webpanel has al features for now, alpha 0.0.1 yay!

main.go

@@ -4,12 +4,13 @@ import (
   "github.com/kataras/iris"
   "github.com/kataras/go-template/html"
   "fmt"
-  "git.mmnx.de/Moe/databaseutils"
   "git.mmnx.de/Moe/usermanager"
+  "git.mmnx.de/Moe/databaseutils"
   "git.mmnx.de/Moe/configutils"
   "git.mmnx.de/Moe/templatehelpers"
   "golang.org/x/crypto/bcrypt"
-  "errors"
+  // "errors"
+  "strconv"
 )
 
 type pageUserParams struct{
@@ -56,11 +57,12 @@ func main() {
   iris.Static("/static", "./static/static", 1)
 
   iris.Post("/login", loginHandler) // login form handler // TODO: outsource ?
-  iris.Post("/register", registerHandler) // TODO outsource ?
-  iris.Post("/account", usermanager.AuthHandler, accountUpdateHandler)
+  iris.Post("/register", registerHandler, usermanager.LogoutHandler) // TODO outsource ?
+  iris.Post("/account", usermanager.AuthHandler, accountUpdateHandler, usermanager.LogoutHandler)
   iris.Post("/admin", usermanager.AuthHandler, usermanager.AdminHandler, adminPostHandler)
 
   iris.Get("/login", templateHandler) // TODO not when logged in
+  iris.Get("/logout", usermanager.AuthHandler, usermanager.LogoutHandler)
   iris.Get("/register", templateHandler) // TODO not when logged in
 	iris.Get("/", usermanager.AuthHandler, templateHandler)
   iris.Get("/account", usermanager.AuthHandler, templateHandler)
@@ -94,102 +96,97 @@ func registerHandler(ctx *iris.Context) {
   password := ctx.FormValueString("password")
 
   user := usermanager.User{} // new user
+  tokenUserID, err := usermanager.SearchUserByTokenInDB(token) // user, we're going to change
+  if err != nil {
+    templatehelpers.ShowError(err.Error(), ctx, "register")
+    return
+  }
+  tokenUserIDStr := strconv.FormatInt(int64(tokenUserID), 10)
+  if err != nil {
+    templatehelpers.ShowError(err.Error(), ctx, "register")
+    return
+  }
+  tokenUser, err := usermanager.GetUserFromDB(tokenUserIDStr)
+  if err != nil {
+    templatehelpers.ShowError(err.Error(), ctx, "register")
+    return
+  }
 
-  tokens := usermanager.GetTokens(false) // get all unused tokens
-  validToken := false
+  tokens := usermanager.GetTokens(false) // get all unused tokens, // TODO when v outsourced, use GetToken()
+  unusedToken := false // TODO: outsource this (GetToken())
   for i, _ := range tokens {
     if token == tokens[i] {
-      validToken = true
+      unusedToken = true
       break
     }
   }
-  if !validToken { // token not valid
+
+  tokens = usermanager.GetTokens(true) // get all used tokens, // TODO when v outsourced, use GetToken()
+  usedToken := false // TODO: outsource this (GetToken())
+  for i, _ := range tokens {
+    if token == tokens[i] {
+      usedToken = true
+      break
+    }
+  }
+
+  if !unusedToken && !usedToken { // token doesnt exist
     templatehelpers.ShowError(usermanager.ERR_INVALID_TOKEN, ctx, "register")
   }
 
   userID := usermanager.SearchUserByUsernameInDB(username) // check if a user with that name already exists
   if userID != -1 {
-    templatehelpers.ShowError(usermanager.ERR_USERNAME_TAKEN, ctx, "register")
-  }
-
-  passwordBin, _ := bcrypt.GenerateFromPassword([]byte(password), 15) // hash password
-
-  err := usermanager.RegisterUserWithToken(username, string(passwordBin), token) // register user
-  if err != nil {
-    templatehelpers.ShowError(err.Error(), ctx, "register")
-    return
+    tokenUserIDInt, err := strconv.Atoi(tokenUser.ID) // convert userID to int ...
+    if err != nil {
+      templatehelpers.ShowError(err.Error(), ctx, "register")
+      return
+    }
+    if userID != tokenUserIDInt { // tries to steal another users identity
+      templatehelpers.ShowError(usermanager.ERR_USERNAME_TAKEN, ctx, "register")
+      return
+    } // if it's his own name, that's "taken" he can change
   }
 
