Initial sessions implementation
This commit is contained in:
@ -8,12 +8,14 @@ import (
|
||||
)
|
||||
|
||||
type Article struct {
|
||||
Title string
|
||||
Created time.Time
|
||||
Desc string
|
||||
Content string
|
||||
Tags []string
|
||||
UUID uuid.UUID
|
||||
Title string
|
||||
Author string
|
||||
Created time.Time
|
||||
Desc string
|
||||
Content string
|
||||
Tags []string
|
||||
UUID uuid.UUID
|
||||
AuthorID int64
|
||||
}
|
||||
|
||||
type ArticleList struct {
|
||||
|
||||
@ -43,8 +43,7 @@ func (db *DB) AddUser(user User, pass string) error {
|
||||
query := `
|
||||
INSERT INTO users
|
||||
(username, password, first_name, last_name, role)
|
||||
VALUES
|
||||
(?, ?, ?, ?, ?)
|
||||
VALUES (?, ?, ?, ?, ?)
|
||||
`
|
||||
_, err = db.Exec(query, user.UserName, string(hashedPass), user.FirstName, user.LastName, user.Role)
|
||||
if err != nil {
|
||||
@ -58,10 +57,9 @@ func (db *DB) GetID(userName string) (int64, error) {
|
||||
var id int64
|
||||
|
||||
query := `
|
||||
SELECT id FROM
|
||||
users
|
||||
WHERE
|
||||
username = ?
|
||||
SELECT id
|
||||
FROM users
|
||||
WHERE username = ?
|
||||
`
|
||||
row := db.QueryRow(query, userName)
|
||||
if err := row.Scan(&id); err != nil {
|
||||
@ -75,10 +73,9 @@ func (db *DB) CheckPassword(id int64, pass string) error {
|
||||
var queriedPass string
|
||||
|
||||
query := `
|
||||
SELECT password FROM
|
||||
users
|
||||
WHERE
|
||||
id = ?
|
||||
SELECT password
|
||||
FROM users
|
||||
WHERE id = ?
|
||||
`
|
||||
row := db.QueryRow(query, id)
|
||||
if err := row.Scan(&queriedPass); err != nil {
|
||||
@ -103,10 +100,9 @@ func (db *DB) ChangePassword(id int64, oldPass, newPass string) error {
|
||||
}
|
||||
|
||||
query := `
|
||||
UPDATE users SET
|
||||
password = ?
|
||||
WHERE
|
||||
id = ?
|
||||
UPDATE users
|
||||
SET password = ?
|
||||
WHERE id = ?
|
||||
`
|
||||
_, err = db.Exec(query, string(newHashedPass), id)
|
||||
if err != nil {
|
||||
@ -127,3 +123,21 @@ func (db *DB) CountEntries() (int64, error) {
|
||||
|
||||
return count, nil
|
||||
}
|
||||
|
||||
// TODO: No need for ID field in general
|
||||
func (db *DB) GetUser(id int64) (*User, error) {
|
||||
user := new(User)
|
||||
query := `
|
||||
SELECT id, username, first_name, last_name, role
|
||||
FROM users
|
||||
WHERE id = ?
|
||||
`
|
||||
|
||||
row := db.QueryRow(query, id)
|
||||
if err := row.Scan(&user.ID, &user.UserName, &user.FirstName,
|
||||
&user.LastName, &user.Role); err != nil {
|
||||
return nil, fmt.Errorf("error reading user information: %v", err)
|
||||
}
|
||||
|
||||
return user, nil
|
||||
}
|
||||
|
||||
66
cmd/data/sessions.go
Normal file
66
cmd/data/sessions.go
Normal file
@ -0,0 +1,66 @@
|
||||
package data
|
||||
|
||||
import (
|
||||
"crypto/rand"
|
||||
"encoding/gob"
|
||||
"fmt"
|
||||
"io"
|
||||
"os"
|
||||
|
||||
"github.com/gorilla/sessions"
|
||||
)
|
||||
|
||||
type CookieStore struct {
|
||||
sessions.CookieStore
|
||||
}
|
||||
|
||||
func NewKey() ([]byte, error) {
|
||||
key := make([]byte, 32)
|
||||
|
||||
_, err := io.ReadFull(rand.Reader, key)
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("error generating key: %v", err)
|
||||
}
|
||||
|
||||
