start cookie session

This commit is contained in:
Zeni Kim 2024-09-30 09:17:24 -05:00
parent 017ef4c066
commit 1b6f3e6103
6 changed files with 299 additions and 55 deletions

View file

@ -8,7 +8,10 @@ package controllers
import (
"encoding/json"
"errors"
"fmt"
"net/http"
"os"
"strconv"
"strings"
"time"
@ -19,6 +22,8 @@ import (
"git.smarteching.com/goffee/cup/utils"
"github.com/google/uuid"
"gorm.io/gorm"
"git.smarteching.com/goffee/core/template/components"
)
func Signup(c *core.Context) *core.Response {
@ -123,6 +128,13 @@ func Signin(c *core.Context) *core.Response {
email := c.GetRequestParam("email")
password := c.GetRequestParam("password")
// check if template engine is enable
TemplateEnableStr := os.Getenv("TEMPLATE_ENABLE")
if TemplateEnableStr == "" {
TemplateEnableStr = "false"
}
TemplateEnable, _ := strconv.ParseBool(TemplateEnableStr)
data := map[string]interface{}{
"email": email,
"password": password,
@ -135,37 +147,62 @@ func Signin(c *core.Context) *core.Response {
if v.Failed() {
c.GetLogger().Error(v.GetErrorMessagesJson())
if TemplateEnable {
// TODO set error in session
return c.Response.Redirect("/applogin")
} else {
return c.Response.SetStatusCode(http.StatusUnprocessableEntity).Json(v.GetErrorMessagesJson())
}
}
var user models.User
res := c.GetGorm().Where("email = ?", c.CastToString(email)).First(&user)
if res.Error != nil && !errors.Is(res.Error, gorm.ErrRecordNotFound) {
c.GetLogger().Error(res.Error.Error())
if TemplateEnable {
// TODO set error in session
return c.Response.Redirect("/applogin")
} else {
return c.Response.SetStatusCode(http.StatusInternalServerError).Json(c.MapToJson(map[string]string{
"message": "internal server error",
}))
}
}
if res.Error != nil && errors.Is(res.Error, gorm.ErrRecordNotFound) {
if TemplateEnable {
// TODO set error in session
return c.Response.Redirect("/applogin")
} else {
return c.Response.SetStatusCode(http.StatusUnprocessableEntity).Json(c.MapToJson(map[string]string{
"message": "invalid email or password",
}))
}
}
ok, err := c.GetHashing().CheckPasswordHash(user.Password, c.CastToString(password))
if err != nil {
c.GetLogger().Error(err.Error())
if TemplateEnable {
// TODO set error in session
return c.Response.Redirect("/applogin")
} else {
return c.Response.SetStatusCode(http.StatusInternalServerError).Json(c.MapToJson(map[string]string{
"message": err.Error(),
}))
}
}
if !ok {
if TemplateEnable {
// TODO set error in session
return c.Response.Redirect("/applogin")
} else {
return c.Response.SetStatusCode(http.StatusUnprocessableEntity).Json(c.MapToJson(map[string]string{
"message": "invalid email or password",
}))
}
}
token, err := c.GetJWT().GenerateToken(map[string]interface{}{
"userID": user.ID,
@ -173,25 +210,47 @@ func Signin(c *core.Context) *core.Response {
if err != nil {
c.GetLogger().Error(err.Error())
// TODO set error in session
if TemplateEnable {
return c.Response.Redirect("/applogin")
} else {
return c.Response.SetStatusCode(http.StatusInternalServerError).Json(c.MapToJson(map[string]string{
"message": "internal server error",
}))
}
}
// cache the token
userAgent := c.GetUserAgent()
hashedCacheKey := utils.CreateAuthTokenHashedCacheKey(user.ID, userAgent)
err = c.GetCache().Set(hashedCacheKey, token)
if err != nil {
c.GetLogger().Error(err.Error())
if TemplateEnable {
// TODO set error in session
return c.Response.Redirect("/applogin")
} else {
return c.Response.SetStatusCode(http.StatusInternalServerError).Json(c.MapToJson(map[string]interface{}{
"message": "internal server error",
}))
}
}
if TemplateEnable {
// create cookie
err = core.SetCookie(c.Response.HttpResponseWriter, email.(string), token)
if err != nil {
panic(fmt.Sprintf("Error write encrypted cookie: %v", err))
return c.Response.SetStatusCode(http.StatusInternalServerError)
}
// redirecto to app
return c.Response.Redirect("/appsample")
} else {
return c.Response.Json(c.MapToJson(map[string]string{
"token": token,
}))
}
}
func ResetPasswordRequest(c *core.Context) *core.Response {
email := c.GetRequestParam("email")
@ -389,3 +448,41 @@ func Signout(c *core.Context) *core.Response {
"message": "signed out successfully",
}))
}
// Show basic app login
func AppLogin(c *core.Context) *core.Response {
type templateData struct {
TheTitle components.Title
}
tmplData := templateData{
TheTitle: components.Title{
Label: "Login form",
},
}
return c.Response.Template("login.html", tmplData)
}
// Show basic app sample
func AppSample(c *core.Context) *core.Response {
title := "lorem"
type templateData struct {
TheTitle components.Title
}
tmplData := templateData{
TheTitle: components.Title{
Label: title,
},
}
//fmt.Printf("Outside cookie user is: %s", user.Email)
return c.Response.Template("app.html", tmplData)
}

