|
||||
assert.Nil(t, err)
|
||||
assert.Equal(t, 1, rows)
|
||||
})
|
||||
t.Run(`should fail if password is insecure`, func(t *testing.T) {
|
||||
t.Parallel()
|
||||
|
||||
d, basePath, ctx := setupIntegrationTest(t)
|
||||
userId := uuid.New()
|
||||
|
||||
pass := service.GetHashPassword("password", []byte("salt"))
|
||||
_, err := d.Exec(`
|
||||
INSERT INTO user (user_id, email, email_verified, is_admin, password, salt, created_at)
|
||||
VALUES (?, "mail@mail.de", FALSE, FALSE, ?, ?, datetime())`, userId, pass, []byte("salt"))
|
||||
assert.Nil(t, err)
|
||||
|
||||
req, err := http.NewRequestWithContext(ctx, "GET", basePath+"/auth/forgot-password", nil)
|
||||
assert.Nil(t, err)
|
||||
resp, err := httpClient.Do(req)
|
||||
assert.Nil(t, err)
|
||||
anonymousSessionId := findCookie(resp, "id").Value
|
||||
html, err := html.Parse(resp.Body)
|
||||
assert.Nil(t, err)
|
||||
anonymousCsrfToken := findCsrfToken(html)
|
||||
assert.NotEqual(t, "", anonymousCsrfToken)
|
||||
|
||||
token := "password-reset-token"
|
||||
_, err = d.Exec(`
|
||||
INSERT INTO token (token, user_id, session_id, type, created_at, expires_at)
|
||||
VALUES (?, ?, ?, ?, datetime("now"), datetime("now", "+15 minute"))`, token, userId, "", types.TokenTypePasswordReset)
|
||||
assert.Nil(t, err)
|
||||
|
||||
formData := url.Values{
|
||||
"new-password": {"insecure-password"},
|
||||
"csrf-token": {anonymousCsrfToken},
|
||||
}
|
||||
req, err = http.NewRequestWithContext(ctx, "POST", basePath+"/api/auth/forgot-password-actual", strings.NewReader(formData.Encode()))
|
||||
assert.Nil(t, err)
|
||||
req.Header.Set("Content-Type", "application/x-www-form-urlencoded")
|
||||
req.Header.Set("Cookie", "id="+anonymousSessionId)
|
||||
req.Header.Set("HX-Request", "true")
|
||||
req.Header.Set("HX-Current-URL", basePath+"/auth/change-password?token="+url.QueryEscape(token))
|
||||
resp, err = httpClient.Do(req)
|
||||
assert.Nil(t, err)
|
||||
assert.Equal(t, http.StatusBadRequest, resp.StatusCode)
|
||||
|
||||
var rows int
|
||||
err = d.QueryRow("SELECT COUNT(*) FROM user WHERE user_id = ? AND password = ?", userId, pass).Scan(&rows)
|
||||
assert.Nil(t, err)
|
||||
assert.Equal(t, 1, rows)
|
||||
})
|
||||
t.Run("should change password and invalidate ALL sessions", func(t *testing.T) {
|
||||
t.Parallel()
|
||||
|
||||
|
||||
2069
package-lock.json
generated
2069
package-lock.json
generated
File diff suppressed because it is too large
Load Diff
11
package.json
11
package.json
@@ -1,19 +1,18 @@
|
||||
{
|
||||
"name": "me-fit",
|
||||
"name": "web-app-template",
|
||||
"version": "1.0.0",
|
||||
"description": "Your (almost) independent tech stack to host on a VPC.",
|
||||
"main": "index.js",
|
||||
"scripts": {
|
||||
"build": "mkdir -p static/js && cp -f node_modules/htmx.org/dist/htmx.min.js static/js/htmx.min.js && tailwindcss build -o static/css/tailwind.css --minify",
|
||||
"watch": "mkdir -p static/js && cp -f node_modules/htmx.org/dist/htmx.min.js static/js/htmx.min.js && tailwindcss build -o static/css/tailwind.css --watch",
|
||||
"test": ""
|
||||
"build": "mkdir -p static/js && cp -f node_modules/htmx.org/dist/htmx.min.js static/js/htmx.min.js && tailwindcss -i input.css -o static/css/tailwind.css --minify",
|
||||
