arimelody.me/admin/accounthttp.go

package admin

import (
	"fmt"
	"net/http"
	"os"
	"time"

	"arimelody-web/controller"
	"arimelody-web/model"

	"golang.org/x/crypto/bcrypt"
)

func accountHandler(app *model.AppState) http.Handler {
    mux := http.NewServeMux()

    mux.Handle("/password", changePasswordHandler(app))
    mux.Handle("/delete", deleteAccountHandler(app))

    return mux
}

func accountIndexHandler(app *model.AppState) http.Handler {
    return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
        session := r.Context().Value("session").(*model.Session)

        totps, err := controller.GetTOTPsForAccount(app.DB, session.Account.ID)
        if err != nil {
            fmt.Printf("WARN: Failed to fetch TOTPs: %v\n", err)
            http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)
        }

        type accountResponse struct {
            Session *model.Session
            TOTPs []model.TOTP
        }

        sessionMessage := session.Message
        sessionError := session.Error
        controller.SetSessionMessage(app.DB, session, "")
        controller.SetSessionError(app.DB, session, "")
        session.Message = sessionMessage
        session.Error = sessionError

        err = pages["account"].Execute(w, accountResponse{
            Session: session,
            TOTPs: totps,
        })
        if err != nil {
            fmt.Printf("WARN: Failed to render admin account page: %v\n", err)
            http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)
        }
    })
}

func changePasswordHandler(app *model.AppState) http.Handler {
    return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
        if r.Method != http.MethodPost {
            http.NotFound(w, r)
            return
        }

        session := r.Context().Value("session").(*model.Session)

        controller.SetSessionMessage(app.DB, session, "")
        controller.SetSessionError(app.DB, session, "")

        r.ParseForm()

        currentPassword := r.Form.Get("current-password")
        if err := bcrypt.CompareHashAndPassword([]byte(session.Account.Password), []byte(currentPassword)); err != nil {
            controller.SetSessionError(app.DB, session, "Incorrect password.")
            http.Redirect(w, r, "/admin/account", http.StatusFound)
            return
        }

        newPassword := r.Form.Get("new-password")

        hashedPassword, err := bcrypt.GenerateFromPassword([]byte(newPassword), bcrypt.DefaultCost)
        if err != nil {
            fmt.Fprintf(os.Stderr, "WARN: Failed to generate password hash: %v\n", err)
            controller.SetSessionError(app.DB, session, "Something went wrong. Please try again.")
            http.Redirect(w, r, "/admin/account", http.StatusFound)
            return
        }

        session.Account.Password = string(hashedPassword)
        err = controller.UpdateAccount(app.DB, session.Account)
        if err != nil {
            fmt.Fprintf(os.Stderr, "WARN: Failed to update account password: %v\n", err)
            controller.SetSessionError(app.DB, session, "Something went wrong. Please try again.")
            http.Redirect(w, r, "/admin/account", http.StatusFound)
            return
        }

        controller.SetSessionError(app.DB, session, "")
        controller.SetSessionMessage(app.DB, session, "Password updated successfully.")
        http.Redirect(w, r, "/admin/account", http.StatusFound)
    })
}

func deleteAccountHandler(app *model.AppState) http.Handler {
    return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
        if r.Method != http.MethodPost {
            http.NotFound(w, r)
            return
        }

        err := r.ParseForm()
        if err != nil {
            http.Error(w, http.StatusText(http.StatusBadRequest), http.StatusBadRequest)
            return
        }

        if !r.Form.Has("password") || !r.Form.Has("totp") {
            http.Error(w, http.StatusText(http.StatusBadRequest), http.StatusBadRequest)
            return
        }

        session := r.Context().Value("session").(*model.Session)

