x/web-app-template
Archived
Template
2
0
Fork 0
Code Issues 13 Pull Requests 4 Actions Packages Activity
This repository has been archived on 2025-08-09. You can view files and clone it. You cannot open issues or pull requests or push a commit.
Files
7e3e9388e21dcc6ab67bc2f2ec5af21217566010
web-app-template/handler/auth.go
Tim Wundenberg 7e3e9388e2
All checks were successful
Build Docker Image / Explore-Gitea-Actions (push) Successful in 45s
Details
chore(auth): refactor the last auth handlers
2024-09-19 23:20:17 +02:00

370 lines
9.8 KiB
Go
Raw Blame History

package handler
import (
"context"
"me-fit/service"
"me-fit/template"
"me-fit/template/auth"
mail "me-fit/template/mail"
"me-fit/types"
"me-fit/utils"
"strings"
"database/sql"
"net/http"
"net/url"
)
func authUi(db *sql.DB) http.Handler {
router := http.NewServeMux()
router.Handle("/auth/signin", handleSignInPage(db))
router.Handle("/auth/signup", handleSignUpPage(db))
router.Handle("/auth/verify", handleSignUpVerifyPage(db)) // Hint for the user to verify their email
router.Handle("/auth/delete-account", handleDeleteAccountPage(db))
router.Handle("/auth/verify-email", handleSignUpVerifyResponsePage(db)) // The link contained in the email
router.Handle("/auth/change-password", handleChangePasswordPage(db))
router.Handle("/auth/reset-password", handleResetPasswordPage(db))
router.Handle("/", handleNotFound(db))
return router
}
func authApi(db *sql.DB) http.Handler {
router := http.NewServeMux()
router.Handle("/api/auth/signup", handleSignUp(db))
router.Handle("/api/auth/signin", handleSignIn(db))
router.Handle("/api/auth/signout", handleSignOut(db))
router.Handle("/api/auth/delete-account", handleDeleteAccount(db))
router.Handle("/api/auth/verify-resend", handleVerifyResend(db))
router.Handle("/api/auth/change-password", handleChangePassword(db))
router.Handle("/api/auth/reset-password", handleResetPassword(db))
router.Handle("/api/auth/reset-password-actual", handleActualResetPassword(db))
return router
}
func handleSignInPage(db *sql.DB) http.HandlerFunc {
return func(w http.ResponseWriter, r *http.Request) {
user := service.GetUserFromRequest(db, r)
if user == nil {
userComp := service.UserInfoComp(nil)
signIn := auth.SignInOrUpComp(true)
err := template.Layout(signIn, userComp).Render(r.Context(), w)
if err != nil {
utils.LogError("Failed to render sign in page", err)
http.Error(w, "Internal Server Error", http.StatusInternalServerError)
}
} else if !user.EmailVerified {
utils.DoRedirect(w, r, "/auth/verify")
} else {
utils.DoRedirect(w, r, "/")
}
}
}
func handleSignUpPage(db *sql.DB) http.HandlerFunc {
return func(w http.ResponseWriter, r *http.Request) {
user := service.GetUserFromRequest(db, r)
if user == nil {
userComp := service.UserInfoComp(nil)
signUpComp := auth.SignInOrUpComp(false)
err := template.Layout(signUpComp, userComp).Render(r.Context(), w)
if err != nil {
utils.LogError("Failed to render sign up page", err)
http.Error(w, "Internal Server Error", http.StatusInternalServerError)
}
} else if !user.EmailVerified {
utils.DoRedirect(w, r, "/auth/verify")
} else {
utils.DoRedirect(w, r, "/")
}
}
}
func handleSignUpVerifyPage(db *sql.DB) http.HandlerFunc {
return func(w http.ResponseWriter, r *http.Request) {
user := service.GetUserFromRequest(db, r)
if user == nil {
utils.DoRedirect(w, r, "/auth/signin")
