diff options
Diffstat (limited to 'cmd/server/middleware.go')
| -rw-r--r-- | cmd/server/middleware.go | 136 |
1 files changed, 70 insertions, 66 deletions
diff --git a/cmd/server/middleware.go b/cmd/server/middleware.go index 7ba34cf..d0957fd 100644 --- a/cmd/server/middleware.go +++ b/cmd/server/middleware.go @@ -25,96 +25,100 @@ func (a *App) Err500Default(w http.ResponseWriter, r *http.Request) { "Internal server error.") } -func (a *App) LogoutHandler(w http.ResponseWriter, r *http.Request) { - http.SetCookie(w, &http.Cookie{ - Name: "Auth", - HttpOnly: a.auth.HTTPOnly, - SameSite: a.auth.SameSiteStrict, - Secure: a.auth.Secure, - Value: "logout", - Expires: time.Now().Add(time.Second), //nolint +func (a *App) LogoutHandler() http.Handler { + return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { + http.SetCookie(w, &http.Cookie{ + Name: "Auth", + HttpOnly: a.auth.HTTPOnly, + SameSite: a.auth.SameSiteStrict, + Secure: a.auth.Secure, + Value: "logout", + Expires: time.Now().Add(time.Second), //nolint + }) + + http.Redirect(w, r, "/", http.StatusFound) }) - - http.Redirect(w, r, "/", http.StatusFound) } -func (a *App) LoginHandler(w http.ResponseWriter, r *http.Request) { //nolint - loggedIn := a.IsLoggedIn(r) +func (a *App) LoginHandler() http.Handler { + return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { //nolint + loggedIn := a.IsLoggedIn(r) - next, _ := url.Parse(r.URL.Query().Get("next")) + next, _ := url.Parse(r.URL.Query().Get("next")) - if r.Method == "GET" && !loggedIn { - page.RenderForPath(w, r, "login") + if r.Method == "GET" && !loggedIn { + page.RenderForPath(w, r, "login") - return - } + return + } + + if r.Method == "GET" && loggedIn { + if next.Path != "" { + http.Redirect(w, r, next.Path, http.StatusFound) + + return + } - if r.Method == "GET" && loggedIn { - if next.Path != "" { - http.Redirect(w, r, next.Path, http.StatusFound) + http.Redirect(w, r, "/dashboard", http.StatusFound) return } - http.Redirect(w, r, "/dashboard", http.StatusFound) + if r.Method != "POST" { + a.Err500Default(w, r) - return - } + return + } - if r.Method != "POST" { - a.Err500Default(w, r) + username := r.FormValue("username") + password := r.FormValue("password") - return - } + var ( + err error = nil + u *users.SiteUser + found = false + ) - username := r.FormValue("username") - password := r.FormValue("password") + for _, u = range a.auth.Users { + if u.Username == username { + err = u.CheckPassword(password) + found = true + } + } - var ( - err error = nil - u *users.SiteUser - found = false - ) + if err != nil || !found { + page.Render(w, r, "login", map[string]interface{}{ + "Error": "Invalid username or password", + "Username": username, + }, http.StatusUnauthorized) - for _, u = range a.auth.Users { - if u.Username == username { - err = u.CheckPassword(password) - found = true + return } - } - - if err != nil || !found { - page.Render(w, r, "login", map[string]interface{}{ - "Error": "Invalid username or password", - "Username": username, - }, http.StatusUnauthorized) - return - } + token := jwt.NewWithClaims(jwt.SigningMethodHS512, &jwt.StandardClaims{ + ExpiresAt: time.Now().Add( + time.Hour * time.Duration(a.auth.LoginHours)).Unix(), + Id: u.Username, + }) - token := jwt.NewWithClaims(jwt.SigningMethodHS512, &jwt.StandardClaims{ - ExpiresAt: time.Now().Add( - time.Hour * time.Duration(a.auth.LoginHours)).Unix(), - Id: u.Username, - }) + ss, err := token.SignedString([]byte(a.auth.TokenKey)) + if err != nil { + log.Println("login: encountered while setting up JWT: ", err) + a.Err500Default(w, r) - ss, err := token.SignedString([]byte(a.auth.TokenKey)) - if err != nil { - log.Println("login: encountered while setting up JWT: ", err) - a.Err500Default(w, r) + return + } - return - } + http.SetCookie(w, &http.Cookie{ + Name: "Auth", + HttpOnly: a.auth.HTTPOnly, + SameSite: a.auth.SameSiteStrict, + Secure: a.auth.Secure, + Value: ss, + }) - http.SetCookie(w, &http.Cookie{ - Name: "Auth", - HttpOnly: a.auth.HTTPOnly, - SameSite: a.auth.SameSiteStrict, - Secure: a.auth.Secure, - Value: ss, + http.Redirect(w, r, "/login", http.StatusFound) }) - - http.Redirect(w, r, "/login", http.StatusFound) } func (a *App) IsLoggedIn(r *http.Request) bool { |