package main import ( "embed" "encoding/json" "fmt" "game-wishlist/auth" "game-wishlist/model" "log" "net/http" "os" "time" "golang.org/x/crypto/bcrypt" "gorm.io/driver/sqlite" "gorm.io/gorm" ) var ( //go:embed web/dist webOutput embed.FS ) func sendError(w http.ResponseWriter, msg string, err error, status int) { m := msg if err != nil { m = fmt.Sprintf("%s: %v", msg, err) } http.Error(w, m, status) } func sendJSON(w http.ResponseWriter, data any, status int) { w.Header().Set("Content-Type", "application/json") w.WriteHeader(status) if err := json.NewEncoder(w).Encode(data); err != nil { http.Error(w, err.Error(), 500) } } func main() { dbPath := os.Getenv("DB_PATH") if dbPath == "" { dbPath = "./sqlite.db" } db, err := gorm.Open(sqlite.Open(dbPath)) if err != nil { log.Fatalf("failed to connect to db: %v\n", err) } if err := db.AutoMigrate(model.User{}); err != nil { log.Fatalf("failed to automigrate db: %v\n", err) } mux := http.NewServeMux() mux.HandleFunc("GET /", func(w http.ResponseWriter, r *http.Request) { path := r.URL.Path if path == "/" { path = "/index.html" } filePath := "web/dist" + path http.ServeFileFS(w, r, webOutput, filePath) }) mux.HandleFunc("POST /api/auth/register", func(w http.ResponseWriter, r *http.Request) { var body struct { Login string `json:"login"` Password string `json:"password"` } if err := json.NewDecoder(r.Body).Decode(&body); err != nil { sendError(w, "invalid request body", err, 400) return } if body.Login == "" || body.Password == "" { sendError(w, "invalid request, login and password required", nil, 400) return } hash, err := bcrypt.GenerateFromPassword([]byte(body.Password), 10) if err != nil { sendError(w, "failed to hash password", err, 500) return } user := &model.User{ Login: body.Login, Password: string(hash), } if tx := db.Create(user); tx.Error != nil { sendError(w, "failed to create user", tx.Error, 400) return } expiryTime := time.Now().Add(time.Hour * 24 * 7) // 1 week lifetime token, err := auth.GenerateUserToken(int64(user.ID), expiryTime) if err != nil { sendError(w, "failed to generate user token", err, 500) return } auth.SetUserCookie(w, token, expiryTime) sendJSON(w, user, 201) }) mux.HandleFunc("POST /api/auth/login", func(w http.ResponseWriter, r *http.Request) { var body struct { Login string `json:"login"` Password string `json:"password"` } if err := json.NewDecoder(r.Body).Decode(&body); err != nil { sendError(w, "invalid request body", err, 400) return } if body.Login == "" || body.Password == "" { sendError(w, "invalid request, login and password required", nil, 400) return } user := &model.User{} if tx := db.First(user, "login = ?", body.Login); tx.Error != nil { sendError(w, "login not found", tx.Error, 400) return } if err := bcrypt.CompareHashAndPassword([]byte(user.Password), []byte(body.Password)); err != nil { sendError(w, "invalid password", err, 400) return } expiryTime := time.Now().Add(time.Hour * 24 * 7) // 1 week lifetime token, err := auth.GenerateUserToken(int64(user.ID), expiryTime) if err != nil { sendError(w, "failed to generate user token", err, 500) return } auth.SetUserCookie(w, token, expiryTime) sendJSON(w, user, 200) }) mux.HandleFunc("POST /api/auth/logout", func(w http.ResponseWriter, r *http.Request) { auth.RemoveUserCookie(w) sendJSON(w, struct { Ok bool `json:"ok"` }{true}, 200) }) mux.HandleFunc("GET /api/user", func(w http.ResponseWriter, r *http.Request) { c, err := r.Cookie("token") if err != nil { sendError(w, "no token cookie", err, 401) return } userId, err := auth.ValidateUserToken(c.Value) if err != nil { sendError(w, "invalid token", err, 401) return } user := &model.User{} if tx := db.First(user, "id = ?", userId); tx.Error != nil { sendError(w, "user not found", err, 404) return } sendJSON(w, user, 200) }) log.Print("starting http server on http://localhost:5000") if err := http.ListenAndServe(":5000", mux); err != nil { log.Fatalf("failed to start http server: %v\n", err) } }