mycorrhiza/auth/web.go

package auth

import (
	"errors"
	"fmt"
	"io"
	"log"
	"mime"
	"net/http"
	"strings"

	"github.com/bouncepaw/mycorrhiza/viewutil"

	"github.com/gorilla/mux"

	"github.com/bouncepaw/mycorrhiza/cfg"
	"github.com/bouncepaw/mycorrhiza/l18n"
	"github.com/bouncepaw/mycorrhiza/user"
	"github.com/bouncepaw/mycorrhiza/util"
)

func InitAuth(r *mux.Router) {
	r.HandleFunc("/user-list", handlerUserList)
	r.HandleFunc("/lock", handlerLock)
	// The check below saves a lot of extra checks and lines of codes in other places in this file.
	if !cfg.UseAuth {
		return
	}
	if cfg.AllowRegistration {
		r.HandleFunc("/register", handlerRegister).Methods(http.MethodPost, http.MethodGet)
	}
	if cfg.TelegramEnabled {
		r.HandleFunc("/telegram-login", handlerTelegramLogin)
	}
	r.HandleFunc("/login", handlerLogin)
	r.HandleFunc("/logout", handlerLogout)
}

func handlerUserList(w http.ResponseWriter, rq *http.Request) {
	lc := l18n.FromRequest(rq)
	w.Header().Set("Content-Type", mime.TypeByExtension(".html"))
	w.WriteHeader(http.StatusOK)
	w.Write([]byte(viewutil.Base(viewutil.MetaFrom(w, rq), lc.Get("ui.users_title"), UserList(lc), map[string]string{})))
}

func handlerLock(w http.ResponseWriter, rq *http.Request) {
	_, _ = io.WriteString(w, Lock(l18n.FromRequest(rq)))
}

// handlerRegister displays the register form (GET) or registers the user (POST).
func handlerRegister(w http.ResponseWriter, rq *http.Request) {
	lc := l18n.FromRequest(rq)
	util.PrepareRq(rq)
	if rq.Method == http.MethodGet {
		_, _ = io.WriteString(
			w,
			viewutil.Base(
				viewutil.MetaFrom(w, rq),
				lc.Get("auth.register_title"),
				Register(rq),
				map[string]string{},
			),
		)
		return
	}

	var (
		username = rq.PostFormValue("username")
		password = rq.PostFormValue("password")
		err      = user.Register(username, password, "editor", "local", false)
	)
	if err != nil {
		log.Printf("Failed to register ‘%s’: %s", username, err.Error())
		w.Header().Set("Content-Type", mime.TypeByExtension(".html"))
		w.WriteHeader(http.StatusBadRequest)
		_, _ = io.WriteString(
			w,
			viewutil.Base(
				viewutil.MetaFrom(w, rq),
				lc.Get("auth.register_title"),
				fmt.Sprintf(
					`<main class="main-width"><p>%s</p><p><a href="/register">%s<a></p></main>`,
					err.Error(),
					lc.Get("auth.try_again"),
				),
				map[string]string{},
			),
		)
		return
	}

	log.Printf("Successfully registered ‘%s’", username)
	if err := user.LoginDataHTTP(w, username, password); err != nil {
		return
	}
	http.Redirect(w, rq, "/"+rq.URL.RawQuery, http.StatusSeeOther)
}

// handlerLogout shows the logout form (GET) or logs the user out (POST).
func handlerLogout(w http.ResponseWriter, rq *http.Request) {
	if rq.Method == http.MethodGet {
		var (
			u   = user.FromRequest(rq)
			can = u != nil
			lc  = l18n.FromRequest(rq)
		)
		w.Header().Set("Content-Type", "text/html;charset=utf-8")
		if can {
			log.Println("User", u.Name, "tries to log out")
			w.WriteHeader(http.StatusOK)
		} else {
			log.Println("Unknown user tries to log out")
			w.WriteHeader(http.StatusForbidden)
		}
		_, _ = io.WriteString(
			w,
			viewutil.Base(viewutil.MetaFrom(w, rq), lc.Get("auth.logout_title"), Logout(can, lc), map[string]string{}),
		)
	} else if rq.Method == http.MethodPost {
		user.LogoutFromRequest(w, rq)
		http.Redirect(w, rq, "/", http.StatusSeeOther)
	}
}