-  tokenString, err := user.Login(username, password) // try to login
-
-  if err != nil {
-    templatehelpers.ShowError(err.Error(), ctx, "login")
-  } else {
-    ctx.SetCookieKV("token", tokenString)
-    ctx.Redirect("/")
-    // TODO: error-alternative success (main.html)
-  }
-}
+  if unusedToken {
+    passwordBin, _ := bcrypt.GenerateFromPassword([]byte(password), 15) // hash password
 
-func accountUpdateHandler(ctx *iris.Context) { // TODO tidy up?
-  err := errors.New(""); err = nil
-  username := ctx.FormValueString("username") // POST values
-  password := ctx.FormValueString("password")
-  userID := ctx.GetString("userID")
-  usersArrayID := usermanager.SearchUser(userID)
-  user := (*usermanager.Users)[usersArrayID] // user must be logged in to do this -> get from users list
+    err := usermanager.RegisterUserWithToken(username, string(passwordBin), token) // register user
+    if err != nil {
+      templatehelpers.ShowError(err.Error(), ctx, "register")
+      return
+    }
 
-  if username != "" && usermanager.SearchUserByUsername(username) != -1 && username != user.Username { // username can't be changed as there already exists a user with that name or it's the old name
-    ctx.Render("account_box.html", usermanager.PageUserParams{"1", errors.New("Username already taken").Error(), "account", user.Username, user.Admin, []string{"ayy", "lmao"}})
-    return
-  }
+    tokenString, err := user.Login(username, password) // try to login
 
-  needQuery := false
+    if err != nil {
+      templatehelpers.ShowError(err.Error(), ctx, "login")
+    } else {
+      ctx.SetCookieKV("token", tokenString)
+      ctx.Redirect("/")
+      // TODO: error-alternative success (main.html)
+    }
 
-  if username != "" { // if not left empty (-> change)
-    needQuery = true
   } else {
-    username = user.Username // keep
-  }
 
-  hashedPassword := user.Password // we assumpt the user's not changing his password
-
-  if password != "" { // if not left empty we change it
-    needQuery = true
-    hashedPassword, err = func (hashedPassword []byte, err error) (string, error) { // hash password, we use an anonymous function to convert it to string
-      if err != nil { // should never happen
-        ctx.Render("account_box.html", usermanager.PageUserParams{"1", err.Error(), "account", user.Username, user.Admin, []string{"ayy", "lmao"}})
-        return "", err
-      }
-      return string(hashedPassword), nil
-    }(bcrypt.GenerateFromPassword([]byte(password), 15)) // this is the actual hashing call
-    if err != nil { // should never happen
-      ctx.Render("account_box.html", usermanager.PageUserParams{"1", err.Error(), "account", user.Username, user.Admin, []string{"ayy", "lmao"}})
+    // TODO maybe check whether to login or logout
+
+    if err := usermanager.UserUpdateProcessor(username, password, tokenUserIDStr); err != nil {
+      templatehelpers.ShowError(err.Error(), ctx, "register")
       return
     }
   }
+}
 
-  if !needQuery { // we don't need to update anything
-    ctx.Render("account_box.html", usermanager.PageUserParams{"1", errors.New("nothing to update").Error(), "account", user.Username, user.Admin, []string{"ayy", "lmao"}})
-    return
-  }
-
-  (*usermanager.Users)[usermanager.SearchUser(userID)].Username = username // update values in runtime users list
-  (*usermanager.Users)[usermanager.SearchUser(userID)].Password = hashedPassword
+func accountUpdateHandler(ctx *iris.Context) {
+  username := ctx.FormValueString("username") // POST values
+  password := ctx.FormValueString("password")
+  userID := ctx.GetString("userID")
 
