first commit

2025-07-07 01:44:12 +02:00
commit bf68bde4ce
72 changed files with 29002 additions and 0 deletions
@@ -0,0 +1,271 @@
+package handlers
+
+import (
+	"context"
+	"fmt"
+	"log"
+	"net/http"
+	"strings"
+	"time"
+
+	"tankstopp/internal/auth"
+	"tankstopp/internal/currency"
+	"tankstopp/internal/models"
+	"tankstopp/internal/views/pages"
+)
+
+// RootHandler redirects to appropriate page based on authentication status
+func (h *Handler) RootHandler(w http.ResponseWriter, r *http.Request) {
+	// Check if user is authenticated
+	sessionID, err := auth.GetSessionCookie(r)
+	if err != nil {
+		http.Redirect(w, r, "/login", http.StatusSeeOther)
+		return
+	}
+
+	_, exists := h.sessionManager.GetSession(sessionID)
+	if !exists {
+		http.Redirect(w, r, "/login", http.StatusSeeOther)
+		return
+	}
+
+	// User is authenticated, redirect to dashboard
+	http.Redirect(w, r, "/dashboard", http.StatusSeeOther)
+}
+
+// LoginHandler handles user authentication
+func (h *Handler) LoginHandler(w http.ResponseWriter, r *http.Request) {
+	switch r.Method {
+	case "GET":
+		component := pages.LoginPage("")
+
+		w.Header().Set("Content-Type", "text/html")
+		err := component.Render(r.Context(), w)
+		if err != nil {
+			log.Printf("Error rendering template: %v", err)
+			http.Error(w, "Internal server error", http.StatusInternalServerError)
+		}
+	case "POST":
+		h.handleLogin(w, r)
+	default:
+		http.Error(w, "Method not allowed", http.StatusMethodNotAllowed)
+	}
+}
+
+// handleLogin processes login form submission
+func (h *Handler) handleLogin(w http.ResponseWriter, r *http.Request) {
+	err := r.ParseForm()
+	if err != nil {
+		log.Printf("Error parsing form: %v", err)
+		h.renderLoginWithError(w, "Invalid form data")
+		return
+	}
+
+	username := strings.TrimSpace(r.FormValue("username"))
+	password := r.FormValue("password")
+
+	if username == "" || password == "" {
+		h.renderLoginWithError(w, "Username and password are required")
+		return
+	}
+
+	// Get user from database
+	user, err := h.db.GetUserByUsername(username)
+	if err != nil {
+		log.Printf("Error getting user: %v", err)
+		h.renderLoginWithError(w, "Invalid username or password")
+		return
+	}
+
+	// Check if user exists
+	if user == nil {
+		h.renderLoginWithError(w, "Invalid username or password")
+		return
+	}
+
+	// Check password
+	if !user.CheckPassword(password) {
+		h.renderLoginWithError(w, "Invalid username or password")
+		return
+	}
+
+	// Create session
+	session := h.sessionManager.CreateSession(int(user.ID), user.Username)
+
+	// Set session cookie
+	cookie := &http.Cookie{
+		Name:     "session_id",
+		Value:    session.ID,
+		Path:     "/",
+		HttpOnly: true,
+		Secure:   false, // Set to true in production with HTTPS
+		SameSite: http.SameSiteStrictMode,
+		Expires:  session.ExpiresAt,
+	}
+	http.SetCookie(w, cookie)
+
+	// Redirect to dashboard
+	http.Redirect(w, r, "/dashboard", http.StatusSeeOther)
+}
+
+// renderLoginWithError renders the login page with an error message
+func (h *Handler) renderLoginWithError(w http.ResponseWriter, errorMsg string) {
+	component := pages.LoginPage(errorMsg)
+
+	w.Header().Set("Content-Type", "text/html")
+	err := component.Render(context.Background(), w)
+	if err != nil {
+		log.Printf("Error rendering template: %v", err)
+		http.Error(w, "Internal server error", http.StatusInternalServerError)
+	}
+}
+
+// RegisterHandler handles user registration
+func (h *Handler) RegisterHandler(w http.ResponseWriter, r *http.Request) {
+	switch r.Method {
+	case "GET":
+		component := pages.RegisterPage("")
+
+		w.Header().Set("Content-Type", "text/html")
+		err := component.Render(r.Context(), w)
+		if err != nil {
+			log.Printf("Error rendering template: %v", err)
+			http.Error(w, "Internal server error", http.StatusInternalServerError)
+		}
+	case "POST":
