logan/ThePlaceHolders
1
0
Fork 0
mirror of https://github.com/adanrsantos/ThePlaceHolders.git synced 2024-12-16 14:20:39 -06:00
Code Issues Actions Packages Projects Releases Wiki Activity

Fixed bug with session handling

Browse source
This commit is contained in:
Logan 2024-09-27 14:37:49 -05:00
parent 0e7d1a43e2
commit c0b826afa8
9 changed files with 132 additions and 95 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
db.json Normal file
View file

@ -0,0 +1 @@
{"xterminate18181@gmail.com":{"email":"xterminate18181@gmail.com","password":"123","account-created":"2024-09-27T05:39:11.331520582-05:00","last-login":"2024-09-27T05:39:11.331520621-05:00"}}

5
go.mod
View file

@ -4,4 +4,7 @@ go 1.23
require github.com/gorilla/sessions v1.4.0 require github.com/gorilla/sessions v1.4.0
require github.com/gorilla/securecookie v1.1.2 // indirect require (
github.com/gorilla/mux v1.8.1 // indirect
github.com/gorilla/securecookie v1.1.2 // indirect
)

2
go.sum
View file

@ -1,5 +1,7 @@
github.com/google/gofuzz v1.2.0 h1:xRy4A+RhZaiKjJ1bPfwQ8sedCA+YS2YcCHW6ec7JMi0= github.com/google/gofuzz v1.2.0 h1:xRy4A+RhZaiKjJ1bPfwQ8sedCA+YS2YcCHW6ec7JMi0=
github.com/google/gofuzz v1.2.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= github.com/google/gofuzz v1.2.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
github.com/gorilla/mux v1.8.1 h1:TuBL49tXwgrFYWhqrNgrUNEY92u81SPhu7sTdzQEiWY=
github.com/gorilla/mux v1.8.1/go.mod h1:AKf9I4AEqPTmMytcMc0KkNouC66V3BtZ4qD5fmWSiMQ=
github.com/gorilla/securecookie v1.1.2 h1:YCIWL56dvtr73r6715mJs5ZvhtnY73hBvEF8kXD8ePA= github.com/gorilla/securecookie v1.1.2 h1:YCIWL56dvtr73r6715mJs5ZvhtnY73hBvEF8kXD8ePA=
github.com/gorilla/securecookie v1.1.2/go.mod h1:NfCASbcHqRSY+3a8tlWJwsQap2VX5pwzwo4h3eOamfo= github.com/gorilla/securecookie v1.1.2/go.mod h1:NfCASbcHqRSY+3a8tlWJwsQap2VX5pwzwo4h3eOamfo=
github.com/gorilla/sessions v1.4.0 h1:kpIYOp/oi6MG/p5PgxApU8srsSw9tuFbt46Lt7auzqQ= github.com/gorilla/sessions v1.4.0 h1:kpIYOp/oi6MG/p5PgxApU8srsSw9tuFbt46Lt7auzqQ=

27
server.go
View file

@ -1,10 +1,10 @@
package main package main
import ( import (
"crypto/rand"
"fmt" "fmt"
"log" "log"
"net/http" "net/http"
"strings"
"github.com/gorilla/sessions" "github.com/gorilla/sessions"
) )
@ -18,17 +18,8 @@ type Server struct {
} }
func main() { func main() {
// Set up encryption for session tokens
fmt.Print("Generating encryption key... ")
secret := make([]byte, 32)
_, err := rand.Read(secret)
if err != nil {
fmt.Println("Error generating key:")
log.Fatal(err)
return
}
fmt.Println("Done!")
// Create server object // Create server object
secret := []byte("super-secret-key")
server := Server{ server := Server{
Users: make(map[string]UserData), Users: make(map[string]UserData),
Sessions: sessions.NewCookieStore(secret), Sessions: sessions.NewCookieStore(secret),
@ -36,10 +27,16 @@ func main() {
// Host static files // Host static files
static_files := http.FileServer(http.Dir("static/")) static_files := http.FileServer(http.Dir("static/"))
http.Handle("/", static_files) http.Handle("/", static_files)
// Response generated by code // Redirect .html to clean URL
http.HandleFunc("/handle-register", server.handle_register) http.Handle("/register.html", http.RedirectHandler("/register", 301))
http.HandleFunc("/handle-login", server.handle_login) http.Handle("/login.html", http.RedirectHandler("/login", 301))
// Handle user authentication
http.HandleFunc("/register", server.handle_register)
http.HandleFunc("/login", server.handle_login)
http.HandleFunc("/logout", func(w http.ResponseWriter, r *http.Request) {
server.handle_logout(w, r)
http.Redirect(w, r, "/", http.StatusFound)
})
// Start web server at 127.0.0.1:8080 // Start web server at 127.0.0.1:8080
fmt.Printf("Listening to %s on port %s...\n", ADDRESS, PORT) fmt.Printf("Listening to %s on port %s...\n", ADDRESS, PORT)
e := http.ListenAndServe(ADDRESS+":"+PORT, nil) e := http.ListenAndServe(ADDRESS+":"+PORT, nil)

