ari/arimelody.me
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

tidying some things up

Browse source 
session message handling is pretty annoying; should look into a better method of doing this
This commit is contained in:
ari melody 2025-01-23 09:39:40 +00:00
parent 45f33b8b46
commit e457e979ff
Signed by: ari
GPG key ID: CF99829C92678188
8 changed files with 161 additions and 82 deletions
Download patch file Download diff file Expand all files Collapse all files

50
admin/accounthttp.go
View file

@ -17,7 +17,6 @@ func accountHandler(app *model.AppState) http.Handler {
mux.Handle("/password", changePasswordHandler(app))
mux.Handle("/delete", deleteAccountHandler(app))
mux.Handle("/", accountIndexHandler(app))
return mux
}
@ -37,6 +36,13 @@ func accountIndexHandler(app *model.AppState) http.Handler {
TOTPs []model.TOTP
}
sessionMessage := session.Message
sessionError := session.Error
controller.SetSessionMessage(app.DB, session, "")
controller.SetSessionError(app.DB, session, "")
session.Message = sessionMessage
session.Error = sessionError
err = pages["account"].Execute(w, accountResponse{
Session: session,
TOTPs: totps,
@ -57,18 +63,39 @@ func changePasswordHandler(app *model.AppState) http.Handler {
session := r.Context().Value("session").(*model.Session)
controller.SetSessionMessage(app.DB, session, "")
controller.SetSessionError(app.DB, session, "")
r.ParseForm()
currentPassword := r.Form.Get("current-password")
if err := bcrypt.CompareHashAndPassword([]byte(session.Account.Password), []byte(currentPassword)); err != nil {
controller.SetSessionMessage(app.DB, session, "Incorrect password.")
controller.SetSessionError(app.DB, session, "Incorrect password.")
http.Redirect(w, r, "/admin/account", http.StatusFound)
return
}
newPassword := r.Form.Get("new-password")
controller.SetSessionMessage(app.DB, session, fmt.Sprintf("Updating password to <code>%s</code>", newPassword))
hashedPassword, err := bcrypt.GenerateFromPassword([]byte(newPassword), bcrypt.DefaultCost)
if err != nil {
fmt.Fprintf(os.Stderr, "WARN: Failed to generate password hash: %v\n", err)
controller.SetSessionError(app.DB, session, "Something went wrong. Please try again.")
http.Redirect(w, r, "/admin/account", http.StatusFound)
return
}
session.Account.Password = string(hashedPassword)
err = controller.UpdateAccount(app.DB, session.Account)
if err != nil {
fmt.Fprintf(os.Stderr, "WARN: Failed to update account password: %v\n", err)
controller.SetSessionError(app.DB, session, "Something went wrong. Please try again.")
http.Redirect(w, r, "/admin/account", http.StatusFound)
return
}
controller.SetSessionError(app.DB, session, "")
controller.SetSessionMessage(app.DB, session, "Password updated successfully.")
http.Redirect(w, r, "/admin/account", http.StatusFound)
})
}
@ -97,10 +124,10 @@ func deleteAccountHandler(app *model.AppState) http.Handler {
if err := bcrypt.CompareHashAndPassword([]byte(session.Account.Password), []byte(r.Form.Get("password"))); err != nil {
fmt.Printf(
"[%s] WARN: Account \"%s\" attempted account deletion with incorrect password.\n",
time.Now().Format("2006-02-01 15:04:05"),
time.Now().Format(time.UnixDate),
session.Account.Username,
)
controller.SetSessionMessage(app.DB, session, "Incorrect password.")
controller.SetSessionError(app.DB, session, "Incorrect password.")
http.Redirect(w, r, "/admin/account", http.StatusFound)
return
}
@ -108,35 +135,36 @@ func deleteAccountHandler(app *model.AppState) http.Handler {
totpMethod, err := controller.CheckTOTPForAccount(app.DB, session.Account.ID, r.Form.Get("totp"))
if err != nil {
fmt.Fprintf(os.Stderr, "Failed to fetch account: %v\n", err)
controller.SetSessionMessage(app.DB, session, "Something went wrong. Please try again.")
controller.SetSessionError(app.DB, session, "Something went wrong. Please try again.")
http.Redirect(w, r, "/admin/account", http.StatusFound)
return
}
if totpMethod == nil {
fmt.Printf(
"[%s] WARN: Account \"%s\" attempted account deletion with incorrect TOTP.\n",
time.Now().Format("2006-02-01 15:04:05"),
time.Now().Format(time.UnixDate),
session.Account.Username,
)
controller.SetSessionMessage(app.DB, session, "Incorrect TOTP.")
controller.SetSessionError(app.DB, session, "Incorrect TOTP.")
http.Redirect(w, r, "/admin/account", http.StatusFound)
}
err = controller.DeleteAccount(app.DB, session.Account.ID)
if err != nil {
fmt.Fprintf(os.Stderr, "Failed to delete account: %v\n", err)
controller.SetSessionMessage(app.DB, session, "Something went wrong. Please try again.")
controller.SetSessionError(app.DB, session, "Something went wrong. Please try again.")
http.Redirect(w, r, "/admin/account", http.StatusFound)
return
}
fmt.Printf(
"[%s] INFO: Account \"%s\" deleted by user request.\n",
time.Now().Format("2006-02-01 15:04:05"),
time.Now().Format(time.UnixDate),
session.Account.Username,
)
session.Account = nil
controller.SetSessionAccount(app.DB, session, nil)
controller.SetSessionError(app.DB, session, "")
controller.SetSessionMessage(app.DB, session, "Account deleted successfully.")
http.Redirect(w, r, "/admin/login", http.StatusFound)
})

