Only show logout (now CSRF protected) if user is authenticated, include relevant authentication logic in GET controllers (this should be moved to middleware)

Add GET verb to static handler
Fix boolean column migration example
2024-02-14 13:20:35 -06:00 · 2024-02-14 13:16:52 -06:00 · 2024-02-14 13:16:15 -06:00 · 2024-02-12 14:46:26 -06:00 · 2024-02-09 14:47:29 -06:00 · 2024-02-09 14:21:45 -06:00
10 changed files with 84 additions and 39 deletions
--- a/controllers/get.go
+++ b/controllers/get.go
@@ -13,13 +13,28 @@ type Get struct {
 	App *app.App
 }

-func (g *Get) ShowHome(w http.ResponseWriter, _ *http.Request) {
+func (g *Get) ShowHome(w http.ResponseWriter, r *http.Request) {
 	type dataStruct struct {
+		CsrfToken       string
+		IsAuthenticated bool
 		Test            string
 	}

+	CsrfToken, err := security.GenerateCsrfToken(w, r)
+	if err != nil {
+		return
+	}
+
+	isAuthenticated := true
+	user, err := models.CurrentUser(g.App, r)
+	if err != nil || user.Id == 0 {
+		isAuthenticated = false
+	}
+
 	data := dataStruct{
+		CsrfToken:       CsrfToken,
 		Test:            "Hello World!",
+		IsAuthenticated: isAuthenticated,
 	}

 	templating.RenderTemplate(w, "templates/pages/home.html", data)
@@ -28,6 +43,7 @@ func (g *Get) ShowHome(w http.ResponseWriter, _ *http.Request) {
 func (g *Get) ShowRegister(w http.ResponseWriter, r *http.Request) {
 	type dataStruct struct {
 		CsrfToken       string
+		IsAuthenticated bool
 	}

 	CsrfToken, err := security.GenerateCsrfToken(w, r)
@@ -35,8 +51,15 @@ func (g *Get) ShowRegister(w http.ResponseWriter, r *http.Request) {
 		return
 	}

+	isAuthenticated := true
+	user, err := models.CurrentUser(g.App, r)
+	if err != nil || user.Id == 0 {
+		isAuthenticated = false
+	}
+
 	data := dataStruct{
 		CsrfToken:       CsrfToken,
+		IsAuthenticated: isAuthenticated,
 	}

 	templating.RenderTemplate(w, "templates/pages/register.html", data)
@@ -45,6 +68,7 @@ func (g *Get) ShowRegister(w http.ResponseWriter, r *http.Request) {
 func (g *Get) ShowLogin(w http.ResponseWriter, r *http.Request) {
 	type dataStruct struct {
 		CsrfToken       string
+		IsAuthenticated bool
 	}

 	CsrfToken, err := security.GenerateCsrfToken(w, r)
@@ -58,8 +82,3 @@ func (g *Get) ShowLogin(w http.ResponseWriter, r *http.Request) {

 	templating.RenderTemplate(w, "templates/pages/login.html", data)
 }
-
-func (g *Get) Logout(w http.ResponseWriter, r *http.Request) {
-	models.LogoutUser(g.App, w, r)
-	http.Redirect(w, r, "/", http.StatusFound)
-}
--- a/controllers/post.go
+++ b/controllers/post.go
@@ -50,3 +50,8 @@ func (p *Post) Register(w http.ResponseWriter, r *http.Request) {

 	http.Redirect(w, r, "/login", http.StatusFound)
 }
+
+func (p *Post) Logout(w http.ResponseWriter, r *http.Request) {
+	models.LogoutUser(p.App, w, r)
+	http.Redirect(w, r, "/", http.StatusFound)
+}
--- a/database/migrate.go
+++ b/database/migrate.go
@@ -9,7 +9,8 @@ import (
 	"reflect"
 )

-// Migrate given a dummy object of any type, it will create a table with the same name as the type and create columns with the same name as the fields of the object
+// Migrate given a dummy object of any type, it will create a table with the same name
+// as the type and create columns with the same name as the fields of the object
 func Migrate(app *app.App, anyStruct interface{}) error {
 	valueOfStruct := reflect.ValueOf(anyStruct)
 	typeOfStruct := valueOfStruct.Type()
@@ -23,6 +24,10 @@ func Migrate(app *app.App, anyStruct interface{}) error {
 	for i := 0; i < valueOfStruct.NumField(); i++ {
 		fieldType := typeOfStruct.Field(i)
 		fieldName := fieldType.Name
+
+		// Create column if dummy for migration is NOT zero value
+		fieldValue := valueOfStruct.Field(i).Interface()
+		if !reflect.ValueOf(fieldValue).IsZero() {
 			if fieldName != "Id" && fieldName != "id" {
 				err := createColumn(app, tableName, fieldName, fieldType.Type.Name())
 				if err != nil {
@@ -30,6 +35,7 @@ func Migrate(app *app.App, anyStruct interface{}) error {
 				}
 			}
 		}
+	}

