diff --git a/auth.go b/auth.go new file mode 100644 index 0000000..bf541b7 --- /dev/null +++ b/auth.go @@ -0,0 +1,60 @@ +package main + +import ( + "InfrantrySkillCalculator/models" + "fmt" + "github.com/gin-gonic/gin" + "golang.org/x/crypto/bcrypt" + "log" + "net/http" +) + +func checkUserCredentials(username, password string) bool { + var hashedPassword string + + hashedPassword, err := getUserPassword(username) + if err != nil { + return false + } + + err = bcrypt.CompareHashAndPassword([]byte(hashedPassword), []byte(password)) + return err == nil +} + +func getUserPassword(username string) (string, error) { + var user models.User + + if err := models.DB.Where("username = ?", username).First(&user).Error; err != nil { + log.Fatal(err) + return "", err + } + + var hashedPW string + hashedPW, err := hashPassword(user.Password) + if err != nil { + log.Fatal(err) + return "", err + } + + return hashedPW, nil +} + +func hashPassword(password string) (string, error) { + hashedPassword, err := bcrypt.GenerateFromPassword([]byte(password), bcrypt.DefaultCost) + if err != nil { + return "", fmt.Errorf("failed to hash password: %w", err) + } + return string(hashedPassword), nil +} + +func AuthRequired() gin.HandlerFunc { + return func(c *gin.Context) { + session, _ := store.Get(c.Request, LoginSessionName) + if auth, ok := session.Values["authenticated"].(bool); !ok || !auth { + c.Redirect(http.StatusFound, "/login") + c.Abort() + return + } + c.Next() + } +} diff --git a/main.go b/main.go index 207fd24..bdb788a 100644 --- a/main.go +++ b/main.go @@ -4,20 +4,18 @@ import ( "InfrantrySkillCalculator/controllers" "InfrantrySkillCalculator/models" "InfrantrySkillCalculator/utils" - "fmt" "github.com/gin-gonic/gin" "github.com/gorilla/sessions" _ "github.com/gorilla/sessions" - "golang.org/x/crypto/bcrypt" - "html/template" "io" "log" - "net/http" "os" ) var store = sessions.NewCookieStore([]byte("f0q0qew0!)§(ds9713lsda231")) +const LoginSessionName = "session" + func main() { //gin.SetMode(gin.ReleaseMode) // uncomment upon release @@ -61,140 +59,3 @@ func main() { log.Println("Running on 8000...") log.Fatal(router.Run(":8000")) } - -func mainPage(c *gin.Context) { - files := []string{ - "./templates/index.html", - "./templates/components/home_clan_bar.html", - "./templates/components/opp_clan_bar.html", - "./templates/components/home_player_list.html", - "./templates/components/opp_player_list.html", - "./templates/components/bottom_controls.html", - "./templates/modals/delete_clan.html", - "./templates/modals/add_clan.html", - "./templates/modals/edit_clan.html", - "./templates/modals/add_player.html", - "./templates/modals/delete_player.html", - "./templates/modals/edit_player.html", - "./templates/components/header.html", - } - tmpl, err := template.ParseFiles(files...) - if err != nil { - log.Fatal(err) - } - - var clans []models.Clan - models.DB.Find(&clans) - - data := map[string]interface{}{ - "clans": clans, - } - - err = tmpl.Execute(c.Writer, data) - if err != nil { - log.Fatal(err) - } -} - -func loginPage(c *gin.Context) { - session, _ := store.Get(c.Request, "session-name") - - if auth, ok := session.Values["authenticated"].(bool); ok && auth { - c.Redirect(http.StatusFound, "/") - return - } - - tmpl, err := template.ParseFiles([]string{"./templates/login.html", "./templates/components/header.html"}...) - if err != nil { - log.Fatal(err) - } - - err = tmpl.Execute(c.Writer, nil) - if err != nil { - log.Fatal(err) - } -} - -func loginPost(c *gin.Context) { - username := c.PostForm("username") - password := c.PostForm("password") - - if !checkUserCredentials(username, password) { - c.HTML(http.StatusOK, "login_error.html", gin.H{"message": "Ungültige Logindaten!"