51
admin/http.go
View file

@ -93,8 +93,8 @@ func AdminIndexHandler(app *model.AppState) http.Handler {
func registerAccountHandler(app *model.AppState) http.Handler {
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
session := r.Context().Value("session").(*model.Session)
session.Error = sql.NullString{}
session.Message = sql.NullString{}
controller.SetSessionError(app.DB, session, "")
controller.SetSessionMessage(app.DB, session, "")
if session.Account != nil {
// user is already logged in
@ -102,8 +102,12 @@ func registerAccountHandler(app *model.AppState) http.Handler {
return
}
type registerData struct {
Session *model.Session
}
render := func() {
err := pages["register"].Execute(w, session)
err := pages["register"].Execute(w, registerData{ Session: session })
if err != nil {
fmt.Printf("WARN: Error rendering create account page: %s\n", err)
http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)
@ -122,7 +126,7 @@ func registerAccountHandler(app *model.AppState) http.Handler {
err := r.ParseForm()
if err != nil {
session.Error = sql.NullString{ String: "Malformed data.", Valid: true }
controller.SetSessionError(app.DB, session, "Malformed data.")
render()
return
}
@ -144,7 +148,7 @@ func registerAccountHandler(app *model.AppState) http.Handler {
invite, err := controller.GetInvite(app.DB, credentials.Invite)
if err != nil {
fmt.Fprintf(os.Stderr, "WARN: Failed to retrieve invite: %v\n", err)
session.Error = sql.NullString{ String: "Something went wrong. Please try again.", Valid: true }
controller.SetSessionError(app.DB, session, "Something went wrong. Please try again.")
render()
return
}
@ -153,7 +157,7 @@ func registerAccountHandler(app *model.AppState) http.Handler {
err := controller.DeleteInvite(app.DB, invite.Code)
if err != nil { fmt.Fprintf(os.Stderr, "WARN: Failed to delete expired invite: %v\n", err) }
}
session.Error = sql.NullString{ String: "Invalid invite code.", Valid: true }
controller.SetSessionError(app.DB, session, "Invalid invite code.")
render()
return
}
@ -161,7 +165,7 @@ func registerAccountHandler(app *model.AppState) http.Handler {
hashedPassword, err := bcrypt.GenerateFromPassword([]byte(credentials.Password), bcrypt.DefaultCost)
if err != nil {
fmt.Fprintf(os.Stderr, "WARN: Failed to generate password hash: %v\n", err)
session.Error = sql.NullString{ String: "Something went wrong. Please try again.", Valid: true }
controller.SetSessionError(app.DB, session, "Something went wrong. Please try again.")
render()
return
}
@ -175,16 +179,23 @@ func registerAccountHandler(app *model.AppState) http.Handler {
err = controller.CreateAccount(app.DB, &account)
if err != nil {
if strings.HasPrefix(err.Error(), "pq: duplicate key") {
session.Error = sql.NullString{ String: "An account with that username already exists.", Valid: true }
controller.SetSessionError(app.DB, session, "An account with that username already exists.")
render()
return
}
fmt.Fprintf(os.Stderr, "WARN: Failed to create account: %v\n", err)
session.Error = sql.NullString{ String: "Something went wrong. Please try again.", Valid: true }
controller.SetSessionError(app.DB, session, "Something went wrong. Please try again.")
render()
return
}
fmt.Printf(
"[%s]: Account registered: %s (%s)\n",
time.Now().Format(time.UnixDate),
account.Username,
account.ID,
)
err = controller.DeleteInvite(app.DB, invite.Code)
