2023-03-14 15:22:52 +00:00
|
|
|
package web
|
|
|
|
|
|
|
|
import (
|
2023-04-03 23:16:22 +00:00
|
|
|
"errors"
|
2023-03-14 15:22:52 +00:00
|
|
|
"github.com/labstack/echo/v4"
|
2023-04-03 23:16:22 +00:00
|
|
|
"github.com/rs/zerolog/log"
|
|
|
|
"gorm.io/gorm"
|
2023-03-14 15:22:52 +00:00
|
|
|
"opengist/internal/models"
|
|
|
|
)
|
|
|
|
|
|
|
|
func register(ctx echo.Context) error {
|
|
|
|
setData(ctx, "title", "New account")
|
|
|
|
setData(ctx, "htmlTitle", "New account")
|
|
|
|
return html(ctx, "auth_form.html")
|
|
|
|
}
|
|
|
|
|
|
|
|
func processRegister(ctx echo.Context) error {
|
2023-04-16 22:17:06 +00:00
|
|
|
if getData(ctx, "signupDisabled") == true {
|
2023-03-14 15:22:52 +00:00
|
|
|
return errorRes(403, "Signing up is disabled", nil)
|
|
|
|
}
|
|
|
|
|
|
|
|
setData(ctx, "title", "New account")
|
|
|
|
setData(ctx, "htmlTitle", "New account")
|
|
|
|
|
|
|
|
sess := getSession(ctx)
|
|
|
|
|
2023-03-17 13:56:39 +00:00
|
|
|
var dto = new(models.UserDTO)
|
|
|
|
if err := ctx.Bind(dto); err != nil {
|
2023-03-14 15:22:52 +00:00
|
|
|
return errorRes(400, "Cannot bind data", err)
|
|
|
|
}
|
|
|
|
|
2023-03-17 13:56:39 +00:00
|
|
|
if err := ctx.Validate(dto); err != nil {
|
2023-03-14 15:22:52 +00:00
|
|
|
addFlash(ctx, validationMessages(&err), "error")
|
|
|
|
return html(ctx, "auth_form.html")
|
|
|
|
}
|
|
|
|
|
2023-03-17 13:56:39 +00:00
|
|
|
if exists, err := models.UserExists(dto.Username); err != nil || exists {
|
|
|
|
addFlash(ctx, "Username already exists", "error")
|
|
|
|
return html(ctx, "auth_form.html")
|
|
|
|
}
|
|
|
|
|
|
|
|
user := dto.ToUser()
|
|
|
|
|
2023-03-14 15:22:52 +00:00
|
|
|
password, err := argon2id.hash(user.Password)
|
|
|
|
if err != nil {
|
|
|
|
return errorRes(500, "Cannot hash password", err)
|
|
|
|
}
|
|
|
|
user.Password = password
|
|
|
|
|
2023-03-17 13:56:39 +00:00
|
|
|
if err = user.Create(); err != nil {
|
2023-03-14 15:22:52 +00:00
|
|
|
return errorRes(500, "Cannot create user", err)
|
|
|
|
}
|
|
|
|
|
|
|
|
if user.ID == 1 {
|
2023-03-17 13:56:39 +00:00
|
|
|
if err = user.SetAdmin(); err != nil {
|
2023-03-14 15:22:52 +00:00
|
|
|
return errorRes(500, "Cannot set user admin", err)
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
sess.Values["user"] = user.ID
|
|
|
|
saveSession(sess, ctx)
|
|
|
|
|
|
|
|
return redirect(ctx, "/")
|
|
|
|
}
|
|
|
|
|
|
|
|
func login(ctx echo.Context) error {
|
|
|
|
setData(ctx, "title", "Login")
|
|
|
|
setData(ctx, "htmlTitle", "Login")
|
|
|
|
return html(ctx, "auth_form.html")
|
|
|
|
}
|
|
|
|
|
|
|
|
func processLogin(ctx echo.Context) error {
|
2023-03-17 13:56:39 +00:00
|
|
|
var err error
|
2023-03-14 15:22:52 +00:00
|
|
|
sess := getSession(ctx)
|
|
|
|
|
2023-03-17 13:56:39 +00:00
|
|
|
dto := &models.UserDTO{}
|
|
|
|
if err = ctx.Bind(dto); err != nil {
|
2023-03-14 15:22:52 +00:00
|
|
|
return errorRes(400, "Cannot bind data", err)
|
|
|
|
}
|
2023-03-17 13:56:39 +00:00
|
|
|
password := dto.Password
|
|
|
|
|
|
|
|
var user *models.User
|
2023-03-14 15:22:52 +00:00
|
|
|
|
2023-03-17 13:56:39 +00:00
|
|
|
if user, err = models.GetUserByUsername(dto.Username); err != nil {
|
2023-04-03 23:16:22 +00:00
|
|
|
if !errors.Is(err, gorm.ErrRecordNotFound) {
|
|
|
|
return errorRes(500, "Cannot get user", err)
|
|
|
|
}
|
|
|
|
log.Warn().Msg("Invalid HTTP authentication attempt from " + ctx.RealIP())
|
2023-03-14 15:22:52 +00:00
|
|
|
addFlash(ctx, "Invalid credentials", "error")
|
|
|
|
return redirect(ctx, "/login")
|
|
|
|
}
|
|
|
|
|
|
|
|
if ok, err := argon2id.verify(password, user.Password); !ok {
|
|
|
|
if err != nil {
|
|
|
|
return errorRes(500, "Cannot check for password", err)
|
|
|
|
}
|
2023-04-03 23:16:22 +00:00
|
|
|
log.Warn().Msg("Invalid HTTP authentication attempt from " + ctx.RealIP())
|
2023-03-14 15:22:52 +00:00
|
|
|
addFlash(ctx, "Invalid credentials", "error")
|
|
|
|
return redirect(ctx, "/login")
|
|
|
|
}
|
|
|
|
|
|
|
|
sess.Values["user"] = user.ID
|
|
|
|
saveSession(sess, ctx)
|
|
|
|
deleteCsrfCookie(ctx)
|
|
|
|
|
|
|
|
return redirect(ctx, "/")
|
|
|
|
}
|
|
|
|
|
|
|
|
func logout(ctx echo.Context) error {
|
|
|
|
deleteSession(ctx)
|
|
|
|
deleteCsrfCookie(ctx)
|
|
|
|
return redirect(ctx, "/all")
|
|
|
|
}
|