tidying some things up

session message handling is pretty annoying; should look into a better method of doing this
2025-01-23 09:39:40 +00:00 · 2025-01-23 09:39:40 +00:00 · e457e979ff
commit e457e979ff
parent 45f33b8b46
8 changed files with 161 additions and 82 deletions
--- a/admin/accounthttp.go
+++ b/admin/accounthttp.go
@ -17,7 +17,6 @@ func accountHandler(app *model.AppState) http.Handler {

    mux.Handle("/password", changePasswordHandler(app))
    mux.Handle("/delete", deleteAccountHandler(app))
-    mux.Handle("/", accountIndexHandler(app))

    return mux
 }
@ -37,6 +36,13 @@ func accountIndexHandler(app *model.AppState) http.Handler {
            TOTPs []model.TOTP
        }

+        sessionMessage := session.Message
+        sessionError := session.Error
+        controller.SetSessionMessage(app.DB, session, "")
+        controller.SetSessionError(app.DB, session, "")
+        session.Message = sessionMessage
+        session.Error = sessionError
+
        err = pages["account"].Execute(w, accountResponse{
            Session: session,
            TOTPs: totps,
@ -57,18 +63,39 @@ func changePasswordHandler(app *model.AppState) http.Handler {

        session := r.Context().Value("session").(*model.Session)

+        controller.SetSessionMessage(app.DB, session, "")
+        controller.SetSessionError(app.DB, session, "")
+
        r.ParseForm()

        currentPassword := r.Form.Get("current-password")
        if err := bcrypt.CompareHashAndPassword([]byte(session.Account.Password), []byte(currentPassword)); err != nil {
-            controller.SetSessionMessage(app.DB, session, "Incorrect password.")
+            controller.SetSessionError(app.DB, session, "Incorrect password.")
            http.Redirect(w, r, "/admin/account", http.StatusFound)
            return
        }

        newPassword := r.Form.Get("new-password")

-        controller.SetSessionMessage(app.DB, session, fmt.Sprintf("Updating password to <code>%s</code>", newPassword))
+        hashedPassword, err := bcrypt.GenerateFromPassword([]byte(newPassword), bcrypt.DefaultCost)
+        if err != nil {
+            fmt.Fprintf(os.Stderr, "WARN: Failed to generate password hash: %v\n", err)
+            controller.SetSessionError(app.DB, session, "Something went wrong. Please try again.")
+            http.Redirect(w, r, "/admin/account", http.StatusFound)
+            return
+        }
+
+        session.Account.Password = string(hashedPassword)
+        err = controller.UpdateAccount(app.DB, session.Account)
+        if err != nil {
+            fmt.Fprintf(os.Stderr, "WARN: Failed to update account password: %v\n", err)
+            controller.SetSessionError(app.DB, session, "Something went wrong. Please try again.")
+            http.Redirect(w, r, "/admin/account", http.StatusFound)
+            return
+        }
+
+        controller.SetSessionError(app.DB, session, "")
+        controller.SetSessionMessage(app.DB, session, "Password updated successfully.")
        http.Redirect(w, r, "/admin/account", http.StatusFound)
    })
 }
@ -97,10 +124,10 @@ func deleteAccountHandler(app *model.AppState) http.Handler {
        if err := bcrypt.CompareHashAndPassword([]byte(session.Account.Password), []byte(r.Form.Get("password"))); err != nil {
            fmt.Printf(
                "[%s] WARN: Account \"%s\" attempted account deletion with incorrect password.\n",
-                time.Now().Format("2006-02-01 15:04:05"),
+                time.Now().Format(time.UnixDate),
                session.Account.Username,
            )
-            controller.SetSessionMessage(app.DB, session, "Incorrect password.")
+            controller.SetSessionError(app.DB, session, "Incorrect password.")
            http.Redirect(w, r, "/admin/account", http.StatusFound)
            return
        }
@ -108,35 +135,36 @@ func deleteAccountHandler(app *model.AppState) http.Handler {
        totpMethod, err := controller.CheckTOTPForAccount(app.DB, session.Account.ID, r.Form.Get("totp"))
        if err != nil {
            fmt.Fprintf(os.Stderr, "Failed to fetch account: %v\n", err)
-            controller.SetSessionMessage(app.DB, session, "Something went wrong. Please try again.")
+            controller.SetSessionError(app.DB, session, "Something went wrong. Please try again.")
            http.Redirect(w, r, "/admin/account", http.StatusFound)
            return
        }
        if totpMethod == nil {
            fmt.Printf(
                "[%s] WARN: Account \"%s\" attempted account deletion with incorrect TOTP.\n",
-                time.Now().Format("2006-02-01 15:04:05"),
+                time.Now().Format(time.UnixDate),
                session.Account.Username,
            )
-            controller.SetSessionMessage(app.DB, session, "Incorrect TOTP.")
+            controller.SetSessionError(app.DB, session, "Incorrect TOTP.")
            http.Redirect(w, r, "/admin/account", http.StatusFound)
        }

        err = controller.DeleteAccount(app.DB, session.Account.ID)
        if err != nil {
            fmt.Fprintf(os.Stderr, "Failed to delete account: %v\n", err)
-            controller.SetSessionMessage(app.DB, session, "Something went wrong. Please try again.")
+            controller.SetSessionError(app.DB, session, "Something went wrong. Please try again.")
            http.Redirect(w, r, "/admin/account", http.StatusFound)
            return
        }

        fmt.Printf(
            "[%s] INFO: Account \"%s\" deleted by user request.\n",
-            time.Now().Format("2006-02-01 15:04:05"),
+            time.Now().Format(time.UnixDate),
            session.Account.Username,
        )

-        session.Account = nil
+        controller.SetSessionAccount(app.DB, session, nil)
+        controller.SetSessionError(app.DB, session, "")
        controller.SetSessionMessage(app.DB, session, "Account deleted successfully.")
        http.Redirect(w, r, "/admin/login", http.StatusFound)
    })