        // check password
        if err := bcrypt.CompareHashAndPassword([]byte(session.Account.Password), []byte(r.Form.Get("password"))); err != nil {
            fmt.Printf(
                "[%s] WARN: Account \"%s\" attempted account deletion with incorrect password.\n",
                time.Now().Format(time.UnixDate),
                session.Account.Username,
            )
            controller.SetSessionError(app.DB, session, "Incorrect password.")
            http.Redirect(w, r, "/admin/account", http.StatusFound)
            return
        }

        totpMethod, err := controller.CheckTOTPForAccount(app.DB, session.Account.ID, r.Form.Get("totp"))
        if err != nil {
            fmt.Fprintf(os.Stderr, "Failed to fetch account: %v\n", err)
            controller.SetSessionError(app.DB, session, "Something went wrong. Please try again.")
            http.Redirect(w, r, "/admin/account", http.StatusFound)
            return
        }
        if totpMethod == nil {
            fmt.Printf(
                "[%s] WARN: Account \"%s\" attempted account deletion with incorrect TOTP.\n",
                time.Now().Format(time.UnixDate),
                session.Account.Username,
            )
            controller.SetSessionError(app.DB, session, "Incorrect TOTP.")
            http.Redirect(w, r, "/admin/account", http.StatusFound)
        }

        err = controller.DeleteAccount(app.DB, session.Account.ID)
        if err != nil {
            fmt.Fprintf(os.Stderr, "Failed to delete account: %v\n", err)
            controller.SetSessionError(app.DB, session, "Something went wrong. Please try again.")
            http.Redirect(w, r, "/admin/account", http.StatusFound)
            return
        }

        fmt.Printf(
            "[%s] INFO: Account \"%s\" deleted by user request.\n",
            time.Now().Format(time.UnixDate),
            session.Account.Username,
        )

        controller.SetSessionAccount(app.DB, session, nil)
        controller.SetSessionError(app.DB, session, "")
        controller.SetSessionMessage(app.DB, session, "Account deleted successfully.")
        http.Redirect(w, r, "/admin/login", http.StatusFound)
    })
}
very rough updates to admin pages, reduced reliance on global.DB 2025-01-21 00:20:07 +00:00			`package admin`

			`import (`
			`"fmt"`
			`"net/http"`
more account settings page improvements, among others 2025-01-21 01:01:33 +00:00			`"os"`
			`"time"`
very rough updates to admin pages, reduced reliance on global.DB 2025-01-21 00:20:07 +00:00
			`"arimelody-web/controller"`
			`"arimelody-web/model"`

more account settings page improvements, among others 2025-01-21 01:01:33 +00:00			`"golang.org/x/crypto/bcrypt"`
very rough updates to admin pages, reduced reliance on global.DB 2025-01-21 00:20:07 +00:00			`)`

terrible no good massive refactor commit (oh yeah and built generic sessions for admin panel) 2025-01-23 00:37:19 +00:00			`func accountHandler(app *model.AppState) http.Handler {`
(incomplete) change password feature 2025-01-21 17:13:06 +00:00			`mux := http.NewServeMux()`

			`mux.Handle("/password", changePasswordHandler(app))`
terrible no good massive refactor commit (oh yeah and built generic sessions for admin panel) 2025-01-23 00:37:19 +00:00			`mux.Handle("/delete", deleteAccountHandler(app))`
(incomplete) change password feature 2025-01-21 17:13:06 +00:00
			`return mux`
			`}`

			`func accountIndexHandler(app *model.AppState) http.Handler {`
very rough updates to admin pages, reduced reliance on global.DB 2025-01-21 00:20:07 +00:00			`return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {`
terrible no good massive refactor commit (oh yeah and built generic sessions for admin panel) 2025-01-23 00:37:19 +00:00			`session := r.Context().Value("session").(*model.Session)`
very rough updates to admin pages, reduced reliance on global.DB 2025-01-21 00:20:07 +00:00
terrible no good massive refactor commit (oh yeah and built generic sessions for admin panel) 2025-01-23 00:37:19 +00:00			`totps, err := controller.GetTOTPsForAccount(app.DB, session.Account.ID)`
very rough updates to admin pages, reduced reliance on global.DB 2025-01-21 00:20:07 +00:00			`if err != nil {`
			`fmt.Printf("WARN: Failed to fetch TOTPs: %v\n", err)`
			`http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)`
			`}`

