More login handling
alex wennerberg alex@alexwennerberg.com
Sat, 24 Oct 2020 14:24:00 -0700
4 files changed,
34 insertions(+),
16 deletions(-)
M
flounder.toml
→
flounder.toml
@@ -9,6 +9,6 @@ # everything in the static subfolder will be served at root
TemplatesDirectory="./templates" DBFile="./flounder.db" MaxFileSize=128000 # 128 KB -OkExtensions=[".gmi", ".txt", ".jpg", ".jpeg", ".gif", ".png", ".svg", ".webp", ".midi", ".json", ".csv", ".gemini", ".mp3", ".css", ".ttf", ".otf", ".woff", ".woff2"] +OkExtensions=["", ".gmi", ".txt", ".jpg", ".jpeg", ".gif", ".png", ".svg", ".webp", ".midi", ".json", ".csv", ".gemini", ".mp3", ".css", ".ttf", ".otf", ".woff", ".woff2"] # log file
M
http.go
→
http.go
@@ -43,6 +43,7 @@ fileName := path.Join(c.TemplatesDirectory, "static", filepath.Clean(r.URL.Path))
http.ServeFile(w, r, fileName) return } + _, authd := getAuthUser(r) indexFiles, err := getIndexFiles() if err != nil { log.Println(err)@@ -60,7 +61,8 @@ Domain string
PageTitle string Files []*File Users []string - }{c.RootDomain, c.SiteTitle, indexFiles, allUsers} + LoggedIn bool + }{c.RootDomain, c.SiteTitle, indexFiles, allUsers, authd} err = t.ExecuteTemplate(w, "index.html", data) if err != nil { log.Println(err)@@ -164,10 +166,15 @@ }
http.Redirect(w, r, "/my_site", 302) } +// bool whether auth'd, string is auth user +func getAuthUser(r *http.Request) (string, bool) { + session, _ := SessionStore.Get(r, "cookie-session") + user, ok := session.Values["auth_user"].(string) + return user, ok +} func deleteFileHandler(w http.ResponseWriter, r *http.Request) { - session, _ := SessionStore.Get(r, "cookie-session") - authUser, ok := session.Values["auth_user"].(string) - if !ok { + authUser, authd := getAuthUser(r) + if !authd { renderError(w, "Forbidden", 403) return }@@ -180,9 +187,8 @@ http.Redirect(w, r, "/my_site", 302)
} func mySiteHandler(w http.ResponseWriter, r *http.Request) { - session, _ := SessionStore.Get(r, "cookie-session") - authUser, ok := session.Values["auth_user"].(string) - if !ok { + authUser, authd := getAuthUser(r) + if !authd { renderError(w, "Forbidden", 403) return }@@ -193,7 +199,8 @@ Domain string
PageTitle string AuthUser string Files []*File - }{c.RootDomain, c.SiteTitle, authUser, files} + LoggedIn bool + }{c.RootDomain, c.SiteTitle, authUser, files, authd} _ = t.ExecuteTemplate(w, "my_site.html", data) }@@ -214,9 +221,17 @@ } else if r.Method == "POST" {
r.ParseForm() name := r.Form.Get("username") password := r.Form.Get("password") - row := DB.QueryRow("SELECT password_hash FROM user where username = $1", name) + row := DB.QueryRow("SELECT password_hash, approved FROM user where username = $1", name) var db_password []byte - _ = row.Scan(&db_password) + var active bool + _ = row.Scan(&db_password, &active) + if !active { + data := struct { + Error string + PageTitle string + }{"Your account is not active yet. Pending admin approval", c.SiteTitle} + t.ExecuteTemplate(w, "login.html", data) + } if bcrypt.CompareHashAndPassword(db_password, []byte(password)) == nil { log.Println("logged in") session, _ := SessionStore.Get(r, "cookie-session")
M
schema.sql
→
schema.sql
@@ -3,7 +3,7 @@ id INTEGER PRIMARY KEY NOT NULL,
username TEXT NOT NULL UNIQUE, email TEXT NOT NULL UNIQUE, password_hash TEXT NOT NULL, - approved boolean NOT NULL DEFAULT false, + active boolean NOT NULL DEFAULT false, created_at INTEGER DEFAULT (strftime('%s', 'now')) );