|
|
@@ -4,12 +4,13 @@ import (
|
|
|
"github.com/kataras/iris"
|
|
|
"github.com/kataras/go-template/html"
|
|
|
"fmt"
|
|
|
- "git.mmnx.de/Moe/databaseutils"
|
|
|
"git.mmnx.de/Moe/usermanager"
|
|
|
+ "git.mmnx.de/Moe/databaseutils"
|
|
|
"git.mmnx.de/Moe/configutils"
|
|
|
"git.mmnx.de/Moe/templatehelpers"
|
|
|
"golang.org/x/crypto/bcrypt"
|
|
|
- "errors"
|
|
|
+ // "errors"
|
|
|
+ "strconv"
|
|
|
)
|
|
|
|
|
|
type pageUserParams struct{
|
|
|
@@ -56,11 +57,12 @@ func main() {
|
|
|
iris.Static("/static", "./static/static", 1)
|
|
|
|
|
|
iris.Post("/login", loginHandler) // login form handler // TODO: outsource ?
|
|
|
- iris.Post("/register", registerHandler) // TODO outsource ?
|
|
|
- iris.Post("/account", usermanager.AuthHandler, accountUpdateHandler)
|
|
|
+ iris.Post("/register", registerHandler, usermanager.LogoutHandler) // TODO outsource ?
|
|
|
+ iris.Post("/account", usermanager.AuthHandler, accountUpdateHandler, usermanager.LogoutHandler)
|
|
|
iris.Post("/admin", usermanager.AuthHandler, usermanager.AdminHandler, adminPostHandler)
|
|
|
|
|
|
iris.Get("/login", templateHandler) // TODO not when logged in
|
|
|
+ iris.Get("/logout", usermanager.AuthHandler, usermanager.LogoutHandler)
|
|
|
iris.Get("/register", templateHandler) // TODO not when logged in
|
|
|
iris.Get("/", usermanager.AuthHandler, templateHandler)
|
|
|
iris.Get("/account", usermanager.AuthHandler, templateHandler)
|
|
|
@@ -94,102 +96,97 @@ func registerHandler(ctx *iris.Context) {
|
|
|
password := ctx.FormValueString("password")
|
|
|
|
|
|
user := usermanager.User{} // new user
|
|
|
+ tokenUserID, err := usermanager.SearchUserByTokenInDB(token) // user, we're going to change
|
|
|
+ if err != nil {
|
|
|
+ templatehelpers.ShowError(err.Error(), ctx, "register")
|
|
|
+ return
|
|
|
+ }
|
|
|
+ tokenUserIDStr := strconv.FormatInt(int64(tokenUserID), 10)
|
|
|
+ if err != nil {
|
|
|
+ templatehelpers.ShowError(err.Error(), ctx, "register")
|
|
|
+ return
|
|
|
+ }
|
|
|
+ tokenUser, err := usermanager.GetUserFromDB(tokenUserIDStr)
|
|
|
+ if err != nil {
|
|
|
+ templatehelpers.ShowError(err.Error(), ctx, "register")
|
|
|
+ return
|
|
|
+ }
|
|
|
|
|
|
- tokens := usermanager.GetTokens(false) // get all unused tokens
|
|
|
- validToken := false
|
|
|
+ tokens := usermanager.GetTokens(false) // get all unused tokens, // TODO when v outsourced, use GetToken()
|
|
|
+ unusedToken := false // TODO: outsource this (GetToken())
|
|
|
for i, _ := range tokens {
|
|
|
if token == tokens[i] {
|
|
|
- validToken = true
|
|
|
+ unusedToken = true
|
|
|
break
|
|
|
}
|
|
|
}
|
|
|
- if !validToken { // token not valid
|
|
|
+
|
|
|
+ tokens = usermanager.GetTokens(true) // get all used tokens, // TODO when v outsourced, use GetToken()
|
|
|
+ usedToken := false // TODO: outsource this (GetToken())
|
|
|
+ for i, _ := range tokens {
|
|
|
+ if token == tokens[i] {
|
|
|
+ usedToken = true
|
|
|
+ break
|
|
|
+ }
|
|
|
+ }
|
|
|
+
|
|
|
+ if !unusedToken && !usedToken { // token doesnt exist
|
|
|
templatehelpers.ShowError(usermanager.ERR_INVALID_TOKEN, ctx, "register")
|
|
|
}
|
|
|
|
|
|
userID := usermanager.SearchUserByUsernameInDB(username) // check if a user with that name already exists
|
|
|
if userID != -1 {
|
|
|
- templatehelpers.ShowError(usermanager.ERR_USERNAME_TAKEN, ctx, "register")
|
|
|
- }
|
|
|
-
|
|
|
- passwordBin, _ := bcrypt.GenerateFromPassword([]byte(password), 15) // hash password
|
|
|
-
|
|
|
- err := usermanager.RegisterUserWithToken(username, string(passwordBin), token) // register user
|
|
|
- if err != nil {
|
|
|
- templatehelpers.ShowError(err.Error(), ctx, "register")
|
|
|
- return
|
|
|
+ tokenUserIDInt, err := strconv.Atoi(tokenUser.ID) // convert userID to int ...