// handlerLogin shows the login form (GET) or logs the user in (POST).
func handlerLogin(w http.ResponseWriter, rq *http.Request) {
	lc := l18n.FromRequest(rq)
	if rq.Method == http.MethodGet {
		w.Header().Set("Content-Type", "text/html;charset=utf-8")
		w.WriteHeader(http.StatusOK)
		_, _ = io.WriteString(
			w,
			viewutil.Base(
				viewutil.MetaFrom(w, rq),
				lc.Get("auth.login_title"),
				Login(lc),
				map[string]string{},
			),
		)
	} else if rq.Method == http.MethodPost {
		var (
			username = util.CanonicalName(rq.PostFormValue("username"))
			password = rq.PostFormValue("password")
			err      = user.LoginDataHTTP(w, username, password)
		)
		if err != nil {
			w.Header().Set("Content-Type", "text/html;charset=utf-8")
			w.WriteHeader(http.StatusInternalServerError)
			_, _ = io.WriteString(w, viewutil.Base(viewutil.MetaFrom(w, rq), err.Error(), LoginError(err.Error(), lc), map[string]string{}))
			return
		}
		http.Redirect(w, rq, "/", http.StatusSeeOther)
	}
}

func handlerTelegramLogin(w http.ResponseWriter, rq *http.Request) {
	// Note there is no lock here.
	lc := l18n.FromRequest(rq)
	w.Header().Set("Content-Type", "text/html;charset=utf-8")
	rq.ParseForm()
	var (
		values     = rq.URL.Query()
		username   = strings.ToLower(values.Get("username"))
		seemsValid = user.TelegramAuthParamsAreValid(values)
		err        = user.Register(
			username,
			"", // Password matters not
			"editor",
			"telegram",
			false,
		)
	)
	// If registering a user via Telegram failed, because a Telegram user with this name
	// has already registered, then everything is actually ok!
	if user.HasUsername(username) && user.ByName(username).Source == "telegram" {
		err = nil
	}

	if !seemsValid {
		err = errors.New("Wrong parameters")
	}

	if err != nil {
		log.Printf("Failed to register ‘%s’ using Telegram: %s", username, err.Error())
		w.WriteHeader(http.StatusBadRequest)
		_, _ = io.WriteString(
			w,
			viewutil.Base(
				viewutil.MetaFrom(w, rq),
				lc.Get("ui.error"),
				fmt.Sprintf(
					`<main class="main-width"><p>%s</p><p>%s</p><p><a href="/login">%s<a></p></main>`,
					lc.Get("auth.error_telegram"),
					err.Error(),
					lc.Get("auth.go_login"),
				),
				map[string]string{},
			),
		)
		return
	}

	errmsg := user.LoginDataHTTP(w, username, "")
	if errmsg != nil {
		log.Printf("Failed to login ‘%s’ using Telegram: %s", username, err.Error())
		w.WriteHeader(http.StatusBadRequest)
		_, _ = io.WriteString(
			w,
			viewutil.Base(
				viewutil.MetaFrom(w, rq),
				"Error",
				fmt.Sprintf(
					`<main class="main-width"><p>%s</p><p>%s</p><p><a href="/login">%s<a></p></main>`,
					lc.Get("auth.error_telegram"),
					err.Error(),
					lc.Get("auth.go_login"),
				),
				map[string]string{},
			),
		)
		return
	}
	log.Printf("Authorize ‘%s’ from Telegram", username)
	http.Redirect(w, rq, "/", http.StatusSeeOther)
}
-												Delete package views

All the remaining QTPL files were spread across the codebase. The plan is to get rid of them step by step and migrate to the new l10n approach, all based on Go std templates.

											
										
										
											2022-08-06 11:35:17 +00:00
+								package auth
-												Implement logging out

											
										
										
											2020-11-14 13:03:06 +00:00
 								import (
-												Implement initial Telegram integration

											
										
										
											2021-07-14 19:51:55 +00:00
+									"errors"
-												Actually check for illegal username, pretty errors

											
										
										
											2021-07-01 08:45:03 +00:00
+									"fmt"
-												Implement register form and some registration-related code

											
										
										
											2021-04-12 17:40:43 +00:00
+									"io"
-												Implement logging out

											
										
										
											2020-11-14 13:03:06 +00:00
+									"log"
-												Actually check for illegal username, pretty errors

											
										
										
											2021-07-01 08:45:03 +00:00
+									"mime"
-												Implement logging out

											
										
										
											2020-11-14 13:03:06 +00:00
+									"net/http"
-												Implement initial Telegram integration

											
										
										
											2021-07-14 19:51:55 +00:00
+									"strings"
-												Implement logging out

											
										
										
											2020-11-14 13:03:06 +00:00
-												Fix static assets not served on wikis with no auth

											
										
										
											2022-08-21 13:25:47 +00:00
+									"github.com/bouncepaw/mycorrhiza/viewutil"
-												Migrate to gorilla/mux for web needs

What a wonderful package!