return key, nil
|
||||
}
|
||||
|
||||
func SaveKey(key []byte, filename string) error {
|
||||
file, err := os.Create(filename)
|
||||
if err != nil {
|
||||
return fmt.Errorf("error creating key file: %v", err)
|
||||
}
|
||||
defer file.Close()
|
||||
file.Chmod(0600)
|
||||
|
||||
encoder := gob.NewEncoder(file)
|
||||
err = encoder.Encode(key)
|
||||
if err != nil {
|
||||
return fmt.Errorf("error ecoding key: %v", err)
|
||||
}
|
||||
|
||||
return nil
|
||||
}
|
||||
|
||||
func LoadKey(filename string) ([]byte, error) {
|
||||
file, err := os.Open(filename)
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("error opening key file: %v", err)
|
||||
}
|
||||
|
||||
key := make([]byte, 32)
|
||||
decoder := gob.NewDecoder(file)
|
||||
err = decoder.Decode(&key)
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("error decoding key: %v", err)
|
||||
}
|
||||
|
||||
return key, nil
|
||||
}
|
||||
|
||||
func NewCookieStore(key []byte) *CookieStore {
|
||||
store := sessions.NewCookieStore(key)
|
||||
store.Options.Secure = true
|
||||
store.Options.HttpOnly = true
|
||||
return &CookieStore{*store}
|
||||
}
|
||||
@ -6,13 +6,11 @@ const (
|
||||
Writer
|
||||
)
|
||||
|
||||
type Role int
|
||||
|
||||
type User struct {
|
||||
UserName string
|
||||
FirstName string
|
||||
LastName string
|
||||
RejectedArticles []*Article
|
||||
ID int64
|
||||
Role
|
||||
Role int
|
||||
}
|
||||
|
||||
@ -38,31 +38,6 @@ func checkUserStrings(user data.User) (string, int, bool) {
|
||||
}
|
||||
}
|
||||
|
||||
func HomePage(db *data.DB) http.HandlerFunc {
|
||||
return func(w http.ResponseWriter, r *http.Request) {
|
||||
numRows, err := db.CountEntries()
|
||||
if err != nil {
|
||||
log.Fatalln(err)
|
||||
}
|
||||
|
||||
if numRows == 0 {
|
||||
files := []string{
|
||||
"web/templates/index.html",
|
||||
"web/templates/add-user.html",
|
||||
}
|
||||
tmpl, err := template.ParseFiles(files...)
|
||||
template.Must(tmpl, err).Execute(w, nil)
|
||||
} else {
|
||||
files := []string{
|
||||
"web/templates/index.html",
|
||||
"web/templates/login.html",
|
||||
}
|
||||
tmpl, err := template.ParseFiles(files...)
|
||||
template.Must(tmpl, err).Execute(w, nil)
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
func CreateUser() http.HandlerFunc {
|
||||
return func(w http.ResponseWriter, r *http.Request) {
|
||||
tmpl, err := template.ParseFiles("web/templates/add-user.html")
|
||||
@ -84,7 +59,7 @@ func AddUser(db *data.DB) http.HandlerFunc {
|
||||
UserName: r.PostFormValue("username"),
|
||||
FirstName: r.PostFormValue("first-name"),
|
||||
LastName: r.PostFormValue("last-name"),
|
||||
Role: data.Role(role),
|
||||
Role: role,
|
||||
},
|
||||
}
|
||||
pass := r.PostFormValue("password")
|
||||
|
||||
@ -11,21 +11,26 @@ import (
|
||||
"streifling.com/jason/cpolis/cmd/data"
|
||||
)
|
||||
|
||||
func ShowHub() http.HandlerFunc {
|
||||
func ShowHub(s *data.CookieStore) http.HandlerFunc {
|
||||
return func(w http.ResponseWriter, r *http.Request) {
|
||||
session, err := s.Get(r, "cookie")
|
||||
if err != nil {
|
||||
tmpl, err := template.ParseFiles("web/templates/login.html")
|
||||
msg := "Session nicht mehr gültig. Bitte erneut anmelden."
