gophertype/pkg/controllers/authentication.go

package controllers

import (
	"net/http"

	"git.kirsle.net/apps/gophertype/pkg/authentication"
	"git.kirsle.net/apps/gophertype/pkg/console"
	"git.kirsle.net/apps/gophertype/pkg/constants"
	"git.kirsle.net/apps/gophertype/pkg/glue"
	"git.kirsle.net/apps/gophertype/pkg/models"
	"git.kirsle.net/apps/gophertype/pkg/ratelimit"
	"git.kirsle.net/apps/gophertype/pkg/responses"
	"git.kirsle.net/apps/gophertype/pkg/session"
	"github.com/albrow/forms"
)

func init() {
	glue.Register(glue.Endpoint{
		Path:    "/login",
		Methods: []string{"GET", "POST"},
		Handler: func(w http.ResponseWriter, r *http.Request) {
			// Template variables.
			v := responses.NewTemplateVars(w, r)

			// POST handler: create the admin account.
			for r.Method == http.MethodPost {
				form, _ := forms.Parse(r)
				v.FormValues = form.Values

				// Validate form parameters.
				val := form.Validator()
				val.Require("email")
				val.MatchEmail("email")
				val.Require("password")
				if val.HasErrors() {
					v.ValidationError = val.ErrorMap()
					break
				}

				// Rate limit failed login attempts.
				limiter := &ratelimit.Limiter{
					Namespace:  "login",
					ID:         form.Get("email"),
					Limit:      constants.LoginRateLimit,
					Window:     constants.LoginRateLimitWindow,
					CooldownAt: constants.LoginRateLimitCooldownAt,
					Cooldown:   constants.LoginRateLimitCooldown,
				}

				// Check authentication.
				user, err := models.Users.AuthenticateUser(form.Get("email"), form.Get("password"))
				if err != nil {
					if err := limiter.Ping(); err != nil {
						v.Error = err
						break
					}
					v.Error = err
					break
				}

				if err := limiter.Clear(); err != nil {
					console.Error("Failed to clear the login rate limiter: %s", err)
				}

				_ = user

				authentication.Login(w, r, user)
				session.Flash(w, r, "Signed in!")
				responses.Redirect(w, r, "/") // TODO: next URL
				return
			}

			responses.RenderTemplate(w, r, "_builtin/users/login.gohtml", v)
		},
	})

	glue.Register(glue.Endpoint{
		Path: "/logout",
		Handler: func(w http.ResponseWriter, r *http.Request) {
			authentication.Logout(w, r)
			session.Flash(w, r, "Signed out!")
			responses.Redirect(w, r, "/")
		},
	})
}
Sessions, log in and out 2019-11-26 03:55:28 +00:00			`package controllers`

			`import (`
			`"net/http"`

			`"git.kirsle.net/apps/gophertype/pkg/authentication"`
Dust off gophertype and fix some bugs * Add a rate limiter to the login page. * Fix the CSRF cookie expiring after 24 hours; it now will be a session cookie that expires on browser exit so you get a fresh one each visit. * Remove the dependency on go-bindata and use native Go file embed * Add documentation 2022-12-06 05:07:52 +00:00			`"git.kirsle.net/apps/gophertype/pkg/console"`
			`"git.kirsle.net/apps/gophertype/pkg/constants"`
Sessions, log in and out 2019-11-26 03:55:28 +00:00			`"git.kirsle.net/apps/gophertype/pkg/glue"`
			`"git.kirsle.net/apps/gophertype/pkg/models"`
Dust off gophertype and fix some bugs * Add a rate limiter to the login page. * Fix the CSRF cookie expiring after 24 hours; it now will be a session cookie that expires on browser exit so you get a fresh one each visit. * Remove the dependency on go-bindata and use native Go file embed * Add documentation 2022-12-06 05:07:52 +00:00			`"git.kirsle.net/apps/gophertype/pkg/ratelimit"`
Sessions, log in and out 2019-11-26 03:55:28 +00:00			`"git.kirsle.net/apps/gophertype/pkg/responses"`
			`"git.kirsle.net/apps/gophertype/pkg/session"`
			`"github.com/albrow/forms"`
			`)`

