Enha: avoid panic; check password at login

author: GrailFinder <wohilas@gmail.com> 2024-05-19 07:15:20 +0300
committer: GrailFinder <wohilas@gmail.com> 2024-05-19 07:15:20 +0300
commit: 9b52a88e971e70facc74778c133244f8a93b1f31 (patch)
tree: cbb1b3e03130848d96b43dd6f2684ecf3f8db59e
parent: 2e9b18944eac3dcaf8a006594cb338d94c07a447 (diff)
5 files changed, 49 insertions, 21 deletions
diff --git a/assets/style.css b/assets/style.css
index 5d2f089..d71d3fd 100644
--- a/assets/style.css
+++ b/assets/style.css
@@ -41,3 +41,7 @@ tr{
   padding: none;
   width: auto;
 }
+#errorbox{
+    border: 1px solid black;
+    background-color: darkorange;
+}
diff --git a/components/error.html b/components/error.html
index 51b6b05..2fe8b70 100644
--- a/components/error.html
+++ b/components/error.html
@@ -1,6 +1,6 @@
 {{define "error"}}
 <a href="/">
-    <div class="bg-orange-100 border-l-4 border-orange-500 text-orange-700 p-4" role="alert">
+    <div id=errorbox class="bg-orange-100 border-l-4 border-orange-500 text-orange-700 p-4" role="alert">
       <p class="font-bold">An error from server</p>
       <p>{{.}}</p>
       <p>Click this banner to return to main page.</p>
diff --git a/internal/handlers/auth.go b/internal/handlers/auth.go
index 0287960..e147efc 100644
--- a/internal/handlers/auth.go
+++ b/internal/handlers/auth.go
@@ -36,7 +36,7 @@ func (h *Handlers) HandleSignup(w http.ResponseWriter, r *http.Request) {
 		abortWithError(w, msg)
 		return
 	}
-	// TODO: make sure username does not exists
+	// make sure username does not exists
 	cleanName := utils.RemoveSpacesFromStr(username)
 	hashedPassword, err := bcrypt.GenerateFromPassword([]byte(password), 8)
 	// create user in db
@@ -53,7 +53,7 @@ func (h *Handlers) HandleSignup(w http.ResponseWriter, r *http.Request) {
 		abortWithError(w, msg)
 		return
 	}
-	// TODO: login user
+	// login user
 	cookie, err := h.makeCookie(cleanName, r.RemoteAddr)
 	if err != nil {
 		h.log.Error("failed to login", "error", err)
@@ -64,7 +64,8 @@ func (h *Handlers) HandleSignup(w http.ResponseWriter, r *http.Request) {
 	// http.Redirect(w, r, "/", 302)
 	tmpl, err := template.ParseGlob("components/*.html")
 	if err != nil {
-		panic(err)
+		abortWithError(w, err.Error())
+		return
 	}
 	tmpl.ExecuteTemplate(w, "main", newUser)
 }
@@ -88,17 +89,33 @@ func (h *Handlers) HandleLogin(w http.ResponseWriter, r *http.Request) {
 	cleanName := utils.RemoveSpacesFromStr(username)
 	tmpl, err := template.ParseGlob("components/*.html")
 	if err != nil {
-		panic(err)
+		abortWithError(w, err.Error())
+		return
 	}
 	userScore, err := h.repo.DBUserScoreGet(cleanName)
 	if err != nil {
-		h.log.Warn("got db err", "err", err)
-		tmpl.ExecuteTemplate(w, "main", nil)
+		h.log.Warn("failed to find user in db", "err", err)
+		abortWithError(w, err.Error())
+		return
+	}
+	// check password
+	// hashedPassword, err := bcrypt.GenerateFromPassword([]byte(password), 8)
+	// if err != nil {
+	// 	h.log.Warn("failed to gen pass hash", "err", err)
+	// 	abortWithError(w, err.Error())
+	// 	return
+	// }
+	if err := bcrypt.CompareHashAndPassword(
+		[]byte(userScore.Password), []byte(password),
+	); err != nil {
+		h.log.Warn("wrong password", "err", err)
+		abortWithError(w, err.Error())
 		return
 	}
 	userScore.Actions, err = h.repo.DBActionList(cleanName)
 	if err != nil {
-		panic(err)
+		abortWithError(w, err.Error())
+		return
 	}
 	cookie, err := h.makeCookie(cleanName, r.RemoteAddr)
 	if err != nil {
@@ -107,7 +124,6 @@ func (h *Handlers) HandleLogin(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 	http.SetCookie(w, cookie)
-	// http.Redirect(w, r, "/", 302)
 	tmpl.ExecuteTemplate(w, "main", userScore)
 }
 
diff --git a/internal/handlers/elements.go b/internal/handlers/elements.go