|
||||
template.Must(tmpl, err).ExecuteTemplate(w, "page-content", msg)
|
||||
}
|
||||
|
||||
tmpl, err := template.ParseFiles("web/templates/hub.html")
|
||||
template.Must(tmpl, err).ExecuteTemplate(w, "page-content", nil)
|
||||
template.Must(tmpl, err).ExecuteTemplate(w, "page-content", session.Values["role"])
|
||||
}
|
||||
}
|
||||
|
||||
func WriteArticle() http.HandlerFunc {
|
||||
return func(w http.ResponseWriter, r *http.Request) {
|
||||
tmpl, err := template.ParseFiles("web/templates/editor.html")
|
||||
template.Must(tmpl, err).ExecuteTemplate(w, "page-content", nil)
|
||||
}
|
||||
func WriteArticle(w http.ResponseWriter, r *http.Request) {
|
||||
tmpl, err := template.ParseFiles("web/templates/editor.html")
|
||||
template.Must(tmpl, err).ExecuteTemplate(w, "page-content", nil)
|
||||
}
|
||||
|
||||
func FinishArticle(l *data.ArticleList) http.HandlerFunc {
|
||||
func FinishArticle(l *data.ArticleList, s *data.CookieStore) http.HandlerFunc {
|
||||
return func(w http.ResponseWriter, r *http.Request) {
|
||||
article := new(data.Article)
|
||||
var err error
|
||||
@ -51,13 +56,23 @@ func FinishArticle(l *data.ArticleList) http.HandlerFunc {
|
||||
return
|
||||
}
|
||||
|
||||
session, err := s.Get(r, "cookie")
|
||||
if err != nil {
|
||||
tmpl, err := template.ParseFiles("web/templates/login.html")
|
||||
msg := "Session nicht mehr gültig. Bitte erneut anmelden."
|
||||
template.Must(tmpl, err).ExecuteTemplate(w, "page-content", msg)
|
||||
}
|
||||
|
||||
article.UUID = uuid.New()
|
||||
article.Author = session.Values["name"].(string)
|
||||
article.Created = time.Now()
|
||||
article.AuthorID = session.Values["id"].(int64)
|
||||
|
||||
l.Add(article)
|
||||
|
||||
tmpl, err := template.ParseFiles("web/templates/hub.html")
|
||||
template.Must(tmpl, err).ExecuteTemplate(w, "page-content", nil)
|
||||
tmpl = template.Must(tmpl, err)
|
||||
tmpl.ExecuteTemplate(w, "page-content", session.Values["role"])
|
||||
}
|
||||
}
|
||||
|
||||
@ -68,7 +83,7 @@ func ShowUnpublishedArticles(l *data.ArticleList) http.HandlerFunc {
|
||||
}
|
||||
}
|
||||
|
||||
func ReviewArticle(l *data.ArticleList) http.HandlerFunc {
|
||||
func ReviewArticle(l *data.ArticleList, s *data.CookieStore) http.HandlerFunc {
|
||||
return func(w http.ResponseWriter, r *http.Request) {
|
||||
uuid, err := uuid.Parse(r.PostFormValue("uuid"))
|
||||
if err != nil {
|
||||
@ -84,12 +99,21 @@ func ReviewArticle(l *data.ArticleList) http.HandlerFunc {
|
||||
return
|
||||
}
|
||||
}
|
||||
|
||||
session, err := s.Get(r, "cookie")
|
||||
if err != nil {
|
||||
tmpl, err := template.ParseFiles("web/templates/login.html")
|
||||
msg := "Session nicht mehr gültig. Bitte erneut anmelden."
|
||||
template.Must(tmpl, err).ExecuteTemplate(w, "page-content", msg)
|
||||
}
|
||||
|
||||
tmpl, err := template.ParseFiles("web/templates/hub.html")
|
||||
template.Must(tmpl, err).ExecuteTemplate(w, "page-content", nil)
|
||||
tmpl = template.Must(tmpl, err)
|
||||
tmpl.ExecuteTemplate(w, "page-content", session.Values["role"])
|
||||
}
|
||||
}
|
||||
|
||||
func PublishArticle(f *data.Feed, l *data.ArticleList) http.HandlerFunc {
|
||||
func PublishArticle(f *data.Feed, l *data.ArticleList, s *data.CookieStore) http.HandlerFunc {
|
||||
return func(w http.ResponseWriter, r *http.Request) {
|
||||
uuid, err := uuid.Parse(r.PostFormValue("uuid"))
|
||||
if err != nil {
|
||||
@ -115,7 +139,15 @@ func PublishArticle(f *data.Feed, l *data.ArticleList) http.HandlerFunc {
|
||||
})
|
||||
f.Save("tmp/rss.gob")
|
||||
|
||||
session, err := s.Get(r, "cookie")
|
||||
if err != nil {
|
||||
tmpl, err := template.ParseFiles("web/templates/login.html")
|
||||
msg := "Session nicht mehr gültig. Bitte erneut anmelden."