(incomplete) change password feature 2025-01-21 17:13:06 +00:00			`type accountResponse struct {`
terrible no good massive refactor commit (oh yeah and built generic sessions for admin panel) 2025-01-23 00:37:19 +00:00			`Session *model.Session`
very rough updates to admin pages, reduced reliance on global.DB 2025-01-21 00:20:07 +00:00			`TOTPs []model.TOTP`
			`}`

tidying some things up session message handling is pretty annoying; should look into a better method of doing this 2025-01-23 09:39:40 +00:00			`sessionMessage := session.Message`
			`sessionError := session.Error`
			`controller.SetSessionMessage(app.DB, session, "")`
			`controller.SetSessionError(app.DB, session, "")`
			`session.Message = sessionMessage`
			`session.Error = sessionError`

(incomplete) change password feature 2025-01-21 17:13:06 +00:00			`err = pages["account"].Execute(w, accountResponse{`
terrible no good massive refactor commit (oh yeah and built generic sessions for admin panel) 2025-01-23 00:37:19 +00:00			`Session: session,`
very rough updates to admin pages, reduced reliance on global.DB 2025-01-21 00:20:07 +00:00			`TOTPs: totps,`
			`})`
			`if err != nil {`
			`fmt.Printf("WARN: Failed to render admin account page: %v\n", err)`
			`http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)`
			`}`
			`})`
			`}`

terrible no good massive refactor commit (oh yeah and built generic sessions for admin panel) 2025-01-23 00:37:19 +00:00			`func changePasswordHandler(app *model.AppState) http.Handler {`
more account settings page improvements, among others 2025-01-21 01:01:33 +00:00			`return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {`
			`if r.Method != http.MethodPost {`
terrible no good massive refactor commit (oh yeah and built generic sessions for admin panel) 2025-01-23 00:37:19 +00:00			`http.NotFound(w, r)`
more account settings page improvements, among others 2025-01-21 01:01:33 +00:00			`return`
			`}`

terrible no good massive refactor commit (oh yeah and built generic sessions for admin panel) 2025-01-23 00:37:19 +00:00			`session := r.Context().Value("session").(*model.Session)`
more account settings page improvements, among others 2025-01-21 01:01:33 +00:00
tidying some things up session message handling is pretty annoying; should look into a better method of doing this 2025-01-23 09:39:40 +00:00			`controller.SetSessionMessage(app.DB, session, "")`
			`controller.SetSessionError(app.DB, session, "")`

terrible no good massive refactor commit (oh yeah and built generic sessions for admin panel) 2025-01-23 00:37:19 +00:00			`r.ParseForm()`
more account settings page improvements, among others 2025-01-21 01:01:33 +00:00
terrible no good massive refactor commit (oh yeah and built generic sessions for admin panel) 2025-01-23 00:37:19 +00:00			`currentPassword := r.Form.Get("current-password")`
			`if err := bcrypt.CompareHashAndPassword([]byte(session.Account.Password), []byte(currentPassword)); err != nil {`
tidying some things up session message handling is pretty annoying; should look into a better method of doing this 2025-01-23 09:39:40 +00:00			`controller.SetSessionError(app.DB, session, "Incorrect password.")`
terrible no good massive refactor commit (oh yeah and built generic sessions for admin panel) 2025-01-23 00:37:19 +00:00			`http.Redirect(w, r, "/admin/account", http.StatusFound)`
more account settings page improvements, among others 2025-01-21 01:01:33 +00:00			`return`
			`}`

terrible no good massive refactor commit (oh yeah and built generic sessions for admin panel) 2025-01-23 00:37:19 +00:00			`newPassword := r.Form.Get("new-password")`
more account settings page improvements, among others 2025-01-21 01:01:33 +00:00
tidying some things up session message handling is pretty annoying; should look into a better method of doing this 2025-01-23 09:39:40 +00:00			`hashedPassword, err := bcrypt.GenerateFromPassword([]byte(newPassword), bcrypt.DefaultCost)`
			`if err != nil {`
			`fmt.Fprintf(os.Stderr, "WARN: Failed to generate password hash: %v\n", err)`
			`controller.SetSessionError(app.DB, session, "Something went wrong. Please try again.")`
			`http.Redirect(w, r, "/admin/account", http.StatusFound)`
			`return`
			`}`

