272 lines
7.1 KiB
Go
272 lines
7.1 KiB
Go
package handlers
|
|
|
|
import (
|
|
"context"
|
|
"fmt"
|
|
"log"
|
|
"net/http"
|
|
"strings"
|
|
"time"
|
|
|
|
"tankstopp/internal/auth"
|
|
"tankstopp/internal/currency"
|
|
"tankstopp/internal/models"
|
|
"tankstopp/internal/views/pages"
|
|
)
|
|
|
|
// RootHandler redirects to appropriate page based on authentication status
|
|
func (h *Handler) RootHandler(w http.ResponseWriter, r *http.Request) {
|
|
// Check if user is authenticated
|
|
sessionID, err := auth.GetSessionCookie(r)
|
|
if err != nil {
|
|
http.Redirect(w, r, "/login", http.StatusSeeOther)
|
|
return
|
|
}
|
|
|
|
_, exists := h.sessionManager.GetSession(sessionID)
|
|
if !exists {
|
|
http.Redirect(w, r, "/login", http.StatusSeeOther)
|
|
return
|
|
}
|
|
|
|
// User is authenticated, redirect to dashboard
|
|
http.Redirect(w, r, "/dashboard", http.StatusSeeOther)
|
|
}
|
|
|
|
// LoginHandler handles user authentication
|
|
func (h *Handler) LoginHandler(w http.ResponseWriter, r *http.Request) {
|
|
switch r.Method {
|
|
case "GET":
|
|
component := pages.LoginPage("")
|
|
|
|
w.Header().Set("Content-Type", "text/html")
|
|
err := component.Render(r.Context(), w)
|
|
if err != nil {
|
|
log.Printf("Error rendering template: %v", err)
|
|
http.Error(w, "Internal server error", http.StatusInternalServerError)
|
|
}
|
|
case "POST":
|
|
h.handleLogin(w, r)
|
|
default:
|
|
http.Error(w, "Method not allowed", http.StatusMethodNotAllowed)
|
|
}
|
|
}
|
|
|
|
// handleLogin processes login form submission
|
|
func (h *Handler) handleLogin(w http.ResponseWriter, r *http.Request) {
|
|
err := r.ParseForm()
|
|
if err != nil {
|
|
log.Printf("Error parsing form: %v", err)
|
|
h.renderLoginWithError(w, "Invalid form data")
|
|
return
|
|
}
|
|
|
|
username := strings.TrimSpace(r.FormValue("username"))
|
|
password := r.FormValue("password")
|
|
|
|
if username == "" || password == "" {
|
|
h.renderLoginWithError(w, "Username and password are required")
|
|
return
|
|
}
|
|
|
|
// Get user from database
|
|
user, err := h.db.GetUserByUsername(username)
|
|
if err != nil {
|
|
log.Printf("Error getting user: %v", err)
|
|
h.renderLoginWithError(w, "Invalid username or password")
|
|
return
|
|
}
|
|
|
|
// Check if user exists
|
|
if user == nil {
|
|
h.renderLoginWithError(w, "Invalid username or password")
|
|
return
|
|
}
|
|
|
|
// Check password
|
|
if !user.CheckPassword(password) {
|
|
h.renderLoginWithError(w, "Invalid username or password")
|
|
return
|
|
}
|
|
|
|
// Create session
|
|
session := h.sessionManager.CreateSession(int(user.ID), user.Username)
|
|
|
|
// Set session cookie
|
|
cookie := &http.Cookie{
|
|
Name: "session_id",
|
|
Value: session.ID,
|
|
Path: "/",
|
|
HttpOnly: true,
|
|
Secure: false, // Set to true in production with HTTPS
|
|
SameSite: http.SameSiteStrictMode,
|
|
Expires: session.ExpiresAt,
|
|
}
|
|
http.SetCookie(w, cookie)
|
|
|
|
// Redirect to dashboard
|
|
http.Redirect(w, r, "/dashboard", http.StatusSeeOther)
|
|
}
|
|
|
|
// renderLoginWithError renders the login page with an error message
|
|
func (h *Handler) renderLoginWithError(w http.ResponseWriter, errorMsg string) {
|
|
component := pages.LoginPage(errorMsg)
|
|
|
|
w.Header().Set("Content-Type", "text/html")
|
|
err := component.Render(context.Background(), w)
|
|
if err != nil {
|
|
log.Printf("Error rendering template: %v", err)
|
|
http.Error(w, "Internal server error", http.StatusInternalServerError)
|
|
}
|
|
}
|
|
|
|
// RegisterHandler handles user registration
|
|
func (h *Handler) RegisterHandler(w http.ResponseWriter, r *http.Request) {
|
|
switch r.Method {
|
|
case "GET":
|
|
component := pages.RegisterPage("")
|
|
|
|
w.Header().Set("Content-Type", "text/html")
|
|
err := component.Render(r.Context(), w)
|
|
if err != nil {
|
|
log.Printf("Error rendering template: %v", err)
|
|
http.Error(w, "Internal server error", http.StatusInternalServerError)
|
|
}
|
|
case "POST":
|
|
h.handleRegister(w, r)