"watch": "mkdir -p static/js && cp -f node_modules/htmx.org/dist/htmx.min.js static/js/htmx.min.js && tailwindcss -i input.css -o static/css/tailwind.css --watch"
|
||||
},
|
||||
"keywords": [],
|
||||
"author": "",
|
||||
"license": "ISC",
|
||||
"devDependencies": {
|
||||
"htmx.org": "2.0.4",
|
||||
"tailwindcss": "3.4.17",
|
||||
"daisyui": "4.12.22"
|
||||
"tailwindcss": "4.0.3",
|
||||
"@tailwindcss/cli": "4.0.3"
|
||||
}
|
||||
}
|
||||
|
||||
@@ -8,10 +8,10 @@ import (
|
||||
"strings"
|
||||
"time"
|
||||
|
||||
"me-fit/db"
|
||||
"me-fit/log"
|
||||
mailTemplate "me-fit/template/mail"
|
||||
"me-fit/types"
|
||||
"web-app-template/db"
|
||||
"web-app-template/log"
|
||||
mailTemplate "web-app-template/template/mail"
|
||||
"web-app-template/types"
|
||||
|
||||
"github.com/google/uuid"
|
||||
"golang.org/x/crypto/argon2"
|
||||
@@ -249,7 +249,7 @@ func (service AuthImpl) SendVerificationMail(userId uuid.UUID, email string) {
|
||||
return
|
||||
}
|
||||
|
||||
service.mail.SendMail(email, "Welcome to ME-FIT", w.String())
|
||||
service.mail.SendMail(email, "Welcome to web-app-template", w.String())
|
||||
}
|
||||
|
||||
func (service AuthImpl) VerifyUserEmail(tokenStr string) error {
|
||||
|
||||
@@ -1,9 +1,9 @@
|
||||
package service
|
||||
|
||||
import (
|
||||
"me-fit/db"
|
||||
"me-fit/mocks"
|
||||
"me-fit/types"
|
||||
"web-app-template/db"
|
||||
"web-app-template/mocks"
|
||||
"web-app-template/types"
|
||||
|
||||
"strings"
|
||||
"testing"
|
||||
@@ -127,7 +127,7 @@ func TestSendVerificationMail(t *testing.T) {
|
||||
|
||||
mockAuthDb.EXPECT().GetTokensByUserIdAndType(userId, types.TokenTypeEmailVerify).Return(tokens, nil)
|
||||
|
||||
mockMail.EXPECT().SendMail(email, "Welcome to ME-FIT", mock.MatchedBy(func(message string) bool {
|
||||
mockMail.EXPECT().SendMail(email, "Welcome to web-app-template", mock.MatchedBy(func(message string) bool {
|
||||
return strings.Contains(message, token.Token)
|
||||
})).Return()
|
||||
|
||||
|
||||
@@ -1,8 +1,8 @@
|
||||
package service
|
||||
|
||||
import (
|
||||
"me-fit/log"
|
||||
"me-fit/types"
|
||||
"web-app-template/log"
|
||||
"web-app-template/types"
|
||||
|
||||
"fmt"
|
||||
"net/smtp"
|
||||
|
||||
@@ -1,8 +1,8 @@
|
||||
package service
|
||||
|
||||
import (
|
||||
"me-fit/log"
|
||||
"me-fit/types"
|
||||
"web-app-template/log"
|
||||
"web-app-template/types"
|
||||
|
||||
"crypto/rand"
|
||||
"encoding/base64"
|
||||
|
||||
@@ -1,8 +1,8 @@
|
||||
package service
|
||||
|
||||
import (
|
||||
"me-fit/db"
|
||||
"me-fit/types"
|
||||
"web-app-template/db"
|
||||
"web-app-template/types"
|
||||
|
||||
"errors"
|
||||
"strconv"
|
||||
|
||||
@@ -1,26 +0,0 @@
|
||||
/** @type {import('tailwindcss').Config} */
|
||||
module.exports = {
|
||||
content: ["./template/**/*.templ", "./static/**/*.js"],
|
||||
theme: {
|
||||
extend: {
|
||||
|
||||
animation: {
|
||||
fade: 'fadeOut 0.25s ease-in',
|
||||
},
|
||||
|
||||
keyframes: _ => ({
|
||||
fadeOut: {
|
||||
'0%': { opacity: '1' },
|
||||
'100%': { opacity: '0' },
|
||||
},
|
||||
}),
|
||||
},
|
||||
},
|
||||
plugins: [
|
||||
require('daisyui'),
|
||||
],
|
||||
daisyui: {
|
||||
themes: ["retro"],
|
||||
},
|
||||
}
|
||||
|
||||
@@ -12,7 +12,7 @@ templ DeleteAccountComp() {
|
||||
<p class="text-xl text-red-500 mb-4">
|
||||
Are you sure you want to delete your account? This action is irreversible.
