1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
|
package admin
import (
"encoding/json"
"fmt"
"net/http"
"strings"
"time"
"github.com/nilslice/cms/system/admin/user"
"github.com/nilslice/cms/system/db"
"github.com/nilslice/jwt"
)
func adminHandler(res http.ResponseWriter, req *http.Request) {
view, err := Admin(nil)
if err != nil {
fmt.Println(err)
res.WriteHeader(http.StatusInternalServerError)
return
}
res.Header().Set("Content-Type", "text/html")
res.Write(view)
}
func loginHandler(res http.ResponseWriter, req *http.Request) {
if !db.SystemInitComplete() {
redir := req.URL.Scheme + req.URL.Host + "/admin/init"
http.Redirect(res, req, redir, http.StatusFound)
return
}
switch req.Method {
case http.MethodGet:
if user.IsValid(req) {
http.Redirect(res, req, req.URL.Scheme+req.URL.Host+"/admin", http.StatusFound)
return
}
view, err := Login()
if err != nil {
fmt.Println(err)
res.WriteHeader(http.StatusInternalServerError)
return
}
res.Header().Set("Content-Type", "text/html")
res.Write(view)
case http.MethodPost:
if user.IsValid(req) {
http.Redirect(res, req, req.URL.Scheme+req.URL.Host+"/admin", http.StatusFound)
return
}
err := req.ParseForm()
if err != nil {
fmt.Println(err)
res.WriteHeader(http.StatusInternalServerError)
return
}
fmt.Println(req.FormValue("email"))
fmt.Println(req.FormValue("password"))
// check email & password
j, err := db.User(req.FormValue("email"))
if err != nil {
fmt.Println(err)
res.WriteHeader(http.StatusInternalServerError)
return
}
if j == nil {
fmt.Println(err)
res.WriteHeader(http.StatusBadRequest)
fmt.Println("j == nil")
return
}
usr := &user.User{}
err = json.Unmarshal(j, usr)
if err != nil {
fmt.Println(err)
res.WriteHeader(http.StatusInternalServerError)
return
}
if !user.IsUser(usr, req.FormValue("password")) {
res.WriteHeader(http.StatusBadRequest)
fmt.Println("!IsUser")
return
}
// create new token
week := time.Now().Add(time.Hour * 24 * 7)
claims := map[string]interface{}{
"exp": week,
"user": usr.Email,
}
token, err := jwt.New(claims)
if err != nil {
fmt.Println(err)
res.WriteHeader(http.StatusInternalServerError)
return
}
// add it to cookie +1 week expiration
http.SetCookie(res, &http.Cookie{
Name: "_token",
Value: token,
Expires: week,
})
http.Redirect(res, req, strings.TrimSuffix(req.URL.String(), "/login"), http.StatusFound)
}
}
func logoutHandler(res http.ResponseWriter, req *http.Request) {
http.SetCookie(res, &http.Cookie{
Name: "_token",
Expires: time.Unix(0, 0),
Value: "",
})
http.Redirect(res, req, req.URL.Scheme+req.URL.Host+"/admin/login", http.StatusFound)
}
|
