Add login and auth

2024-01-16 22:15:26 +01:00
parent f92e22f142
commit 0fd45ea2bd
7 changed files with 206 additions and 46 deletions
--- a/.idea/inspectionProfiles/Project_Default.xml
+++ b/.idea/inspectionProfiles/Project_Default.xml
@@ -4,10 +4,11 @@
    <inspection_tool class="HtmlUnknownAttribute" enabled="true" level="WARNING" enabled_by_default="true">
      <option name="myValues">
        <value>
-          <list size="3">
+          <list size="4">
            <item index="0" class="java.lang.String" itemvalue="hx-get" />
            <item index="1" class="java.lang.String" itemvalue="hx-target" />
            <item index="2" class="java.lang.String" itemvalue="hx-vals" />
            <item index="3" class="java.lang.String" itemvalue="hx-post" />
          </list>
        </value>
      </option>
--- a/go.mod
+++ b/go.mod
@@ -17,6 +17,8 @@ require (
 	github.com/go-playground/universal-translator v0.18.1 // indirect
 	github.com/go-playground/validator/v10 v10.14.0 // indirect
 	github.com/goccy/go-json v0.10.2 // indirect
 	github.com/gorilla/securecookie v1.1.2 // indirect
 	github.com/gorilla/sessions v1.2.2 // indirect
 	github.com/jinzhu/inflection v1.0.0 // indirect
 	github.com/jinzhu/now v1.1.5 // indirect
 	github.com/json-iterator/go v1.1.12 // indirect
--- a/go.sum
+++ b/go.sum
@@ -27,6 +27,10 @@ github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaS
 github.com/google/go-cmp v0.5.5 h1:Khx7svrCpmxxtHBq5j2mp/xVjsi8hQMfNLvJFAlrGgU=
 github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
 github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
 github.com/gorilla/securecookie v1.1.2 h1:YCIWL56dvtr73r6715mJs5ZvhtnY73hBvEF8kXD8ePA=
 github.com/gorilla/securecookie v1.1.2/go.mod h1:NfCASbcHqRSY+3a8tlWJwsQap2VX5pwzwo4h3eOamfo=
 github.com/gorilla/sessions v1.2.2 h1:lqzMYz6bOfvn2WriPUjNByzeXIlVzURcPmgMczkmTjY=
 github.com/gorilla/sessions v1.2.2/go.mod h1:ePLdVu+jbEgHH+KWw8I1z2wqd0BAdAQh/8LRvBeoNcQ=
 github.com/jinzhu/inflection v1.0.0 h1:K317FqzuhWc8YvSVlFMCCUb36O/S9MCKRDI7QkRKD/E=
 github.com/jinzhu/inflection v1.0.0/go.mod h1:h+uFLlag+Qp1Va5pdKtLDYj+kHp5pxUVkryuEj+Srlc=
 github.com/jinzhu/now v1.1.5 h1:/o9tlHleP7gOFmsnYNz3RGnqzefHA47wQpKrrdTIwXQ=
--- a/main.go
+++ b/main.go
@@ -4,17 +4,27 @@ import (
 	"InfrantrySkillCalculator/controllers"
 	"InfrantrySkillCalculator/models"
 	"InfrantrySkillCalculator/utils"
 	"fmt"
 	"github.com/gin-gonic/gin"
 	"github.com/gorilla/sessions"
 	_ "github.com/gorilla/sessions"
 	"golang.org/x/crypto/bcrypt"
 	"html/template"
 	"io"
 	"log"
 	"net/http"
 	"os"
 )
 var store = sessions.NewCookieStore([]byte("f0q0qew0!)§(ds9713lsda231"))
 func main() {
 	//gin.SetMode(gin.ReleaseMode) // uncomment upon release
 	router := gin.New()
 	router.LoadHTMLGlob("templates/**/*")
 	protected := router.Group("/")
 	protected.Use(AuthRequired())
 	models.ConnectDatabase()
@@ -27,7 +37,32 @@ func main() {
 	router.Static("/static", "./static")
-	router.GET("/", func(c *gin.Context) {
+	router.GET("/login", loginPage)
 	router.POST("/login", loginPost)
 	router.GET("/logout", logout)
 	protected.GET("/", mainPage)
 	protected.GET("/clans", controllers.GetAllClans)
 	protected.GET("/clans_html", controllers.GetAllClansHTML)
 	protected.GET("/clan/:id", controllers.GetClanByID)
 	protected.POST("/clan", controllers.AddClan)
 	protected.PATCH("/clan/:id", controllers.UpdateClanByID)
 	protected.DELETE("/clan/:id", controllers.DeleteClanByID)
 	protected.GET("/players", controllers.GetAllPlayers)
 	protected.GET("/players_html", controllers.GetPlayersByClanHTML)
 	protected.GET("/player/:id", controllers.GetPlayerByID)
 	protected.GET("/playerid/:name", controllers.GetPlayerIDByName)
 	protected.POST("/player", controllers.AddPlayer)
 	protected.PATCH("/player/:id", controllers.UpdatePlayerByID)
 	protected.DELETE("/player/:id", controllers.DeletePlayerByID)
 	log.Println("Running on 8000...")
 	log.Fatal(router.Run(":8000"))
 }
 func mainPage(c *gin.Context) {
 	files := []string{
 		"./templates/index.html",
 		"./templates/components/home_clan_bar.html",
@@ -44,6 +79,9 @@ func main() {
 		"./templates/components/header.html",
 	}
 	tmpl, err := template.ParseFiles(files...)