											
										
										
											2021-07-15 17:46:35 +00:00
+									"github.com/gorilla/mux"
-												Actually check for illegal username, pretty errors

											
										
										
											2021-07-01 08:45:03 +00:00
+									"github.com/bouncepaw/mycorrhiza/cfg"
-												Initial l18n support

											
										
										
											2021-09-06 17:46:34 +00:00
+									"github.com/bouncepaw/mycorrhiza/l18n"
-												Implement logging out

											
										
										
											2020-11-14 13:03:06 +00:00
+									"github.com/bouncepaw/mycorrhiza/user"
-												Start the Great Refactoring

											
										
										
											2021-02-17 18:41:35 +00:00
+									"github.com/bouncepaw/mycorrhiza/util"
-												Implement logging out

											
										
										
											2020-11-14 13:03:06 +00:00
+								)
-												Delete package views

All the remaining QTPL files were spread across the codebase. The plan is to get rid of them step by step and migrate to the new l10n approach, all based on Go std templates.

											
										
										
											2022-08-06 11:35:17 +00:00
+								func InitAuth(r *mux.Router) {
-												Misc: Move more stuff here

											
										
										
											2022-04-02 07:22:26 +00:00
+									r.HandleFunc("/user-list", handlerUserList)
-												Migrate to gorilla/mux for web needs

What a wonderful package!

											
										
										
											2021-07-15 17:46:35 +00:00
+									r.HandleFunc("/lock", handlerLock)
-												Auth: Refactor login and logout

GET /login and POST /login-data are merged into /login.

GET /logout and POST /logout-confirm are merged into /logout.

The logout form now looks more consistent with other forms.

Used io.WriteString instead of Fprint where it wasn't like that for some reason.

											
										
										
											2021-12-30 21:07:39 +00:00
+									// The check below saves a lot of extra checks and lines of codes in other places in this file.
-												Drop fixed authorization

Important changes:
- UseFixedAuth is now UseAuth and toggles all kinds of authorization and
  registration
- UseRegistration is now AllowRegistration to better reflect the meaning
- LimitRegistration is now RegistrationLimit because it's not a boolean,
  it's a value (not "limit registration?", but "registration limit is
  ...")
- registered-users.json is now users.json, because all users are stored
  there
- user.AuthUsed is dropped in favor of new cfg.UseAuth which has the
  same meaning

I hope I have not forgotten anything.

											
										
										
											2021-07-02 08:20:03 +00:00
+									if !cfg.UseAuth {
-												Reorganise and document the web stuff a little

											
										
										
											2021-05-09 11:09:27 +00:00
+										return
 									}
-												Drop fixed authorization

Important changes:
- UseFixedAuth is now UseAuth and toggles all kinds of authorization and
  registration
- UseRegistration is now AllowRegistration to better reflect the meaning
- LimitRegistration is now RegistrationLimit because it's not a boolean,
  it's a value (not "limit registration?", but "registration limit is
  ...")
- registered-users.json is now users.json, because all users are stored
  there
- user.AuthUsed is dropped in favor of new cfg.UseAuth which has the
  same meaning

I hope I have not forgotten anything.

											
										
										
											2021-07-02 08:20:03 +00:00
+									if cfg.AllowRegistration {
-												Auth: Do not let users with weird characters in name register

											
										
										
											2022-05-17 13:31:12 +00:00
+										r.HandleFunc("/register", handlerRegister).Methods(http.MethodPost, http.MethodGet)
-												Reorganise and document the web stuff a little

											
										
										
											2021-05-09 11:09:27 +00:00
+									}
-												Implement initial Telegram integration

											
										
										
											2021-07-14 19:51:55 +00:00
+									if cfg.TelegramEnabled {
-												Migrate to gorilla/mux for web needs

What a wonderful package!

											
										
										
											2021-07-15 17:46:35 +00:00
+										r.HandleFunc("/telegram-login", handlerTelegramLogin)
-												Implement initial Telegram integration

											
										
										
											2021-07-14 19:51:55 +00:00
+									}
-												Migrate to gorilla/mux for web needs

What a wonderful package!

