1
0
mirror of https://github.com/osmarks/mycorrhiza.git synced 2024-12-16 06:50:26 +00:00
mycorrhiza/web/auth.go

126 lines
3.3 KiB
Go
Raw Normal View History

package web
2020-11-14 13:03:06 +00:00
import (
"fmt"
"io"
2020-11-14 13:03:06 +00:00
"log"
"mime"
2020-11-14 13:03:06 +00:00
"net/http"
"github.com/bouncepaw/mycorrhiza/cfg"
2020-11-14 13:03:06 +00:00
"github.com/bouncepaw/mycorrhiza/user"
2021-02-17 18:41:35 +00:00
"github.com/bouncepaw/mycorrhiza/util"
"github.com/bouncepaw/mycorrhiza/views"
2020-11-14 13:03:06 +00:00
)
func initAuth() {
if !cfg.UseAuth {
return
}
if cfg.AllowRegistration {
http.HandleFunc("/register", handlerRegister)
}
2020-11-14 13:03:06 +00:00
http.HandleFunc("/login", handlerLogin)
http.HandleFunc("/login-data", handlerLoginData)
http.HandleFunc("/logout", handlerLogout)
http.HandleFunc("/logout-confirm", handlerLogoutConfirm)
}
// handlerRegister both displays the register form (GET) and registers users (POST).
func handlerRegister(w http.ResponseWriter, rq *http.Request) {
util.PrepareRq(rq)
if !cfg.AllowRegistration {
w.WriteHeader(http.StatusForbidden)
}
if rq.Method == http.MethodGet {
io.WriteString(
w,
views.BaseHTML(
"Register",
views.RegisterHTML(rq),
user.FromRequest(rq),
),
)
} else if rq.Method == http.MethodPost {
var (
username = rq.PostFormValue("username")
password = rq.PostFormValue("password")
err = user.Register(username, password, "editor", false)
)
if err != nil {
log.Printf("Failed to register \"%s\": %s", username, err.Error())
w.Header().Set("Content-Type", mime.TypeByExtension(".html"))
w.WriteHeader(http.StatusBadRequest)
fmt.Fprint(
w,
views.BaseHTML(
"Register",
fmt.Sprintf(
`<main class="main-width"><p>%s</p><p><a href="/register">Try again<a></p></main>`,
err.Error(),
),
user.FromRequest(rq),
),
)
} else {
log.Printf("Successfully registered \"%s\"", username)
user.LoginDataHTTP(w, rq, username, password)
http.Redirect(w, rq, "/"+rq.URL.RawQuery, http.StatusSeeOther)
}
}
}
// handlerLogout shows the logout form.
2020-11-14 13:03:06 +00:00
func handlerLogout(w http.ResponseWriter, rq *http.Request) {
var (
u = user.FromRequest(rq)
can = u != nil
)
w.Header().Set("Content-Type", "text/html;charset=utf-8")
if can {
log.Println("User", u.Name, "tries to log out")
w.WriteHeader(http.StatusOK)
} else {
log.Println("Unknown user tries to log out")
w.WriteHeader(http.StatusForbidden)
}
w.Write([]byte(views.BaseHTML("Logout?", views.LogoutHTML(can), u)))
2020-11-14 13:03:06 +00:00
}
// handlerLogoutConfirm logs the user out.
//
// TODO: merge into handlerLogout as POST method.
2020-11-14 13:03:06 +00:00
func handlerLogoutConfirm(w http.ResponseWriter, rq *http.Request) {
user.LogoutFromRequest(w, rq)
http.Redirect(w, rq, "/", http.StatusSeeOther)
}
// handlerLogin shows the login form.
func handlerLogin(w http.ResponseWriter, rq *http.Request) {
util.PrepareRq(rq)
w.Header().Set("Content-Type", "text/html;charset=utf-8")
if cfg.UseAuth {
w.WriteHeader(http.StatusOK)
} else {
w.WriteHeader(http.StatusForbidden)
}
w.Write([]byte(views.BaseHTML("Login", views.LoginHTML(), user.EmptyUser())))
}
// handlerLoginData logs the user in.
//
// TODO: merge into handlerLogin as POST method.
2020-11-14 13:03:06 +00:00
func handlerLoginData(w http.ResponseWriter, rq *http.Request) {
util.PrepareRq(rq)
2020-11-14 13:03:06 +00:00
var (
2021-02-17 18:41:35 +00:00
username = util.CanonicalName(rq.PostFormValue("username"))
2020-11-14 13:03:06 +00:00
password = rq.PostFormValue("password")
err = user.LoginDataHTTP(w, rq, username, password)
)
if err != "" {
w.Write([]byte(views.BaseHTML(err, views.LoginErrorHTML(err), user.EmptyUser())))
2020-11-14 13:03:06 +00:00
} else {
http.Redirect(w, rq, "/", http.StatusSeeOther)
}
}