|
|
default:
|
|
http.Error(w, "Method not allowed", http.StatusMethodNotAllowed)
|
|
}
|
|
}
|
|
|
|
// handleRegister processes registration form submission
|
|
func (h *Handler) handleRegister(w http.ResponseWriter, r *http.Request) {
|
|
err := r.ParseForm()
|
|
if err != nil {
|
|
log.Printf("Error parsing form: %v", err)
|
|
h.renderRegisterWithError(w, "Invalid form data")
|
|
return
|
|
}
|
|
|
|
// Parse form data
|
|
form := models.UserRegistrationForm{
|
|
Username: strings.TrimSpace(r.FormValue("username")),
|
|
Email: strings.TrimSpace(r.FormValue("email")),
|
|
Password: r.FormValue("password"),
|
|
ConfirmPassword: r.FormValue("confirm_password"),
|
|
BaseCurrency: r.FormValue("base_currency"),
|
|
}
|
|
|
|
// Validate form
|
|
if err := h.validateRegistrationForm(&form); err != nil {
|
|
h.renderRegisterWithError(w, err.Error())
|
|
return
|
|
}
|
|
|
|
// Convert form to user
|
|
user, err := form.ToUser()
|
|
if err != nil {
|
|
log.Printf("Error converting form to user: %v", err)
|
|
h.renderRegisterWithError(w, "Failed to create user")
|
|
return
|
|
}
|
|
|
|
// Create user in database
|
|
err = h.db.CreateUser(user)
|
|
if err != nil {
|
|
log.Printf("Error creating user: %v", err)
|
|
if strings.Contains(err.Error(), "UNIQUE constraint failed") {
|
|
h.renderRegisterWithError(w, "Username or email already exists")
|
|
} else {
|
|
h.renderRegisterWithError(w, "Failed to create account")
|
|
}
|
|
return
|
|
}
|
|
|
|
// Redirect to login with success message
|
|
http.Redirect(w, r, "/login?success=Account+created+successfully", http.StatusSeeOther)
|
|
}
|
|
|
|
// validateRegistrationForm validates the registration form data
|
|
func (h *Handler) validateRegistrationForm(form *models.UserRegistrationForm) error {
|
|
if form.Username == "" {
|
|
return fmt.Errorf("Username is required")
|
|
}
|
|
|
|
if len(form.Username) < 3 {
|
|
return fmt.Errorf("Username must be at least 3 characters long")
|
|
}
|
|
|
|
if form.Email == "" {
|
|
return fmt.Errorf("Email is required")
|
|
}
|
|
|
|
if !strings.Contains(form.Email, "@") {
|
|
return fmt.Errorf("Invalid email address")
|
|
}
|
|
|
|
if form.Password == "" {
|
|
return fmt.Errorf("Password is required")
|
|
}
|
|
|
|
if len(form.Password) < 8 {
|
|
return fmt.Errorf("Password must be at least 8 characters long")
|
|
}
|
|
|
|
if form.Password != form.ConfirmPassword {
|
|
return fmt.Errorf("Passwords do not match")
|
|
}
|
|
|
|
if form.BaseCurrency == "" {
|
|
return fmt.Errorf("Base currency is required")
|
|
}
|
|
|
|
if !currency.IsValidCurrency(form.BaseCurrency) {
|
|
return fmt.Errorf("Invalid currency")
|
|
}
|
|
|
|
return nil
|
|
}
|
|
|
|
// renderRegisterWithError renders the registration page with an error message
|
|
func (h *Handler) renderRegisterWithError(w http.ResponseWriter, errorMsg string) {
|
|
component := pages.RegisterPage(errorMsg)
|
|
|
|
w.Header().Set("Content-Type", "text/html")
|
|
err := component.Render(context.Background(), w)
|
|
if err != nil {
|
|
log.Printf("Error rendering template: %v", err)
|
|
http.Error(w, "Internal server error", http.StatusInternalServerError)
|
|
}
|
|
}
|
|
|
|
// LogoutHandler handles user logout
|
|
func (h *Handler) LogoutHandler(w http.ResponseWriter, r *http.Request) {
|
|
if r.Method != "POST" {
|
|
http.Error(w, "Method not allowed", http.StatusMethodNotAllowed)
|
|
return
|
|
}
|
|
|
|
// Get session cookie
|
|
sessionID, err := auth.GetSessionCookie(r)
|
|
if err == nil {
|
|
// Remove session from session manager
|
|
h.sessionManager.DeleteSession(sessionID)
|
|
}
|
|
|
|
// Clear session cookie
|
|
cookie := &http.Cookie{
|
|
Name: "session_id",
|
|
Value: "",
|
|
Path: "/",
|
|
HttpOnly: true,
|
|
Secure: false, // Set to true in production with HTTPS
|
|
SameSite: http.SameSiteStrictMode,
|
|
Expires: time.Unix(0, 0), // Expire immediately
|
|
}
|
|
http.SetCookie(w, cookie)
|
|
|
|
// Redirect to login page
|
|
http.Redirect(w, r, "/login", http.StatusSeeOther)
|
|
}
|