181 lines
4.2 KiB
Go
181 lines
4.2 KiB
Go
package main
|
|
|
|
import (
|
|
"embed"
|
|
"encoding/json"
|
|
"fmt"
|
|
"game-wishlist/auth"
|
|
"game-wishlist/model"
|
|
"log"
|
|
"net/http"
|
|
"os"
|
|
"time"
|
|
|
|
"golang.org/x/crypto/bcrypt"
|
|
"gorm.io/driver/sqlite"
|
|
"gorm.io/gorm"
|
|
)
|
|
|
|
var (
|
|
//go:embed web/dist
|
|
webOutput embed.FS
|
|
)
|
|
|
|
func sendError(w http.ResponseWriter, msg string, err error, status int) {
|
|
m := msg
|
|
if err != nil {
|
|
m = fmt.Sprintf("%s: %v", msg, err)
|
|
}
|
|
http.Error(w, m, status)
|
|
}
|
|
|
|
func sendJSON(w http.ResponseWriter, data any, status int) {
|
|
w.Header().Set("Content-Type", "application/json")
|
|
w.WriteHeader(status)
|
|
if err := json.NewEncoder(w).Encode(data); err != nil {
|
|
http.Error(w, err.Error(), 500)
|
|
}
|
|
}
|
|
|
|
func main() {
|
|
dbPath := os.Getenv("DB_PATH")
|
|
if dbPath == "" {
|
|
dbPath = "./sqlite.db"
|
|
}
|
|
|
|
db, err := gorm.Open(sqlite.Open(dbPath))
|
|
if err != nil {
|
|
log.Fatalf("failed to connect to db: %v\n", err)
|
|
}
|
|
|
|
if err := db.AutoMigrate(model.User{}); err != nil {
|
|
log.Fatalf("failed to automigrate db: %v\n", err)
|
|
}
|
|
|
|
mux := http.NewServeMux()
|
|
|
|
mux.HandleFunc("GET /", func(w http.ResponseWriter, r *http.Request) {
|
|
path := r.URL.Path
|
|
if path == "/" {
|
|
path = "/index.html"
|
|
}
|
|
filePath := "web/dist" + path
|
|
http.ServeFileFS(w, r, webOutput, filePath)
|
|
})
|
|
|
|
mux.HandleFunc("POST /api/auth/register", func(w http.ResponseWriter, r *http.Request) {
|
|
var body struct {
|
|
Login string `json:"login"`
|
|
Password string `json:"password"`
|
|
}
|
|
if err := json.NewDecoder(r.Body).Decode(&body); err != nil {
|
|
sendError(w, "invalid request body", err, 400)
|
|
return
|
|
}
|
|
|
|
if body.Login == "" || body.Password == "" {
|
|
sendError(w, "invalid request, login and password required", nil, 400)
|
|
return
|
|
}
|
|
|
|
hash, err := bcrypt.GenerateFromPassword([]byte(body.Password), 10)
|
|
if err != nil {
|
|
sendError(w, "failed to hash password", err, 500)
|
|
return
|
|
}
|
|
|
|
user := &model.User{
|
|
Login: body.Login,
|
|
Password: string(hash),
|
|
}
|
|
if tx := db.Create(user); tx.Error != nil {
|
|
sendError(w, "failed to create user", tx.Error, 400)
|
|
return
|
|
}
|
|
|
|
expiryTime := time.Now().Add(time.Hour * 24 * 7) // 1 week lifetime
|
|
token, err := auth.GenerateUserToken(int64(user.ID), expiryTime)
|
|
if err != nil {
|
|
sendError(w, "failed to generate user token", err, 500)
|
|
return
|
|
}
|
|
|
|
auth.SetUserCookie(w, token, expiryTime)
|
|
|
|
sendJSON(w, user, 201)
|
|
})
|
|
|
|
mux.HandleFunc("POST /api/auth/login", func(w http.ResponseWriter, r *http.Request) {
|
|
var body struct {
|
|
Login string `json:"login"`
|
|
Password string `json:"password"`
|
|
}
|
|
|
|
if err := json.NewDecoder(r.Body).Decode(&body); err != nil {
|
|
sendError(w, "invalid request body", err, 400)
|
|
return
|
|
}
|
|
|
|
if body.Login == "" || body.Password == "" {
|
|
sendError(w, "invalid request, login and password required", nil, 400)
|
|
return
|
|
}
|
|
|
|
user := &model.User{}
|
|
if tx := db.First(user, "login = ?", body.Login); tx.Error != nil {
|
|
sendError(w, "login not found", tx.Error, 400)
|
|
return
|
|
}
|
|
|
|
if err := bcrypt.CompareHashAndPassword([]byte(user.Password), []byte(body.Password)); err != nil {
|
|
sendError(w, "invalid password", err, 400)
|
|
return
|
|
}
|
|
|
|
expiryTime := time.Now().Add(time.Hour * 24 * 7) // 1 week lifetime
|
|
token, err := auth.GenerateUserToken(int64(user.ID), expiryTime)
|
|
if err != nil {
|
|
sendError(w, "failed to generate user token", err, 500)
|
|
return
|
|
}
|
|
|
|
auth.SetUserCookie(w, token, expiryTime)
|
|
|
|
sendJSON(w, user, 200)
|
|
})
|
|
|
|
mux.HandleFunc("POST /api/auth/logout", func(w http.ResponseWriter, r *http.Request) {
|
|
auth.RemoveUserCookie(w)
|
|
sendJSON(w, struct {
|
|
Ok bool `json:"ok"`
|
|
}{true}, 200)
|
|
})
|
|
|
|
mux.HandleFunc("GET /api/user", func(w http.ResponseWriter, r *http.Request) {
|
|
c, err := r.Cookie("token")
|
|
if err != nil {
|
|
sendError(w, "no token cookie", err, 401)
|
|
return
|
|
}
|
|
|
|
userId, err := auth.ValidateUserToken(c.Value)
|
|
if err != nil {
|
|
sendError(w, "invalid token", err, 401)
|
|
return
|
|
}
|
|
|
|
user := &model.User{}
|
|
if tx := db.First(user, "id = ?", userId); tx.Error != nil {
|
|
sendError(w, "user not found", err, 404)
|
|
return
|
|
}
|
|
|
|
sendJSON(w, user, 200)
|
|
})
|
|
|
|
log.Print("starting http server on http://localhost:5000")
|
|
if err := http.ListenAndServe(":5000", mux); err != nil {
|
|
log.Fatalf("failed to start http server: %v\n", err)
|
|
}
|
|
}
|