216 lines
6.2 KiB
Go
216 lines
6.2 KiB
Go
package handlers
|
|
|
|
import (
|
|
"crypto/hmac"
|
|
"crypto/sha256"
|
|
"encoding/base64"
|
|
"fmt"
|
|
"gralias/models"
|
|
"gralias/utils"
|
|
"html/template"
|
|
"net/http"
|
|
"strings"
|
|
"time"
|
|
)
|
|
|
|
func abortWithError(w http.ResponseWriter, msg string) {
|
|
w.WriteHeader(200) // must be 200 for htmx to replace components
|
|
tmpl := template.Must(template.ParseGlob("components/*.html"))
|
|
if err := tmpl.ExecuteTemplate(w, "error", msg); err != nil {
|
|
log.Error("failed to execute error template", "error", err)
|
|
}
|
|
}
|
|
|
|
func HandleNameCheck(w http.ResponseWriter, r *http.Request) {
|
|
if err := r.ParseForm(); err != nil {
|
|
log.Error("failed to parse form", "error", err)
|
|
abortWithError(w, err.Error())
|
|
return
|
|
}
|
|
username := r.PostFormValue("username")
|
|
if username == "" {
|
|
msg := "username not provided"
|
|
log.Error(msg)
|
|
abortWithError(w, msg)
|
|
return
|
|
}
|
|
cleanName := utils.RemoveSpacesFromStr(username)
|
|
allNames, err := repo.PlayerListNames(r.Context())
|
|
if err != nil {
|
|
abortWithError(w, err.Error())
|
|
return
|
|
}
|
|
log.Info("names check", "taken_names", allNames, "trying_name", cleanName)
|
|
tmpl, err := template.ParseGlob("components/*.html")
|
|
if err != nil {
|
|
abortWithError(w, err.Error())
|
|
return
|
|
}
|
|
if utils.StrInSlice(cleanName, allNames) {
|
|
err := fmt.Errorf("name: %s already taken", cleanName)
|
|
log.Warn("already taken", "error", err)
|
|
if err := tmpl.ExecuteTemplate(w, "namecheck", 2); err != nil {
|
|
log.Error("failed to execute namecheck template", "error", err)
|
|
}
|
|
return
|
|
}
|
|
if err := tmpl.ExecuteTemplate(w, "namecheck", 0); err != nil {
|
|
log.Error("failed to execute namecheck template", "error", err)
|
|
}
|
|
}
|
|
|
|
func HandleFrontLogin(w http.ResponseWriter, r *http.Request) {
|
|
if err := r.ParseForm(); err != nil {
|
|
abortWithError(w, err.Error())
|
|
return
|
|
}
|
|
username := r.PostFormValue("username")
|
|
if username == "" {
|
|
msg := "username not provided"
|
|
log.Error(msg)
|
|
abortWithError(w, msg)
|
|
return
|
|
}
|
|
password := r.PostFormValue("password")
|
|
var makeplayer bool
|
|
roomID := r.PostFormValue("room_id")
|
|
// make sure username does not exists
|
|
cleanName := utils.RemoveSpacesFromStr(username)
|
|
clearPass := utils.RemoveSpacesFromStr(password)
|
|
// check if that user was already in db
|
|
userstate, err := repo.PlayerGetByName(r.Context(), cleanName)
|
|
if err != nil || userstate == nil {
|
|
log.Debug("making new player", "error", err, "state", userstate, "clean_name", cleanName)
|
|
userstate = models.InitPlayer(cleanName)
|
|
makeplayer = true
|
|
} else {
|
|
if userstate.Password != clearPass {
|
|
log.Error("wrong password", "username", cleanName, "password", clearPass)
|
|
abortWithError(w, "wrong password")
|
|
return
|
|
}
|
|
}
|
|
// login user
|
|
cookie, session, err := makeCookie(cleanName, r.RemoteAddr)
|
|
if err != nil {
|
|
log.Error("failed to login", "error", err)
|
|
abortWithError(w, err.Error())
|
|
return
|
|
}
|
|
http.SetCookie(w, cookie)
|
|
fi := &models.FullInfo{
|
|
State: userstate,
|
|
}
|
|
// check if room_id provided and exists
|
|
if roomID != "" {
|
|
log.Debug("got room_id in login", "room_id", roomID)
|
|
// room, err := getRoomByID(roomID)
|
|
room, err := repo.RoomGetByID(r.Context(), roomID)
|
|
if err != nil {
|
|
