package handlers import ( "apjournal/internal/models" "apjournal/pkg/utils" "fmt" "html/template" "net/http" "strings" "time" ) func abortWithError(w http.ResponseWriter, msg string) { tmpl := template.Must(template.ParseGlob("components/*.html")) tmpl.ExecuteTemplate(w, "error", msg) } func (h *Handlers) HandleLogin(w http.ResponseWriter, r *http.Request) { r.ParseForm() username := r.PostFormValue("username") if username == "" { msg := "username not provided" h.log.Error(msg) abortWithError(w, msg) return } password := r.PostFormValue("password") if password == "" { msg := "password not provided" h.log.Error(msg) abortWithError(w, msg) return } cleanName := utils.RemoveSpacesFromStr(username) // allNames := h.s.CacheGetAllNames() allNames := []string{} if utils.StrInSlice(cleanName, allNames) { err := fmt.Errorf("name: %s already taken", cleanName) h.log.Error("already taken", "error", err) abortWithError(w, err.Error()) return } cookie, err := h.makeCookie(cleanName, r.RemoteAddr) if err != nil { h.log.Error("failed to login", "error", err) abortWithError(w, err.Error()) } http.SetCookie(w, cookie) http.Redirect(w, r, "/", 302) } func (h *Handlers) makeCookie(username string, remote string) (*http.Cookie, error) { // Create a new random session token // sessionToken := xid.New().String() sessionToken := "token" expiresAt := time.Now().Add(time.Duration(h.cfg.SessionLifetime) * time.Second) // Set the token in the session map, along with the session information session := &models.Session{ Username: username, Expiry: expiresAt, } // TODO: write session to db cookie := &http.Cookie{ Name: "session_token", Value: sessionToken, Secure: true, HttpOnly: true, SameSite: http.SameSiteNoneMode, Domain: h.cfg.ServerConfig.Host, } h.log.Info("check remote addr for cookie set", "remote", remote, "session", session) if strings.Contains(remote, "192.168.0") { // no idea what is going on // domainName = "192.168.0.101" cookie.Domain = "192.168.0.101" } // set ctx? // c.Set("username", username) return cookie, nil }