			`session.Account.Password = string(hashedPassword)`
			`err = controller.UpdateAccount(app.DB, session.Account)`
			`if err != nil {`
			`fmt.Fprintf(os.Stderr, "WARN: Failed to update account password: %v\n", err)`
			`controller.SetSessionError(app.DB, session, "Something went wrong. Please try again.")`
			`http.Redirect(w, r, "/admin/account", http.StatusFound)`
			`return`
			`}`

			`controller.SetSessionError(app.DB, session, "")`
			`controller.SetSessionMessage(app.DB, session, "Password updated successfully.")`
terrible no good massive refactor commit (oh yeah and built generic sessions for admin panel) 2025-01-23 00:37:19 +00:00			`http.Redirect(w, r, "/admin/account", http.StatusFound)`
more account settings page improvements, among others 2025-01-21 01:01:33 +00:00			`})`
			`}`

terrible no good massive refactor commit (oh yeah and built generic sessions for admin panel) 2025-01-23 00:37:19 +00:00			`func deleteAccountHandler(app *model.AppState) http.Handler {`
more account settings page improvements, among others 2025-01-21 01:01:33 +00:00			`return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {`
			`if r.Method != http.MethodPost {`
			`http.NotFound(w, r)`
			`return`
			`}`

terrible no good massive refactor commit (oh yeah and built generic sessions for admin panel) 2025-01-23 00:37:19 +00:00			`err := r.ParseForm()`
more account settings page improvements, among others 2025-01-21 01:01:33 +00:00			`if err != nil {`
terrible no good massive refactor commit (oh yeah and built generic sessions for admin panel) 2025-01-23 00:37:19 +00:00			`http.Error(w, http.StatusText(http.StatusBadRequest), http.StatusBadRequest)`
more account settings page improvements, among others 2025-01-21 01:01:33 +00:00			`return`
			`}`

terrible no good massive refactor commit (oh yeah and built generic sessions for admin panel) 2025-01-23 00:37:19 +00:00			`if !r.Form.Has("password") \|\| !r.Form.Has("totp") {`
			`http.Error(w, http.StatusText(http.StatusBadRequest), http.StatusBadRequest)`
more account settings page improvements, among others 2025-01-21 01:01:33 +00:00			`return`
			`}`

terrible no good massive refactor commit (oh yeah and built generic sessions for admin panel) 2025-01-23 00:37:19 +00:00			`session := r.Context().Value("session").(*model.Session)`
more account settings page improvements, among others 2025-01-21 01:01:33 +00:00
terrible no good massive refactor commit (oh yeah and built generic sessions for admin panel) 2025-01-23 00:37:19 +00:00			`// check password`
			`if err := bcrypt.CompareHashAndPassword([]byte(session.Account.Password), []byte(r.Form.Get("password"))); err != nil {`
			`fmt.Printf(`
			`"[%s] WARN: Account \"%s\" attempted account deletion with incorrect password.\n",`
tidying some things up session message handling is pretty annoying; should look into a better method of doing this 2025-01-23 09:39:40 +00:00			`time.Now().Format(time.UnixDate),`
terrible no good massive refactor commit (oh yeah and built generic sessions for admin panel) 2025-01-23 00:37:19 +00:00			`session.Account.Username,`
			`)`
tidying some things up session message handling is pretty annoying; should look into a better method of doing this 2025-01-23 09:39:40 +00:00			`controller.SetSessionError(app.DB, session, "Incorrect password.")`
terrible no good massive refactor commit (oh yeah and built generic sessions for admin panel) 2025-01-23 00:37:19 +00:00			`http.Redirect(w, r, "/admin/account", http.StatusFound)`
more account settings page improvements, among others 2025-01-21 01:01:33 +00:00			`return`
			`}`

