diff options
| author | Steve Manuel <nilslice@gmail.com> | 2016-10-06 03:14:10 -0700 |
|---|---|---|
| committer | Steve Manuel <nilslice@gmail.com> | 2016-10-06 03:14:10 -0700 |
| commit | c0ba07669d8403f428ec250e3f3da74844c6c587 (patch) | |
| tree | 94313747d9abea02b2f3b01c06308225d9db5e4a /system/admin/handlers.go | |
| parent | 698173a6176762f966be0abd1dc77b85e482a03a (diff) | |
adding authentication & token-based persistence for users, init setup for first-use, pulling out some handlers into separate file for readability and navigation
Diffstat (limited to 'system/admin/handlers.go')
| -rw-r--r-- | system/admin/handlers.go | 127 |
1 files changed, 127 insertions, 0 deletions
diff --git a/system/admin/handlers.go b/system/admin/handlers.go new file mode 100644 index 0000000..9ff39c3 --- /dev/null +++ b/system/admin/handlers.go @@ -0,0 +1,127 @@ +package admin + +import ( + "encoding/json" + "fmt" + "net/http" + "strings" + "time" + + "github.com/nilslice/cms/system/admin/user" + "github.com/nilslice/cms/system/db" + "github.com/nilslice/jwt" +) + +func adminHandler(res http.ResponseWriter, req *http.Request) { + view, err := Admin(nil) + if err != nil { + fmt.Println(err) + res.WriteHeader(http.StatusInternalServerError) + return + } + + res.Header().Set("Content-Type", "text/html") + res.Write(view) +} + +func loginHandler(res http.ResponseWriter, req *http.Request) { + if !db.SystemInitComplete() { + redir := req.URL.Scheme + req.URL.Host + "/admin/init" + http.Redirect(res, req, redir, http.StatusFound) + return + } + + switch req.Method { + case http.MethodGet: + if user.IsValid(req) { + http.Redirect(res, req, req.URL.Scheme+req.URL.Host+"/admin", http.StatusFound) + return + } + + view, err := Login() + if err != nil { + fmt.Println(err) + res.WriteHeader(http.StatusInternalServerError) + return + } + + res.Header().Set("Content-Type", "text/html") + res.Write(view) + + case http.MethodPost: + if user.IsValid(req) { + http.Redirect(res, req, req.URL.Scheme+req.URL.Host+"/admin", http.StatusFound) + return + } + + err := req.ParseForm() + if err != nil { + fmt.Println(err) + res.WriteHeader(http.StatusInternalServerError) + return + } + + fmt.Println(req.FormValue("email")) + fmt.Println(req.FormValue("password")) + + // check email & password + j, err := db.User(req.FormValue("email")) + if err != nil { + fmt.Println(err) + res.WriteHeader(http.StatusInternalServerError) + return + } + + if j == nil { + fmt.Println(err) + res.WriteHeader(http.StatusBadRequest) + fmt.Println("j == nil") + return + } + + usr := &user.User{} + err = json.Unmarshal(j, usr) + if err != nil { + fmt.Println(err) + res.WriteHeader(http.StatusInternalServerError) + return + } + + if !user.IsUser(usr, req.FormValue("password")) { + res.WriteHeader(http.StatusBadRequest) + fmt.Println("!IsUser") + return + } + // create new token + week := time.Now().Add(time.Hour * 24 * 7) + claims := map[string]interface{}{ + "exp": week, + "user": usr.Email, + } + token, err := jwt.New(claims) + if err != nil { + fmt.Println(err) + res.WriteHeader(http.StatusInternalServerError) + return + } + + // add it to cookie +1 week expiration + http.SetCookie(res, &http.Cookie{ + Name: "_token", + Value: token, + Expires: week, + }) + + http.Redirect(res, req, strings.TrimSuffix(req.URL.String(), "/login"), http.StatusFound) + } +} + +func logoutHandler(res http.ResponseWriter, req *http.Request) { + http.SetCookie(res, &http.Cookie{ + Name: "_token", + Expires: time.Unix(0, 0), + Value: "", + }) + + http.Redirect(res, req, req.URL.Scheme+req.URL.Host+"/admin/login", http.StatusFound) +} |