			`func init() {`
			`glue.Register(glue.Endpoint{`
			`Path: "/login",`
			`Methods: []string{"GET", "POST"},`
			`Handler: func(w http.ResponseWriter, r *http.Request) {`
			`// Template variables.`
			`v := responses.NewTemplateVars(w, r)`

			`// POST handler: create the admin account.`
			`for r.Method == http.MethodPost {`
			`form, _ := forms.Parse(r)`
			`v.FormValues = form.Values`

			`// Validate form parameters.`
			`val := form.Validator()`
			`val.Require("email")`
			`val.MatchEmail("email")`
			`val.Require("password")`
			`if val.HasErrors() {`
			`v.ValidationError = val.ErrorMap()`
			`break`
			`}`

Dust off gophertype and fix some bugs * Add a rate limiter to the login page. * Fix the CSRF cookie expiring after 24 hours; it now will be a session cookie that expires on browser exit so you get a fresh one each visit. * Remove the dependency on go-bindata and use native Go file embed * Add documentation 2022-12-06 05:07:52 +00:00			`// Rate limit failed login attempts.`
			`limiter := &ratelimit.Limiter{`
			`Namespace: "login",`
			`ID: form.Get("email"),`
			`Limit: constants.LoginRateLimit,`
			`Window: constants.LoginRateLimitWindow,`
			`CooldownAt: constants.LoginRateLimitCooldownAt,`
			`Cooldown: constants.LoginRateLimitCooldown,`
			`}`

Sessions, log in and out 2019-11-26 03:55:28 +00:00			`// Check authentication.`
Blog Archive, RSS Feeds, and Model Cleanup * Legacy-importer tool updates the DB primary key serial after migrating the posts, to be max(posts.id)+1 -- especially important for PostgreSQL and MySQL (SQLite3 correctly picked the next ID by default?) * Add blog archive page and RSS, Atom and JSON feeds for the blog. URLs are /blog.rss, /blog.atom and /blog.json 2020-02-18 02:10:35 +00:00			`user, err := models.Users.AuthenticateUser(form.Get("email"), form.Get("password"))`
Sessions, log in and out 2019-11-26 03:55:28 +00:00			`if err != nil {`
Dust off gophertype and fix some bugs * Add a rate limiter to the login page. * Fix the CSRF cookie expiring after 24 hours; it now will be a session cookie that expires on browser exit so you get a fresh one each visit. * Remove the dependency on go-bindata and use native Go file embed * Add documentation 2022-12-06 05:07:52 +00:00			`if err := limiter.Ping(); err != nil {`
			`v.Error = err`
			`break`
			`}`
Sessions, log in and out 2019-11-26 03:55:28 +00:00			`v.Error = err`
			`break`
			`}`

Dust off gophertype and fix some bugs * Add a rate limiter to the login page. * Fix the CSRF cookie expiring after 24 hours; it now will be a session cookie that expires on browser exit so you get a fresh one each visit. * Remove the dependency on go-bindata and use native Go file embed * Add documentation 2022-12-06 05:07:52 +00:00			`if err := limiter.Clear(); err != nil {`
			`console.Error("Failed to clear the login rate limiter: %s", err)`
			`}`

Sessions, log in and out 2019-11-26 03:55:28 +00:00			`_ = user`

			`authentication.Login(w, r, user)`
			`session.Flash(w, r, "Signed in!")`
			`responses.Redirect(w, r, "/") // TODO: next URL`
			`return`
			`}`

			`responses.RenderTemplate(w, r, "_builtin/users/login.gohtml", v)`
			`},`
			`})`

			`glue.Register(glue.Endpoint{`
			`Path: "/logout",`
			`Handler: func(w http.ResponseWriter, r *http.Request) {`
			`authentication.Logout(w, r)`
			`session.Flash(w, r, "Signed out!")`
			`responses.Redirect(w, r, "/")`
			`},`
			`})`
			`}`