login, logout

2021-08-04 17:10:56 +02:00 · 2021-08-04 17:10:56 +02:00 · 1ad0d0579d
commit 1ad0d0579d
parent bd8d01d7df
4 changed files with 91 additions and 8 deletions
--- a/server/src/handler/login.go
+++ b/server/src/handler/login.go
@ -0,0 +1,55 @@
+package handler
+
+import (
+	"fmt"
+	"net/http"
+	"sirlab.de/go/knyt/user"
+)
+
+func (authMux *AuthMux) createCookie() *http.Cookie {
+	return &http.Cookie{
+		Name:     "knyt-auth",
+		Path:     "/",
+		HttpOnly: true,
+		MaxAge:   -1,
+	}
+}
+
+func (authMux *AuthMux) Logout(w http.ResponseWriter, r *http.Request) {
+	http.SetCookie(w, authMux.createCookie())
+	w.Header().Add("Content-Type", "text/plain")
+	fmt.Fprintf(w, "ok")
+}
+
+func (authMux *AuthMux) Login(w http.ResponseWriter, r *http.Request) {
+	usr, err := authMux.checkCode(r)
+	if err != nil {
+		http.SetCookie(w, authMux.createCookie())
+		authMux.accessDenied(w, r)
+		return
+	}
+
+	cookie := authMux.createCookie()
+	cookie.Value = usr.Id
+	cookie.MaxAge = 0
+	http.SetCookie(w, cookie)
+	w.Header().Add("Content-Type", "text/plain")
+	fmt.Fprintf(w, "ok")
+}
+
+func (authMux *AuthMux) checkCode(r *http.Request) (*user.User, error) {
+	r.ParseForm()
+	form := r.Form
+	code := form.Get("code")
+
+	if len(code) != 6 {
+		return nil, fmt.Errorf("invalid code")
+	}
+
+	usr, err := authMux.app.GetUsers().GetUserById(code)
+	if err != nil {
+		return nil, fmt.Errorf("invalid code")
+	}
+
+	return usr, nil
+}
--- a/server/src/handler/private.go
+++ b/server/src/handler/private.go
@ -3,6 +3,7 @@ package handler
 import (
 	"fmt"
 	"net/http"
+	"sirlab.de/go/knyt/user"
 )

 func (authMux *AuthMux) PrivateHandleFunc(pattern string, handlerFunc HandlerFunc) {
@ -27,18 +28,26 @@ func (authMux *AuthMux) accessDenied(w http.ResponseWriter, r *http.Request) {
 }

 func (authMux *AuthMux) isAuthenticated(r *http.Request) bool {
+	_, err := authMux.getUserFromSession(r)
+
+	if err != nil {
+		return false
+	}
+
+	return true
+}
+
+func (authMux *AuthMux) getUserFromSession(r *http.Request) (*user.User, error) {
 	authCookie, err := r.Cookie("knyt-auth")
 	if err != nil {
 		fmt.Printf("%v\n", err)
-		return false
+		return nil, fmt.Errorf("invalid cookie")
 	}
-	fmt.Printf("isAuthenticated? %s\n", authCookie.Value)

 	usr, usrErr := authMux.app.GetUsers().GetUserById(authCookie.Value)
 	if usrErr != nil {
-		return false
+		return nil, fmt.Errorf("invalid cookie")
 	}

-	fmt.Printf("\"%s\" ?= \"%s\"\n", usr.Id, authCookie.Value)
-	return usr.Id == authCookie.Value
+	return usr, nil
 }
--- a/server/src/handler/userinfo.go
+++ b/server/src/handler/userinfo.go
@ -1,12 +1,29 @@
 package handler

 import (
+	"encoding/json"
 	"fmt"
 	"net/http"
 )

-func GetUserInfo(w http.ResponseWriter, r *http.Request) {
+type userLight struct {
+	Name string "json:`name`"
+	Role string "json:`role`"
+}
+
+func (authMux *AuthMux) GetUserInfo(w http.ResponseWriter, r *http.Request) {
+	usr, err := authMux.getUserFromSession(r)
+	if err != nil {
+		authMux.accessDenied(w, r)
+		return
+	}
+
+	usrLight := userLight{
+		Name: usr.Name,
+		Role: usr.Role,
+	}
+
 	w.Header().Add("Content-Type", "application/json")
-	jsonString := "{}"
+	jsonString, _ := json.Marshal(usrLight)
 	fmt.Fprintf(w, string(jsonString))
 }
--- a/server/src/knyt.go
+++ b/server/src/knyt.go
@ -19,7 +19,9 @@ func main() {
 	mux := handler.NewAuthMux(app)

 	mux.PublicHandleFunc("/__intern__/exit", handler.Exit)
-	mux.PrivateHandleFunc("/api/userinfo", handler.GetUserInfo)
+	mux.PublicHandleFunc("/api/login", mux.Login)
+	mux.PublicHandleFunc("/api/logout", mux.Logout)
+	mux.PrivateHandleFunc("/api/userinfo", mux.GetUserInfo)

 	// default handler
 	fsHandler := http.FileServer(http.Dir("../../client/dist/"))