if err != nil { fmt.Fprintf(os.Stderr, "WARN: Failed to delete expired invite: %v\n", err) }
@ -229,7 +240,7 @@ func loginHandler(app *model.AppState) http.Handler {
err := r.ParseForm()
if err != nil {
session.Error = sql.NullString{ String: "Malformed data.", Valid: true }
controller.SetSessionError(app.DB, session, "Malformed data.")
render()
return
}
@ -253,12 +264,12 @@ func loginHandler(app *model.AppState) http.Handler {
account, err := controller.GetAccountByUsername(app.DB, credentials.Username)
if err != nil {
fmt.Fprintf(os.Stderr, "WARN: Failed to fetch account for login: %v\n", err)
session.Error = sql.NullString{ String: "Invalid username or password.", Valid: true }
controller.SetSessionError(app.DB, session, "Invalid username or password.")
render()
return
}
if account == nil {
session.Error = sql.NullString{ String: "Invalid username or password.", Valid: true }
controller.SetSessionError(app.DB, session, "Invalid username or password.")
render()
return
}
@ -267,10 +278,10 @@ func loginHandler(app *model.AppState) http.Handler {
if err != nil {
fmt.Printf(
"[%s] INFO: Account \"%s\" attempted login with incorrect password.\n",
time.Now().Format("2006-02-01 15:04:05"),
time.Now().Format(time.UnixDate),
account.Username,
)
session.Error = sql.NullString{ String: "Invalid username or password.", Valid: true }
controller.SetSessionError(app.DB, session, "Invalid username or password.")
render()
return
}
@ -278,12 +289,12 @@ func loginHandler(app *model.AppState) http.Handler {
totpMethod, err := controller.CheckTOTPForAccount(app.DB, account.ID, credentials.TOTP)
if err != nil {
fmt.Fprintf(os.Stderr, "WARN: Failed to fetch TOTPs: %v\n", err)
session.Error = sql.NullString{ String: "Something went wrong. Please try again.", Valid: true }
controller.SetSessionError(app.DB, session, "Something went wrong. Please try again.")
render()
return
}
if totpMethod == nil {
session.Error = sql.NullString{ String: "Invalid TOTP.", Valid: true }
controller.SetSessionError(app.DB, session, "Invalid TOTP.")
render()
return
}
@ -291,7 +302,7 @@ func loginHandler(app *model.AppState) http.Handler {
// TODO: log login activity to user
fmt.Printf(
"[%s] INFO: Account \"%s\" logged in with method \"%s\"\n",
time.Now().Format("2006-02-01 15:04:05"),
time.Now().Format(time.UnixDate),
account.Username,
totpMethod.Name,
)
@ -379,11 +390,7 @@ func enforceSession(app *model.AppState, next http.Handler) http.Handler {
// fetch existing session
session, err = controller.GetSession(app.DB, sessionCookie.Value)
if err != nil {
if strings.Contains(err.Error(), "no rows") {
http.Error(w, "Invalid session. Please try clearing your cookies and refresh.", http.StatusBadRequest)
return
}
if err != nil && !strings.Contains(err.Error(), "no rows") {
fmt.Fprintf(os.Stderr, "WARN: Failed to retrieve session: %v\n", err)
http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)
return

5
admin/views/edit-account.html
View file

@ -52,7 +52,10 @@
<p>You have no MFA devices.</p>
{{end}}
<button type="submit" class="new" id="add-mfa-device">Add MFA Device</button>
<div>
<button type="submit" class="save" id="enable-email" disabled>Enable Email TOTP</button>
<a class="button new" id="add-totp-device" href="/admin/account/totp-setup">Add TOTP Device</a>
</div>
</div>
<div class="card-title">