+		h.handleRegister(w, r)
+	default:
+		http.Error(w, "Method not allowed", http.StatusMethodNotAllowed)
+	}
+}
+
+// handleRegister processes registration form submission
+func (h *Handler) handleRegister(w http.ResponseWriter, r *http.Request) {
+	err := r.ParseForm()
+	if err != nil {
+		log.Printf("Error parsing form: %v", err)
+		h.renderRegisterWithError(w, "Invalid form data")
+		return
+	}
+
+	// Parse form data
+	form := models.UserRegistrationForm{
+		Username:        strings.TrimSpace(r.FormValue("username")),
+		Email:           strings.TrimSpace(r.FormValue("email")),
+		Password:        r.FormValue("password"),
+		ConfirmPassword: r.FormValue("confirm_password"),
+		BaseCurrency:    r.FormValue("base_currency"),
+	}
+
+	// Validate form
+	if err := h.validateRegistrationForm(&form); err != nil {
+		h.renderRegisterWithError(w, err.Error())
+		return
+	}
+
+	// Convert form to user
+	user, err := form.ToUser()
+	if err != nil {
+		log.Printf("Error converting form to user: %v", err)
+		h.renderRegisterWithError(w, "Failed to create user")
+		return
+	}
+
+	// Create user in database
+	err = h.db.CreateUser(user)
+	if err != nil {
+		log.Printf("Error creating user: %v", err)
+		if strings.Contains(err.Error(), "UNIQUE constraint failed") {
+			h.renderRegisterWithError(w, "Username or email already exists")
+		} else {
+			h.renderRegisterWithError(w, "Failed to create account")
+		}
+		return
+	}
+
+	// Redirect to login with success message
+	http.Redirect(w, r, "/login?success=Account+created+successfully", http.StatusSeeOther)
+}
+
+// validateRegistrationForm validates the registration form data
+func (h *Handler) validateRegistrationForm(form *models.UserRegistrationForm) error {
+	if form.Username == "" {
+		return fmt.Errorf("Username is required")
+	}
+
+	if len(form.Username) < 3 {
+		return fmt.Errorf("Username must be at least 3 characters long")
+	}
+
+	if form.Email == "" {
+		return fmt.Errorf("Email is required")
+	}
+
+	if !strings.Contains(form.Email, "@") {
+		return fmt.Errorf("Invalid email address")
+	}
+
+	if form.Password == "" {
+		return fmt.Errorf("Password is required")
+	}
+
+	if len(form.Password) < 8 {
+		return fmt.Errorf("Password must be at least 8 characters long")
+	}
+
+	if form.Password != form.ConfirmPassword {
+		return fmt.Errorf("Passwords do not match")
+	}
+
+	if form.BaseCurrency == "" {
+		return fmt.Errorf("Base currency is required")
+	}
+
+	if !currency.IsValidCurrency(form.BaseCurrency) {
+		return fmt.Errorf("Invalid currency")
+	}
+
+	return nil
+}
+
+// renderRegisterWithError renders the registration page with an error message
+func (h *Handler) renderRegisterWithError(w http.ResponseWriter, errorMsg string) {
+	component := pages.RegisterPage(errorMsg)
+
+	w.Header().Set("Content-Type", "text/html")
+	err := component.Render(context.Background(), w)
+	if err != nil {
+		log.Printf("Error rendering template: %v", err)
+		http.Error(w, "Internal server error", http.StatusInternalServerError)
+	}
+}
+
+// LogoutHandler handles user logout
+func (h *Handler) LogoutHandler(w http.ResponseWriter, r *http.Request) {
+	if r.Method != "POST" {
+		http.Error(w, "Method not allowed", http.StatusMethodNotAllowed)
+		return
+	}
+
+	// Get session cookie
+	sessionID, err := auth.GetSessionCookie(r)
+	if err == nil {
+		// Remove session from session manager
+		h.sessionManager.DeleteSession(sessionID)
+	}
+
+	// Clear session cookie
+	cookie := &http.Cookie{
+		Name:     "session_id",
+		Value:    "",
+		Path:     "/",
+		HttpOnly: true,
+		Secure:   false, // Set to true in production with HTTPS
+		SameSite: http.SameSiteStrictMode,
+		Expires:  time.Unix(0, 0), // Expire immediately
+	}
+	http.SetCookie(w, cookie)
+
+	// Redirect to login page
+	http.Redirect(w, r, "/login", http.StatusSeeOther)
+}