											
										
										
											2021-07-15 17:46:35 +00:00
+									r.HandleFunc("/login", handlerLogin)
 									r.HandleFunc("/logout", handlerLogout)
-												Implement logging out

											
										
										
											2020-11-14 13:03:06 +00:00
+								}
-												Misc: Move more stuff here

											
										
										
											2022-04-02 07:22:26 +00:00
+								func handlerUserList(w http.ResponseWriter, rq *http.Request) {
 									lc := l18n.FromRequest(rq)
 									w.Header().Set("Content-Type", mime.TypeByExtension(".html"))
 									w.WriteHeader(http.StatusOK)
-												Turn BodyAttributes into a map

BodyAttributes is now a map of attribute name -> attribute value. This
was done because attribute names have a restricted set of characters,
but attribute values are much less restrictive

											
										
										
											2022-08-14 22:36:55 +00:00
+									w.Write([]byte(viewutil.Base(viewutil.MetaFrom(w, rq), lc.Get("ui.users_title"), UserList(lc), map[string]string{})))
-												Misc: Move more stuff here

											
										
										
											2022-04-02 07:22:26 +00:00
+								}
-												Implement the lock page

It is unused now, you can take a look at it on /lock

											
										
										
											2021-07-09 11:47:50 +00:00
+								func handlerLock(w http.ResponseWriter, rq *http.Request) {
-												Delete package views

All the remaining QTPL files were spread across the codebase. The plan is to get rid of them step by step and migrate to the new l10n approach, all based on Go std templates.

											
										
										
											2022-08-06 11:35:17 +00:00
+									_, _ = io.WriteString(w, Lock(l18n.FromRequest(rq)))
-												Implement the lock page

It is unused now, you can take a look at it on /lock

											
										
										
											2021-07-09 11:47:50 +00:00
+								}
-												Auth: Refactor login and logout

GET /login and POST /login-data are merged into /login.

GET /logout and POST /logout-confirm are merged into /logout.

The logout form now looks more consistent with other forms.

Used io.WriteString instead of Fprint where it wasn't like that for some reason.

											
										
										
											2021-12-30 21:07:39 +00:00
+								// handlerRegister displays the register form (GET) or registers the user (POST).
-												Implement register form and some registration-related code

											
										
										
											2021-04-12 17:40:43 +00:00
+								func handlerRegister(w http.ResponseWriter, rq *http.Request) {
-												Initial l18n support

											
										
										
											2021-09-06 17:46:34 +00:00
+									lc := l18n.FromRequest(rq)
-												Move all web-related stuff to a new module

											
										
										
											2021-05-09 10:42:12 +00:00
+									util.PrepareRq(rq)
-												Implement register form and some registration-related code

											
										
										
											2021-04-12 17:40:43 +00:00
+									if rq.Method == http.MethodGet {
-												Auth: Refactor login and logout

GET /login and POST /login-data are merged into /login.

GET /logout and POST /logout-confirm are merged into /logout.

The logout form now looks more consistent with other forms.

Used io.WriteString instead of Fprint where it wasn't like that for some reason.

											
										
										
											2021-12-30 21:07:39 +00:00
+										_, _ = io.WriteString(
-												Implement register form and some registration-related code

											
										
										
											2021-04-12 17:40:43 +00:00
+											w,
-												Delete package views

All the remaining QTPL files were spread across the codebase. The plan is to get rid of them step by step and migrate to the new l10n approach, all based on Go std templates.

											
										
										
											2022-08-06 11:35:17 +00:00
+											viewutil.Base(
-												Use viewutil.Meta in many places

											
										
										
											2022-04-01 19:51:15 +00:00
+												viewutil.MetaFrom(w, rq),
-												Initial l18n support

											
										
										
											2021-09-06 17:46:34 +00:00
+												lc.Get("auth.register_title"),
-												Delete package views

All the remaining QTPL files were spread across the codebase. The plan is to get rid of them step by step and migrate to the new l10n approach, all based on Go std templates.