27
controllers/sample.go Normal file
View file

@ -0,0 +1,27 @@
// Copyright (c) 2024 Zeni Kim <zenik@smarteching.com>
// Use of this source code is governed by MIT-style
// license that can be found in the LICENSE file.
package controllers
import (
"git.smarteching.com/goffee/core"
"git.smarteching.com/goffee/core/template/components"
)
// Show basic template
func Sample(c *core.Context) *core.Response {
type templateData struct {
TheTitle components.Title
}
tmplData := templateData{
TheTitle: components.Title{
Label: "Lorem ipsum inside",
},
}
return c.Response.Template("basic.html", tmplData)
}

View file

@ -3,6 +3,8 @@ package hooks
import (
"errors"
"net/http"
"os"
"strconv"
"strings"
"git.smarteching.com/goffee/core"
@ -11,20 +13,92 @@ import (
"gorm.io/gorm"
)
var CheckSessionCookie core.Hook = func(c *core.Context) {
pass := true
token := ""
usercookie, err := c.GetCookie()
if err != nil {
}
token = usercookie.Token
if token == "" {
pass = false
} else {
payload, err := c.GetJWT().DecodeToken(token)
if err != nil {
pass = false
} else {
userAgent := c.GetUserAgent()
hashedCacheKey := utils.CreateAuthTokenHashedCacheKey(uint(c.CastToInt(payload["userID"])), userAgent)
cachedToken, err := c.GetCache().Get(hashedCacheKey)
if err != nil {
pass = false
} else if cachedToken != token {
pass = false
} else {
var user models.User
res := c.GetGorm().Where("id = ?", payload["userID"]).First(&user)
if res.Error != nil && !errors.Is(res.Error, gorm.ErrRecordNotFound) {
pass = false
}
}
}
}
// if have session redirect protected page
if pass {
c.Response.Redirect("/appsample").ForceSendResponse()
return
}
c.Next()
}
var AuthCheck core.Hook = func(c *core.Context) {
// check if template engine is enable
TemplateEnableStr := os.Getenv("TEMPLATE_ENABLE")
if TemplateEnableStr == "" {
TemplateEnableStr = "false"
}
TemplateEnable, _ := strconv.ParseBool(TemplateEnableStr)
token := ""
if TemplateEnable {
usercookie, err := c.GetCookie()
if err != nil {
}
token = usercookie.Token
if token == "" {
c.Response.Redirect("/applogin").ForceSendResponse()
return
}
} else {
tokenRaw := c.GetHeader("Authorization")
token := strings.TrimSpace(strings.Replace(tokenRaw, "Bearer", "", 1))
token = strings.TrimSpace(strings.Replace(tokenRaw, "Bearer", "", 1))
if token == "" {
c.Response.SetStatusCode(http.StatusUnauthorized).Json(c.MapToJson(map[string]interface{}{
"message": "unauthorized",
})).ForceSendResponse()
return
}
}
payload, err := c.GetJWT().DecodeToken(token)
if err != nil {
if TemplateEnable {
c.Response.Redirect("/applogin").ForceSendResponse()
} else {