 	return nil
 }
--- a/go.mod
+++ b/go.mod
@@ -1,8 +1,8 @@
 module GoWeb

-go 1.21
+go 1.22

 require (
 	github.com/lib/pq v1.10.9
-	golang.org/x/crypto v0.17.0
+	golang.org/x/crypto v0.19.0
 )
--- a/go.sum
+++ b/go.sum
@@ -1,4 +1,4 @@
 github.com/lib/pq v1.10.9 h1:YXG7RB+JIjhP29X+OtkiDnYaXQwpS4JEWq7dtCCRUEw=
 github.com/lib/pq v1.10.9/go.mod h1:AlVN5x4E4T544tWzH6hKfbfQvm3HdbOxrmggDNAPY9o=
-golang.org/x/crypto v0.17.0 h1:r8bRNjWL3GshPW3gkd+RpvzWrZAwPS49OmTGZ/uhM4k=
-golang.org/x/crypto v0.17.0/go.mod h1:gCAAfMLgwOJRpTjQ2zCCt2OcSfYMTeZVSRtQlPC7Nq4=
+golang.org/x/crypto v0.19.0 h1:ENy+Az/9Y1vSrlrvBSyna3PITt4tiZLf7sgCjZBX7Wo=
+golang.org/x/crypto v0.19.0/go.mod h1:Iy9bg/ha4yyC70EfRS8jz+B6ybOBKMaSxLj6P6oBDfU=
--- a/models/migrations.go
+++ b/models/migrations.go
@@ -25,7 +25,7 @@ func RunAllMigrations(app *app.App) error {
 		Id:         1,
 		UserId:     1,
 		AuthToken:  "migrate",
-		RememberMe: false,
+		RememberMe: true, // Booleans must be true to migrate properly
 		CreatedAt:  time.Now(),
 	}
 	err = database.Migrate(app, session)
--- a/routes/get.go
+++ b/routes/get.go
@@ -22,12 +22,11 @@ func Get(app *app.App) {
 		return
 	}
 	staticHandler := http.FileServer(http.FS(staticFS))
-	http.Handle("/static/", http.StripPrefix("/static/", staticHandler))
+	http.Handle("GET /static/", http.StripPrefix("/static/", staticHandler))
 	slog.Info("serving static files from embedded file system /static")

 	// Pages
-	http.HandleFunc("/", getController.ShowHome)
-	http.HandleFunc("/login", getController.ShowLogin)
-	http.HandleFunc("/register", getController.ShowRegister)
-	http.HandleFunc("/logout", getController.Logout)
+	http.HandleFunc("GET /", getController.ShowHome)
+	http.HandleFunc("GET /login", getController.ShowLogin)
+	http.HandleFunc("GET /register", getController.ShowRegister)
 }
--- a/routes/post.go
+++ b/routes/post.go
@@ -15,6 +15,7 @@ func Post(app *app.App) {
 	}

 	// User authentication
-	http.HandleFunc("/register-handle", middleware.Csrf(postController.Register))
-	http.HandleFunc("/login-handle", middleware.Csrf(postController.Login))
+	http.HandleFunc("POST /register-handle", middleware.Csrf(postController.Register))
+	http.HandleFunc("POST /login-handle", middleware.Csrf(postController.Login))
+	http.HandleFunc("POST /logout", middleware.Csrf(postController.Logout))
 }
--- a/templates/base.html
+++ b/templates/base.html
@@ -6,6 +6,21 @@
    <link href="/static/css/style.css" rel="stylesheet">
 </head>
 <body>
+<div class="navbar">
+    {{ if .IsAuthenticated }}
+    <form action="/logout" method="post">
+        <input name="csrf_token" type="hidden" value="{{ .CsrfToken }}">
+        <input type="submit" value="Logout">
+    </form>
+    {{ else }}
+    <form action="/login" method="get">
+        <input type="submit" value="Login">
+    </form>
+    <form action="/register" method="get">
+        <input type="submit" value="Register">
+    </form>
+    {{ end }}
+</div>
 {{ template "content" . }}
 <div class="footer-container">
    <footer>
Author	SHA1	Message	Date
max	6d6aff50b3	Only show logout (now CSRF protected) if user is authenticated, include relevant authentication logic in GET controllers (this should be moved to middleware)	2024-02-14 13:20:35 -06:00
max	a6be73765a	Add GET verb to static handler	2024-02-14 13:16:52 -06:00
max	ddc9e51831	Fix boolean column migration example	2024-02-14 13:16:15 -06:00
max	dc450e26dd	Move logout to POST route and controller with CSRF middleware. Add CsrfToken to home for logout	2024-02-12 14:46:26 -06:00
max	de4a217c5f	Update extended crypto library	2024-02-09 14:47:29 -06:00
max	c4e83d06b9	Bump go version to 1.22	2024-02-09 14:21:45 -06:00
max	51da24be9b	Small formatting fix	2024-02-09 13:44:21 -06:00
Maximilian	e497f4d2f0	Ignore fields that are zero value	2024-01-20 16:32:07 -06:00