											
										
										
											2022-08-06 11:35:17 +00:00
+												Register(rq),
-												Turn BodyAttributes into a map

BodyAttributes is now a map of attribute name -> attribute value. This
was done because attribute names have a restricted set of characters,
but attribute values are much less restrictive

											
										
										
											2022-08-14 22:36:55 +00:00
+												map[string]string{},
-												Implement register form and some registration-related code

											
										
										
											2021-04-12 17:40:43 +00:00
+											),
 										)
-												Auth: Do not let users with weird characters in name register

											
										
										
											2022-05-17 13:31:12 +00:00
+										return
 									}
 									var (
 										username = rq.PostFormValue("username")
 										password = rq.PostFormValue("password")
 										err      = user.Register(username, password, "editor", "local", false)
 									)
 									if err != nil {
 										log.Printf("Failed to register ‘%s’: %s", username, err.Error())
 										w.Header().Set("Content-Type", mime.TypeByExtension(".html"))
 										w.WriteHeader(http.StatusBadRequest)
 										_, _ = io.WriteString(
 											w,
-												Delete package views

All the remaining QTPL files were spread across the codebase. The plan is to get rid of them step by step and migrate to the new l10n approach, all based on Go std templates.

											
										
										
											2022-08-06 11:35:17 +00:00
+											viewutil.Base(
-												Auth: Do not let users with weird characters in name register

											
										
										
											2022-05-17 13:31:12 +00:00
+												viewutil.MetaFrom(w, rq),
 												lc.Get("auth.register_title"),
 												fmt.Sprintf(
 													`<main class="main-width"><p>%s</p><p><a href="/register">%s<a></p></main>`,
 													err.Error(),
 													lc.Get("auth.try_again"),
-												Actually check for illegal username, pretty errors

											
										
										
											2021-07-01 08:45:03 +00:00
+												),
-												Turn BodyAttributes into a map

BodyAttributes is now a map of attribute name -> attribute value. This
was done because attribute names have a restricted set of characters,
but attribute values are much less restrictive

											
										
										
											2022-08-14 22:36:55 +00:00
+												map[string]string{},
-												Auth: Do not let users with weird characters in name register

											
										
										
											2022-05-17 13:31:12 +00:00
+											),
 										)
 										return
-												Implement register form and some registration-related code

											
										
										
											2021-04-12 17:40:43 +00:00
+									}
-												Auth: Do not let users with weird characters in name register

											
										
										
											2022-05-17 13:31:12 +00:00
 									log.Printf("Successfully registered ‘%s’", username)
 									if err := user.LoginDataHTTP(w, username, password); err != nil {
 										return
 									}
 									http.Redirect(w, rq, "/"+rq.URL.RawQuery, http.StatusSeeOther)
-												Implement register form and some registration-related code

											
										
										
											2021-04-12 17:40:43 +00:00
+								}
-												Auth: Refactor login and logout

GET /login and POST /login-data are merged into /login.

GET /logout and POST /logout-confirm are merged into /logout.

The logout form now looks more consistent with other forms.

Used io.WriteString instead of Fprint where it wasn't like that for some reason.

											
										
										
											2021-12-30 21:07:39 +00:00
+								// handlerLogout shows the logout form (GET) or logs the user out (POST).
-												Implement logging out

											
										
										
											2020-11-14 13:03:06 +00:00
+								func handlerLogout(w http.ResponseWriter, rq *http.Request) {
-												Auth: Refactor login and logout

GET /login and POST /login-data are merged into /login.

GET /logout and POST /logout-confirm are merged into /logout.

The logout form now looks more consistent with other forms.

Used io.WriteString instead of Fprint where it wasn't like that for some reason.

											
										
										
											2021-12-30 21:07:39 +00:00
+									if rq.Method == http.MethodGet {
 										var (
 											u   = user.FromRequest(rq)
 											can = u != nil
 											lc  = l18n.FromRequest(rq)
 										)
 										w.Header().Set("Content-Type", "text/html;charset=utf-8")
 										if can {
 											log.Println("User", u.Name, "tries to log out")
 											w.WriteHeader(http.StatusOK)
 										} else {
 											log.Println("Unknown user tries to log out")
 											w.WriteHeader(http.StatusForbidden)
 										}
 										_, _ = io.WriteString(
 											w,
-												Turn BodyAttributes into a map

BodyAttributes is now a map of attribute name -> attribute value. This
was done because attribute names have a restricted set of characters,
but attribute values are much less restrictive

											
										
										
											2022-08-14 22:36:55 +00:00
+											viewutil.Base(viewutil.MetaFrom(w, rq), lc.Get("auth.logout_title"), Logout(can, lc), map[string]string{}),
-												Auth: Refactor login and logout

GET /login and POST /login-data are merged into /login.