terrible no good massive refactor commit (oh yeah and built generic sessions for admin panel) 2025-01-23 00:37:19 +00:00			`totpMethod, err := controller.CheckTOTPForAccount(app.DB, session.Account.ID, r.Form.Get("totp"))`
more account settings page improvements, among others 2025-01-21 01:01:33 +00:00			`if err != nil {`
terrible no good massive refactor commit (oh yeah and built generic sessions for admin panel) 2025-01-23 00:37:19 +00:00			`fmt.Fprintf(os.Stderr, "Failed to fetch account: %v\n", err)`
tidying some things up session message handling is pretty annoying; should look into a better method of doing this 2025-01-23 09:39:40 +00:00			`controller.SetSessionError(app.DB, session, "Something went wrong. Please try again.")`
terrible no good massive refactor commit (oh yeah and built generic sessions for admin panel) 2025-01-23 00:37:19 +00:00			`http.Redirect(w, r, "/admin/account", http.StatusFound)`
more account settings page improvements, among others 2025-01-21 01:01:33 +00:00			`return`
			`}`
terrible no good massive refactor commit (oh yeah and built generic sessions for admin panel) 2025-01-23 00:37:19 +00:00			`if totpMethod == nil {`
			`fmt.Printf(`
			`"[%s] WARN: Account \"%s\" attempted account deletion with incorrect TOTP.\n",`
tidying some things up session message handling is pretty annoying; should look into a better method of doing this 2025-01-23 09:39:40 +00:00			`time.Now().Format(time.UnixDate),`
terrible no good massive refactor commit (oh yeah and built generic sessions for admin panel) 2025-01-23 00:37:19 +00:00			`session.Account.Username,`
			`)`
tidying some things up session message handling is pretty annoying; should look into a better method of doing this 2025-01-23 09:39:40 +00:00			`controller.SetSessionError(app.DB, session, "Incorrect TOTP.")`
terrible no good massive refactor commit (oh yeah and built generic sessions for admin panel) 2025-01-23 00:37:19 +00:00			`http.Redirect(w, r, "/admin/account", http.StatusFound)`
more account settings page improvements, among others 2025-01-21 01:01:33 +00:00			`}`

terrible no good massive refactor commit (oh yeah and built generic sessions for admin panel) 2025-01-23 00:37:19 +00:00			`err = controller.DeleteAccount(app.DB, session.Account.ID)`
more account settings page improvements, among others 2025-01-21 01:01:33 +00:00			`if err != nil {`
terrible no good massive refactor commit (oh yeah and built generic sessions for admin panel) 2025-01-23 00:37:19 +00:00			`fmt.Fprintf(os.Stderr, "Failed to delete account: %v\n", err)`
tidying some things up session message handling is pretty annoying; should look into a better method of doing this 2025-01-23 09:39:40 +00:00			`controller.SetSessionError(app.DB, session, "Something went wrong. Please try again.")`
terrible no good massive refactor commit (oh yeah and built generic sessions for admin panel) 2025-01-23 00:37:19 +00:00			`http.Redirect(w, r, "/admin/account", http.StatusFound)`
(incomplete) change password feature 2025-01-21 17:13:06 +00:00			`return`
			`}`

terrible no good massive refactor commit (oh yeah and built generic sessions for admin panel) 2025-01-23 00:37:19 +00:00			`fmt.Printf(`
			`"[%s] INFO: Account \"%s\" deleted by user request.\n",`
tidying some things up session message handling is pretty annoying; should look into a better method of doing this 2025-01-23 09:39:40 +00:00			`time.Now().Format(time.UnixDate),`
terrible no good massive refactor commit (oh yeah and built generic sessions for admin panel) 2025-01-23 00:37:19 +00:00			`session.Account.Username,`
(incomplete) change password feature 2025-01-21 17:13:06 +00:00			`)`
terrible no good massive refactor commit (oh yeah and built generic sessions for admin panel) 2025-01-23 00:37:19 +00:00
tidying some things up session message handling is pretty annoying; should look into a better method of doing this 2025-01-23 09:39:40 +00:00			`controller.SetSessionAccount(app.DB, session, nil)`
			`controller.SetSessionError(app.DB, session, "")`
terrible no good massive refactor commit (oh yeah and built generic sessions for admin panel) 2025-01-23 00:37:19 +00:00			`controller.SetSessionMessage(app.DB, session, "Account deleted successfully.")`
			`http.Redirect(w, r, "/admin/login", http.StatusFound)`
more account settings page improvements, among others 2025-01-21 01:01:33 +00:00			`})`
			`}`