1package main
  2
  3import (
  4	"net/http"
  5	"time"
  6)
  7
  8func examplePage(w http.ResponseWriter, r *http.Request) {
  9	user, ok := getLoggedUser(r)
 10	if !ok {
 11		http.Error(w, "Could not find user in context.", http.StatusInternalServerError)
 12		return
 13	}
 14
 15	templates.ExecuteTemplate(w, "example.html", map[string]interface{}{"User": user})
 16}
 17
 18func getRegisterHandler(w http.ResponseWriter, r *http.Request) {
 19	templates.ExecuteTemplate(w, "register.html", nil)
 20}
 21
 22func getLoginHandler(w http.ResponseWriter, r *http.Request) {
 23	_, err := readSessionCookie(r)
 24	if err != nil {
 25		templates.ExecuteTemplate(w, "login.html", nil)
 26		return
 27	}
 28	http.Redirect(w, r, "/", http.StatusFound)
 29}
 30
 31func getResetPasswordHandler(w http.ResponseWriter, r *http.Request) {
 32	templates.ExecuteTemplate(w, "reset_password.html", nil)
 33}
 34
 35func postRegisterHandler(w http.ResponseWriter, r *http.Request) {
 36	username := r.FormValue("username")
 37	email := r.FormValue("email")
 38	password := r.FormValue("password")
 39
 40	hashedPassword, salt, err := g.HashPassword(password)
 41	if err != nil {
 42		http.Error(w, "Could not hash your password.", http.StatusInternalServerError)
 43		return
 44	}
 45
 46	user := User{
 47		Username:     username,
 48		Email:        email,
 49		PasswordHash: hashedPassword,
 50		Salt:         salt,
 51	}
 52
 53	db.Create(&user)
 54	if user.ID == 0 {
 55		http.Error(w, "Username or email already exists.", http.StatusConflict)
 56		return
 57	}
 58
 59	login(w, user.ID, false)
 60	http.Redirect(w, r, "/login", http.StatusFound)
 61	return
 62}
 63
 64func postLoginHandler(w http.ResponseWriter, r *http.Request) {
 65	username := r.FormValue("username")
 66	password := r.FormValue("password")
 67	remember := r.FormValue("remember")
 68
 69	var user User
 70	db.Where("username = ?", username).First(&user)
 71
 72	if user.ID == 0 || !g.CheckPassword(password, user.Salt, user.PasswordHash) {
 73		http.Error(w, "Invalid credentials", http.StatusUnauthorized)
 74		return
 75	}
 76
 77	login(w, user.ID, remember == "on")
 78	http.Redirect(w, r, "/", http.StatusFound)
 79	return
 80}
 81
 82func logoutHandler(w http.ResponseWriter, r *http.Request) {
 83	http.SetCookie(w, g.GenerateEmptyCookie())
 84	http.Redirect(w, r, "/login", http.StatusFound)
 85}
 86
 87func postResetPasswordHandler(w http.ResponseWriter, r *http.Request) {
 88	emailInput := r.FormValue("email")
 89
 90	var user User
 91	db.Where("email = ?", emailInput).First(&user)
 92
 93	if user.ID == 0 {
 94		http.Redirect(w, r, "/login", http.StatusFound)
 95		return
 96	}
 97
 98	resetToken, err := g.GenerateRandomToken(32)
 99	if err != nil {
100		http.Error(w, "Could not generate reset token.", http.StatusInternalServerError)
101		return
102	}
103
104	ks.Set(resetToken, user.ID, time.Hour)
105	sendResetEmail(user.Email, resetToken)
106
107	http.Redirect(w, r, "/login", http.StatusFound)
108	return
109
110}
111
112func getResetPasswordConfirmHandler(w http.ResponseWriter, r *http.Request) {
113	token := r.URL.Query().Get("token")
114	_, err := ks.Get(token)
115	if err != nil {
116		http.Error(w, "Token is invalid or expired.", http.StatusUnauthorized)
117		return
118	}
119
120	templates.ExecuteTemplate(w, "new_password.html", nil)
121}
122
123func postResetPasswordConfirmHandler(w http.ResponseWriter, r *http.Request) {
124	token := r.URL.Query().Get("token")
125	userID, err := ks.Get(token)
126	if err != nil {
127		http.Error(w, "Token is invalid or expired.", http.StatusUnauthorized)
128		return
129	}
130
131	var user User
132	db.First(&user, *userID)
133
134	password := r.FormValue("password")
135
136	hashedPassword, salt, err := g.HashPassword(password)
137	if err != nil {
138		http.Error(w, "Could not edit your password.", http.StatusInternalServerError)
139		return
140	}
141
142	user.PasswordHash = hashedPassword
143	user.Salt = salt
144	db.Save(&user)
145	ks.Delete(token)
146
147	http.Redirect(w, r, "/login", http.StatusFound)
148	return
149}