1package app
  2
  3import (
  4	"net/http"
  5	"time"
  6)
  7
  8func getIndexHandler(w http.ResponseWriter, r *http.Request) {
  9	xt.ExecuteTemplate(w, "index.tmpl", nil)
 10}
 11
 12func getProfileHandler(w http.ResponseWriter, r *http.Request) {
 13	user, ok := getLoggedUser(r)
 14	if !ok {
 15		showError(w, "Could not find user in context.", http.StatusInternalServerError)
 16		return
 17	}
 18
 19	xt.ExecuteTemplate(w, "profile.tmpl", map[string]interface{}{"User": user})
 20}
 21
 22func getRegisterHandler(w http.ResponseWriter, r *http.Request) {
 23	xt.ExecuteTemplate(w, "auth-register.tmpl", nil)
 24}
 25
 26func getLoginHandler(w http.ResponseWriter, r *http.Request) {
 27	_, err := readSessionCookie(r)
 28	if err != nil {
 29		xt.ExecuteTemplate(w, "auth-login.tmpl", nil)
 30		return
 31	}
 32	http.Redirect(w, r, "/profile", http.StatusFound)
 33}
 34
 35func getResetPasswordHandler(w http.ResponseWriter, r *http.Request) {
 36	xt.ExecuteTemplate(w, "auth-reset_password.tmpl", nil)
 37}
 38
 39func postRegisterHandler(w http.ResponseWriter, r *http.Request) {
 40	if !registrationEnabled {
 41		showError(w, "Registration is currently disabled.", http.StatusForbidden)
 42		return
 43	}
 44
 45	username, err := sanitizeUsername(r.FormValue("username"))
 46	if err != nil {
 47		showError(w, "Invalid username.", http.StatusBadRequest)
 48		return
 49	}
 50
 51	email, err := sanitizeEmail(r.FormValue("email"))
 52	if err != nil {
 53		showError(w, "Invalid email.", http.StatusBadRequest)
 54		return
 55	}
 56
 57	_, err = getUserByName(username, 0)
 58	if err == nil {
 59		showError(w, "This username is already registered.", http.StatusConflict)
 60		return
 61	}
 62
 63	_, err = getUserByEmail(email, 0)
 64	if err == nil {
 65		showError(w, "This email is already registered.", http.StatusConflict)
 66		return
 67	}
 68
 69	hashedPassword, salt, err := g.HashPassword(r.FormValue("password"))
 70	if err != nil {
 71		showError(w, "Invalid password.", http.StatusBadRequest)
 72		return
 73	}
 74
 75	user := User{
 76		Username:     username,
 77		Email:        email,
 78		PasswordHash: hashedPassword,
 79		Salt:         salt,
 80	}
 81
 82	err = db.Create(&user).Error
 83	if err != nil {
 84		showError(w, "Could not create user.", http.StatusInternalServerError)
 85		return
 86	}
 87
 88	login(w, user.ID, false)
 89	http.Redirect(w, r, "/login", http.StatusFound)
 90}
 91
 92func postLoginHandler(w http.ResponseWriter, r *http.Request) {
 93	username := r.FormValue("username")
 94	password := r.FormValue("password")
 95	remember := r.FormValue("remember")
 96
 97	user, err := getUserByName(username, 0)
 98
 99	if err != nil || !g.CheckPassword(password, user.Salt, user.PasswordHash) {
100		showError(w, "Invalid credentials.", http.StatusUnauthorized)
101		return
102	}
103
104	login(w, user.ID, remember == "on")
105	http.Redirect(w, r, "/login", http.StatusFound)
106}
107
108func logoutHandler(w http.ResponseWriter, r *http.Request) {
109	http.SetCookie(w, g.GenerateEmptyCookie())
110	http.Redirect(w, r, "/login", http.StatusFound)
111}
112
113func postResetPasswordHandler(w http.ResponseWriter, r *http.Request) {
114	emailInput := r.FormValue("email")
115
116	var user User
117	err := db.Where("email = ?", emailInput).First(&user).Error
118	if err != nil {
119		http.Redirect(w, r, "/login", http.StatusFound)
120		return
121	}
122
123	resetToken, err := g.GenerateRandomToken(32)
124	if err != nil {
125		showError(w, "Could not generate reset token.", http.StatusInternalServerError)
126		return
127	}
128
129	ks.Set("reset:"+resetToken, user.ID, time.Hour)
130	sendResetEmail(user.Email, resetToken)
131
132	http.Redirect(w, r, "/login", http.StatusFound)
133
134}
135
136func getResetPasswordConfirmHandler(w http.ResponseWriter, r *http.Request) {
137	token := r.URL.Query().Get("token")
138	_, err := ks.Get("reset:" + token)
139	if err != nil {
140		showError(w, "Token is invalid or expired.", http.StatusUnauthorized)
141		return
142	}
143
144	xt.ExecuteTemplate(w, "auth-new_password.tmpl", nil)
145}
146
147func postResetPasswordConfirmHandler(w http.ResponseWriter, r *http.Request) {
148	token := r.URL.Query().Get("token")
149	userID, err := ks.Get("reset:" + token)
150	if err != nil {
151		showError(w, "Token is invalid or expired.", http.StatusUnauthorized)
152		return
153	}
154
155	var user User
156	err = db.First(&user, *userID).Error
157	if err != nil {
158		showError(w, "Could not get user.", http.StatusInternalServerError)
159	}
160
161	password := r.FormValue("password")
162
163	hashedPassword, salt, err := g.HashPassword(password)
164	if err != nil {
165		showError(w, "Invalid password.", http.StatusBadRequest)
166		return
167	}
168
169	user.PasswordHash = hashedPassword
170	user.Salt = salt
171	err = db.Save(&user).Error
172	if err != nil {
173		showError(w, "Could not save user.", http.StatusInternalServerError)
174	}
175	ks.Delete(token)
176
177	http.Redirect(w, r, "/login", http.StatusFound)
178}