176 lines
6.1 KiB
Go
176 lines
6.1 KiB
Go
package api
|
|
|
|
import (
|
|
"arimelody-web/controller"
|
|
"arimelody-web/model"
|
|
"arimelody-web/global"
|
|
"encoding/json"
|
|
"fmt"
|
|
"net/http"
|
|
"os"
|
|
"strings"
|
|
"time"
|
|
|
|
"golang.org/x/crypto/bcrypt"
|
|
)
|
|
|
|
func handleLogin() http.HandlerFunc {
|
|
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
|
if r.Method != http.MethodPost {
|
|
http.NotFound(w, r)
|
|
return
|
|
}
|
|
|
|
type LoginRequest struct {
|
|
Username string `json:"username"`
|
|
Password string `json:"password"`
|
|
}
|
|
|
|
credentials := LoginRequest{}
|
|
err := json.NewDecoder(r.Body).Decode(&credentials)
|
|
if err != nil {
|
|
http.Error(w, http.StatusText(http.StatusBadRequest), http.StatusBadRequest)
|
|
return
|
|
}
|
|
|
|
account, err := controller.GetAccount(global.DB, credentials.Username)
|
|
if err != nil {
|
|
if strings.Contains(err.Error(), "no rows") {
|
|
http.Error(w, "Invalid username or password", http.StatusBadRequest)
|
|
return
|
|
}
|
|
fmt.Fprintf(os.Stderr, "WARN: Failed to retrieve account: %s\n", err.Error())
|
|
http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)
|
|
return
|
|
}
|
|
|
|
err = bcrypt.CompareHashAndPassword(account.Password, []byte(credentials.Password))
|
|
if err != nil {
|
|
http.Error(w, "Invalid username or password", http.StatusBadRequest)
|
|
return
|
|
}
|
|
|
|
// TODO: sessions and tokens
|
|
|
|
w.WriteHeader(http.StatusOK)
|
|
w.Write([]byte("Logged in successfully. TODO: Session tokens\n"))
|
|
})
|
|
}
|
|
|
|
func handleAccountRegistration() http.HandlerFunc {
|
|
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
|
if r.Method != http.MethodPost {
|
|
http.NotFound(w, r)
|
|
return
|
|
}
|
|
|
|
type RegisterRequest struct {
|
|
Username string `json:"username"`
|
|
Email string `json:"email"`
|
|
Password string `json:"password"`
|
|
Code string `json:"code"`
|
|
}
|
|
|
|
credentials := RegisterRequest{}
|
|
err := json.NewDecoder(r.Body).Decode(&credentials)
|
|
if err != nil {
|
|
http.Error(w, http.StatusText(http.StatusBadRequest), http.StatusBadRequest)
|
|
return
|
|
}
|
|
|
|
// make sure code exists in DB
|
|
invite := model.Invite{}
|
|
err = global.DB.Get(&invite, "SELECT * FROM invite WHERE code=$1", credentials.Code)
|
|
if err != nil {
|
|
if strings.Contains(err.Error(), "no rows") {
|
|
http.Error(w, "Invalid invite code", http.StatusBadRequest)
|
|
return
|
|
}
|
|
fmt.Fprintf(os.Stderr, "WARN: Failed to retrieve invite: %s\n", err.Error())
|
|
http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)
|
|
return
|
|
}
|
|
|
|
if time.Now().After(invite.ExpiresAt) {
|
|
http.Error(w, "Invalid invite code", http.StatusBadRequest)
|
|
_, err = global.DB.Exec("DELETE FROM invite WHERE code=$1", credentials.Code)
|
|
if err != nil { fmt.Fprintf(os.Stderr, "WARN: Failed to delete expired invite: %s\n", err.Error()) }
|
|
return
|
|
}
|
|
|
|
hashedPassword, err := bcrypt.GenerateFromPassword([]byte(credentials.Password), bcrypt.DefaultCost)
|
|
if err != nil {
|
|
fmt.Fprintf(os.Stderr, "WARN: Failed to generate password hash: %s\n", err.Error())
|
|
http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)
|
|
return
|
|
}
|
|
|
|
account := model.Account{
|
|
Username: credentials.Username,
|
|
Password: hashedPassword,
|
|
Email: credentials.Email,
|
|
AvatarURL: "/img/default-avatar.png",
|
|
}
|
|
err = controller.CreateAccount(global.DB, &account)
|
|
if err != nil {
|
|
fmt.Fprintf(os.Stderr, "WARN: Failed to create account: %s\n", err.Error())
|
|
http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)
|
|
return
|
|
}
|
|
|
|
_, err = global.DB.Exec("DELETE FROM invite WHERE code=$1", credentials.Code)
|
|
if err != nil { fmt.Fprintf(os.Stderr, "WARN: Failed to delete expired invite: %s\n", err.Error()) }
|
|
|
|
w.WriteHeader(http.StatusCreated)
|
|
w.Write([]byte("Account created successfully\n"))
|
|
})
|
|
}
|
|
|
|
func handleDeleteAccount() http.HandlerFunc {
|
|
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
|
if r.Method != http.MethodPost {
|
|
http.NotFound(w, r)
|
|
return
|
|
}
|
|
|
|
type LoginRequest struct {
|
|
Username string `json:"username"`
|
|
Password string `json:"password"`
|
|
}
|
|
|
|
credentials := LoginRequest{}
|
|
err := json.NewDecoder(r.Body).Decode(&credentials)
|
|
if err != nil {
|
|
http.Error(w, http.StatusText(http.StatusBadRequest), http.StatusBadRequest)
|
|
return
|
|
}
|
|
|
|
account, err := controller.GetAccount(global.DB, credentials.Username)
|
|
if err != nil {
|
|
if strings.Contains(err.Error(), "no rows") {
|
|
http.Error(w, "Invalid username or password", http.StatusBadRequest)
|
|
return
|
|
}
|
|
fmt.Fprintf(os.Stderr, "WARN: Failed to retrieve account: %s\n", err.Error())
|
|
http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)
|
|
return
|
|
}
|
|
|
|
err = bcrypt.CompareHashAndPassword(account.Password, []byte(credentials.Password))
|
|
if err != nil {
|
|
http.Error(w, "Invalid username or password", http.StatusBadRequest)
|
|
return
|
|
}
|
|
|
|
err = controller.DeleteAccount(global.DB, account.ID)
|
|
if err != nil {
|
|
fmt.Fprintf(os.Stderr, "WARN: Failed to delete account: %s\n", err.Error())
|
|
http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)
|
|
return
|
|
}
|
|
|
|
w.WriteHeader(http.StatusOK)
|
|
w.Write([]byte("Account deleted successfully\n"))
|
|
})
|
|
}
|