abortWithError(w, err.Error())
|
|
return
|
|
}
|
|
fi.List = nil
|
|
fi.State.RoomID = &room.ID
|
|
if err := repo.PlayerSetRoomID(r.Context(), room.ID, fi.State.Username); err != nil {
|
|
abortWithError(w, err.Error())
|
|
return
|
|
}
|
|
} else {
|
|
log.Debug("no room_id in login")
|
|
// fi.List = listRooms(false)
|
|
fi.List, err = repo.RoomList(r.Context())
|
|
if err != nil {
|
|
abortWithError(w, err.Error())
|
|
return
|
|
}
|
|
// save state to cache
|
|
if makeplayer {
|
|
userstate.Password = clearPass
|
|
if err := repo.PlayerAdd(r.Context(), userstate); err != nil {
|
|
log.Error("failed to save state", "error", err)
|
|
abortWithError(w, err.Error())
|
|
return
|
|
}
|
|
}
|
|
}
|
|
if err := repo.SessionCreate(r.Context(), session); err != nil {
|
|
log.Error("failed to save session", "error", err)
|
|
abortWithError(w, err.Error())
|
|
return
|
|
}
|
|
http.Redirect(w, r, "/", 302)
|
|
}
|
|
|
|
func makeCookie(username string, remote string) (*http.Cookie, *models.Session, error) {
|
|
// secret
|
|
// Create a new random session token
|
|
// sessionToken := xid.New().String()
|
|
sessionToken := "sessionprefix_" + username
|
|
// expiresAt := time.Now().Add(time.Duration(cfg.SessionLifetime) * time.Second)
|
|
// Set the token in the session map, along with the session information
|
|
session := &models.Session{
|
|
Username: username,
|
|
TokenKey: sessionToken,
|
|
UpdatedAt: time.Now(),
|
|
Lifetime: uint32(cfg.SessionLifetime / 60),
|
|
}
|
|
cookieName := "session_token"
|
|
// hmac to protect cookies
|
|
hm := hmac.New(sha256.New, []byte(cfg.CookieSecret))
|
|
hm.Write([]byte(cookieName))
|
|
hm.Write([]byte(sessionToken))
|
|
signature := hm.Sum(nil)
|
|
// b64 enc to avoid non-ascii
|
|
cookieValue := base64.URLEncoding.EncodeToString([]byte(
|
|
string(signature) + sessionToken))
|
|
cookie := &http.Cookie{
|
|
Name: cookieName,
|
|
Value: cookieValue,
|
|
Secure: true,
|
|
HttpOnly: true,
|
|
SameSite: http.SameSiteNoneMode,
|
|
}
|
|
log.Info("check remote addr for cookie set",
|
|
"remote", remote, "session", session)
|
|
if strings.Contains(remote, "192.168.0") {
|
|
cookie.Domain = "192.168.0.100"
|
|
cookie.SameSite = http.SameSiteLaxMode
|
|
cookie.Secure = false
|
|
log.Info("changing cookie domain", "domain", cookie.Domain)
|
|
}
|
|
// player, err := repo.PlayerGetByName(context.Background(), username)
|
|
// if err != nil || player == nil {
|
|
// // make player first, since username is fk to players table
|
|
// player = models.InitPlayer(username)
|
|
// if err := repo.PlayerAdd(context.Background(), player); err != nil {
|
|
// slog.Error("failed to create player", "username", username)
|
|
// return nil, err
|
|
// }
|
|
// }
|
|
// if err := repo.SessionCreate(context.Background(), session); err != nil {
|
|
// return nil, err
|
|
// }
|
|
return cookie, session, nil
|
|
}
|
|
|
|
func HandleSignout(w http.ResponseWriter, r *http.Request) {
|
|
cookie := &http.Cookie{
|
|
Name: "session_token",
|
|
Value: "",
|
|
Path: "/",
|
|
MaxAge: -1,
|
|
HttpOnly: true,
|
|
}
|
|
cookie.Secure = true
|
|
cookie.SameSite = http.SameSiteNoneMode
|
|
if strings.Contains(r.RemoteAddr, "192.168.0") {
|
|
cookie.Domain = "192.168.0.100"
|
|
cookie.SameSite = http.SameSiteLaxMode
|
|
cookie.Secure = false
|
|
log.Info("changing cookie domain for signout", "domain", cookie.Domain)
|
|
}
|
|
http.SetCookie(w, cookie)
|
|
http.Redirect(w, r, "/", http.StatusFound)
|
|
}
|