2021-05-09 10:42:12 +00:00
|
|
|
package web
|
2020-11-14 13:03:06 +00:00
|
|
|
|
|
|
|
import (
|
2021-05-09 09:36:39 +00:00
|
|
|
"github.com/bouncepaw/mycorrhiza/cfg"
|
2021-04-12 17:40:43 +00:00
|
|
|
"io"
|
2020-11-14 13:03:06 +00:00
|
|
|
"log"
|
|
|
|
"net/http"
|
|
|
|
|
|
|
|
"github.com/bouncepaw/mycorrhiza/user"
|
2021-02-17 18:41:35 +00:00
|
|
|
"github.com/bouncepaw/mycorrhiza/util"
|
2021-02-23 14:25:07 +00:00
|
|
|
"github.com/bouncepaw/mycorrhiza/views"
|
2020-11-14 13:03:06 +00:00
|
|
|
)
|
|
|
|
|
2021-05-09 11:09:27 +00:00
|
|
|
func initAuth() {
|
|
|
|
if !user.AuthUsed {
|
|
|
|
return
|
|
|
|
}
|
|
|
|
if cfg.UseRegistration {
|
|
|
|
http.HandleFunc("/register", handlerRegister)
|
|
|
|
}
|
2020-11-14 13:03:06 +00:00
|
|
|
http.HandleFunc("/login", handlerLogin)
|
|
|
|
http.HandleFunc("/login-data", handlerLoginData)
|
|
|
|
http.HandleFunc("/logout", handlerLogout)
|
|
|
|
http.HandleFunc("/logout-confirm", handlerLogoutConfirm)
|
|
|
|
}
|
|
|
|
|
2021-05-09 11:09:27 +00:00
|
|
|
// handlerRegister both displays the register form (GET) and registers users (POST).
|
2021-04-12 17:40:43 +00:00
|
|
|
func handlerRegister(w http.ResponseWriter, rq *http.Request) {
|
2021-05-09 10:42:12 +00:00
|
|
|
util.PrepareRq(rq)
|
2021-05-09 09:36:39 +00:00
|
|
|
if !cfg.UseRegistration {
|
2021-04-12 17:40:43 +00:00
|
|
|
w.WriteHeader(http.StatusForbidden)
|
|
|
|
}
|
|
|
|
if rq.Method == http.MethodGet {
|
|
|
|
io.WriteString(
|
|
|
|
w,
|
2021-05-09 10:42:12 +00:00
|
|
|
views.BaseHTML(
|
2021-04-12 17:40:43 +00:00
|
|
|
"Register",
|
|
|
|
views.RegisterHTML(rq),
|
|
|
|
user.FromRequest(rq),
|
|
|
|
),
|
|
|
|
)
|
|
|
|
} else if rq.Method == http.MethodPost {
|
2021-04-19 16:39:25 +00:00
|
|
|
var (
|
|
|
|
username = rq.PostFormValue("username")
|
|
|
|
password = rq.PostFormValue("password")
|
|
|
|
err = user.Register(username, password)
|
|
|
|
)
|
|
|
|
if err != nil {
|
|
|
|
io.WriteString(w, err.Error())
|
|
|
|
} else {
|
|
|
|
user.LoginDataHTTP(w, rq, username, password)
|
|
|
|
http.Redirect(w, rq, "/"+rq.URL.RawQuery, http.StatusSeeOther)
|
|
|
|
}
|
2021-04-12 17:40:43 +00:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2021-05-09 11:09:27 +00:00
|
|
|
// handlerLogout shows the logout form.
|
2020-11-14 13:03:06 +00:00
|
|
|
func handlerLogout(w http.ResponseWriter, rq *http.Request) {
|
|
|
|
var (
|
|
|
|
u = user.FromRequest(rq)
|
|
|
|
can = u != nil
|
|
|
|
)
|
|
|
|
w.Header().Set("Content-Type", "text/html;charset=utf-8")
|
|
|
|
if can {
|
|
|
|
log.Println("User", u.Name, "tries to log out")
|
|
|
|
w.WriteHeader(http.StatusOK)
|
|
|
|
} else {
|
|
|
|
log.Println("Unknown user tries to log out")
|
|
|
|
w.WriteHeader(http.StatusForbidden)
|
|
|
|
}
|
2021-05-09 10:42:12 +00:00
|
|
|
w.Write([]byte(views.BaseHTML("Logout?", views.LogoutHTML(can), u)))
|
2020-11-14 13:03:06 +00:00
|
|
|
}
|
|
|
|
|
2021-05-09 11:09:27 +00:00
|
|
|
// handlerLogoutConfirm logs the user out.
|
|
|
|
//
|
|
|
|
// TODO: merge into handlerLogout as POST method.
|
2020-11-14 13:03:06 +00:00
|
|
|
func handlerLogoutConfirm(w http.ResponseWriter, rq *http.Request) {
|
|
|
|
user.LogoutFromRequest(w, rq)
|
|
|
|
http.Redirect(w, rq, "/", http.StatusSeeOther)
|
|
|
|
}
|
|
|
|
|
2021-05-09 11:09:27 +00:00
|
|
|
// handlerLogin shows the login form.
|
|
|
|
func handlerLogin(w http.ResponseWriter, rq *http.Request) {
|
|
|
|
util.PrepareRq(rq)
|
|
|
|
w.Header().Set("Content-Type", "text/html;charset=utf-8")
|
|
|
|
if user.AuthUsed {
|
|
|
|
w.WriteHeader(http.StatusOK)
|
|
|
|
} else {
|
|
|
|
w.WriteHeader(http.StatusForbidden)
|
|
|
|
}
|
|
|
|
w.Write([]byte(views.BaseHTML("Login", views.LoginHTML(), user.EmptyUser())))
|
|
|
|
}
|
|
|
|
|
|
|
|
// handlerLoginData logs the user in.
|
|
|
|
//
|
|
|
|
// TODO: merge into handlerLogin as POST method.
|
2020-11-14 13:03:06 +00:00
|
|
|
func handlerLoginData(w http.ResponseWriter, rq *http.Request) {
|
2021-05-09 10:42:12 +00:00
|
|
|
util.PrepareRq(rq)
|
2020-11-14 13:03:06 +00:00
|
|
|
var (
|
2021-02-17 18:41:35 +00:00
|
|
|
username = util.CanonicalName(rq.PostFormValue("username"))
|
2020-11-14 13:03:06 +00:00
|
|
|
password = rq.PostFormValue("password")
|
|
|
|
err = user.LoginDataHTTP(w, rq, username, password)
|
|
|
|
)
|
|
|
|
if err != "" {
|
2021-05-09 10:42:12 +00:00
|
|
|
w.Write([]byte(views.BaseHTML(err, views.LoginErrorHTML(err), user.EmptyUser())))
|
2020-11-14 13:03:06 +00:00
|
|
|
} else {
|
|
|
|
http.Redirect(w, rq, "/", http.StatusSeeOther)
|
|
|
|
}
|
|
|
|
}
|