index c0da7f0..62c632b 100644
--- a/internal/handlers/elements.go
+++ b/internal/handlers/elements.go
@@ -8,7 +8,8 @@ import (
 func (h *Handlers) ServeShowForm(w http.ResponseWriter, r *http.Request) {
 	tmpl, err := template.ParseGlob("components/*.html")
 	if err != nil {
-		panic(err)
+		abortWithError(w, err.Error())
+		return
 	}
 	tmpl.ExecuteTemplate(w, "actionform", nil)
 }
@@ -16,7 +17,8 @@ func (h *Handlers) ServeShowForm(w http.ResponseWriter, r *http.Request) {
 func (h *Handlers) ServeHideForm(w http.ResponseWriter, r *http.Request) {
 	tmpl, err := template.ParseGlob("components/*.html")
 	if err != nil {
-		panic(err)
+		abortWithError(w, err.Error())
+		return
 	}
 	tmpl.ExecuteTemplate(w, "showformbtn", nil)
 }
diff --git a/internal/handlers/main.go b/internal/handlers/main.go
index e87c74f..e470b49 100644
--- a/internal/handlers/main.go
+++ b/internal/handlers/main.go
@@ -47,7 +47,8 @@ func (h *Handlers) Ping(w http.ResponseWriter, r *http.Request) {
 func (h *Handlers) MainPage(w http.ResponseWriter, r *http.Request) {
 	tmpl, err := template.ParseGlob("components/*.html")
 	if err != nil {
-		panic(err)
+		abortWithError(w, err.Error())
+		return
 	}
 	usernameRaw := r.Context().Value("username")
 	h.log.Info("got mainpage request", "username", usernameRaw)
@@ -68,7 +69,8 @@ func (h *Handlers) MainPage(w http.ResponseWriter, r *http.Request) {
 	}
 	userScore.Actions, err = h.repo.DBActionList(username)
 	if err != nil {
-		panic(err)
+		abortWithError(w, err.Error())
+		return
 	}
 	tmpl.ExecuteTemplate(w, "main", userScore)
 }
@@ -78,13 +80,12 @@ func (h *Handlers) HandleForm(w http.ResponseWriter, r *http.Request) {
 	h.log.Info("got postform request", "payload", r.PostForm)
 	magnitude := uint8(1)
 	mS := r.PostFormValue("magnitude")
-	h.log.Info("showing magnitude send", "mS", mS)
 	if mS != "1" {
 		u64, err := strconv.ParseUint(mS, 10, 64)
 		magnitude = uint8(u64)
 		if err != nil {
-			// TODO: error handling
-			h.log.Warn("got an error", "error", err)
+			h.log.Warn("failed to parse magnitude", "error", err,
+				"payload", r.PostForm)
 			magnitude = uint8(1)
 		}
 	}
@@ -115,11 +116,13 @@ func (h *Handlers) HandleForm(w http.ResponseWriter, r *http.Request) {
 	h.log.Info("got username from ctx", "username", username)
 	userScore, err := h.repo.DBUserScoreGet(username)
 	if err != nil {
-		panic(err)
+		abortWithError(w, err.Error())
+		return
 	}
 	act.Username = userScore.Username
 	if err := h.repo.DBActionCreate(&act); err != nil {
-		panic(err)
+		abortWithError(w, err.Error())
+		return
 	}
 	http.Redirect(w, r, "/", 302)
 }
@@ -147,7 +150,8 @@ func (h *Handlers) HandleDoneAction(w http.ResponseWriter, r *http.Request) {
 		"username", username)
 	userScore, err := h.UserScoreWithActionsByUsername(username)
 	if err != nil {
-		panic(err)
+		abortWithError(w, err.Error())
+		return
 	}
 	// get action by name
 	action, err := h.repo.DBActionGetByName(actionName)
@@ -159,11 +163,13 @@ func (h *Handlers) HandleDoneAction(w http.ResponseWriter, r *http.Request) {
 	userScore.Score += magnitude
 	// disable action if repetable
 	if err := h.repo.DBActionDone(actionName); err != nil {
-		panic(err)
+		abortWithError(w, err.Error())
+		return
 	}
 	// update score in db
 	if err := h.repo.DBUserScoreUpdate(userScore); err != nil {
-		panic(err)
+		abortWithError(w, err.Error())
+		return
 	}
 	tmpl := template.Must(template.ParseGlob("components/*.html"))
 	tmpl.ExecuteTemplate(w, "main", userScore)
author	GrailFinder <wohilas@gmail.com>	2024-05-19 07:15:20 +0300
committer	GrailFinder <wohilas@gmail.com>	2024-05-19 07:15:20 +0300
commit	9b52a88e971e70facc74778c133244f8a93b1f31 (patch)
tree	cbb1b3e03130848d96b43dd6f2684ecf3f8db59e
parent	2e9b18944eac3dcaf8a006594cb338d94c07a447 (diff)