|
||||
</p>
|
||||
<label class="input input-bordered flex items-center gap-2">
|
||||
<label class="flex items-center gap-2">
|
||||
<input
|
||||
type="password"
|
||||
class="grow"
|
||||
@@ -24,7 +24,7 @@ templ DeleteAccountComp() {
|
||||
autocapitalize="off"
|
||||
/>
|
||||
</label>
|
||||
<button class="btn btn-error self-end">
|
||||
<button class="self-end">
|
||||
Delete Account
|
||||
</button>
|
||||
</form>
|
||||
|
||||
@@ -3,7 +3,7 @@ package auth
|
||||
templ UserComp(user string) {
|
||||
<div id="user-info" class="flex gap-5 items-center">
|
||||
if user != "" {
|
||||
<div class="group inline-block relative">
|
||||
<div class="inline-block relative">
|
||||
<button class="font-semibold py-2 px-4 inline-flex items-center">
|
||||
<span class="mr-1">{ user }</span>
|
||||
<svg class="fill-current h-4 w-4" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 20 20">
|
||||
@@ -11,20 +11,20 @@ templ UserComp(user string) {
|
||||
</svg>
|
||||
</button>
|
||||
<div class="absolute hidden group-hover:block w-full">
|
||||
<ul class="menu bg-base-300 rounded-box w-fit float-right mr-4 p-3">
|
||||
<ul class="w-fit float-right mr-4 p-3">
|
||||
<li class="mb-1">
|
||||
<a hx-post="/api/auth/signout" hx-target="#user-info">Sign Out</a>
|
||||
</li>
|
||||
<li class="mb-1">
|
||||
<a href="/auth/change-password">Change Password</a>
|
||||
</li>
|
||||
<li><a href="/auth/delete-account" class="text-error">Delete Account</a></li>
|
||||
<li><a href="/auth/delete-account" class="">Delete Account</a></li>
|
||||
</ul>
|
||||
</div>
|
||||
</div>
|
||||
} else {
|
||||
<a href="/auth/signup" class="btn btn-sm">Sign Up</a>
|
||||
<a href="/auth/signin" class="btn btn-sm">Sign In</a>
|
||||
<a href="/auth/signup" class="">Sign Up</a>
|
||||
<a href="/auth/signin" class="">Sign In</a>
|
||||
}
|
||||
</div>
|
||||
}
|
||||
|
||||
@@ -12,7 +12,7 @@ templ VerifyComp() {
|
||||
<p class="text-lg text-center">
|
||||
Please check your inbox/spam and click on the link to verify your account.
|
||||
</p>
|
||||
<button class="btn mt-8" hx-get="/api/auth/verify-resend" hx-sync="this:drop" hx-swap="outerHTML">
|
||||
<button class="mt-8" hx-get="/api/auth/verify-resend" hx-sync="this:drop" hx-swap="outerHTML">
|
||||
resend verification email
|
||||
</button>
|
||||
</div>
|
||||
|
||||
@@ -10,7 +10,7 @@ templ VerifyResponseComp(isVerified bool) {
|
||||
<p class="text-lg text-center">
|
||||
You have completed the verification process. Thank you!
