summaryrefslogtreecommitdiff
path: root/internal
diff options
context:
space:
mode:
authorGrailFinder <wohilas@gmail.com>2024-05-19 07:15:20 +0300
committerGrailFinder <wohilas@gmail.com>2024-05-19 07:15:20 +0300
commit9b52a88e971e70facc74778c133244f8a93b1f31 (patch)
treecbb1b3e03130848d96b43dd6f2684ecf3f8db59e /internal
parent2e9b18944eac3dcaf8a006594cb338d94c07a447 (diff)
Enha: avoid panic; check password at login
Diffstat (limited to 'internal')
-rw-r--r--internal/handlers/auth.go32
-rw-r--r--internal/handlers/elements.go6
-rw-r--r--internal/handlers/main.go26
3 files changed, 44 insertions, 20 deletions
diff --git a/internal/handlers/auth.go b/internal/handlers/auth.go
index 0287960..e147efc 100644
--- a/internal/handlers/auth.go
+++ b/internal/handlers/auth.go
@@ -36,7 +36,7 @@ func (h *Handlers) HandleSignup(w http.ResponseWriter, r *http.Request) {
abortWithError(w, msg)
return
}
- // TODO: make sure username does not exists
+ // make sure username does not exists
cleanName := utils.RemoveSpacesFromStr(username)
hashedPassword, err := bcrypt.GenerateFromPassword([]byte(password), 8)
// create user in db
@@ -53,7 +53,7 @@ func (h *Handlers) HandleSignup(w http.ResponseWriter, r *http.Request) {
abortWithError(w, msg)
return
}
- // TODO: login user
+ // login user
cookie, err := h.makeCookie(cleanName, r.RemoteAddr)
if err != nil {
h.log.Error("failed to login", "error", err)
@@ -64,7 +64,8 @@ func (h *Handlers) HandleSignup(w http.ResponseWriter, r *http.Request) {
// http.Redirect(w, r, "/", 302)
tmpl, err := template.ParseGlob("components/*.html")
if err != nil {
- panic(err)
+ abortWithError(w, err.Error())
+ return
}
tmpl.ExecuteTemplate(w, "main", newUser)
}
@@ -88,17 +89,33 @@ func (h *Handlers) HandleLogin(w http.ResponseWriter, r *http.Request) {
cleanName := utils.RemoveSpacesFromStr(username)
tmpl, err := template.ParseGlob("components/*.html")
if err != nil {
- panic(err)
+ abortWithError(w, err.Error())
+ return
}
userScore, err := h.repo.DBUserScoreGet(cleanName)
if err != nil {
- h.log.Warn("got db err", "err", err)
- tmpl.ExecuteTemplate(w, "main", nil)
+ h.log.Warn("failed to find user in db", "err", err)
+ abortWithError(w, err.Error())
+ return
+ }
+ // check password
+ // hashedPassword, err := bcrypt.GenerateFromPassword([]byte(password), 8)
+ // if err != nil {
+ // h.log.Warn("failed to gen pass hash", "err", err)
+ // abortWithError(w, err.Error())
+ // return
+ // }
+ if err := bcrypt.CompareHashAndPassword(
+ []byte(userScore.Password), []byte(password),
+ ); err != nil {
+ h.log.Warn("wrong password", "err", err)
+ abortWithError(w, err.Error())
return
}
userScore.Actions, err = h.repo.DBActionList(cleanName)
if err != nil {
- panic(err)
+ abortWithError(w, err.Error())
+ return
}
cookie, err := h.makeCookie(cleanName, r.RemoteAddr)
if err != nil {
@@ -107,7 +124,6 @@ func (h *Handlers) HandleLogin(w http.ResponseWriter, r *http.Request) {
return
}
http.SetCookie(w, cookie)
- // http.Redirect(w, r, "/", 302)
tmpl.ExecuteTemplate(w, "main", userScore)
}
diff --git a/internal/handlers/elements.go b/internal/handlers/elements.go
index c0da7f0..62c632b 100644
--- a/internal/handlers/elements.go
+++ b/internal/handlers/elements.go
@@ -8,7 +8,8 @@ import (
