Make logging in work

1 files changed, 115 insertions, 0 deletions

diff --git a/forged/internal/incoming/web/handlers/special/login.go b/forged/internal/incoming/web/handlers/special/login.go
new file mode 100644
index 0000000..0287c47
--- /dev/null
+++ b/forged/internal/incoming/web/handlers/special/login.go
@@ -0,0 +1,115 @@
+package handlers
+
+import (
+	"crypto/rand"
+	"crypto/sha256"
+	"errors"
+	"log"
+	"net/http"
+	"time"
+
+	"github.com/jackc/pgx/v5"
+	"github.com/jackc/pgx/v5/pgtype"
+	"go.lindenii.runxiyu.org/forge/forged/internal/common/argon2id"
+	"go.lindenii.runxiyu.org/forge/forged/internal/common/misc"
+	"go.lindenii.runxiyu.org/forge/forged/internal/database/queries"
+	"go.lindenii.runxiyu.org/forge/forged/internal/incoming/web/templates"
+	"go.lindenii.runxiyu.org/forge/forged/internal/incoming/web/types"
+	wtypes "go.lindenii.runxiyu.org/forge/forged/internal/incoming/web/types"
+)
+
+type LoginHTTP struct {
+	r            templates.Renderer
+	cookieExpiry int
+}
+
+func NewLoginHTTP(r templates.Renderer, cookieExpiry int) *LoginHTTP {
+	return &LoginHTTP{
+		r:            r,
+		cookieExpiry: cookieExpiry,
+	}
+}
+
+func (h *LoginHTTP) Login(w http.ResponseWriter, r *http.Request, _ wtypes.Vars) {
+	renderLoginPage := func(loginError string) bool {
+		err := h.r.Render(w, "login", struct {
+			BaseData   *types.BaseData
+			LoginError string
+		}{
+			BaseData:   types.Base(r),
+			LoginError: loginError,
+		})
+		if err != nil {
+			log.Println("failed to render login page", "error", err)
+			http.Error(w, "Failed to render login page", http.StatusInternalServerError)
+			return true
+		}
+		return false
+	}
+
+	if r.Method == http.MethodGet {
+		renderLoginPage("")
+		return
+	}
+
+	username := r.PostFormValue("username")
+	password := r.PostFormValue("password")
+
+	userCreds, err := types.Base(r).Queries.GetUserCreds(r.Context(), &username)
+	if err != nil {
+		if errors.Is(err, pgx.ErrNoRows) {
+			renderLoginPage("User not found")
+			return
+		}
+		log.Println("failed to get user credentials", "error", err)
+		http.Error(w, "Failed to get user credentials", http.StatusInternalServerError)
+		return
+	}
+
+	if userCreds.PasswordHash == "" {
+		renderLoginPage("No password set for this user")
+		return
+	}
+
+	passwordMatches, err := argon2id.ComparePasswordAndHash(password, userCreds.PasswordHash)
+	if err != nil {
+		log.Println("failed to compare password and hash", "error", err)
+		http.Error(w, "Failed to verify password", http.StatusInternalServerError)
+		return
+	}
+
+	if !passwordMatches {
+		renderLoginPage("Invalid password")
+		return
+	}
+
+	cookieValue := rand.Text()
+
+	now := time.Now()
+	expiry := now.Add(time.Duration(h.cookieExpiry) * time.Second)
+
+	cookie := &http.Cookie{
+		Name:     "session",
+		Value:    cookieValue,
+		SameSite: http.SameSiteLaxMode,
+		HttpOnly: true,
+		Secure:   false, // TODO
+		Expires:  expiry,
+		Path:     "/",
+	} //exhaustruct:ignore
+
+	http.SetCookie(w, cookie)
+
+	tokenHash := sha256.Sum256(misc.StringToBytes(cookieValue))
+
+	err = types.Base(r).Queries.InsertSession(r.Context(), queries.InsertSessionParams{
+		UserID:    userCreds.ID,
+		TokenHash: tokenHash[:],
+		ExpiresAt: pgtype.Timestamptz{
+			Time:  expiry,
+			Valid: true,
+		},
+	})
+
+	http.Redirect(w, r, "/", http.StatusSeeOther)
+}