add working signup + login

This commit is contained in:
sam 2023-09-04 03:33:13 +02:00
parent bc85b7c340
commit d8cb8c8fa8
Signed by: sam
GPG key ID: B4EF20DDE721CAA1
27 changed files with 600 additions and 39 deletions

View file

@ -24,3 +24,7 @@ body {
flex-direction: column; flex-direction: column;
} }
} }
.hidden {
display: none;
}

View file

@ -30,7 +30,7 @@ func run(c *cli.Context) error {
return errors.Wrap(err, "creating postgres database") return errors.Wrap(err, "creating postgres database")
} }
a, err := app.NewApp(cfg, db) a, err := app.NewApp(c.Context, cfg, db)
if err != nil { if err != nil {
return errors.Wrap(err, "creating app") return errors.Wrap(err, "creating app")
} }

View file

@ -39,7 +39,7 @@ func run(c *cli.Context) error {
return errors.Wrap(err, "creating postgres database") return errors.Wrap(err, "creating postgres database")
} }
a, err := app.NewApp(cfg, db) a, err := app.NewApp(c.Context, cfg, db)
if err != nil { if err != nil {
return errors.Wrap(err, "creating app") return errors.Wrap(err, "creating app")
} }

8
config.example.toml Normal file
View file

@ -0,0 +1,8 @@
[core]
postgres = "postgresql://mercury:password@localhost/mercury"
dev = true
secret_key = "" # generate with `openssl rand -base64 48`
[web]
domain = "http://mercury.local"
port = 8000

View file

@ -16,4 +16,5 @@ type WebConfig struct {
type CoreConfig struct { type CoreConfig struct {
Postgres string `toml:"postgres"` Postgres string `toml:"postgres"`
Dev bool `toml:"dev"` Dev bool `toml:"dev"`
SecretKey string `toml:"secret_key"`
} }

1
go.mod
View file

@ -9,6 +9,7 @@ require (
github.com/georgysavva/scany/v2 v2.0.0 github.com/georgysavva/scany/v2 v2.0.0
github.com/go-chi/chi/v5 v5.0.8 github.com/go-chi/chi/v5 v5.0.8
github.com/go-chi/render v1.0.2 github.com/go-chi/render v1.0.2
github.com/golang-jwt/jwt/v4 v4.5.0
github.com/jackc/pgx/v5 v5.0.0 github.com/jackc/pgx/v5 v5.0.0
github.com/keegancsmith/sqlf v1.1.1 github.com/keegancsmith/sqlf v1.1.1
github.com/oklog/ulid/v2 v2.1.0 github.com/oklog/ulid/v2 v2.1.0

2
go.sum
View file

@ -138,6 +138,8 @@ github.com/gofrs/flock v0.8.1 h1:+gYjHKf32LDeiEEFhQaotPbLuUXjY5ZqxKgXy7n59aw=
github.com/gogo/protobuf v1.1.1/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7atdtwQ= github.com/gogo/protobuf v1.1.1/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7atdtwQ=
github.com/gogo/protobuf v1.2.1/go.mod h1:hp+jE20tsWTFYpLwKvXlhS1hjn+gTNwPg2I6zVXpSg4= github.com/gogo/protobuf v1.2.1/go.mod h1:hp+jE20tsWTFYpLwKvXlhS1hjn+gTNwPg2I6zVXpSg4=
github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q= github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q=
github.com/golang-jwt/jwt/v4 v4.5.0 h1:7cYmW1XlMY7h7ii7UhUyChSgS5wUJEnm9uZVTGqOWzg=
github.com/golang-jwt/jwt/v4 v4.5.0/go.mod h1:m21LjoU+eqJr34lmDMbreY2eSTRJ1cv77w39/MY0Ch0=
github.com/golang-sql/civil v0.0.0-20190719163853-cb61b32ac6fe/go.mod h1:8vg3r2VgvsThLBIFL93Qb5yWzgyZWhEmBwUJWevAkK0= github.com/golang-sql/civil v0.0.0-20190719163853-cb61b32ac6fe/go.mod h1:8vg3r2VgvsThLBIFL93Qb5yWzgyZWhEmBwUJWevAkK0=
github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q= github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q=
github.com/golang/groupcache v0.0.0-20190129154638-5b532d6fd5ef/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= github.com/golang/groupcache v0.0.0-20190129154638-5b532d6fd5ef/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=

View file

@ -0,0 +1,30 @@
package concurrent
import "sync"
// Value is a struct providing concurrent access to another type.
// Note: T should be a concrete type, not a pointer.
type Value[T any] struct {
val T
mu sync.RWMutex
}
func NewValue[T any](value T) *Value[T] {
return &Value[T]{
val: value,
}
}
func (v *Value[T]) Get() T {
v.mu.RLock()
val := v.val
v.mu.RUnlock()
return val
}
func (v *Value[T]) Set(new T) {
v.mu.Lock()
v.val = new
v.mu.Unlock()
}

View file

@ -5,6 +5,10 @@ import "github.com/oklog/ulid/v2"
type Config struct { type Config struct {
Name string Name string
AdminID *ulid.ULID AdminID *ulid.ULID
InternalApplication *ulid.ULID
// ID is always 1
ID int
} }
var DefaultConfig = Config{ var DefaultConfig = Config{