7
static/index.html
View file

@ -14,11 +14,14 @@
</h1> </h1>
<ul> <ul>
<li> <li>
<a href="/register.html"> Register </a> <a href="/register.html"> Register </a>
</li> </li>
<li> <li>
<a href="/login.html"> Login </a> <a href="/login.html"> Login </a>
</li>
<li>
<a href="/logout"> Log Out </a>
</li> </li>
</ul> </ul>
</body> </body>

6
static/login.html
View file

@ -10,15 +10,15 @@
</head> </head>
<body> <body>
<div class="d-flex p-2 justify-content-center"> <div class="d-flex p-2 justify-content-center">
<form action = "/handle-login" method = "post"> <form method = "post">
<div class="mb-3"> <div class="mb-3">
<label for="exampleInputEmail1" class="form-label">Email address</label> <label for="exampleInputEmail1" class="form-label">Email address</label>
<input type="email" class="form-control" id="exampleInputEmail1" aria-describedby="emailHelp"> <input type="email" name="email" class="form-control" id="exampleInputEmail1" aria-describedby="emailHelp">
<div id="emailHelp" class="form-text">We'll never share your email with anyone else.</div> <div id="emailHelp" class="form-text">We'll never share your email with anyone else.</div>
</div> </div>
<div class="mb-3"> <div class="mb-3">
<label for="exampleInputPassword1" class="form-label">Password</label> <label for="exampleInputPassword1" class="form-label">Password</label>
<input type="password" class="form-control" id="exampleInputPassword1"> <input type="password" name="password" class="form-control" id="exampleInputPassword1">
</div> </div>
<div class="mb-3 form-check"> <div class="mb-3 form-check">
<input type="checkbox" class="form-check-input" id="exampleCheck1"> <input type="checkbox" class="form-check-input" id="exampleCheck1">

12
static/register.html
View file

@ -10,18 +10,18 @@
</head> </head>
<body> <body>
<div class="d-flex p-2 justify-content-center align-items-center"> <div class="d-flex p-2 justify-content-center align-items-center">
<form action="/handle-register" method="post"> <form method="post">
<div class="mb-3"> <div class="mb-3">
<label for="exampleInputEmail1" class="form-label">Email address</label> <label for="email" class="form-label">Email address</label>
<input type="email" class="form-control" id="exampleInputEmail1" aria-describedby="emailHelp"> <input type="email" class="form-control" id="email" name="email" aria-describedby="emailHelp">
<div id="emailHelp" class="form-text">We'll never share your email with anyone else.</div> <div id="emailHelp" class="form-text">We'll never share your email with anyone else.</div>
</div> </div>
<div class="mb-3"> <div class="mb-3">
<label for="exampleInputPassword1" class="form-label">Password</label> <label for="password" class="form-label">Password</label>
<input type="password" class="form-control" id="exampleInputPassword1" required> <input type="password" class="form-control" id="password" name="password" required>
</div> </div>
<div class="mb-3 form-check"> <div class="mb-3 form-check">
<input type="checkbox" class="form-check-input" id="exampleCheck1" required> <input type="checkbox" class="form-check-input" id="exampleCheck1">
<label class="form-check-label" for="exampleCheck1">Show Password</label> <label class="form-check-label" for="exampleCheck1">Show Password</label>
</div> </div>
<div class="fs-6"> <div class="fs-6">