func (h *Handlers) ServeShowForm(w http.ResponseWriter, r *http.Request) {
tmpl, err := template.ParseGlob("components/*.html")
if err != nil {
- panic(err)
+ abortWithError(w, err.Error())
+ return
}
tmpl.ExecuteTemplate(w, "actionform", nil)
}
@@ -16,7 +17,8 @@ func (h *Handlers) ServeShowForm(w http.ResponseWriter, r *http.Request) {
func (h *Handlers) ServeHideForm(w http.ResponseWriter, r *http.Request) {
tmpl, err := template.ParseGlob("components/*.html")
if err != nil {
- panic(err)
+ abortWithError(w, err.Error())
+ return
}
tmpl.ExecuteTemplate(w, "showformbtn", nil)
}
diff --git a/internal/handlers/main.go b/internal/handlers/main.go
index e87c74f..e470b49 100644
--- a/internal/handlers/main.go
+++ b/internal/handlers/main.go
@@ -47,7 +47,8 @@ func (h *Handlers) Ping(w http.ResponseWriter, r *http.Request) {
func (h *Handlers) MainPage(w http.ResponseWriter, r *http.Request) {
tmpl, err := template.ParseGlob("components/*.html")
if err != nil {
- panic(err)
+ abortWithError(w, err.Error())
+ return
}
usernameRaw := r.Context().Value("username")
h.log.Info("got mainpage request", "username", usernameRaw)
@@ -68,7 +69,8 @@ func (h *Handlers) MainPage(w http.ResponseWriter, r *http.Request) {
}
userScore.Actions, err = h.repo.DBActionList(username)
if err != nil {
- panic(err)
+ abortWithError(w, err.Error())
+ return
}
tmpl.ExecuteTemplate(w, "main", userScore)
}
@@ -78,13 +80,12 @@ func (h *Handlers) HandleForm(w http.ResponseWriter, r *http.Request) {
h.log.Info("got postform request", "payload", r.PostForm)
magnitude := uint8(1)
mS := r.PostFormValue("magnitude")
- h.log.Info("showing magnitude send", "mS", mS)
if mS != "1" {
u64, err := strconv.ParseUint(mS, 10, 64)
magnitude = uint8(u64)
if err != nil {
- // TODO: error handling
- h.log.Warn("got an error", "error", err)
+ h.log.Warn("failed to parse magnitude", "error", err,
+ "payload", r.PostForm)
magnitude = uint8(1)
}
}
@@ -115,11 +116,13 @@ func (h *Handlers) HandleForm(w http.ResponseWriter, r *http.Request) {
h.log.Info("got username from ctx", "username", username)
userScore, err := h.repo.DBUserScoreGet(username)
if err != nil {
- panic(err)
+ abortWithError(w, err.Error())
+ return
}
act.Username = userScore.Username
if err := h.repo.DBActionCreate(&act); err != nil {
- panic(err)
+ abortWithError(w, err.Error())
+ return
}
http.Redirect(w, r, "/", 302)
}
@@ -147,7 +150,8 @@ func (h *Handlers) HandleDoneAction(w http.ResponseWriter, r *http.Request) {
"username", username)
userScore, err := h.UserScoreWithActionsByUsername(username)
if err != nil {
- panic(err)
+ abortWithError(w, err.Error())
+ return
}
// get action by name
action, err := h.repo.DBActionGetByName(actionName)
@@ -159,11 +163,13 @@ func (h *Handlers) HandleDoneAction(w http.ResponseWriter, r *http.Request) {
userScore.Score += magnitude
// disable action if repetable
if err := h.repo.DBActionDone(actionName); err != nil {
- panic(err)
+ abortWithError(w, err.Error())
+ return
}
// update score in db
if err := h.repo.DBUserScoreUpdate(userScore); err != nil {
- panic(err)
+ abortWithError(w, err.Error())
+ return
}
tmpl := template.Must(template.ParseGlob("components/*.html"))
tmpl.ExecuteTemplate(w, "main", userScore)