|
||||
</p>
|
||||
<a class="btn btn-primary mt-8" href="/">
|
||||
<a class="mt-8" href="/">
|
||||
Go Home
|
||||
</a>
|
||||
} else {
|
||||
@@ -20,7 +20,7 @@ templ VerifyResponseComp(isVerified bool) {
|
||||
<p class="text-lg text-center">
|
||||
Please try again by sign up process
|
||||
</p>
|
||||
<a class="btn btn-primary mt-8" href="/auth/signup">
|
||||
<a class="mt-8" href="/auth/signup">
|
||||
Sign Up
|
||||
</a>
|
||||
}
|
||||
|
||||
@@ -1,15 +1,15 @@
|
||||
package template
|
||||
|
||||
templ Index() {
|
||||
<div class="hero bg-base-200 h-full">
|
||||
<div class="hero-content text-center">
|
||||
<div class="h-full">
|
||||
<div class="text-center">
|
||||
<div class="max-w-md">
|
||||
<h1 class="text-5xl font-bold">Next Level Workout Tracker</h1>
|
||||
<p class="py-6">
|
||||
Ever wanted to track your workouts and see your progress over time? ME-FIT is the perfect
|
||||
Ever wanted to track your workouts and see your progress over time? web-app-template is the perfect
|
||||
solution for you.
|
||||
</p>
|
||||
<a href="/workout" class="btn btn-primary">Get Started</a>
|
||||
<a href="/workout" class="">Get Started</a>
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
|
||||
@@ -1,33 +1,31 @@
|
||||
package template
|
||||
|
||||
templ Layout(slot templ.Component, user templ.Component, environment string) {
|
||||
templ Layout(slot templ.Component, user templ.Component) {
|
||||
<!DOCTYPE html>
|
||||
<html lang="en">
|
||||
|
||||
<head>
|
||||
<meta charset="utf-8"/>
|
||||
<title>ME-FIT</title>
|
||||
<title>web-app-template</title>
|
||||
<link rel="icon" href="/static/favicon.svg"/>
|
||||
<link rel="stylesheet" href="/static/css/tailwind.css"/>
|
||||
<meta name="viewport" content="width=device-width, initial-scale=1"/>
|
||||
if environment == "prod" {
|
||||
<script defer src="https://umami.me-fit.eu/script.js" data-website-id="3c8efb09-44e4-4372-8a1e-c3bc675cd89a"></script>
|
||||
}
|
||||
<meta name="htmx-config" content='{
|
||||
<meta
|
||||
name="htmx-config"
|
||||
content='{
|
||||
"includeIndicatorStyles": false,
|
||||
"selfRequestsOnly": true,
|
||||
"allowScriptTags": false
|
||||
}' />
|
||||
}'
|
||||
/>
|
||||
<script src="/static/js/htmx.min.js"></script>
|
||||
<script src="/static/js/toast.js"></script>
|
||||
</head>
|
||||
|
||||
<body hx-headers='{"csrf-token": "CSRF_TOKEN"}'>
|
||||
<div class="h-screen flex flex-col">
|
||||
<div class="flex justify-end items-center gap-2 py-1 px-2 h-12 md:gap-10 md:px-10 md:py-2 shadow">
|
||||
<div class="flex justify-end items-center gap-2 py-1 px-2 h-12 md:gap-10 md:px-10 md:py-2 shadow-sm">
|
||||
<a href="/" class="flex-1 flex gap-2">
|
||||
<img src="/static/favicon.svg" alt="ME-FIT logo" />
|
||||
<span>ME-FIT</span>
|
||||
<img src="/static/favicon.svg" alt="web-app-template logo"/>
|
||||
<span>web-app-template</span>
|
||||
</a>
|
||||
@user
|
||||
</div>
|
||||
@@ -37,12 +35,11 @@ templ Layout(slot templ.Component, user templ.Component, environment string) {
|
||||
}
|
||||
</div>
|
||||
</div>
|
||||
<div class="toast" id="toasts">
|
||||
<div class="hidden alert" id="toast">
|
||||
<div class="" id="toasts">
|
||||
<div class="hidden" id="toast">
|
||||
New message arrived.