}) - return - } - - session, _ := store.Get(c.Request, "session-name") - session.Values["authenticated"] = true - session.Values["username"] = username - err := session.Save(c.Request, c.Writer) - if err != nil { - c.JSON(http.StatusInternalServerError, nil) - return - } - - c.Header("HX-Redirect", "/") - c.String(http.StatusOK, "") -} - -func checkUserCredentials(username, password string) bool { - var hashedPassword string - - hashedPassword, err := getUserPassword(username) - if err != nil { - return false - } - - err = bcrypt.CompareHashAndPassword([]byte(hashedPassword), []byte(password)) - return err == nil -} - -func getUserPassword(username string) (string, error) { - var user models.User - - if err := models.DB.Where("username = ?", username).First(&user).Error; err != nil { - log.Fatal(err) - return "", err - } - - var hashedPW string - hashedPW, err := hashPassword(user.Password) - if err != nil { - log.Fatal(err) - return "", err - } - - return hashedPW, nil -} - -func logout(c *gin.Context) { - session, _ := store.Get(c.Request, "session-name") - session.Values["authenticated"] = false - err := session.Save(c.Request, c.Writer) - if err != nil { - c.JSON(http.StatusInternalServerError, nil) - return - } - - c.Redirect(http.StatusFound, "/login") -} - -func hashPassword(password string) (string, error) { - hashedPassword, err := bcrypt.GenerateFromPassword([]byte(password), bcrypt.DefaultCost) - if err != nil { - return "", fmt.Errorf("failed to hash password: %w", err) - } - return string(hashedPassword), nil -} - -func AuthRequired() gin.HandlerFunc { - return func(c *gin.Context) { - session, _ := store.Get(c.Request, "session-name") - if auth, ok := session.Values["authenticated"].(bool); !ok || !auth { - c.Redirect(http.StatusFound, "/login") - c.Abort() - return - } - c.Next() - } -} diff --git a/pages.go b/pages.go new file mode 100644 index 0000000..62181df --- /dev/null +++ b/pages.go @@ -0,0 +1,96 @@ +package main + +import ( + "InfrantrySkillCalculator/models" + "github.com/gin-gonic/gin" + "html/template" + "log" + "net/http" +) + +func mainPage(c *gin.Context) { + files := []string{ + "./templates/index.html", + "./templates/components/home_clan_bar.html", + "./templates/components/opp_clan_bar.html", + "./templates/components/home_player_list.html", + "./templates/components/opp_player_list.html", + "./templates/components/bottom_controls.html", + "./templates/modals/delete_clan.html", + "./templates/modals/add_clan.html", + "./templates/modals/edit_clan.html", + "./templates/modals/add_player.html", + "./templates/modals/delete_player.html", + "./templates/modals/edit_player.html", + "./templates/components/header.html", + } + tmpl, err := template.ParseFiles(files...) + if err != nil { + log.Fatal(err) + } + + var clans []models.Clan + models.DB.Find(&clans) + + data := map[string]interface{}{ + "clans": clans, + } + + err = tmpl.Execute(c.Writer, data) + if err != nil { + log.Fatal(err) + } +} + +func loginPage(c *gin.Context) { + session, _ := store.Get(c.Request, LoginSessionName) + + if auth, ok := session.Values["authenticated"].(bool); ok && auth { + c.Redirect(http.StatusFound, "/") + return + } + + tmpl, err := template.ParseFiles([]string{"./templates/login.html", "./templates/components/header.html"}...) + if err != nil { + log.Fatal(err) + } + + err = tmpl.Execute(c.Writer, nil) + if err != nil { + log.Fatal(err) + } +} + +func loginPost(c *gin.Context) { + username := c.PostForm("username") + password := c.PostForm("password") + + if !checkUserCredentials(username, password) { + c.HTML(http.StatusOK, "login_error.html", gin.H{"message": "Ungültige Logindaten!"}) + return + } + + session, _ := store.Get(c.Request, LoginSessionName) + session.Values["authenticated"] = true + session.Values["username"] = username + err := session.Save(c.Request, c.Writer) + if err != nil { + c.JSON(http.StatusInternalServerError, nil) + return + } + + c.Header("HX-Redirect", "/") + c.String(http.StatusOK, "") +} + +func logout(c *gin.Context) { + session, _ := store.Get(c.Request, LoginSessionName) + session.Values["authenticated"] = false + err := session.Save(c.Request, c.Writer) + if err != nil { + c.JSON(http.StatusInternalServerError, nil) + return + } + + c.Redirect(http.StatusFound, "/login") +}