diff --git a/README.md b/README.md index d04a874..beee391 100644 --- a/README.md +++ b/README.md @@ -7,6 +7,10 @@ within a restricted amount of time to make art. 2. Run the command `go run .` inside this folder 3. View the website at [127.0.0.1:8080](http://127.0.0.1:8080/) +## Go project structure +* [go.mod](go.mod) Go version and library dependencies +* [go.sum](go.sum) Checksums for libraries + ## Backend Source Our back-end is written in [Go](https://go.dev/) using the standard library. * [Request handling](server.go) diff --git a/db.json b/db.json deleted file mode 100644 index f7fe8a3..0000000 --- a/db.json +++ /dev/null @@ -1 +0,0 @@ -{"xterminate18181@gmail.com":{"email":"xterminate18181@gmail.com","password":"123","account-created":"2024-09-27T05:39:11.331520582-05:00","last-login":"2024-09-27T05:39:11.331520621-05:00"}} diff --git a/go.mod b/go.mod index d3e4ddd..55c3846 100644 --- a/go.mod +++ b/go.mod @@ -2,9 +2,9 @@ module github.com/adanrsantos/ThePlaceHolders go 1.23 -require github.com/gorilla/sessions v1.4.0 - require ( - github.com/gorilla/mux v1.8.1 // indirect - github.com/gorilla/securecookie v1.1.2 // indirect + github.com/gorilla/sessions v1.4.0 + golang.org/x/crypto v0.27.0 ) + +require github.com/gorilla/securecookie v1.1.2 // indirect diff --git a/go.sum b/go.sum index 7e011b0..b04990b 100644 --- a/go.sum +++ b/go.sum @@ -1,8 +1,8 @@ github.com/google/gofuzz v1.2.0 h1:xRy4A+RhZaiKjJ1bPfwQ8sedCA+YS2YcCHW6ec7JMi0= github.com/google/gofuzz v1.2.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= -github.com/gorilla/mux v1.8.1 h1:TuBL49tXwgrFYWhqrNgrUNEY92u81SPhu7sTdzQEiWY= -github.com/gorilla/mux v1.8.1/go.mod h1:AKf9I4AEqPTmMytcMc0KkNouC66V3BtZ4qD5fmWSiMQ= github.com/gorilla/securecookie v1.1.2 h1:YCIWL56dvtr73r6715mJs5ZvhtnY73hBvEF8kXD8ePA= github.com/gorilla/securecookie v1.1.2/go.mod h1:NfCASbcHqRSY+3a8tlWJwsQap2VX5pwzwo4h3eOamfo= github.com/gorilla/sessions v1.4.0 h1:kpIYOp/oi6MG/p5PgxApU8srsSw9tuFbt46Lt7auzqQ= github.com/gorilla/sessions v1.4.0/go.mod h1:FLWm50oby91+hl7p/wRxDth9bWSuk0qVL2emc7lT5ik= +golang.org/x/crypto v0.27.0 h1:GXm2NjJrPaiv/h1tb2UH8QfgC/hOf/+z0p6PT8o1w7A= +golang.org/x/crypto v0.27.0/go.mod h1:1Xngt8kV6Dvbssa53Ziq6Eqn0HqbZi5Z6R0ZpwQzt70= diff --git a/server.go b/server.go index 734938b..c4b9890 100644 --- a/server.go +++ b/server.go @@ -4,7 +4,6 @@ import ( "fmt" "log" "net/http" - "strings" "github.com/gorilla/sessions" ) diff --git a/users.go b/users.go index f7dd3a6..3181e67 100644 --- a/users.go +++ b/users.go @@ -1,21 +1,36 @@ package main import ( - "encoding/json" - "fmt" "net/http" - "os" + "regexp" + "strings" "time" + + "golang.org/x/crypto/bcrypt" ) const SESSION_COOKIE_NAME = "utsa-place-session" const SESSION_AUTH = "auth" +const ENCRYPTION_STRENGTH = 14 + type UserData struct { - Email string `json:"email"` - Password string `json:"password"` - AccountCreated time.Time `json:"account-created"` - LastLogin time.Time `json:"last-login"` + Email string + Password string + AccountCreated time.Time + LastLogin time.Time +} + +func validate_email(email string) (string, bool) { + email = strings.ToLower(email) + regex := regexp.MustCompile("^[a-z]+.[a-z]+@(my.)?utsa.edu") + ok := regex.MatchString(email) + return email, ok +} + +func hash_password(password string) string { + bytes, _ := bcrypt.GenerateFromPassword([]byte(password), ENCRYPTION_STRENGTH) + return string(bytes) } // Handles requests to /login.html @@ -65,13 +80,19 @@ func (s *Server) handle_register(w http.ResponseWriter, r *http.Request) { http.ServeFile(w, r, "./static/register.html") case http.MethodPost: // Get data from form - email := r.FormValue("email") + email, ok := validate_email(r.FormValue("email")) + if !ok { + http.Error(w, "Invalid email address", http.StatusForbidden) + return + } password := r.FormValue("password") - fmt.Println(r.Form) + if len(password) < 5 || len(password) >= 70 { + http.Error(w, "Invalid password length", http.StatusForbidden) + return + } // Check that this email is not already registered if _, ok := s.Users[email]; ok { - fmt.Println("Already registered") - http.Error(w, "Forbidden", http.StatusForbidden) + http.Error(w, "Already registered", http.StatusForbidden) return } // Generate session @@ -94,7 +115,6 @@ func (s *Server) handle_register(w http.ResponseWriter, r *http.Request) { // Send session token to browser session.Save(r, w) // Redirect to index.html - s.save_state() http.Redirect(w, r, "/", http.StatusFound) default: http.Error(w, "Forbidden", http.StatusForbidden) @@ -114,12 +134,3 @@ func (s *Server) handle_logout(w http.ResponseWriter, r *http.Request) { MaxAge: -1, }) } - -func (s *Server) save_state() { - file, err := os.Create("db.json") - if err != nil { - panic(err) - } - defer file.Close() - json.NewEncoder(file).Encode(s.Users) -}