} else if user.EmailVerified {
utils.DoRedirect(w, r, "/")
} else {
userComp := service.UserInfoComp(user)
signIn := auth.VerifyComp()
err := template.Layout(signIn, userComp).Render(r.Context(), w)
if err != nil {
utils.LogError("Failed to render verify page", err)
http.Error(w, "Internal Server Error", http.StatusInternalServerError)
}
}
}
}
func handleDeleteAccountPage(db *sql.DB) http.HandlerFunc {
return func(w http.ResponseWriter, r *http.Request) {
// An unverified email should be able to delete their account
user := service.GetUserFromRequest(db, r)
if user == nil {
utils.DoRedirect(w, r, "/auth/signin")
} else {
userComp := service.UserInfoComp(user)
comp := auth.DeleteAccountComp()
err := template.Layout(comp, userComp).Render(r.Context(), w)
if err != nil {
utils.LogError("Failed to render delete account page", err)
http.Error(w, "Internal Server Error", http.StatusInternalServerError)
}
}
}
}
func handleSignUpVerifyResponsePage(db *sql.DB) http.HandlerFunc {
return func(w http.ResponseWriter, r *http.Request) {
token := r.URL.Query().Get("token")
if token == "" {
utils.DoRedirect(w, r, "/auth/verify")
return
}
err := service.ValidateEmail(db, token)
if err != nil {
utils.LogError("Could not validate email", err)
http.Error(w, "Internal Server Error", http.StatusInternalServerError)
return
}
utils.DoRedirect(w, r, "/")
}
}
func handleChangePasswordPage(db *sql.DB) http.HandlerFunc {
return func(w http.ResponseWriter, r *http.Request) {
isPasswordReset := r.URL.Query().Has("token")
user := service.GetUserFromRequest(db, r)
if user == nil && !isPasswordReset {
utils.DoRedirect(w, r, "/auth/signin")
} else {
userComp := service.UserInfoComp(user)
comp := auth.ChangePasswordComp(isPasswordReset)
err := template.Layout(comp, userComp).Render(r.Context(), w)
if err != nil {
utils.LogError("Failed to render change password page", err)
http.Error(w, "Internal Server Error", http.StatusInternalServerError)
}
}
}
}
func handleResetPasswordPage(db *sql.DB) http.HandlerFunc {
return func(w http.ResponseWriter, r *http.Request) {
user := service.GetUserFromRequest(db, r)
if user != nil {
utils.DoRedirect(w, r, "/auth/signin")
} else {
userComp := service.UserInfoComp(nil)
comp := auth.ResetPasswordComp()
err := template.Layout(comp, userComp).Render(r.Context(), w)
if err != nil {
utils.LogError("Failed to render change password page", err)
http.Error(w, "Internal Server Error", http.StatusInternalServerError)
}
}
}
}
func handleSignUp(db *sql.DB) http.HandlerFunc {
return func(w http.ResponseWriter, r *http.Request) {
var email = r.FormValue("email")
var password = r.FormValue("password")
sessionId, err := service.SignUp(db, email, password)
if err != nil {
http.Error(w, err.Error(), http.StatusBadRequest)
return
}
http.SetCookie(w, createSessionCookie(*sessionId))
utils.DoRedirect(w, r, "/auth/verify")
}
}
func createSessionCookie(sessionId types.SessionId) *http.Cookie {
cookie := http.Cookie{
Name: "id",
Value: string(sessionId),
MaxAge: 60 * 60 * 8, // 8 hours
Secure: true,
HttpOnly: true,
SameSite: http.SameSiteStrictMode,
Path: "/",
}
return &cookie
}
func handleSignIn(db *sql.DB) http.HandlerFunc {
return func(w http.ResponseWriter, r *http.Request) {
var email = r.FormValue("email")
var password = r.FormValue("password")
sessionId, err := service.SignIn(db, email, password)
