apps/gosocial
Archived
1
0
Fork 0
Code Issues 2 Pull Requests Projects Releases Wiki Activity
This repository has been archived on 2022-08-26. You can view files and clone it, but cannot push or open issues or pull requests.
0caf12eb00
gosocial/pkg/controller/account/login.go
Noah Petherbridge 0caf12eb00 User Account Busywork 
* Add "forgot password" workflow.
* Add ability to change user email address (confirmation link sent)
* Add ability to change user's password.
* Add rate limiter to deter brute force login attempts.
* Add user deep delete functionality (delete account).
* Ping user LastLoginAt every 8 hours for long-lived session cookies.
* Add age filters to user search page.
* Add sort options to user search (last login, created, username/name)
2022-08-14 14:40:57 -07:00

88 lines
2.2 KiB
Go
Raw Blame History

package account
import (
"net/http"
"strings"
"git.kirsle.net/apps/gosocial/pkg/config"
"git.kirsle.net/apps/gosocial/pkg/log"
"git.kirsle.net/apps/gosocial/pkg/models"
"git.kirsle.net/apps/gosocial/pkg/ratelimit"
"git.kirsle.net/apps/gosocial/pkg/session"
"git.kirsle.net/apps/gosocial/pkg/templates"
)
// Login controller.
func Login() http.HandlerFunc {
tmpl := templates.Must("account/login.html")
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
// Posting?
if r.Method == http.MethodPost {
var (
// Collect form fields.
username = strings.ToLower(r.PostFormValue("username"))
password = r.PostFormValue("password")
)
// Look up their account.
user, err := models.FindUser(username)
if err != nil {
session.FlashError(w, r, "Incorrect username or password.")
templates.Redirect(w, r.URL.Path)
return
}
// Rate limit failed login attempts.
limiter := &ratelimit.Limiter{
Namespace: "login",
ID: user.ID,
Limit: config.LoginRateLimit,
Window: config.LoginRateLimitWindow,
CooldownAt: config.LoginRateLimitCooldownAt,
Cooldown: config.LoginRateLimitCooldown,
}
// Verify password.
if err := user.CheckPassword(password); err != nil {
if err := limiter.Ping(); err != nil {
session.FlashError(w, r, err.Error())
templates.Redirect(w, r.URL.Path)
return
}
session.FlashError(w, r, "Incorrect username or password.")
templates.Redirect(w, r.URL.Path)
return
}
// OK. Log in the user's session.
session.LoginUser(w, r, user)
// Clear their rate limiter.
if err := limiter.Clear(); err != nil {
log.Error("Failed to clear login rate limiter: %s", err)
}
// Redirect to their dashboard.
session.Flash(w, r, "Login successful.")
templates.Redirect(w, "/me")
return
}
if err := tmpl.Execute(w, r, nil); err != nil {
http.Error(w, err.Error(), http.StatusInternalServerError)
return
}
})
}
// Logout controller.
func Logout() http.HandlerFunc {
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
session.Flash(w, r, "You have been successfully logged out.")
session.LogoutUser(w, r)
templates.Redirect(w, "/")
})
}
Reference in New Issue View Git Blame Copy Permalink