From 9b52a88e971e70facc74778c133244f8a93b1f31 Mon Sep 17 00:00:00 2001 From: GrailFinder Date: Sun, 19 May 2024 07:15:20 +0300 Subject: Enha: avoid panic; check password at login --- internal/handlers/auth.go | 32 ++++++++++++++++++++++++-------- internal/handlers/elements.go | 6 ++++-- internal/handlers/main.go | 26 ++++++++++++++++---------- 3 files changed, 44 insertions(+), 20 deletions(-) (limited to 'internal/handlers') diff --git a/internal/handlers/auth.go b/internal/handlers/auth.go index 0287960..e147efc 100644 --- a/internal/handlers/auth.go +++ b/internal/handlers/auth.go @@ -36,7 +36,7 @@ func (h *Handlers) HandleSignup(w http.ResponseWriter, r *http.Request) { abortWithError(w, msg) return } - // TODO: make sure username does not exists + // make sure username does not exists cleanName := utils.RemoveSpacesFromStr(username) hashedPassword, err := bcrypt.GenerateFromPassword([]byte(password), 8) // create user in db @@ -53,7 +53,7 @@ func (h *Handlers) HandleSignup(w http.ResponseWriter, r *http.Request) { abortWithError(w, msg) return } - // TODO: login user + // login user cookie, err := h.makeCookie(cleanName, r.RemoteAddr) if err != nil { h.log.Error("failed to login", "error", err) @@ -64,7 +64,8 @@ func (h *Handlers) HandleSignup(w http.ResponseWriter, r *http.Request) { // http.Redirect(w, r, "/", 302) tmpl, err := template.ParseGlob("components/*.html") if err != nil { - panic(err) + abortWithError(w, err.Error()) + return } tmpl.ExecuteTemplate(w, "main", newUser) } @@ -88,17 +89,33 @@ func (h *Handlers) HandleLogin(w http.ResponseWriter, r *http.Request) { cleanName := utils.RemoveSpacesFromStr(username) tmpl, err := template.ParseGlob("components/*.html") if err != nil { - panic(err) + abortWithError(w, err.Error()) + return } userScore, err := h.repo.DBUserScoreGet(cleanName) if err != nil { - h.log.Warn("got db err", "err", err) - tmpl.ExecuteTemplate(w, "main", nil) + h.log.Warn("failed to find user in db", "err", err) + abortWithError(w, err.Error()) + return + } + // check password + // hashedPassword, err := bcrypt.GenerateFromPassword([]byte(password), 8) + // if err != nil { + // h.log.Warn("failed to gen pass hash", "err", err) + // abortWithError(w, err.Error()) + // return + // } + if err := bcrypt.CompareHashAndPassword( + []byte(userScore.Password), []byte(password), + ); err != nil { + h.log.Warn("wrong password", "err", err) + abortWithError(w, err.Error()) return } userScore.Actions, err = h.repo.DBActionList(cleanName) if err != nil { - panic(err) + abortWithError(w, err.Error()) + return } cookie, err := h.makeCookie(cleanName, r.RemoteAddr) if err != nil { @@ -107,7 +124,6 @@ func (h *Handlers) HandleLogin(w http.ResponseWriter, r *http.Request) { return } http.SetCookie(w, cookie) - // http.Redirect(w, r, "/", 302) tmpl.ExecuteTemplate(w, "main", userScore) } diff --git a/internal/handlers/elements.go b/internal/handlers/elements.go index c0da7f0..62c632b 100644 --- a/internal/handlers/elements.go +++ b/internal/handlers/elements.go @@ -8,7 +8,8 @@ import ( func (h *Handlers) ServeShowForm(w http.ResponseWriter, r *http.Request) { tmpl, err := template.ParseGlob("components/*.html") if err != nil { - panic(err) + abortWithError(w, err.Error()) + return } tmpl.ExecuteTemplate(w, "actionform", nil) } @@ -16,7 +17,8 @@ func (h *Handlers) ServeShowForm(w http.ResponseWriter, r *http.Request) { func (h *Handlers) ServeHideForm(w http.ResponseWriter, r *http.Request) { tmpl, err := template.ParseGlob("components/*.html") if err != nil { - panic(err) + abortWithError(w, err.Error()) + return } tmpl.ExecuteTemplate(w, "showformbtn", nil) } diff --git a/internal/handlers/main.go b/internal/handlers/main.go index e87c74f..e470b49 100644 --- a/internal/handlers/main.go +++ b/internal/handlers/main.go @@ -47,7 +47,8 @@ func (h *Handlers) Ping(w http.ResponseWriter, r *http.Request) { func (h *Handlers) MainPage(w http.ResponseWriter, r *http.Request) { tmpl, err := template.ParseGlob("components/*.html") if err != nil { - panic(err) + abortWithError(w, err.Error()) + return } usernameRaw := r.Context().Value("username") h.log.Info("got mainpage request", "username", usernameRaw) @@ -68,7 +69,8 @@ func (h *Handlers) MainPage(w http.ResponseWriter, r *http.Request) { } userScore.Actions, err = h.repo.DBActionList(username) if err != nil { - panic(err) + abortWithError(w, err.Error()) + return } tmpl.ExecuteTemplate(w, "main", userScore) } @@ -78,13 +80,12 @@ func (h *Handlers) HandleForm(w http.ResponseWriter, r *http.Request) { h.log.Info("got postform request", "payload", r.PostForm) magnitude := uint8(1) mS := r.PostFormValue("magnitude") - h.log.Info("showing magnitude send", "mS", mS) if mS != "1" { u64, err := strconv.ParseUint(mS, 10, 64) magnitude = uint8(u64) if err != nil { - // TODO: error handling - h.log.Warn("got an error", "error", err) + h.log.Warn("failed to parse magnitude", "error", err, + "payload", r.PostForm) magnitude = uint8(1) } } @@ -115,11 +116,13 @@ func (h *Handlers) HandleForm(w http.ResponseWriter, r *http.Request) { h.log.Info("got username from ctx", "username", username) userScore, err := h.repo.DBUserScoreGet(username) if err != nil { - panic(err) + abortWithError(w, err.Error()) + return } act.Username = userScore.Username if err := h.repo.DBActionCreate(&act); err != nil { - panic(err) + abortWithError(w, err.Error()) + return } http.Redirect(w, r, "/", 302) } @@ -147,7 +150,8 @@ func (h *Handlers) HandleDoneAction(w http.ResponseWriter, r *http.Request) { "username", username) userScore, err := h.UserScoreWithActionsByUsername(username) if err != nil { - panic(err) + abortWithError(w, err.Error()) + return } // get action by name action, err := h.repo.DBActionGetByName(actionName) @@ -159,11 +163,13 @@ func (h *Handlers) HandleDoneAction(w http.ResponseWriter, r *http.Request) { userScore.Score += magnitude // disable action if repetable if err := h.repo.DBActionDone(actionName); err != nil { - panic(err) + abortWithError(w, err.Error()) + return } // update score in db if err := h.repo.DBUserScoreUpdate(userScore); err != nil { - panic(err) + abortWithError(w, err.Error()) + return } tmpl := template.Must(template.ParseGlob("components/*.html")) tmpl.ExecuteTemplate(w, "main", userScore) -- cgit v1.2.3