Merge branch 'master' into enhanced_routing_and_logout_fixes

Only show logout (now CSRF protected) if user is authenticated, include relevant authentication logic in GET controllers (this should be moved to middleware)
Add GET verb to static handler
2024-02-18 17:23:46 -06:00 · 2024-02-14 13:20:35 -06:00 · 2024-02-14 13:16:52 -06:00 · 2024-02-14 13:16:15 -06:00 · 2024-02-12 14:46:26 -06:00
6 changed files with 68 additions and 29 deletions
--- a/controllers/get.go
+++ b/controllers/get.go
@@ -13,13 +13,28 @@ type Get struct {
 	App *app.App
 }
-func (g *Get) ShowHome(w http.ResponseWriter, _ *http.Request) {
+func (g *Get) ShowHome(w http.ResponseWriter, r *http.Request) {
 	type dataStruct struct {
 		CsrfToken       string
 		IsAuthenticated bool
 		Test            string
 	}
 	CsrfToken, err := security.GenerateCsrfToken(w, r)
 	if err != nil {
 		return
 	}
 	isAuthenticated := true
 	user, err := models.CurrentUser(g.App, r)
 	if err != nil || user.Id == 0 {
 		isAuthenticated = false
 	}
 	data := dataStruct{
 		CsrfToken:       CsrfToken,
 		Test:            "Hello World!",
 		IsAuthenticated: isAuthenticated,
 	}
 	templating.RenderTemplate(w, "templates/pages/home.html", data)
@@ -28,6 +43,7 @@ func (g *Get) ShowHome(w http.ResponseWriter, _ *http.Request) {
 func (g *Get) ShowRegister(w http.ResponseWriter, r *http.Request) {
 	type dataStruct struct {
 		CsrfToken       string
 		IsAuthenticated bool
 	}
 	CsrfToken, err := security.GenerateCsrfToken(w, r)
@@ -35,8 +51,15 @@ func (g *Get) ShowRegister(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 	isAuthenticated := true
 	user, err := models.CurrentUser(g.App, r)
 	if err != nil || user.Id == 0 {
 		isAuthenticated = false
 	}
 	data := dataStruct{
 		CsrfToken:       CsrfToken,
 		IsAuthenticated: isAuthenticated,
 	}
 	templating.RenderTemplate(w, "templates/pages/register.html", data)
@@ -45,6 +68,7 @@ func (g *Get) ShowRegister(w http.ResponseWriter, r *http.Request) {
 func (g *Get) ShowLogin(w http.ResponseWriter, r *http.Request) {
 	type dataStruct struct {
 		CsrfToken       string
 		IsAuthenticated bool
 	}
 	CsrfToken, err := security.GenerateCsrfToken(w, r)
@@ -58,8 +82,3 @@ func (g *Get) ShowLogin(w http.ResponseWriter, r *http.Request) {
 	templating.RenderTemplate(w, "templates/pages/login.html", data)
 }
 func (g *Get) Logout(w http.ResponseWriter, r *http.Request) {
 	models.LogoutUser(g.App, w, r)
 	http.Redirect(w, r, "/", http.StatusFound)
 }
--- a/controllers/post.go
+++ b/controllers/post.go
@@ -50,3 +50,8 @@ func (p *Post) Register(w http.ResponseWriter, r *http.Request) {
 	http.Redirect(w, r, "/login", http.StatusFound)
 }
 func (p *Post) Logout(w http.ResponseWriter, r *http.Request) {
 	models.LogoutUser(p.App, w, r)
 	http.Redirect(w, r, "/", http.StatusFound)
 }
--- a/models/migrations.go
+++ b/models/migrations.go
@@ -25,7 +25,7 @@ func RunAllMigrations(app *app.App) error {
 		Id:         1,
 		UserId:     1,
 		AuthToken:  "migrate",
-		RememberMe: false,
+		RememberMe: true, // Booleans must be true to migrate properly
 		CreatedAt:  time.Now(),
 	}
 	err = database.Migrate(app, session)
--- a/routes/get.go
+++ b/routes/get.go
@@ -22,12 +22,11 @@ func Get(app *app.App) {
 		return
 	}
 	staticHandler := http.FileServer(http.FS(staticFS))
-	http.Handle("/static/", http.StripPrefix("/static/", staticHandler))
+	http.Handle("GET /static/", http.StripPrefix("/static/", staticHandler))
 	slog.Info("serving static files from embedded file system /static")
 	// Pages
-	http.HandleFunc("/", getController.ShowHome)
+	http.HandleFunc("GET /", getController.ShowHome)
-	http.HandleFunc("/login", getController.ShowLogin)
+	http.HandleFunc("GET /login", getController.ShowLogin)
-	http.HandleFunc("/register", getController.ShowRegister)
+	http.HandleFunc("GET /register", getController.ShowRegister)
 	http.HandleFunc("/logout", getController.Logout)
 }
--- a/routes/post.go
+++ b/routes/post.go
@@ -15,6 +15,7 @@ func Post(app *app.App) {
 	}
 	// User authentication
-	http.HandleFunc("/register-handle", middleware.Csrf(postController.Register))
+	http.HandleFunc("POST /register-handle", middleware.Csrf(postController.Register))
-	http.HandleFunc("/login-handle", middleware.Csrf(postController.Login))
+	http.HandleFunc("POST /login-handle", middleware.Csrf(postController.Login))
 	http.HandleFunc("POST /logout", middleware.Csrf(postController.Logout))
 }
--- a/templates/base.html
+++ b/templates/base.html
@@ -6,6 +6,21 @@
    <link href="/static/css/style.css" rel="stylesheet">
 </head>
 <body>
 <div class="navbar">
    {{ if .IsAuthenticated }}
    <form action="/logout" method="post">
        <input name="csrf_token" type="hidden" value="{{ .CsrfToken }}">
        <input type="submit" value="Logout">
    </form>
    {{ else }}
    <form action="/login" method="get">
        <input type="submit" value="Login">
    </form>
    <form action="/register" method="get">
        <input type="submit" value="Register">
    </form>
    {{ end }}
 </div>
 {{ template "content" . }}
 <div class="footer-container">
    <footer>
Author	SHA1	Message	Date
Maximilian	8ab50cb37c	Merge branch 'master' into enhanced_routing_and_logout_fixes	2024-02-18 17:23:46 -06:00
max	6d6aff50b3	Only show logout (now CSRF protected) if user is authenticated, include relevant authentication logic in GET controllers (this should be moved to middleware)	2024-02-14 13:20:35 -06:00
max	a6be73765a	Add GET verb to static handler	2024-02-14 13:16:52 -06:00
max	ddc9e51831	Fix boolean column migration example	2024-02-14 13:16:15 -06:00
max	dc450e26dd	Move logout to POST route and controller with CSRF middleware. Add CsrfToken to home for logout	2024-02-12 14:46:26 -06:00