 	if err != nil {
 		log.Fatal(err)
 	}
 	var clans []models.Clan
 	models.DB.Find(&clans)
@@ -51,31 +89,112 @@ func main() {
 	data := map[string]interface{}{
 		"clans": clans,
 	}
 		if err != nil {
 			log.Fatal(err)
 		}
 	err = tmpl.Execute(c.Writer, data)
 	if err != nil {
 		log.Fatal(err)
 	}
-	})
+}
-
+
-	router.GET("/clans", controllers.GetAllClans)
+func loginPage(c *gin.Context) {
-	router.GET("/clans_html", controllers.GetAllClansHTML)
+	session, _ := store.Get(c.Request, "session-name")
-	router.GET("/clan/:id", controllers.GetClanByID)
+
-	router.POST("/clan", controllers.AddClan)
+	if auth, ok := session.Values["authenticated"].(bool); ok && auth {
-	router.PATCH("/clan/:id", controllers.UpdateClanByID)
+		c.Redirect(http.StatusFound, "/")
-	router.DELETE("/clan/:id", controllers.DeleteClanByID)
+		return
-
+	}
-	router.GET("/players", controllers.GetAllPlayers)
+
-	router.GET("/players_html", controllers.GetPlayersByClanHTML)
+	tmpl, err := template.ParseFiles([]string{"./templates/login.html", "./templates/components/header.html"}...)
-	router.GET("/player/:id", controllers.GetPlayerByID)
+	if err != nil {
-	router.GET("/playerid/:name", controllers.GetPlayerIDByName)
+		log.Fatal(err)
-	router.POST("/player", controllers.AddPlayer)
+	}
-	router.PATCH("/player/:id", controllers.UpdatePlayerByID)
+
-	router.DELETE("/player/:id", controllers.DeletePlayerByID)
+	err = tmpl.Execute(c.Writer, nil)
-
+	if err != nil {
-	log.Println("Running on 8000...")
+		log.Fatal(err)
-	log.Fatal(router.Run(":8000"))
+	}
 }
 func loginPost(c *gin.Context) {
 	username := c.PostForm("username")
 	password := c.PostForm("password")
 	if !checkUserCredentials(username, password) {
 		c.HTML(http.StatusOK, "login_error.html", gin.H{"message": "Ungültige Logindaten!"})
 		return
 	}
 	session, _ := store.Get(c.Request, "session-name")
 	session.Values["authenticated"] = true
 	session.Values["username"] = username
 	err := session.Save(c.Request, c.Writer)
 	if err != nil {
 		c.JSON(http.StatusInternalServerError, nil)
 		return
 	}
 	c.Header("HX-Redirect", "/")
 	c.String(http.StatusOK, "")
 }
 func checkUserCredentials(username, password string) bool {
 	var hashedPassword string
 	hashedPassword, err := getUserPassword(username)
 	if err != nil {
 		return false
 	}
 	err = bcrypt.CompareHashAndPassword([]byte(hashedPassword), []byte(password))
 	return err == nil
 }
 func getUserPassword(username string) (string, error) {
 	var user models.User
 	if err := models.DB.Where("username = ?", username).First(&user).Error; err != nil {
 		log.Fatal(err)
 		return "", err
 	}
 	var hashedPW string
 	hashedPW, err := hashPassword(user.Password)
 	if err != nil {
 		log.Fatal(err)
 		return "", err
 	}
 	return hashedPW, nil
 }
 func logout(c *gin.Context) {
 	session, _ := store.Get(c.Request, "session-name")
 	session.Values["authenticated"] = false
 	err := session.Save(c.Request, c.Writer)
 	if err != nil {
 		c.JSON(http.StatusInternalServerError, nil)
 		return
 	}
 	c.Redirect(http.StatusFound, "/login")
 }
 func hashPassword(password string) (string, error) {
 	hashedPassword, err := bcrypt.GenerateFromPassword([]byte(password), bcrypt.DefaultCost)
 	if err != nil {
 		return "", fmt.Errorf("failed to hash password: %w", err)
 	}
 	return string(hashedPassword), nil
 }
 func AuthRequired() gin.HandlerFunc {
 	return func(c *gin.Context) {
 		session, _ := store.Get(c.Request, "session-name")
 		if auth, ok := session.Values["authenticated"].(bool); !ok || !auth {
 			c.Redirect(http.StatusFound, "/login")
 			c.Abort()
 			return
 		}
 		c.Next()
 	}
 }
--- a/models/user.go
+++ b/models/user.go
@@ -0,0 +1,7 @@
 package models
 type User struct {
 	Username string `json:"username" gorm:"primary_key"`
 	Password string `json:"password"`
 	Enabled  bool   `json:"enabled" default:"1"`
 }
--- a/templates/components/login_error.html
+++ b/templates/components/login_error.html
@@ -0,0 +1,3 @@
 <div class="text-danger">
    {{ .message }}
 </div>
--- a/templates/login.html
+++ b/templates/login.html
@@ -0,0 +1,24 @@
 <!DOCTYPE html>
 <html lang="de">
 <head>
    {{ template "header" . }}
 </head>
 <body data-bs-theme="dark" class="h-auto">
    <div class="container-fluid bg-dark mt-5 p-4 rounded-3 text-light text-center" style="max-width: 500px;">
        <h3>Login</h3>
        <hr>
        <form hx-post="/login" hx-target="#login-result">
            <div class="form-floating mb-3">
                <input class="form-control form-control-lg" type="text" id="username" name="username" placeholder="Username" required>
                <label for="username">Username</label>
            </div>
            <div class="form-floating">
                <input class="form-control form-control-lg" type="password" id="password" name="password" placeholder="Passwort" required>
                <label for="password">Passwort</label>
            </div>
            <button class="btn btn-lg btn-primary mt-3" type="submit">Anmelden</button>
        </form>
        <div id="login-result" class="mt-4 fs-4"></div>
    </div>
 </body>
 </html>