You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
268 lines
6.7 KiB
268 lines
6.7 KiB
// author: phga
|
|
// backend for the portfolio
|
|
// docker-compose up -d
|
|
package main
|
|
|
|
import (
|
|
"encoding/json"
|
|
"fmt"
|
|
"html/template"
|
|
"path"
|
|
"strings"
|
|
|
|
"log"
|
|
"net/http"
|
|
|
|
"go.mongodb.org/mongo-driver/bson/primitive"
|
|
)
|
|
|
|
func main() {
|
|
http.HandleFunc("/login", handleLogin)
|
|
http.HandleFunc("/register", handleRegister)
|
|
|
|
http.HandleFunc("/", validateSession(handleIndex, ""))
|
|
http.HandleFunc("/database", validateSession(handleDatabase, ""))
|
|
http.HandleFunc("/linklist", validateSession(handleLinkList, ""))
|
|
http.HandleFunc("/admin_panel", validateSession(handleAdminPanel, "admin"))
|
|
|
|
http.HandleFunc("/logout", validateSession(handleLogout, ""))
|
|
// provide the inc directory to the useragent
|
|
http.HandleFunc("/static/", validateSession(handleStatic, ""))
|
|
// listen on port 8080 (I use nginx to proxy this local server)
|
|
log.Fatalln(http.ListenAndServe(":"+config.WebPort, nil))
|
|
}
|
|
|
|
// ---------------------------- HELPER TYPES -----------------------------------
|
|
|
|
type TmplData struct {
|
|
HeaderData interface{}
|
|
BodyData interface{}
|
|
}
|
|
|
|
// ------------------------- REQUEST HANDLING ----------------------------------
|
|
|
|
func handleStatic(w http.ResponseWriter, r *http.Request) {
|
|
http.StripPrefix("/static/", http.FileServer(http.Dir("../../web/static"))).ServeHTTP(w, r)
|
|
}
|
|
|
|
func handleIndex(w http.ResponseWriter, r *http.Request) {
|
|
// Parses all required html files to provide the actual html that is shipped.
|
|
t, _ := getTemplate("layouts/base.html", "main.html", "header.html")
|
|
currUser := r.Context().Value(currUserKey).(User)
|
|
td := TmplData{currUser, nil}
|
|
t.Execute(w, td)
|
|
}
|
|
|
|
func handleLinkList(w http.ResponseWriter, r *http.Request) {
|
|
currUser := r.Context().Value(currUserKey).(User)
|
|
if r.Method == http.MethodGet {
|
|
t, _ := getTemplate("layouts/base.html", "linklist.html", "header.html")
|
|
linkList := getLinksFromDatabase()
|
|
// Put linklist into template
|
|
td := TmplData{currUser, struct {
|
|
User User
|
|
Links []Link
|
|
}{currUser, linkList}}
|
|
t.Execute(w, td)
|
|
} else if r.Method == http.MethodPost {
|
|
// If not admin -> do nothing
|
|
if currUser.Role != "admin" {
|
|
w.WriteHeader(http.StatusForbidden)
|
|
return
|
|
}
|
|
if err := r.ParseForm(); err != nil {
|
|
log.Fatal(err)
|
|
}
|
|
url := r.PostForm.Get("url")
|
|
desc := r.PostForm.Get("description")
|
|
|
|
if !strings.HasPrefix(url, "http://") ||
|
|
!strings.HasPrefix(url, "https://") {
|
|
url = "https://" + url
|
|
}
|
|
|
|
if addLinkToDatabase(Link{primitive.NewObjectID(), url, desc}) {
|
|
w.Header().Set("Location", "/linklist")
|
|
w.WriteHeader(http.StatusFound)
|
|
}
|
|
} else if r.Method == http.MethodDelete {
|
|
// If not admin -> do nothing
|
|
if currUser.Role != "admin" {
|
|
w.WriteHeader(http.StatusForbidden)
|
|
return
|
|
}
|
|
d := json.NewDecoder(r.Body)
|
|
var link Link
|
|
err := d.Decode(&link)
|
|
if err != nil {
|
|
log.Println(err, r.Body)
|
|
}
|
|
if !deleteLinkFromDatabase(link.ID) {
|
|
w.WriteHeader(http.StatusInternalServerError)
|
|
return
|
|
}
|
|
w.WriteHeader(http.StatusOK)
|
|
}
|
|
}
|
|
|
|
func handleAdminPanel(w http.ResponseWriter, r *http.Request) {
|
|
if r.Method == http.MethodGet {
|
|
t, _ := getTemplate("layouts/base.html", "soon.html", "header.html")
|
|
currUser := r.Context().Value(currUserKey).(User)
|
|
td := TmplData{currUser, nil}
|
|
t.Execute(w, td)
|
|
}
|
|
}
|
|
|
|
func handleDatabase(w http.ResponseWriter, r *http.Request) {
|
|
if r.Method == http.MethodPatch {
|
|
currUser := r.Context().Value(currUserKey).(User)
|
|