|
|
|
+ if err != nil {
|
|
|
+ templatehelpers.ShowError(err.Error(), ctx, "register")
|
|
|
+ return
|
|
|
+ }
|
|
|
+ if userID != tokenUserIDInt { // tries to steal another users identity
|
|
|
+ templatehelpers.ShowError(usermanager.ERR_USERNAME_TAKEN, ctx, "register")
|
|
|
+ return
|
|
|
+ } // if it's his own name, that's "taken" he can change
|
|
|
}
|
|
|
|
|
|
- tokenString, err := user.Login(username, password) // try to login
|
|
|
-
|
|
|
- if err != nil {
|
|
|
- templatehelpers.ShowError(err.Error(), ctx, "login")
|
|
|
- } else {
|
|
|
- ctx.SetCookieKV("token", tokenString)
|
|
|
- ctx.Redirect("/")
|
|
|
- // TODO: error-alternative success (main.html)
|
|
|
- }
|
|
|
-}
|
|
|
+ if unusedToken {
|
|
|
+ passwordBin, _ := bcrypt.GenerateFromPassword([]byte(password), 15) // hash password
|
|
|
|
|
|
-func accountUpdateHandler(ctx *iris.Context) { // TODO tidy up?
|
|
|
- err := errors.New(""); err = nil
|
|
|
- username := ctx.FormValueString("username") // POST values
|
|
|
- password := ctx.FormValueString("password")
|
|
|
- userID := ctx.GetString("userID")
|
|
|
- usersArrayID := usermanager.SearchUser(userID)
|
|
|
- user := (*usermanager.Users)[usersArrayID] // user must be logged in to do this -> get from users list
|
|
|
+ err := usermanager.RegisterUserWithToken(username, string(passwordBin), token) // register user
|
|
|
+ if err != nil {
|
|
|
+ templatehelpers.ShowError(err.Error(), ctx, "register")
|
|
|
+ return
|
|
|
+ }
|
|
|
|
|
|
- if username != "" && usermanager.SearchUserByUsername(username) != -1 && username != user.Username { // username can't be changed as there already exists a user with that name or it's the old name
|
|
|
- ctx.Render("account_box.html", usermanager.PageUserParams{"1", errors.New("Username already taken").Error(), "account", user.Username, user.Admin, []string{"ayy", "lmao"}})
|
|
|
- return
|
|
|
- }
|
|
|
+ tokenString, err := user.Login(username, password) // try to login
|
|
|
|
|
|
- needQuery := false
|
|
|
+ if err != nil {
|
|
|
+ templatehelpers.ShowError(err.Error(), ctx, "login")
|
|
|
+ } else {
|
|
|
+ ctx.SetCookieKV("token", tokenString)
|
|
|
+ ctx.Redirect("/")
|
|
|
+ // TODO: error-alternative success (main.html)
|
|
|
+ }
|
|
|
|
|
|
- if username != "" { // if not left empty (-> change)
|
|
|
- needQuery = true
|
|
|
} else {
|
|
|
- username = user.Username // keep
|
|
|
- }
|
|
|
|
|
|
- hashedPassword := user.Password // we assumpt the user's not changing his password
|
|
|
-
|
|
|
- if password != "" { // if not left empty we change it
|
|
|
- needQuery = true
|
|
|
- hashedPassword, err = func (hashedPassword []byte, err error) (string, error) { // hash password, we use an anonymous function to convert it to string
|
|
|
- if err != nil { // should never happen
|
|
|
- ctx.Render("account_box.html", usermanager.PageUserParams{"1", err.Error(), "account", user.Username, user.Admin, []string{"ayy", "lmao"}})
|
|
|
- return "", err
|
|
|
