1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
|
package main
import (
"database/sql"
"errors"
"flag"
"fmt"
"log"
"net"
"net/http"
"os"
"strconv"
"github.com/gorilla/handlers"
"github.com/gorilla/schema"
"golang.org/x/crypto/bcrypt"
"gosten/model"
"gosten/templ"
)
// flags
var (
port uint64
host string
)
func init() {
flag.StringVar(&host, "h", "localhost", "address to listen on")
flag.Uint64Var(&port, "p", 8080, "port to listen on")
}
var Q *model.Queries
var s *schema.Decoder
func main() {
flag.Parse()
db := openDB("")
if err := db.Ping(); err != nil {
log.Fatal(err)
}
Q = model.New(db)
s = schema.NewDecoder()
mux := http.NewServeMux()
mux.HandleFunc("/{$}", showTemplate("index", nil))
mux.HandleFunc("GET /login", showTemplate("login", User{}))
mux.HandleFunc("POST /login", handleLogin)
handler := handlers.CombinedLoggingHandler(os.Stderr, mux)
handler = handlers.ProxyHeaders(handler)
address := net.JoinHostPort(host, strconv.FormatUint(port, 10))
log.Fatal(http.ListenAndServe(address, handler))
}
type User struct {
Name string `form:"options=required"`
Password string `form:"type=password;options=required"`
Errors []error `form:"-"`
}
type fieldError struct {
Field string
Issue string
}
func (fe fieldError) Error() string {
return fmt.Sprintf("%s: %v", fe.Field, fe.Issue)
}
func (fe fieldError) FieldError() (field, err string) {
return fe.Field, fe.Issue
}
func showTemplate(tpl string, data any) http.HandlerFunc {
return func(w http.ResponseWriter, _ *http.Request) {
if err := templ.Lookup(tpl).Execute(w, data); err != nil {
log.Panicf("Executing '%s' with %+v: %v", tpl, data, err)
}
}
}
func parseForm[T any](r *http.Request, data *T) {
if err := r.ParseForm(); err != nil {
log.Panic("Parsing form: ", err)
}
if err := s.Decode(data, r.PostForm); err != nil {
log.Panic("Decoding form: ", err)
}
}
func handleLogin(w http.ResponseWriter, r *http.Request) {
u := User{}
parseForm(r, &u)
invalid := false
dbUser, err := Q.GetUserByName(r.Context(), u.Name)
if err == nil {
hash := []byte(dbUser.Pwd)
pwd := []byte(u.Password)
if bcrypt.CompareHashAndPassword(hash, pwd) != nil {
invalid = true
}
} else if errors.Is(err, sql.ErrNoRows) {
invalid = true
} else {
log.Panicf("Could not load user '%s': %v", u.Name, err)
}
if invalid {
u.Errors = []error{fieldError{"Password", "Invalid"}}
showTemplate("login", u).ServeHTTP(w, r)
return
}
showTemplate("login2", u).ServeHTTP(w, r)
}
|