tandem/camper
tandem
/
camper
2
0
Fork 0
Code Issues 7 Pull Requests Packages Projects Releases Wiki Activity
camper/pkg/app/login.go

112 lines
2.7 KiB
Go
Raw Normal View History

Convert the login variables to a struct with parsing and validation It is a lot of code having to check the login variables inside the POST handler, and i could not mark each input field individually as invalid because the generic errors array i was using did no identify which field had the error. Thus, i use more or less the same technique as with Numerus: a struct with the value and the error message. This time the input field does not have the label and extra attributes because i believe this belongs to the template: if i want do reuse the same form template, i should create a common template rather than defining everything in Go. The name is a bit different, however, because it has meaning both to the front and back ends, as it needs to be exactly the same. Writing it twice is error-prone, as with a rename i could easily forget to change one or the other, and here i see value in having that in Go, because it is also used in code.
2023-07-24 15:17:15 +00:00
/*
* SPDX-FileCopyrightText: 2023 jordi fita mas <jfita@peritasoft.com>
* SPDX-License-Identifier: AGPL-3.0-only
*/
package app
import (
"errors"
"net/http"
"time"
Acquire the database connection in App.ServeHTTP with cookie set Almost all request will need the database connection, either because they will perform queries or because they need to check if the user is logged in, for instance, so it should be acquired as far above as possible to avoid acquiring multiple connections. This is specially true since i have to pass the cookie to the database to switch role and set request.user.email and request.user.cookie config variables. I do not want to do that many times per request.
2023-07-25 22:48:58 +00:00
"dev.tandem.ws/tandem/camper/pkg/database"
Convert the login variables to a struct with parsing and validation It is a lot of code having to check the login variables inside the POST handler, and i could not mark each input field individually as invalid because the generic errors array i was using did no identify which field had the error. Thus, i use more or less the same technique as with Numerus: a struct with the value and the error message. This time the input field does not have the label and extra attributes because i believe this belongs to the template: if i want do reuse the same form template, i should create a common template rather than defining everything in Go. The name is a bit different, however, because it has meaning both to the front and back ends, as it needs to be exactly the same. Writing it twice is error-prone, as with a rename i could easily forget to change one or the other, and here i see value in having that in Go, because it is also used in code.
2023-07-24 15:17:15 +00:00
"dev.tandem.ws/tandem/camper/pkg/form"
httplib "dev.tandem.ws/tandem/camper/pkg/http"
"dev.tandem.ws/tandem/camper/pkg/locale"
"dev.tandem.ws/tandem/camper/pkg/template"
)
const (
sessionCookie = "camper-session"
)
type loginForm struct {
Email *form.Input
Password *form.Input
Error error
}
func newLoginForm() *loginForm {
return &loginForm{
Email: &form.Input{
Name: "email",
},
Password: &form.Input{
Name: "password",
},
}
}
func (f *loginForm) Parse(r *http.Request) error {
if err := r.ParseForm(); err != nil {
return err
}
f.Email.FillValue(r)
f.Password.FillValue(r)
return nil
}
func (f *loginForm) Valid(l *locale.Locale) bool {
v := form.NewValidator(l)
if v.CheckRequired(f.Email, l.GettextNoop("Email can not be empty.")) {
v.CheckValidEmail(f.Email, l.GettextNoop("This email is not valid. It should be like name@domain.com."))
}
v.CheckRequired(f.Password, l.GettextNoop("Password can not be empty."))
return v.AllOK
}
func (h *App) handleGet(w http.ResponseWriter, r *http.Request) {
l := h.matchLocale(r)
login := newLoginForm()
template.MustRender(w, l, "login.gohtml", login)
}
func (h *App) matchLocale(r *http.Request) *locale.Locale {
return locale.Match(r, h.locales, h.defaultLocale, h.languageMatcher)
}
Acquire the database connection in App.ServeHTTP with cookie set Almost all request will need the database connection, either because they will perform queries or because they need to check if the user is logged in, for instance, so it should be acquired as far above as possible to avoid acquiring multiple connections. This is specially true since i have to pass the cookie to the database to switch role and set request.user.email and request.user.cookie config variables. I do not want to do that many times per request.
2023-07-25 22:48:58 +00:00
func (h *App) handleLogin(w http.ResponseWriter, r *http.Request, conn *database.Conn) {
Convert the login variables to a struct with parsing and validation It is a lot of code having to check the login variables inside the POST handler, and i could not mark each input field individually as invalid because the generic errors array i was using did no identify which field had the error. Thus, i use more or less the same technique as with Numerus: a struct with the value and the error message. This time the input field does not have the label and extra attributes because i believe this belongs to the template: if i want do reuse the same form template, i should create a common template rather than defining everything in Go. The name is a bit different, however, because it has meaning both to the front and back ends, as it needs to be exactly the same. Writing it twice is error-prone, as with a rename i could easily forget to change one or the other, and here i see value in having that in Go, because it is also used in code.
2023-07-24 15:17:15 +00:00
login := newLoginForm()
if err := login.Parse(r); err != nil {
http.Error(w, err.Error(), http.StatusBadRequest)
return
}
l := h.matchLocale(r)
if login.Valid(l) {
cookie := conn.MustGetText(r.Context(), "select login($1, $2, $3)", login.Email, login.Password, httplib.RemoteAddr(r))
if cookie != "" {
setSessionCookie(w, cookie)
http.Redirect(w, r, "/", http.StatusSeeOther)
return
}
login.Error = errors.New(l.Gettext("Invalid user or password."))
w.WriteHeader(http.StatusUnauthorized)
} else {
w.WriteHeader(http.StatusUnprocessableEntity)
}
template.MustRender(w, l, "login.gohtml", login)
}
func setSessionCookie(w http.ResponseWriter, cookie string) {
http.SetCookie(w, createSessionCookie(cookie, 8766*24*time.Hour))
}
Acquire the database connection in App.ServeHTTP with cookie set Almost all request will need the database connection, either because they will perform queries or because they need to check if the user is logged in, for instance, so it should be acquired as far above as possible to avoid acquiring multiple connections. This is specially true since i have to pass the cookie to the database to switch role and set request.user.email and request.user.cookie config variables. I do not want to do that many times per request.
2023-07-25 22:48:58 +00:00
func getSessionCookie(r *http.Request) string {
if cookie, err := r.Cookie(sessionCookie); err == nil {
return cookie.Value
}
return ""
}
Convert the login variables to a struct with parsing and validation It is a lot of code having to check the login variables inside the POST handler, and i could not mark each input field individually as invalid because the generic errors array i was using did no identify which field had the error. Thus, i use more or less the same technique as with Numerus: a struct with the value and the error message. This time the input field does not have the label and extra attributes because i believe this belongs to the template: if i want do reuse the same form template, i should create a common template rather than defining everything in Go. The name is a bit different, however, because it has meaning both to the front and back ends, as it needs to be exactly the same. Writing it twice is error-prone, as with a rename i could easily forget to change one or the other, and here i see value in having that in Go, because it is also used in code.
2023-07-24 15:17:15 +00:00
func createSessionCookie(value string, duration time.Duration) *http.Cookie {
return &http.Cookie{
Name: sessionCookie,
Value: value,
Path: "/",
Expires: time.Now().Add(duration),
HttpOnly: true,
SameSite: http.SameSiteLaxMode,
}
}