if createMariaDbDatabasesForUser(currUser.UID) {
|
|
w.WriteHeader(http.StatusOK)
|
|
} else {
|
|
w.WriteHeader(http.StatusInternalServerError)
|
|
}
|
|
}
|
|
}
|
|
|
|
func handleRegister(w http.ResponseWriter, r *http.Request) {
|
|
if r.Method == http.MethodGet {
|
|
t, _ := getTemplate("layouts/base.html", "register.html")
|
|
|
|
err := t.Execute(w, nil)
|
|
if err != nil {
|
|
log.Println(err)
|
|
}
|
|
} else if r.Method == http.MethodPost {
|
|
if err := r.ParseForm(); err != nil {
|
|
log.Fatal(err)
|
|
}
|
|
email := r.PostForm.Get("email")
|
|
secret := r.PostForm.Get("secret")
|
|
|
|
if secret != config.UserCreationSecret {
|
|
w.WriteHeader(http.StatusForbidden)
|
|
return
|
|
}
|
|
|
|
// TESTING: Logging of entered credentials
|
|
log.Println("Attempt to create user -> Mail: ", email, " Secret: ", secret)
|
|
|
|
uid := generateUserID()
|
|
pw := generatePassword()
|
|
newUser := createUser(uid, email, pw, "")
|
|
|
|
if newUser == nil {
|
|
w.WriteHeader(http.StatusInternalServerError)
|
|
return
|
|
}
|
|
|
|
if !createMariaDbUser(uid, pw) {
|
|
w.WriteHeader(http.StatusInternalServerError)
|
|
return
|
|
}
|
|
|
|
if !createMariaDbDatabasesForUser(uid) {
|
|
w.WriteHeader(http.StatusInternalServerError)
|
|
return
|
|
}
|
|
|
|
log.Println(uid, " - ", pw)
|
|
|
|
subject := "Dein Account wurde erstellt"
|
|
mailTxt := `Hey,
|
|
|
|
viel Spaß beim Üben mit der Datenbank (:
|
|
|
|
Hier sind deine Zugangsdaten (Pack sie am besten gleich in deinen Password-Manager):
|
|
|
|
Username: %s
|
|
Password: %s
|
|
|
|
Webaccess: https://db.eeez.de
|
|
Server: db
|
|
|
|
Liebe Grüße,
|
|
|
|
Philip`
|
|
mailTxt = fmt.Sprintf(mailTxt, uid, pw)
|
|
sendMail(email, subject, mailTxt)
|
|
return
|
|
}
|
|
}
|
|
|
|
func handleLogin(w http.ResponseWriter, r *http.Request) {
|
|
if r.Method == http.MethodGet {
|
|
t, _ := getTemplate("layouts/base.html", "login.html")
|
|
|
|
lastURL := r.URL.Query().Get("r")
|
|
if len(lastURL) == 0 {
|
|
lastURL = "/"
|
|
}
|
|
td := TmplData{nil, struct{ RedirectTo string }{lastURL}}
|
|
|
|
err := t.Execute(w, td)
|
|
if err != nil {
|
|
log.Println(err)
|
|
}
|
|
|
|
} else if r.Method == http.MethodPost {
|
|
if err := r.ParseForm(); err != nil {
|
|
log.Fatal(err)
|
|
}
|
|
uid := r.PostForm.Get("username")
|
|
pw := r.PostForm.Get("password")
|
|
|
|
// TESTING: Logging of entered credentials
|
|
log.Println("UID: ", uid, " PW: ", pw)
|
|
|
|
var requestedUser *User
|
|
var err error
|
|
requestedUser, err = getUserByUID(uid)
|
|
if err != nil {
|
|
log.Println("No user with this id exists: ", uid)
|
|
w.WriteHeader(http.StatusForbidden)
|
|
return
|
|
}
|
|
|
|
success := checkCredentials(requestedUser, pw)
|
|
if success {
|
|
// IT IS IMPORTANT TO SET THE COOKIE BEFORE ANY OTHER OUTPUT TO W OCCURS
|
|
requestedUser.CurrSession = createSession()
|
|
updateSession(requestedUser)
|
|
setEncryptedCookie(w, requestedUser)
|
|
w.WriteHeader(http.StatusOK)
|
|
return
|
|
} else {
|
|
log.Println("Failed login attempt for user: ", uid)
|
|
w.WriteHeader(http.StatusForbidden)
|
|
return
|
|
}
|
|
}
|
|
}
|
|
|
|
func handleLogout(w http.ResponseWriter, r *http.Request) {
|
|
unsetCookie(w)
|
|
w.Header().Set("Location", "/")
|
|
w.WriteHeader(http.StatusFound)
|
|
}
|
|
|
|
// ------------------------- TEMPLATE HELPERS ----------------------------------
|
|
|
|
func getTemplate(files ...string) (*template.Template, error) {
|
|
tmplFolder := "../../web/templates/"
|
|
for i, f := range files {
|
|
files[i] = tmplFolder + f
|
|
}
|
|
// Name has to be the basename of at least one of the template files
|
|
t := template.New(path.Base(files[0]))
|
|
// Add custom helper funcs to template
|
|
t.Funcs(template.FuncMap{
|
|
"UnwrapOID": unwrapObjectID,
|
|
})
|
|
|
|
t, err := t.ParseFiles(files...)
|
|
|
|
return t, err
|
|
}
|