cabinet/web/auth.go

package web

import (
	"encoding/json"
	"fmt"
	"net/http"

	"code.chrissexton.org/cws/cabinet/auth"
	"code.chrissexton.org/cws/cabinet/config"

	"github.com/rs/zerolog/log"
)

func (web *Web) auth(w http.ResponseWriter, r *http.Request) {
	req := struct {
		Username string
		Password string
	}{}
	dec := json.NewDecoder(r.Body)
	err := dec.Decode(&req)
	if err != nil {
		log.Error().Err(err).Msg("Error decoding json request")
		w.WriteHeader(500)
		fmt.Fprint(w, err)
		return
	}

	user, err := auth.Get(web.db, req.Username)
	if err != nil {
		w.WriteHeader(401)
		resp := struct {
			Status bool
			Err    string
		}{
			false,
			"User and password combination is invalid",
		}
		j, err := json.Marshal(resp)
		if err != nil {
			w.WriteHeader(500)
			log.Error().Err(err).Msg("Error encoding json response")
			return
		}
		w.Write(j)
		return
	}

	if user.Validate(req.Password) {
		resp := struct {
			Status bool
			User   auth.User
		}{
			true,
			*user,
		}
		j, err := json.Marshal(resp)
		if err != nil {
			w.WriteHeader(500)
			log.Error().Err(err).Msg("Error encoding json response")
			return
		}
		w.WriteHeader(200)
		w.Write(j)
		return
	}
	w.WriteHeader(401)
	resp := struct {
		Status  bool
		Message string
	}{Message: "incorrect credentials"}
	j, err := json.Marshal(resp)
	if err != nil {
		w.WriteHeader(500)
		log.Error().Err(err).Msg("Error encoding json response")
		return
	}
	w.Write(j)
}

func (web *Web) newUser(w http.ResponseWriter, r *http.Request) {
	secret := r.Header.Get("X-secret")
	if secret != config.Get("secret", "abc123") {
		w.WriteHeader(401)
		return
	}
	dec := json.NewDecoder(r.Body)
	req := struct {
		Username string
		Password string
	}{}
	err := dec.Decode(&req)
	if err != nil {
		w.WriteHeader(500)
		fmt.Fprint(w, err)
		return
	}
	_, err = auth.New(web.db, req.Username, req.Password)
	if err != nil {
		w.WriteHeader(500)
		fmt.Fprint(w, err)
		log.Error().Err(err).Msg("Could not create user")
		return
	}
	w.WriteHeader(200)
}
users 2019-11-11 00:26:36 +00:00			`package web`

			`import (`
			`"encoding/json"`
auth: auth flow complete on server-side 2020-03-15 13:40:47 +00:00			`"fmt"`
users 2019-11-11 00:26:36 +00:00			`"net/http"`

			`"code.chrissexton.org/cws/cabinet/auth"`
auth: auth flow complete on server-side 2020-03-15 13:40:47 +00:00			`"code.chrissexton.org/cws/cabinet/config"`

users 2019-11-11 00:26:36 +00:00			`"github.com/rs/zerolog/log"`
			`)`

			`func (web Web) auth(w http.ResponseWriter, r http.Request) {`
auth: user login/key use on the frontend 2020-03-16 20:28:23 +00:00			`req := struct {`
			`Username string`
			`Password string`
			`}{}`
			`dec := json.NewDecoder(r.Body)`
			`err := dec.Decode(&req)`
users 2019-11-11 00:26:36 +00:00			`if err != nil {`
auth: user login/key use on the frontend 2020-03-16 20:28:23 +00:00			`log.Error().Err(err).Msg("Error decoding json request")`
users 2019-11-11 00:26:36 +00:00			`w.WriteHeader(500)`
auth: user login/key use on the frontend 2020-03-16 20:28:23 +00:00			`fmt.Fprint(w, err)`
			`return`
			`}`

			`user, err := auth.Get(web.db, req.Username)`
			`if err != nil {`
			`w.WriteHeader(401)`
			`resp := struct {`
			`Status bool`
			`Err string`
			`}{`
			`false,`
			`"User and password combination is invalid",`
			`}`
			`j, err := json.Marshal(resp)`
			`if err != nil {`
			`w.WriteHeader(500)`
			`log.Error().Err(err).Msg("Error encoding json response")`
			`return`
			`}`
			`w.Write(j)`
users 2019-11-11 00:26:36 +00:00			`return`
			`}`

auth: user login/key use on the frontend 2020-03-16 20:28:23 +00:00			`if user.Validate(req.Password) {`
auth: auth flow complete on server-side 2020-03-15 13:40:47 +00:00			`resp := struct {`
			`Status bool`
			`User auth.User`
			`}{`
			`true,`
			`*user,`
			`}`
			`j, err := json.Marshal(resp)`
			`if err != nil {`
			`w.WriteHeader(500)`
			`log.Error().Err(err).Msg("Error encoding json response")`
			`return`
			`}`
users 2019-11-11 00:26:36 +00:00			`w.WriteHeader(200)`
auth: auth flow complete on server-side 2020-03-15 13:40:47 +00:00			`w.Write(j)`
users 2019-11-11 00:26:36 +00:00			`return`
			`}`
			`w.WriteHeader(401)`
			`resp := struct {`
			`Status bool`
			`Message string`
			`}{Message: "incorrect credentials"}`
			`j, err := json.Marshal(resp)`
			`if err != nil {`
			`w.WriteHeader(500)`
auth: auth flow complete on server-side 2020-03-15 13:40:47 +00:00			`log.Error().Err(err).Msg("Error encoding json response")`
			`return`
users 2019-11-11 00:26:36 +00:00			`}`
			`w.Write(j)`
			`}`
auth: auth flow complete on server-side 2020-03-15 13:40:47 +00:00
			`func (web Web) newUser(w http.ResponseWriter, r http.Request) {`
			`secret := r.Header.Get("X-secret")`
			`if secret != config.Get("secret", "abc123") {`
			`w.WriteHeader(401)`
			`return`
			`}`
			`dec := json.NewDecoder(r.Body)`
			`req := struct {`
			`Username string`
			`Password string`
			`}{}`
			`err := dec.Decode(&req)`
			`if err != nil {`
			`w.WriteHeader(500)`
			`fmt.Fprint(w, err)`
			`return`
			`}`
			`_, err = auth.New(web.db, req.Username, req.Password)`
			`if err != nil {`
			`w.WriteHeader(500)`
			`fmt.Fprint(w, err)`
			`log.Error().Err(err).Msg("Could not create user")`
			`return`
			`}`
			`w.WriteHeader(200)`
			`}`