src/app/handlers.go (view raw)
1package app
2
3import (
4 "net/http"
5 "time"
6)
7
8func examplePage(w http.ResponseWriter, r *http.Request) {
9 user, ok := getLoggedUser(r)
10 if !ok {
11 http.Error(w, "Could not find user in context.", http.StatusInternalServerError)
12 return
13 }
14
15 templates.ExecuteTemplate(w, "example.html", map[string]interface{}{"User": user})
16}
17
18func getRegisterHandler(w http.ResponseWriter, r *http.Request) {
19 templates.ExecuteTemplate(w, "register.html", nil)
20}
21
22func getLoginHandler(w http.ResponseWriter, r *http.Request) {
23 _, err := readSessionCookie(r)
24 if err != nil {
25 templates.ExecuteTemplate(w, "login.html", nil)
26 return
27 }
28 http.Redirect(w, r, "/", http.StatusFound)
29}
30
31func getResetPasswordHandler(w http.ResponseWriter, r *http.Request) {
32 templates.ExecuteTemplate(w, "reset_password.html", nil)
33}
34
35func postRegisterHandler(w http.ResponseWriter, r *http.Request) {
36 if !registrationEnabled {
37 http.Error(w, "Registration is currently disabled.", http.StatusForbidden)
38 return
39 }
40
41 username := r.FormValue("username")
42 email := r.FormValue("email")
43 password := r.FormValue("password")
44
45 hashedPassword, salt, err := g.HashPassword(password)
46 if err != nil {
47 http.Error(w, "Could not hash your password.", http.StatusInternalServerError)
48 return
49 }
50
51 user := User{
52 Username: username,
53 Email: email,
54 PasswordHash: hashedPassword,
55 Salt: salt,
56 }
57
58 db.Create(&user)
59 if user.ID == 0 {
60 http.Error(w, "Username or email already exists.", http.StatusConflict)
61 return
62 }
63
64 login(w, user.ID, false)
65 http.Redirect(w, r, "/login", http.StatusFound)
66 return
67}
68
69func postLoginHandler(w http.ResponseWriter, r *http.Request) {
70 username := r.FormValue("username")
71 password := r.FormValue("password")
72 remember := r.FormValue("remember")
73
74 var user User
75 db.Where("username = ?", username).First(&user)
76
77 if user.ID == 0 || !g.CheckPassword(password, user.Salt, user.PasswordHash) {
78 http.Error(w, "Invalid credentials", http.StatusUnauthorized)
79 return
80 }
81
82 login(w, user.ID, remember == "on")
83 http.Redirect(w, r, "/", http.StatusFound)
84 return
85}
86
87func logoutHandler(w http.ResponseWriter, r *http.Request) {
88 http.SetCookie(w, g.GenerateEmptyCookie())
89 http.Redirect(w, r, "/login", http.StatusFound)
90}
91
92func postResetPasswordHandler(w http.ResponseWriter, r *http.Request) {
93 emailInput := r.FormValue("email")
94
95 var user User
96 db.Where("email = ?", emailInput).First(&user)
97
98 if user.ID == 0 {
99 http.Redirect(w, r, "/login", http.StatusFound)
100 return
101 }
102
103 resetToken, err := g.GenerateRandomToken(32)
104 if err != nil {
105 http.Error(w, "Could not generate reset token.", http.StatusInternalServerError)
106 return
107 }
108
109 ks.Set(resetToken, user.ID, time.Hour)
110 sendResetEmail(user.Email, resetToken)
111
112 http.Redirect(w, r, "/login", http.StatusFound)
113 return
114
115}
116
117func getResetPasswordConfirmHandler(w http.ResponseWriter, r *http.Request) {
118 token := r.URL.Query().Get("token")
119 _, err := ks.Get(token)
120 if err != nil {
121 http.Error(w, "Token is invalid or expired.", http.StatusUnauthorized)
122 return
123 }
124
125 templates.ExecuteTemplate(w, "new_password.html", nil)
126}
127
128func postResetPasswordConfirmHandler(w http.ResponseWriter, r *http.Request) {
129 token := r.URL.Query().Get("token")
130 userID, err := ks.Get(token)
131 if err != nil {
132 http.Error(w, "Token is invalid or expired.", http.StatusUnauthorized)
133 return
134 }
135
136 var user User
137 db.First(&user, *userID)
138
139 password := r.FormValue("password")
140
141 hashedPassword, salt, err := g.HashPassword(password)
142 if err != nil {
143 http.Error(w, "Could not edit your password.", http.StatusInternalServerError)
144 return
145 }
146
147 user.PasswordHash = hashedPassword
148 user.Salt = salt
149 db.Save(&user)
150 ks.Delete(token)
151
152 http.Redirect(w, r, "/login", http.StatusFound)
153 return
154}