mirror of
https://github.com/Theodor-Springmann-Stiftung/musenalm.git
synced 2025-10-29 17:25:32 +00:00
user login & middleware complete
This commit is contained in:
Simon Martens
143
pages/login.go
Normal file
143
pages/login.go
Normal file
@@ -0,0 +1,143 @@
|
||||
package pages
|
||||
|
||||
import (
|
||||
"fmt"
|
||||
"net/http"
|
||||
"time"
|
||||
|
||||
"github.com/Theodor-Springmann-Stiftung/musenalm/app"
|
||||
"github.com/Theodor-Springmann-Stiftung/musenalm/dbmodels"
|
||||
"github.com/Theodor-Springmann-Stiftung/musenalm/helpers/security"
|
||||
"github.com/Theodor-Springmann-Stiftung/musenalm/pagemodels"
|
||||
"github.com/Theodor-Springmann-Stiftung/musenalm/templating"
|
||||
"github.com/pocketbase/pocketbase/core"
|
||||
"github.com/pocketbase/pocketbase/tools/router"
|
||||
)
|
||||
|
||||
const (
|
||||
URL_LOGIN = "/login/"
|
||||
TEMPLATE_LOGIN = "/login/"
|
||||
)
|
||||
|
||||
// TODO:
|
||||
// - rate limiting
|
||||
// - maybe csrf
|
||||
|
||||
func init() {
|
||||
csrf_cache, err := security.NewCSRFProtector(time.Minute*5, time.Minute)
|
||||
if err != nil {
|
||||
panic(err)
|
||||
}
|
||||
|
||||
lp := &LoginPage{
|
||||
StaticPage: pagemodels.StaticPage{
|
||||
Name: pagemodels.P_LOGIN_NAME,
|
||||
Layout: "blank",
|
||||
Template: TEMPLATE_LOGIN,
|
||||
URL: URL_LOGIN,
|
||||
},
|
||||
csrf_cache: csrf_cache,
|
||||
}
|
||||
app.Register(lp)
|
||||
}
|
||||
|
||||
type LoginPage struct {
|
||||
pagemodels.StaticPage
|
||||
csrf_cache *security.CSRFProtector
|
||||
}
|
||||
|
||||
func (p *LoginPage) Setup(router *router.Router[*core.RequestEvent], app core.App, engine *templating.Engine) error {
|
||||
router.GET(URL_LOGIN, p.GET(engine))
|
||||
router.POST(URL_LOGIN, p.POST(engine, app))
|
||||
return nil
|
||||
}
|
||||
|
||||
func (p *LoginPage) GET(engine *templating.Engine) HandleFunc {
|
||||
return func(e *core.RequestEvent) error {
|
||||
data := make(map[string]any)
|
||||
data["record"] = p
|
||||
nonce, token, err := p.csrf_cache.GenerateTokenBundle()
|
||||
if err != nil {
|
||||
return engine.Response500(e, err, data)
|
||||
}
|
||||
data["csrf_nonce"] = nonce
|
||||
data["csrf_token"] = token
|
||||
|
||||
// TODO: the function to delete tokens is not yet there
|
||||
// as of right now, the tokens get only deleted from the clients
|
||||
// We need to delete the tokens from the cache + table.
|
||||
e.SetCookie(&http.Cookie{
|
||||
Name: dbmodels.SESSION_COOKIE_NAME,
|
||||
Path: "/",
|
||||
MaxAge: -1,
|
||||
})
|
||||
e.Response.Header().Set("Clear-Site-Data", "\"cookies\"")
|
||||
|
||||
return engine.Response200(e, p.Template, data, p.Layout)
|
||||
}
|
||||
}
|
||||
|
||||
func (p *LoginPage) POST(engine *templating.Engine, app core.App) HandleFunc {
|
||||
return func(e *core.RequestEvent) error {
|
||||
data := make(map[string]any)
|
||||
data["record"] = p
|
||||
|
||||
formdata := struct {
|
||||
Username string `json:"username" form:"username"`
|
||||
Password string `json:"password" form:"password"`
|
||||
CsrfNonce string `json:"csrf_nonce" form:"csrf_nonce"`
|
||||
CsrfToken string `json:"csrf_token" form:"csrf_token"`
|
||||
Persistent string `json:"persist" form:"persist"`
|
||||
}{}
|
||||
|
||||
if err := e.BindBody(&formdata); err != nil {
|
||||
return engine.Response500(e, err, data)
|
||||
}
|
||||
|
||||
if _, err := p.csrf_cache.ValidateTokenBundle(formdata.CsrfNonce, formdata.CsrfToken); err != nil {
|
||||
return engine.Response403(e, err, data)
|
||||
}
|
||||
|
||||
if formdata.Username == "" || formdata.Password == "" {
|
||||
return engine.Response403(e, fmt.Errorf("Username and password are required"), data)
|
||||
}
|
||||
|
||||
record, err := app.FindFirstRecordByData(dbmodels.USERS_TABLE, dbmodels.USERS_EMAIL_FIELD, formdata.Username)
|
||||
if err != nil || !record.ValidatePassword(formdata.Password) {
|
||||
return engine.Response403(e, err, data)
|
||||
}
|
||||
|
||||
duration := time.Minute * 60
|
||||
if formdata.Persistent == "on" {
|
||||
duration = time.Hour * 24 * 90
|
||||
}
|
||||
|
||||
token, err := dbmodels.CreateSessionToken(app, record.Id, e.RealIP(), e.Request.UserAgent(), formdata.Persistent == "on", duration)
|
||||
if err != nil {
|
||||
return engine.Response500(e, err, data)
|
||||
}
|
||||
|
||||
if formdata.Persistent == "on" {
|
||||
e.SetCookie(&http.Cookie{
|
||||
Name: dbmodels.SESSION_COOKIE_NAME,
|
||||
Path: "/",
|
||||
MaxAge: int(duration.Seconds()),
|
||||
Value: token.Token(),
|
||||
SameSite: http.SameSiteLaxMode,
|
||||
HttpOnly: true,
|
||||
Secure: true,
|
||||
})
|
||||
} else {
|
||||
e.SetCookie(&http.Cookie{
|
||||
Name: dbmodels.SESSION_COOKIE_NAME,
|
||||
Path: "/",
|
||||
Value: token.Token(),
|
||||
SameSite: http.SameSiteLaxMode,
|
||||
HttpOnly: true,
|
||||
Secure: true,
|
||||
})
|
||||
}
|
||||
|
||||
return e.Redirect(303, "/reihen")
|
||||
}
|
||||
}
|
||||
Reference in New Issue
Block a user