GET /logout and POST /logout-confirm are merged into /logout.

The logout form now looks more consistent with other forms.

Used io.WriteString instead of Fprint where it wasn't like that for some reason.

											
										
										
											2021-12-30 21:07:39 +00:00
+										)
 									} else if rq.Method == http.MethodPost {
 										user.LogoutFromRequest(w, rq)
 										http.Redirect(w, rq, "/", http.StatusSeeOther)
-												Implement logging out

											
										
										
											2020-11-14 13:03:06 +00:00
+									}
 								}
-												Auth: Refactor login and logout

GET /login and POST /login-data are merged into /login.

GET /logout and POST /logout-confirm are merged into /logout.

The logout form now looks more consistent with other forms.

Used io.WriteString instead of Fprint where it wasn't like that for some reason.

											
										
										
											2021-12-30 21:07:39 +00:00
+								// handlerLogin shows the login form (GET) or logs the user in (POST).
-												Reorganise and document the web stuff a little

											
										
										
											2021-05-09 11:09:27 +00:00
+								func handlerLogin(w http.ResponseWriter, rq *http.Request) {
-												Auth: Refactor login and logout

GET /login and POST /login-data are merged into /login.

GET /logout and POST /logout-confirm are merged into /logout.

The logout form now looks more consistent with other forms.

Used io.WriteString instead of Fprint where it wasn't like that for some reason.

											
										
										
											2021-12-30 21:07:39 +00:00
+									lc := l18n.FromRequest(rq)
 									if rq.Method == http.MethodGet {
 										w.Header().Set("Content-Type", "text/html;charset=utf-8")
-												Reorganise and document the web stuff a little

											
										
										
											2021-05-09 11:09:27 +00:00
+										w.WriteHeader(http.StatusOK)
-												Auth: Refactor login and logout

GET /login and POST /login-data are merged into /login.

GET /logout and POST /logout-confirm are merged into /logout.

The logout form now looks more consistent with other forms.

Used io.WriteString instead of Fprint where it wasn't like that for some reason.

											
										
										
											2021-12-30 21:07:39 +00:00
+										_, _ = io.WriteString(
 											w,
-												Delete package views

All the remaining QTPL files were spread across the codebase. The plan is to get rid of them step by step and migrate to the new l10n approach, all based on Go std templates.

											
										
										
											2022-08-06 11:35:17 +00:00
+											viewutil.Base(
-												Use viewutil.Meta in many places

											
										
										
											2022-04-01 19:51:15 +00:00
+												viewutil.MetaFrom(w, rq),
-												Auth: Refactor login and logout

GET /login and POST /login-data are merged into /login.

GET /logout and POST /logout-confirm are merged into /logout.

The logout form now looks more consistent with other forms.

Used io.WriteString instead of Fprint where it wasn't like that for some reason.

											
										
										
											2021-12-30 21:07:39 +00:00
+												lc.Get("auth.login_title"),
-												Delete package views

All the remaining QTPL files were spread across the codebase. The plan is to get rid of them step by step and migrate to the new l10n approach, all based on Go std templates.

											
										
										
											2022-08-06 11:35:17 +00:00
+												Login(lc),
-												Turn BodyAttributes into a map

BodyAttributes is now a map of attribute name -> attribute value. This
was done because attribute names have a restricted set of characters,
but attribute values are much less restrictive

											
										
										
											2022-08-14 22:36:55 +00:00
+												map[string]string{},
-												Auth: Refactor login and logout

GET /login and POST /login-data are merged into /login.

GET /logout and POST /logout-confirm are merged into /logout.

The logout form now looks more consistent with other forms.

Used io.WriteString instead of Fprint where it wasn't like that for some reason.

											
										
										
											2021-12-30 21:07:39 +00:00
+											),
 										)
 									} else if rq.Method == http.MethodPost {
 										var (
 											username = util.CanonicalName(rq.PostFormValue("username"))
 											password = rq.PostFormValue("password")
-												Auth: Do not let users with weird characters in name register

											
										
										
											2022-05-17 13:31:12 +00:00
+											err      = user.LoginDataHTTP(w, username, password)
-												Auth: Refactor login and logout

GET /login and POST /login-data are merged into /login.

GET /logout and POST /logout-confirm are merged into /logout.

The logout form now looks more consistent with other forms.

Used io.WriteString instead of Fprint where it wasn't like that for some reason.

