login, logout

server/src/handler/login.go

@@ -0,0 +1,55 @@
+package handler
+
+import (
+	"fmt"
+	"net/http"
+	"sirlab.de/go/knyt/user"
+)
+
+func (authMux *AuthMux) createCookie() *http.Cookie {
+	return &http.Cookie{
+		Name:     "knyt-auth",
+		Path:     "/",
+		HttpOnly: true,
+		MaxAge:   -1,
+	}
+}
+
+func (authMux *AuthMux) Logout(w http.ResponseWriter, r *http.Request) {
+	http.SetCookie(w, authMux.createCookie())
+	w.Header().Add("Content-Type", "text/plain")
+	fmt.Fprintf(w, "ok")
+}
+
+func (authMux *AuthMux) Login(w http.ResponseWriter, r *http.Request) {
+	usr, err := authMux.checkCode(r)
+	if err != nil {
+		http.SetCookie(w, authMux.createCookie())
+		authMux.accessDenied(w, r)
+		return
+	}
+
+	cookie := authMux.createCookie()
+	cookie.Value = usr.Id
+	cookie.MaxAge = 0
+	http.SetCookie(w, cookie)
+	w.Header().Add("Content-Type", "text/plain")
+	fmt.Fprintf(w, "ok")
+}
+
+func (authMux *AuthMux) checkCode(r *http.Request) (*user.User, error) {
+	r.ParseForm()
+	form := r.Form
+	code := form.Get("code")
+
+	if len(code) != 6 {
+		return nil, fmt.Errorf("invalid code")
+	}
+
+	usr, err := authMux.app.GetUsers().GetUserById(code)
+	if err != nil {
+		return nil, fmt.Errorf("invalid code")
+	}
+
+	return usr, nil
+}

server/src/handler/private.go

@@ -3,6 +3,7 @@ package handler
 import (
 	"fmt"
 	"net/http"
+	"sirlab.de/go/knyt/user"
 )
 
 func (authMux *AuthMux) PrivateHandleFunc(pattern string, handlerFunc HandlerFunc) {
@@ -27,18 +28,26 @@ func (authMux *AuthMux) accessDenied(w http.ResponseWriter, r *http.Request) {
 }
 
 func (authMux *AuthMux) isAuthenticated(r *http.Request) bool {
+	_, err := authMux.getUserFromSession(r)
+
+	if err != nil {
+		return false
+	}
+
+	return true
+}
+
+func (authMux *AuthMux) getUserFromSession(r *http.Request) (*user.User, error) {
 	authCookie, err := r.Cookie("knyt-auth")
 	if err != nil {
 		fmt.Printf("%v\n", err)
-		return false
+		return nil, fmt.Errorf("invalid cookie")
 	}
-	fmt.Printf("isAuthenticated? %s\n", authCookie.Value)
 
 	usr, usrErr := authMux.app.GetUsers().GetUserById(authCookie.Value)
 	if usrErr != nil {
-		return false
+		return nil, fmt.Errorf("invalid cookie")
 	}
 
-	fmt.Printf("\"%s\" ?= \"%s\"\n", usr.Id, authCookie.Value)
+	return usr, nil
-	return usr.Id == authCookie.Value
 }

server/src/handler/userinfo.go

@@ -1,12 +1,29 @@
 package handler
 
 import (
+	"encoding/json"
 	"fmt"
 	"net/http"
 )
 
-func GetUserInfo(w http.ResponseWriter, r *http.Request) {
+type userLight struct {
+	Name string "json:`name`"
+	Role string "json:`role`"
+}
+
+func (authMux *AuthMux) GetUserInfo(w http.ResponseWriter, r *http.Request) {
+	usr, err := authMux.getUserFromSession(r)
+	if err != nil {
+		authMux.accessDenied(w, r)
+		return
+	}
+
+	usrLight := userLight{
+		Name: usr.Name,
+		Role: usr.Role,
+	}
+
 	w.Header().Add("Content-Type", "application/json")
-	jsonString := "{}"
+	jsonString, _ := json.Marshal(usrLight)
 	fmt.Fprintf(w, string(jsonString))
 }

server/src/knyt.go

@@ -19,7 +19,9 @@ func main() {
 	mux := handler.NewAuthMux(app)
 
 	mux.PublicHandleFunc("/__intern__/exit", handler.Exit)
-	mux.PrivateHandleFunc("/api/userinfo", handler.GetUserInfo)
+	mux.PublicHandleFunc("/api/login", mux.Login)
+	mux.PublicHandleFunc("/api/logout", mux.Logout)
+	mux.PrivateHandleFunc("/api/userinfo", mux.GetUserInfo)
 
 	// default handler
 	fsHandler := http.FileServer(http.Dir("../../client/dist/"))