git.j3s.sh

clean up login logic

Jes Olson j3s@c3f.net

Thu, 16 Mar 2023 00:09:03 -0700

commit

c1f51a9687488f4f57f0fbdd17cf194a23e2ccab

parent

01c09f0e776736dd5eebb2b56503690fdb01ff47

1 files changed, 33 insertions(+), 28 deletions(-)

jump to

site.go

M site.go → site.go

@@ -42,14 +42,14 @@ if r.URL.Path != "/" {
 		http.NotFound(w, r)
 		return
 	}
-	if s.authenticated(r) {
-		fmt.Fprintf(w, `<h1>sup shitbag</h1>
-				<a href="/logout">logout</a>`)
+	if s.loggedIn(r) {
+		fmt.Fprintf(w, `<h1>index</h1>
+			<small>logged in as %s
+			(<a href="/logout">logout</a>)
+			</small>`, s.username(r))
 	} else {
-		fmt.Fprintf(w, `<h1>sup shitbag</h1>
-				<a href="/login">login</a>
-				<a href="/register">register</a>
-				<a href="/logout">logout</a>`)
+		fmt.Fprintf(w, `<h1>index</h1>
+			<a href="/login">login</a>`)
 	}
 }
 
@@ -58,17 +58,19 @@ if !methodAllowed(w, r, "GET", "POST") {
 		return
 	}
 	if r.Method == "GET" {
-		if s.authenticated(r) {
+		if s.loggedIn(r) {
 			fmt.Fprintf(w, "you are already logged in :3\n")
 		} else {
 			fmt.Fprintf(w, `<h1>login</h1>
-					<form method="POST" action="/login">
-					<label for="username">username:</label>
-					<input type="text" name="username" required><br>
-					<label for="password">password:</label>
-					<input type="password" name="password" required><br>
-					<input type="submit" value="login">
-					</form>`)
+				<form method="POST" action="/login">
+				<label for="username">username:</label>
+				<input type="text" name="username" required><br>
+				<label for="password">password:</label>
+				<input type="password" name="password" required><br>
+				<input type="submit" value="login">
+				</form>
+				<p>if you want to create an account, click
+				<a href="/register">here</a>`)
 		}
 	}
 	if r.Method == "POST" {
@@ -84,8 +86,9 @@ http.Redirect(w, r, "/", http.StatusSeeOther)
 	}
 }
 
+// TODO: make this take a POST only in accordance w/ some spec
 func (s *Site) logoutHandler(w http.ResponseWriter, r *http.Request) {
-	if !methodAllowed(w, r, "GET") {
+	if !methodAllowed(w, r, "GET", "POST") {
 		return
 	}
 	http.SetCookie(w, &http.Cookie{
@@ -102,13 +105,13 @@ }
 
 	if r.Method == "GET" {
 		fmt.Fprintf(w, `<h1>register</h1>
-				<form method="POST" action="/register">
-				<label for="username">username:</label>
-				<input type="text" name="username" required><br>
-				<label for="password">password:</label>
-				<input type="password" name="password" required><br>
-				<input type="submit" value="login">
-				</form>`)
+			<form method="POST" action="/register">
+			<label for="username">username:</label>
+			<input type="text" name="username" required><br>
+			<label for="password">password:</label>
+			<input type="password" name="password" required><br>
+			<input type="submit" value="login">
+			</form>`)
 	}
 
 	if r.Method == "POST" {
@@ -128,17 +131,19 @@ http.Redirect(w, r, "/", http.StatusSeeOther)
 	}
 }
 
-func (s *Site) authenticated(r *http.Request) bool {
+func (s *Site) username(r *http.Request) string {
 	sessionToken, err := r.Cookie("session_token")
 	if err != nil {
-		return false
+		return ""
 	}
-
 	username := s.db.GetUsernameBySessionToken(sessionToken.Value)
-	if username == "" {
+	return username
+}
+
+func (s *Site) loggedIn(r *http.Request) bool {
+	if s.username(r) == "" {
 		return false
 	}
-
 	return true
 }