											
										
										
											2021-12-30 21:07:39 +00:00
+										)
-												Auth: Do not let users with weird characters in name register

											
										
										
											2022-05-17 13:31:12 +00:00
+										if err != nil {
-												Auth: Refactor login and logout

GET /login and POST /login-data are merged into /login.

GET /logout and POST /logout-confirm are merged into /logout.

The logout form now looks more consistent with other forms.

Used io.WriteString instead of Fprint where it wasn't like that for some reason.

											
										
										
											2021-12-30 21:07:39 +00:00
+											w.Header().Set("Content-Type", "text/html;charset=utf-8")
 											w.WriteHeader(http.StatusInternalServerError)
-												Turn BodyAttributes into a map

BodyAttributes is now a map of attribute name -> attribute value. This
was done because attribute names have a restricted set of characters,
but attribute values are much less restrictive

											
										
										
											2022-08-14 22:36:55 +00:00
+											_, _ = io.WriteString(w, viewutil.Base(viewutil.MetaFrom(w, rq), err.Error(), LoginError(err.Error(), lc), map[string]string{}))
-												Auth: Refactor login and logout

GET /login and POST /login-data are merged into /login.

GET /logout and POST /logout-confirm are merged into /logout.

The logout form now looks more consistent with other forms.

Used io.WriteString instead of Fprint where it wasn't like that for some reason.

											
										
										
											2021-12-30 21:07:39 +00:00
+											return
 										}
 										http.Redirect(w, rq, "/", http.StatusSeeOther)
-												Reorganise and document the web stuff a little

											
										
										
											2021-05-09 11:09:27 +00:00
+									}
 								}
-												Implement initial Telegram integration

											
										
										
											2021-07-14 19:51:55 +00:00
+								func handlerTelegramLogin(w http.ResponseWriter, rq *http.Request) {
 									// Note there is no lock here.
-												Initial l18n support

											
										
										
											2021-09-06 17:46:34 +00:00
+									lc := l18n.FromRequest(rq)
-												Improve some forms

											
										
										
											2021-07-14 20:04:52 +00:00
+									w.Header().Set("Content-Type", "text/html;charset=utf-8")
-												Implement initial Telegram integration

											
										
										
											2021-07-14 19:51:55 +00:00
+									rq.ParseForm()
 									var (
-												Migrate to gorilla/mux for web needs

What a wonderful package!

											
										
										
											2021-07-15 17:46:35 +00:00
+										values     = rq.URL.Query()
 										username   = strings.ToLower(values.Get("username"))
-												Implement initial Telegram integration

											
										
										
											2021-07-14 19:51:55 +00:00
+										seemsValid = user.TelegramAuthParamsAreValid(values)
-												Migrate to gorilla/mux for web needs

What a wonderful package!

											
										
										
											2021-07-15 17:46:35 +00:00
+										err        = user.Register(
-												Implement initial Telegram integration

											
										
										
											2021-07-14 19:51:55 +00:00
+											username,
 											"", // Password matters not
-												Mark user's source: local or telegram

											
										
										
											2021-07-14 21:00:35 +00:00
+											"editor",
-												Implement initial Telegram integration

											
										
										
											2021-07-14 19:51:55 +00:00
+											"telegram",
 											false,
 										)
 									)
-												Fix a Telegram-related bug

I removed my favorite comment:

// Problems is something we put blankets on.

											
										
										
											2023-02-25 20:38:38 +00:00
+									// If registering a user via Telegram failed, because a Telegram user with this name
 									// has already registered, then everything is actually ok!
-												Housekeeping with linter

'I do as the golint guides'

											
										
										
											2021-10-01 17:12:16 +00:00
+									if user.HasUsername(username) && user.ByName(username).Source == "telegram" {
-												Implement initial Telegram integration

											
										
										
											2021-07-14 19:51:55 +00:00
+										err = nil
 									}
 									if !seemsValid {
 										err = errors.New("Wrong parameters")
 									}
 									if err != nil {
 										log.Printf("Failed to register ‘%s’ using Telegram: %s", username, err.Error())
 										w.WriteHeader(http.StatusBadRequest)
-												Auth: Refactor login and logout

GET /login and POST /login-data are merged into /login.

GET /logout and POST /logout-confirm are merged into /logout.

The logout form now looks more consistent with other forms.

Used io.WriteString instead of Fprint where it wasn't like that for some reason.