164
users.go
View file

@ -1,7 +1,10 @@
package main package main
import ( import (
"encoding/json"
"fmt"
"net/http" "net/http"
"os"
"time" "time"
) )
@ -15,77 +18,108 @@ type UserData struct {
LastLogin time.Time `json:"last-login"` LastLogin time.Time `json:"last-login"`
} }
// Handles requests to /login.html
func (s *Server) handle_login(w http.ResponseWriter, r *http.Request) { func (s *Server) handle_login(w http.ResponseWriter, r *http.Request) {
if r.Method != http.MethodPost { switch r.Method {
case http.MethodGet:
http.ServeFile(w, r, "./static/register.html")
case http.MethodPost:
// Get data from form
email := r.FormValue("email")
password := r.FormValue("password")
// Get user from database
user, ok := s.Users[email]
// If user does not exist
if !ok {
http.Error(w, "Forbidden", http.StatusForbidden)
return
}
// If password does not match
if password != user.Password {
http.Error(w, "Forbidden", http.StatusForbidden)
return
}
// Generate session
session, err := s.Sessions.Get(r, SESSION_COOKIE_NAME)
if err != nil {
s.handle_logout(w, r)
http.Error(w, "Invalid session", http.StatusUnauthorized)
return
}
session.Values[SESSION_AUTH] = true
session.Save(r, w)
// Update last-login on DB
user.LastLogin = time.Now()
s.Users[email] = user
// Redirect to index.html
http.Redirect(w, r, "/", http.StatusFound)
default:
http.Error(w, "Forbidden", http.StatusForbidden) http.Error(w, "Forbidden", http.StatusForbidden)
return
} }
// Get data from form
email := r.FormValue("email")
password := r.FormValue("password")
// Get user from database
user, ok := s.Users[email]
// If user does not exist
if !ok {
http.Error(w, "Forbidden", http.StatusForbidden)
return
}
// If password does not match
if password != user.Password {
http.Error(w, "Forbidden", http.StatusForbidden)
return
}
// Generate session
session, err := s.Sessions.Get(r, SESSION_COOKIE_NAME)
if err != nil {
http.Error(w, "Internal Error", http.StatusInternalServerError)
return
}
session.Values[SESSION_AUTH] = true
if err := session.Save(r, w); err != nil {
http.Error(w, "Internal Error", http.StatusInternalServerError)
return
}
// Update last-login on DB
user.LastLogin = time.Now()
s.Users[email] = user
// Redirect to index.html
http.Redirect(w, r, "/", http.StatusFound)
} }
// Handles requests to /register.html
func (s *Server) handle_register(w http.ResponseWriter, r *http.Request) { func (s *Server) handle_register(w http.ResponseWriter, r *http.Request) {
if r.Method != http.MethodPost { switch r.Method {
case http.MethodGet:
http.ServeFile(w, r, "./static/register.html")
case http.MethodPost:
// Get data from form
email := r.FormValue("email")
password := r.FormValue("password")
fmt.Println(r.Form)
// Check that this email is not already registered
if _, ok := s.Users[email]; ok {
fmt.Println("Already registered")
http.Error(w, "Forbidden", http.StatusForbidden)
return
}
// Generate session
session, err := s.Sessions.Get(r, SESSION_COOKIE_NAME)
// If session cookie invalid
if err != nil {
s.handle_logout(w, r)
http.Error(w, "Invalid session", http.StatusUnauthorized)
return
}
// Save user information to DB
s.Users[email] = UserData{
Email: email,
Password: password,
AccountCreated: time.Now(),
LastLogin: time.Now(),
}
// Make session valid
session.Values[SESSION_AUTH] = true
// Send session token to browser
session.Save(r, w)
// Redirect to index.html
s.save_state()
http.Redirect(w, r, "/", http.StatusFound)
default:
http.Error(w, "Forbidden", http.StatusForbidden) http.Error(w, "Forbidden", http.StatusForbidden)
return
} }
// Get data from form }
email := r.FormValue("email")
password := r.FormValue("password") func (s *Server) handle_logout(w http.ResponseWriter, r *http.Request) {
// Check that this email is not already registered // If session exists
if _, ok := s.Users[email]; ok { if session, err := s.Sessions.Get(r, SESSION_COOKIE_NAME); err == nil {
http.Error(w, "Forbidden", http.StatusForbidden) // Remove authorization
return session.Values[SESSION_AUTH] = false
} session.Save(r, w)
// Generate session }
session, err := s.Sessions.Get(r, SESSION_COOKIE_NAME) // Remove session cookie
if err != nil { http.SetCookie(w, &http.Cookie{
http.Error(w, "Internal Error", http.StatusInternalServerError) Name: SESSION_COOKIE_NAME,
return MaxAge: -1,
} })
// Save user information to DB }
s.Users[email] = UserData{
Email: email, func (s *Server) save_state() {
Password: password, file, err := os.Create("db.json")
AccountCreated: time.Now(), if err != nil {
LastLogin: time.Now(), panic(err)
} }
// Make session valid defer file.Close()
session.Values[SESSION_AUTH] = true json.NewEncoder(file).Encode(s.Users)
// Send session token to browser
if err := session.Save(r, w); err != nil {
http.Error(w, "Internal Error", http.StatusInternalServerError)
return
}
// Redirect to index.html
http.Redirect(w, r, "/", http.StatusFound)
} }

3
users.json
View file

@ -1,3 +0,0 @@
{
"users" = {}
}