|
||||
</div>
|
||||
</div>
|
||||
</body>
|
||||
|
||||
</html>
|
||||
}
|
||||
|
||||
@@ -2,10 +2,10 @@ package template
|
||||
|
||||
templ NotFound() {
|
||||
<main class="flex h-full justify-center items-center">
|
||||
<div class="bg-error p-16 rounded-lg">
|
||||
<h1 class="text-4xl text-error-content mb-5">Not Found</h1>
|
||||
<p class="text-lg text-error-content mb-5">The page you are looking for does not exist.</p>
|
||||
<a href="/" class="btn btn-lg btn-primary">Go back to home</a>
|
||||
<div class="p-16 rounded-lg">
|
||||
<h1 class="text-4xl mb-5">Not Found</h1>
|
||||
<p class="text-lg mb-5">The page you are looking for does not exist.</p>
|
||||
<a href="/" class="">Go back to home</a>
|
||||
</div>
|
||||
</main>
|
||||
}
|
||||
|
||||
@@ -2,17 +2,21 @@ package workout
|
||||
|
||||
templ WorkoutComp(currentDate string) {
|
||||
<main class="mx-2">
|
||||
<form class="max-w-xl mx-auto flex flex-col gap-4 justify-center mt-10" hx-post="/api/workout"
|
||||
hx-target="#workout-placeholder" hx-swap="outerHTML">
|
||||
<form
|
||||
class="max-w-xl mx-auto flex flex-col gap-4 justify-center mt-10"
|
||||
hx-post="/api/workout"
|
||||
hx-target="#workout-placeholder"
|
||||
hx-swap="outerHTML"
|
||||
>
|
||||
<h2 class="text-4xl mb-8">Track your workout</h2>
|
||||
<input id="date" type="date" class="input input-bordered" value={ currentDate } name="date" />
|
||||
<select class="select select-bordered w-full" name="type">
|
||||
<input id="date" type="date" class="" value={ currentDate } name="date"/>
|
||||
<select class="w-full" name="type">
|
||||
<option>Push Ups</option>
|
||||
<option>Pull Ups</option>
|
||||
</select>
|
||||
<input type="number" class="input input-bordered" placeholder="Sets" name="sets" />
|
||||
<input type="number" class="input input-bordered" placeholder="Reps" name="reps" />
|
||||
<button class="btn btn-primary self-end">Save</button>
|
||||
<input type="number" class="" placeholder="Sets" name="sets"/>
|
||||
<input type="number" class="" placeholder="Reps" name="reps"/>
|
||||
<button class="self-end">Save</button>
|
||||
</form>
|
||||
<div hx-get="/api/workout" hx-trigger="load"></div>
|
||||
</main>
|
||||
@@ -27,7 +31,7 @@ Reps string
|
||||
}
|
||||
|
||||
templ WorkoutListComp(workouts []Workout) {
|
||||
<div class="overflow-x-auto mx-auto max-w-screen-lg">
|
||||
<div class="overflow-x-auto mx-auto max-w-lg">
|
||||
<h2 class="text-4xl mt-14 mb-8">Workout history</h2>
|
||||
<table class="table table-auto max-w-full">
|
||||
<thead>
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
package types
|
||||
|
||||
import (
|
||||
"me-fit/log"
|
||||
"web-app-template/log"
|
||||
)
|
||||
|
||||
type Settings struct {
|
||||
|
||||
@@ -5,7 +5,7 @@ import (
|
||||
"net/http"
|
||||
"time"
|
||||
|
||||
"me-fit/log"
|
||||
"web-app-template/log"
|
||||
)
|
||||
|
||||
func TriggerToast(w http.ResponseWriter, r *http.Request, class string, message string, statusCode int) {
|
||||
|
||||
Reference in New Issue
Block a user