2024-10-11 11:38:08 +03:00
|
|
|
package main
|
|
|
|
|
|
|
|
import (
|
2024-10-11 23:57:57 +03:00
|
|
|
"log/slog"
|
2024-10-11 11:38:08 +03:00
|
|
|
"net/http"
|
|
|
|
"net/mail"
|
|
|
|
"strings"
|
|
|
|
)
|
|
|
|
|
2024-10-12 18:39:38 +03:00
|
|
|
func validEmail(email string) bool {
|
2024-10-11 11:38:08 +03:00
|
|
|
_, err := mail.ParseAddress(email)
|
|
|
|
return err == nil
|
|
|
|
}
|
2024-10-12 18:39:38 +03:00
|
|
|
func validPass(pass string) bool {
|
2024-10-12 09:55:58 +03:00
|
|
|
// TODO: Obviously, we *might* want something more sophisticated here
|
2024-10-12 16:59:47 +03:00
|
|
|
return len(pass) >= 8
|
2024-10-11 11:38:08 +03:00
|
|
|
}
|
2024-10-12 18:39:38 +03:00
|
|
|
|
2024-10-11 11:38:08 +03:00
|
|
|
func Register(w http.ResponseWriter, r *http.Request) {
|
|
|
|
email, password, ok := r.BasicAuth()
|
|
|
|
|
2024-10-12 09:55:58 +03:00
|
|
|
if ok {
|
2024-10-11 11:38:08 +03:00
|
|
|
email = strings.TrimSpace(email)
|
|
|
|
password = strings.TrimSpace(password)
|
2024-10-12 18:39:38 +03:00
|
|
|
if !(validEmail(email) && validPass(password) && !emailExists(email)) {
|
|
|
|
slog.Debug("Outcome",
|
|
|
|
"email", validEmail(email),
|
|
|
|
"pass", validPass(password),
|
|
|
|
"taken", !emailExists(email))
|
2024-10-12 16:59:47 +03:00
|
|
|
http.Error(w, "invalid auth credentials", http.StatusBadRequest)
|
2024-10-11 23:57:57 +03:00
|
|
|
return
|
2024-10-11 11:38:08 +03:00
|
|
|
}
|
2024-10-11 23:57:57 +03:00
|
|
|
user, err := NewUser(email, password)
|
|
|
|
if err != nil {
|
2024-10-12 09:55:58 +03:00
|
|
|
slog.Error("error creating a new user", "error", err)
|
2024-10-12 18:39:38 +03:00
|
|
|
http.Error(w, "error creating a new user", http.StatusInternalServerError)
|
|
|
|
return
|
|
|
|
}
|
|
|
|
err = addUser(user)
|
|
|
|
if err != nil {
|
|
|
|
slog.Error("error saving a new user", "error", err)
|
|
|
|
http.Error(w, "error saving a new user", http.StatusInternalServerError)
|
|
|
|
return
|
2024-10-11 23:57:57 +03:00
|
|
|
}
|
2024-10-12 09:55:58 +03:00
|
|
|
w.WriteHeader(http.StatusCreated)
|
|
|
|
w.Write([]byte("User created"))
|
|
|
|
return
|
2024-10-11 11:38:08 +03:00
|
|
|
}
|
|
|
|
|
|
|
|
// No email and password was provided
|
|
|
|
w.Header().Set("WWW-Authenticate", `Basic realm="restricted", charset="UTF-8"`)
|
|
|
|
http.Error(w, "This API requires authorization", http.StatusUnauthorized)
|
|
|
|
}
|
2024-10-11 23:57:57 +03:00
|
|
|
|
|
|
|
func Login(w http.ResponseWriter, r *http.Request) {
|
|
|
|
email, password, ok := r.BasicAuth()
|
|
|
|
|
2024-10-12 09:55:58 +03:00
|
|
|
if ok {
|
2024-10-11 23:57:57 +03:00
|
|
|
email = strings.TrimSpace(email)
|
|
|
|
password = strings.TrimSpace(password)
|
2024-10-12 18:39:38 +03:00
|
|
|
user, ok := byEmail(email)
|
2024-10-11 23:57:57 +03:00
|
|
|
if !ok || !user.PasswordFits(password) {
|
2024-10-12 16:59:47 +03:00
|
|
|
http.Error(w, "you did something wrong", http.StatusUnauthorized)
|
2024-10-11 23:57:57 +03:00
|
|
|
return
|
|
|
|
}
|
2024-10-12 09:55:58 +03:00
|
|
|
|
|
|
|
s, err := CreateJWT(user)
|
|
|
|
if err != nil {
|
|
|
|
http.Error(w, "error creating jwt", http.StatusInternalServerError)
|
|
|
|
return
|
|
|
|
}
|
|
|
|
w.Write([]byte(s))
|
|
|
|
return
|
2024-10-11 23:57:57 +03:00
|
|
|
}
|
|
|
|
|
|
|
|
// No email and password was provided
|
|
|
|
w.Header().Set("WWW-Authenticate", `Basic realm="restricted", charset="UTF-8"`)
|
|
|
|
http.Error(w, "This API requires authorization", http.StatusUnauthorized)
|
2024-10-12 09:55:58 +03:00
|
|
|
}
|