-  err = (*usermanager.Users)[usermanager.SearchUser(userID)].Update() // try to update in db
-  if err != nil { // failed to update
-    ctx.Render("account_box.html", usermanager.PageUserParams{"1", err.Error(), "account", user.Username, user.Admin, []string{"ayy", "lmao"}})
+  if err := usermanager.UserUpdateProcessor(username, password, userID); err != nil {
+    templatehelpers.ShowError(err.Error(), ctx, "account")
     return
   }
 
-  // TODO success notifications
-
-  if err != nil {
-    ctx.Render("account_box.html", usermanager.PageUserParams{"1", err.Error(), "account", user.Username, user.Admin, []string{"ayy", "lmao"}}) // TODO dynamic
-  } else {
-    ctx.Render("account_box.html", usermanager.PageUserParams{"0", "", "account", user.Username, user.Admin, []string{"ayy", "lmao"}}) // TODO dynamic
-  }
 }
 
 func adminPostHandler(ctx *iris.Context) {
@@ -231,17 +228,11 @@ func templateHandler(ctx *iris.Context) {
     params = usermanager.PageUserParams{"0", "", template, user.Username, user.Admin, tokens}
   case "/login":
     template = "login"
-    params = usermanager.PageUserParams{"0", "", template, "", "0", []string{"ayy", "lmao"}}
+    params = usermanager.PageUserParams{"0", "", template, "", "0", []string{}}
   case "/register":
     template = "register"
     params = usermanager.PageUserParams{"0", "", template, "", "0", []string{}}
   }
 
-
-  // fmt.Println(ctx.RequestPath(false))
-
-  // fmt.Println(template)
-
   ctx.MustRender(template + "_box.html", params);
-
 }

static/css/narrow-jumbotron.css

@@ -95,6 +95,8 @@ body {
 
 .bg-danger {
   padding: 15px;
+  position: relative;
+  z-index: 1;
 }
 
 .row.marketing .col-lg-4 img {
@@ -155,6 +157,10 @@ textarea#tokens {
   left: calc(50% - 125px);
 }
 
+.bg-danger + .relcontainer #token {
+  top: 55px;
+}
+
 .btn-block {
   position: relative;
 }

templates/layouts/main.html

@@ -53,6 +53,15 @@
             {{ end }}
             </li>
             {{ end }}
+            {{ if ne .Username "" }}
+            <li class="nav-item">
+            {{ if eq .ReqDir "/logout"}} <!-- prolly never the case, TODO REMOVE ? -->
+            <a class="nav-link active" href="/logout">logout <span class="sr-only">(current)</span></a>
+            {{ else }}
+            <a class="nav-link" href="/logout">logout</a>
+            {{ end }}
+            </li>
+            {{ end }}
           </ul>
         </nav>
         <h3 class="text-muted">mmnx<sub>vpn</sub></h3>

templates/register_box.html

@@ -2,17 +2,11 @@
   <img id="token" src="/img/token.png" class="img-responsive" alt="token" title="token">
 </div>
 <form class="form-signin" action="/register" method="post">
-  <!--<h2 class="form-signin-heading">ayy</h2>-->
   <label for="input-token" class="sr-only">token</label>
   <input type="text" id="input-token" name="token" class="form-control" placeholder="token" required autofocus>
   <label for="input-username" class="sr-only">username</label>
-  <input type="text" id="input-username" name="username" class="form-control" placeholder="username" required>
+  <input type="text" id="input-username" name="username" class="form-control" placeholder="username">
   <label for="input-password" class="sr-only">passwort</label>
-  <input type="password" id="input-password" name="password" class="form-control" placeholder="password" required>
-  <!--<div class="checkbox">
-    <label>
-      <input type="checkbox" value="remember-me"> Remember me
-    </label>
-  </div> always remembering -->
+  <input type="password" id="input-password" name="password" class="form-control" placeholder="password">
   <button class="btn btn-lg btn-primary btn-block" type="submit">registrieren</button>
 </form>