if err != nil {
utils.TriggerToast(w, r, "error", "Invalid username or password")
}
http.SetCookie(w, createSessionCookie(*sessionId))
utils.DoRedirect(w, r, "/auth/verify")
}
}
func handleSignOut(db *sql.DB) http.HandlerFunc {
return func(w http.ResponseWriter, r *http.Request) {
user := service.GetUserFromRequest(db, r)
err := service.SignOut(db, user)
if err != nil {
http.Error(w, err.Error(), http.StatusInternalServerError)
utils.TriggerToast(w, r, "error", "Internal Server Error")
return
}
c := http.Cookie{
Name: "id",
Value: "",
MaxAge: -1,
Secure: true,
HttpOnly: true,
SameSite: http.SameSiteStrictMode,
Path: "/",
}
http.SetCookie(w, &c)
utils.DoRedirect(w, r, "/")
}
}
func handleDeleteAccount(db *sql.DB) http.HandlerFunc {
return func(w http.ResponseWriter, r *http.Request) {
user := service.GetUserFromRequest(db, r)
if user == nil {
utils.DoRedirect(w, r, "/auth/signin")
return
}
password := r.FormValue("password")
err := service.DeleteAccount(db, user, password)
if err != nil {
utils.LogError("Could not delete account", err)
utils.TriggerToast(w, r, "error", err.Error())
}
utils.DoRedirect(w, r, "/")
}
}
func handleVerifyResend(db *sql.DB) http.HandlerFunc {
return func(w http.ResponseWriter, r *http.Request) {
user := service.GetUserFromRequest(db, r)
if user == nil || user.EmailVerified {
utils.DoRedirect(w, r, "/auth/signin")
return
}
go service.SendVerificationEmail(db, user.Id.String(), user.Email)
w.Write([]byte("<p class=\"mt-8\">Verification email sent</p>"))
}
}
func handleChangePassword(db *sql.DB) http.HandlerFunc {
return func(w http.ResponseWriter, r *http.Request) {
user := service.GetUserFromRequest(db, r)
if user == nil {
utils.DoRedirect(w, r, "/auth/signin")
return
}
currPass := r.FormValue("current-password")
newPass := r.FormValue("new-password")
err := service.ChangePassword(db, user, currPass, newPass)
if err != nil {
utils.TriggerToast(w, r, "error", err.Error())
return
}
utils.TriggerToast(w, r, "success", "Password changed")
}
}
func handleResetPassword(db *sql.DB) http.HandlerFunc {
return func(w http.ResponseWriter, r *http.Request) {
email := r.FormValue("email")
token, err := service.ResetPassword(db, email)
if err != nil {
utils.TriggerToast(w, r, "error", err.Error())
return
}
if token != "" {
var string strings.Builder
err = mail.ResetPassword(token).Render(context.Background(), &string)
if err != nil {
utils.LogError("Could not render reset password email", err)
utils.TriggerToast(w, r, "error", "Internal Server Error")
return
}
utils.SendMail(email, "Reset Password", string.String())
}
utils.TriggerToast(w, r, "info", "If the email exists, an email has been sent")
}
}
func handleActualResetPassword(db *sql.DB) http.HandlerFunc {
return func(w http.ResponseWriter, r *http.Request) {
pageUrl, err := url.Parse(r.Header.Get("HX-Current-URL"))
if err != nil {
utils.LogError("Could not get current URL", err)
utils.TriggerToast(w, r, "error", "Internal Server Error")
return
}
token := pageUrl.Query().Get("token")
if token == "" {
utils.TriggerToast(w, r, "error", "No token")
return
}
newPass := r.FormValue("new-password")
service.ActualResetPassword(db, token, newPass)
if err != nil {
utils.TriggerToast(w, r, "error", err.Error())
return
}
utils.TriggerToast(w, r, "success", "Password changed")
}
}
Reference in New Issue View Git Blame Copy Permalink