|
||||
template.Must(tmpl, err).ExecuteTemplate(w, "page-content", msg)
|
||||
}
|
||||
|
||||
tmpl, err := template.ParseFiles("web/templates/hub.html")
|
||||
template.Must(tmpl, err).ExecuteTemplate(w, "page-content", nil)
|
||||
tmpl = template.Must(tmpl, err)
|
||||
tmpl.ExecuteTemplate(w, "page-content", session.Values["role"])
|
||||
}
|
||||
}
|
||||
|
||||
@ -1,32 +0,0 @@
|
||||
package ui
|
||||
|
||||
import (
|
||||
"html/template"
|
||||
"log"
|
||||
"net/http"
|
||||
|
||||
"streifling.com/jason/cpolis/cmd/data"
|
||||
)
|
||||
|
||||
func Login(db *data.DB) http.HandlerFunc {
|
||||
return func(w http.ResponseWriter, r *http.Request) {
|
||||
user := r.PostFormValue("username")
|
||||
pass := r.PostFormValue("password")
|
||||
|
||||
id, err := db.GetID(user)
|
||||
if err != nil {
|
||||
log.Println(err)
|
||||
http.Error(w, err.Error(), http.StatusInternalServerError)
|
||||
return
|
||||
}
|
||||
|
||||
if err := db.CheckPassword(id, pass); err != nil {
|
||||
log.Println(err)
|
||||
http.Error(w, err.Error(), http.StatusInternalServerError)
|
||||
return
|
||||
}
|
||||
|
||||
tmpl, err := template.ParseFiles("web/templates/hub.html")
|
||||
template.Must(tmpl, err).ExecuteTemplate(w, "page-content", nil)
|
||||
}
|
||||
}
|
||||
83
cmd/ui/sessions.go
Normal file
83
cmd/ui/sessions.go
Normal file
@ -0,0 +1,83 @@
|
||||
package ui
|
||||
|
||||
import (
|
||||
"html/template"
|
||||
"log"
|
||||
"net/http"
|
||||
|
||||
"streifling.com/jason/cpolis/cmd/data"
|
||||
)
|
||||
|
||||
func HomePage(db *data.DB, s *data.CookieStore) http.HandlerFunc {
|
||||
return func(w http.ResponseWriter, r *http.Request) {
|
||||
numRows, err := db.CountEntries()
|
||||
if err != nil {
|
||||
log.Fatalln(err)
|
||||
}
|
||||
|
||||
files := []string{"web/templates/index.html"}
|
||||
if numRows == 0 {
|
||||
files = append(files, "web/templates/add-user.html")
|
||||
tmpl, err := template.ParseFiles(files...)
|
||||
template.Must(tmpl, err).Execute(w, nil)
|
||||
} else {
|
||||
session, _ := s.Get(r, "cookie")
|
||||
if auth, ok := session.Values["authenticated"].(bool); auth && ok {
|
||||
files = append(files, "web/templates/hub.html")
|
||||
tmpl, err := template.ParseFiles(files...)
|
||||
template.Must(tmpl, err).Execute(w, session.Values["role"])
|
||||
} else {
|
||||
files = append(files, "web/templates/login.html")
|
||||
tmpl, err := template.ParseFiles(files...)
|
||||
template.Must(tmpl, err).Execute(w, nil)
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
func Login(db *data.DB, s *data.CookieStore) http.HandlerFunc {
|
||||
return func(w http.ResponseWriter, r *http.Request) {
|
||||
userName := r.PostFormValue("username")
|
||||
password := r.PostFormValue("password")
|
||||
|
||||
id, err := db.GetID(userName)
|
||||
if err != nil {
|
||||
log.Println(err)
|
||||
http.Error(w, err.Error(), http.StatusInternalServerError)
|
||||
return
|
||||
}
|
||||
|
||||
if err := db.CheckPassword(id, password); err != nil {
|
||||
log.Println(err)
|
||||
http.Error(w, err.Error(), http.StatusInternalServerError)
|
||||
return
|
||||
}
|
||||
|
||||
user, err := db.GetUser(id)
|
||||
if err != nil {
|
||||
log.Println(err)
|
||||
http.Error(w, err.Error(), http.StatusInternalServerError)
|
||||
return
|
||||
}
|
||||
|
||||
session, err := s.Get(r, "cookie")
|
||||
if err != nil {
|
||||
log.Println(err)
|
||||
http.Error(w, err.Error(), http.StatusBadRequest)
|
||||
return
|
||||
}
|
||||
|
||||
session.Values["authenticated"] = true
|
||||
session.Values["id"] = user.ID
|
||||
session.Values["name"] = user.FirstName + user.LastName
|
||||
session.Values["role"] = user.Role
|
||||
if err := session.Save(r, w); err != nil {
|
||||
log.Println(err)
|
||||
http.Error(w, err.Error(), http.StatusInternalServerError)
|
||||
return
|
||||
}
|
||||
|
||||
tmpl, err := template.ParseFiles("web/templates/hub.html")
|
||||
template.Must(tmpl, err).ExecuteTemplate(w, "page-content", user.Role)
|
||||
}
|
||||
}
|
||||
Reference in New Issue
Block a user