c.Response.SetStatusCode(http.StatusUnauthorized).Json(c.MapToJson(map[string]interface{}{
"message": "unauthorized",
})).ForceSendResponse()
}
return
}
userAgent := c.GetUserAgent()
@ -33,16 +107,24 @@ var AuthCheck core.Hook = func(c *core.Context) {
cachedToken, err := c.GetCache().Get(hashedCacheKey)
if err != nil {
// user signed out
if TemplateEnable {
c.Response.Redirect("/applogin").ForceSendResponse()
} else {
c.Response.SetStatusCode(http.StatusUnauthorized).Json(c.MapToJson(map[string]interface{}{
"message": "unauthorized",
})).ForceSendResponse()
}
return
}
if cachedToken != token {
// using old token replaced with new one after recent signin
if TemplateEnable {
c.Response.Redirect("/applogin").ForceSendResponse()
} else {
c.Response.SetStatusCode(http.StatusUnauthorized).Json(c.MapToJson(map[string]interface{}{
"message": "unauthorized",
})).ForceSendResponse()
}
return
}
@ -51,17 +133,13 @@ var AuthCheck core.Hook = func(c *core.Context) {
if res.Error != nil && !errors.Is(res.Error, gorm.ErrRecordNotFound) {
// error with the database
c.GetLogger().Error(res.Error.Error())
if TemplateEnable {
c.Response.Redirect("/applogin").ForceSendResponse()
} else {
c.Response.SetStatusCode(http.StatusInternalServerError).Json(c.MapToJson(map[string]interface{}{
"message": "internal error",
})).ForceSendResponse()
return
}
if res.Error != nil && errors.Is(res.Error, gorm.ErrRecordNotFound) {
// user record is not found (deleted)
c.Response.SetStatusCode(http.StatusUnauthorized).Json(c.MapToJson(map[string]interface{}{
"message": "unauthorized",
})).ForceSendResponse()
return
}

View file

@ -0,0 +1,13 @@
<!DOCTYPE html>
<html lang="en">
{{template "head" "Goffee"}}
<body>
<main>
{{template "title" .TheTitle}}
</main>
<script src="/public/app.js"></script>
</body>
</html>

View file

@ -2,9 +2,13 @@
<html lang="en">
{{template "head" "Goffee"}}
<body>
<main>
{{template "title" .TheTitle}}
<div class="section">
Welcome to Goffee
</div>
<img class="goffeelogo"src="/public/img/goffee.png" alt="Goffee logo" />
</main>
<script src="/public/app.js"></script>
</body>
</html>

View file

@ -0,0 +1,25 @@
<!DOCTYPE html>
<html lang="en">
{{template "head" "Goffee"}}
<body>
<main>
{{template "title" .TheTitle}}
<form method="POST" action="/signin">
<div>
<label for="email">Email:</label>
<input type="text" id="email" name="email" required>
</div>
<div>
<label for="password">Password:</label>
<input type="password" id="password" name="password" required>
</div>
<div>
<button type="submit" name="login">Login</button>
</div>
</form>
</main>
<script src="/public/app.js"></script>
</body>
</html>