- }
|
|
|
- return string(hashedPassword), nil
|
|
|
- }(bcrypt.GenerateFromPassword([]byte(password), 15)) // this is the actual hashing call
|
|
|
- if err != nil { // should never happen
|
|
|
- ctx.Render("account_box.html", usermanager.PageUserParams{"1", err.Error(), "account", user.Username, user.Admin, []string{"ayy", "lmao"}})
|
|
|
+ // TODO maybe check whether to login or logout
|
|
|
+
|
|
|
+ if err := usermanager.UserUpdateProcessor(username, password, tokenUserIDStr); err != nil {
|
|
|
+ templatehelpers.ShowError(err.Error(), ctx, "register")
|
|
|
return
|
|
|
}
|
|
|
}
|
|
|
+}
|
|
|
|
|
|
- if !needQuery { // we don't need to update anything
|
|
|
- ctx.Render("account_box.html", usermanager.PageUserParams{"1", errors.New("nothing to update").Error(), "account", user.Username, user.Admin, []string{"ayy", "lmao"}})
|
|
|
- return
|
|
|
- }
|
|
|
-
|
|
|
- (*usermanager.Users)[usermanager.SearchUser(userID)].Username = username // update values in runtime users list
|
|
|
- (*usermanager.Users)[usermanager.SearchUser(userID)].Password = hashedPassword
|
|
|
+func accountUpdateHandler(ctx *iris.Context) {
|
|
|
+ username := ctx.FormValueString("username") // POST values
|
|
|
+ password := ctx.FormValueString("password")
|
|
|
+ userID := ctx.GetString("userID")
|
|
|
|
|
|
- err = (*usermanager.Users)[usermanager.SearchUser(userID)].Update() // try to update in db
|
|
|
- if err != nil { // failed to update
|
|
|
- ctx.Render("account_box.html", usermanager.PageUserParams{"1", err.Error(), "account", user.Username, user.Admin, []string{"ayy", "lmao"}})
|
|
|
+ if err := usermanager.UserUpdateProcessor(username, password, userID); err != nil {
|
|
|
+ templatehelpers.ShowError(err.Error(), ctx, "account")
|
|
|
return
|
|
|
}
|
|
|
|
|
|
- // TODO success notifications
|
|
|
-
|
|
|
- if err != nil {
|
|
|
- ctx.Render("account_box.html", usermanager.PageUserParams{"1", err.Error(), "account", user.Username, user.Admin, []string{"ayy", "lmao"}}) // TODO dynamic
|
|
|
- } else {
|
|
|
- ctx.Render("account_box.html", usermanager.PageUserParams{"0", "", "account", user.Username, user.Admin, []string{"ayy", "lmao"}}) // TODO dynamic
|
|
|
- }
|
|
|
}
|
|
|
|
|
|
func adminPostHandler(ctx *iris.Context) {
|
|
|
@@ -231,17 +228,11 @@ func templateHandler(ctx *iris.Context) {
|
|
|
params = usermanager.PageUserParams{"0", "", template, user.Username, user.Admin, tokens}
|
|
|
case "/login":
|
|
|
template = "login"
|
|
|
- params = usermanager.PageUserParams{"0", "", template, "", "0", []string{"ayy", "lmao"}}
|
|
|
+ params = usermanager.PageUserParams{"0", "", template, "", "0", []string{}}
|
|
|
case "/register":
|
|
|
template = "register"
|
|
|
params = usermanager.PageUserParams{"0", "", template, "", "0", []string{}}
|
|
|
}
|
|
|
|
|
|
-
|
|
|
- // fmt.Println(ctx.RequestPath(false))
|
|
|
-
|
|
|
- // fmt.Println(template)
|
|
|
-
|
|
|
ctx.MustRender(template + "_box.html", params);
|
|
|
-
|
|
|
}
|