											
										
										
											2021-12-30 21:07:39 +00:00
+										_, _ = io.WriteString(
-												Implement initial Telegram integration

											
										
										
											2021-07-14 19:51:55 +00:00
+											w,
-												Delete package views

All the remaining QTPL files were spread across the codebase. The plan is to get rid of them step by step and migrate to the new l10n approach, all based on Go std templates.

											
										
										
											2022-08-06 11:35:17 +00:00
+											viewutil.Base(
-												Use viewutil.Meta in many places

											
										
										
											2022-04-01 19:51:15 +00:00
+												viewutil.MetaFrom(w, rq),
-												Initial l18n support

											
										
										
											2021-09-06 17:46:34 +00:00
+												lc.Get("ui.error"),
-												Implement initial Telegram integration

											
										
										
											2021-07-14 19:51:55 +00:00
+												fmt.Sprintf(
-												Initial l18n support

											
										
										
											2021-09-06 17:46:34 +00:00
+													`<main class="main-width"><p>%s</p><p>%s</p><p><a href="/login">%s<a></p></main>`,
 													lc.Get("auth.error_telegram"),
-												Implement initial Telegram integration

											
										
										
											2021-07-14 19:51:55 +00:00
+													err.Error(),
-												Initial l18n support

											
										
										
											2021-09-06 17:46:34 +00:00
+													lc.Get("auth.go_login"),
-												Implement initial Telegram integration

											
										
										
											2021-07-14 19:51:55 +00:00
+												),
-												Turn BodyAttributes into a map

BodyAttributes is now a map of attribute name -> attribute value. This
was done because attribute names have a restricted set of characters,
but attribute values are much less restrictive

											
										
										
											2022-08-14 22:36:55 +00:00
+												map[string]string{},
-												Implement initial Telegram integration

											
										
										
											2021-07-14 19:51:55 +00:00
+											),
 										)
 										return
 									}
-												Auth: Do not let users with weird characters in name register

											
										
										
											2022-05-17 13:31:12 +00:00
+									errmsg := user.LoginDataHTTP(w, username, "")
 									if errmsg != nil {
-												Implement initial Telegram integration

											
										
										
											2021-07-14 19:51:55 +00:00
+										log.Printf("Failed to login ‘%s’ using Telegram: %s", username, err.Error())
 										w.WriteHeader(http.StatusBadRequest)
-												Auth: Refactor login and logout

GET /login and POST /login-data are merged into /login.

GET /logout and POST /logout-confirm are merged into /logout.

The logout form now looks more consistent with other forms.

Used io.WriteString instead of Fprint where it wasn't like that for some reason.

											
										
										
											2021-12-30 21:07:39 +00:00
+										_, _ = io.WriteString(
-												Implement initial Telegram integration

											
										
										
											2021-07-14 19:51:55 +00:00
+											w,
-												Delete package views

All the remaining QTPL files were spread across the codebase. The plan is to get rid of them step by step and migrate to the new l10n approach, all based on Go std templates.

											
										
										
											2022-08-06 11:35:17 +00:00
+											viewutil.Base(
-												Use viewutil.Meta in many places

											
										
										
											2022-04-01 19:51:15 +00:00
+												viewutil.MetaFrom(w, rq),
-												Implement initial Telegram integration

											
										
										
											2021-07-14 19:51:55 +00:00
+												"Error",
 												fmt.Sprintf(
-												Initial l18n support

											
										
										
											2021-09-06 17:46:34 +00:00
+													`<main class="main-width"><p>%s</p><p>%s</p><p><a href="/login">%s<a></p></main>`,
 													lc.Get("auth.error_telegram"),
-												Implement initial Telegram integration

											
										
										
											2021-07-14 19:51:55 +00:00
+													err.Error(),
-												Initial l18n support

											
										
										
											2021-09-06 17:46:34 +00:00
+													lc.Get("auth.go_login"),
-												Implement initial Telegram integration

											
										
										
											2021-07-14 19:51:55 +00:00
+												),
-												Turn BodyAttributes into a map

BodyAttributes is now a map of attribute name -> attribute value. This
was done because attribute names have a restricted set of characters,
but attribute values are much less restrictive

											
										
										
											2022-08-14 22:36:55 +00:00
+												map[string]string{},
-												Implement initial Telegram integration

											
										
										
											2021-07-14 19:51:55 +00:00
+											),
 										)
 										return
 									}
 									log.Printf("Authorize ‘%s’ from Telegram", username)
 									http.Redirect(w, rq, "/", http.StatusSeeOther)
 								}