View file

@ -38,7 +38,31 @@ create table posts (
visibility post_visibility not null visibility post_visibility not null
); );
create table applications (
id text primary key,
name text not null
);
create table tokens (
id text primary key,
app_id text not null references applications (id) on delete cascade,
user_id text not null references accounts (id) on delete cascade,
scopes text[] not null default array[]::text[],
expires timestamptz not null
);
create table config (
id int primary key not null default 1,
name text not null, -- instance name
admin_id text references blogs (id) on delete set null, -- admin contact
internal_application text references applications (id) on delete set null,
constraint singleton check (id = 1) -- only one config table entry
);
-- +migrate Down -- +migrate Down
drop table config;
drop table tokens;
drop table applications;
drop table accounts; drop table accounts;
drop table blogs; drop table blogs;
drop table posts; drop table posts;

View file

@ -37,8 +37,13 @@ func (s *AccountStore) ByID(ctx context.Context, id ulid.ULID) (a database.Accou
} }
// ByUsername gets an account by its username. // ByUsername gets an account by its username.
func (s *AccountStore) ByUsername(ctx context.Context, username string, host *string) (a database.Account, err error) { func (s *AccountStore) ByUsername(ctx context.Context, username, domain string) (a database.Account, err error) {
q := sqlf.Sprintf("SELECT * FROM accounts WHERE username = %s AND host = %v", username, host) q := sqlf.Sprintf("SELECT * FROM accounts WHERE username = %s", username)
if domain == "" {
q = sqlf.Sprintf("%v AND domain IS NULL", q)
} else {
q = sqlf.Sprintf("%v AND domain = %s", q, domain)
}
a, err = Get[database.Account](ctx, s.q, q) a, err = Get[database.Account](ctx, s.q, q)
if err != nil { if err != nil {
@ -64,7 +69,7 @@ func (s *AccountStore) CreateLocal(
} }
q := sqlf.Sprintf( q := sqlf.Sprintf(
"INSERT INTO accounts (id, username, host, email, password) VALUES (%s, %v, NULL, %v, %v) RETURNING *", "INSERT INTO accounts (id, username, domain, email, password) VALUES (%s, %v, NULL, %v, %v) RETURNING *",
makeULID(), username, email, hash) makeULID(), username, email, hash)
a, err = Get[database.Account](ctx, s.q, q) a, err = Get[database.Account](ctx, s.q, q)

View file

@ -0,0 +1,51 @@
package sql
import (
"context"
"emperror.dev/errors"
"git.sleepycat.moe/sam/mercury/internal/database"
"github.com/keegancsmith/sqlf"
)
// ConfigStore is the interface to configs in the database.
type ConfigStore struct {
q Querier
}
// NewConfigStore creates a new ConfigStore instance.
func NewConfigStore(q Querier) *ConfigStore {
return &ConfigStore{q: q}
}
func (s *ConfigStore) initConfig(ctx context.Context) error {
q := sqlf.Sprintf(`INSERT INTO config
(id, name)
VALUES (1, %s)
ON CONFLICT (id) DO NOTHING`, database.DefaultConfig.Name)
err := Exec(ctx, s.q, q)
return errors.Wrap(err, "executing query")
}
func (s *ConfigStore) Get(ctx context.Context) (database.Config, error) {
q := sqlf.Sprintf("SELECT * FROM config WHERE id = 1")
return Get[database.Config](ctx, s.q, q)
}
func (s *ConfigStore) Set(ctx context.Context, cur, new database.Config) (database.Config, error) {
q := sqlf.Sprintf("UPDATE config SET")
if cur.Name != new.Name {
q = sqlf.Sprintf("%v name = %v,", q, new.Name)
}
if cur.AdminID != new.AdminID {
q = sqlf.Sprintf("%v admin_id = %v,", q, new.AdminID)
}
if cur.InternalApplication != new.InternalApplication {
q = sqlf.Sprintf("%v internal_application = %v,", q, new.InternalApplication)
}
q = sqlf.Sprintf("%v id = %v WHERE id = %v RETURNING *", q, cur.ID, cur.ID)
return Get[database.Config](ctx, s.q, q)
}

View file

@ -5,6 +5,7 @@ import (
"context" "context"
"emperror.dev/errors" "emperror.dev/errors"
"git.sleepycat.moe/sam/mercury/internal/database"
"github.com/jackc/pgx/v5/pgxpool" "github.com/jackc/pgx/v5/pgxpool"
"github.com/oklog/ulid/v2" "github.com/oklog/ulid/v2"
) )
@ -24,9 +25,55 @@ func NewBase(ctx context.Context, connString string) (*Base, error) {
base := &Base{ base := &Base{
pool: pool, pool: pool,
} }
// create configuration
if err := base.initSingletons(ctx); err != nil {
return nil, errors.Wrap(err, "initializing configuration")
}
return base, nil return base, nil
} }
func (base *Base) initSingletons(ctx context.Context) error {
err := NewConfigStore(base.pool).initConfig(ctx)
if err != nil {
return errors.Wrap(err, "initializing configuration")
}
cfg, err := NewConfigStore(base.pool).Get(ctx)
if err != nil {
return errors.Wrap(err, "getting configuration")
}
if cfg.InternalApplication == nil {
tx, err := base.BeginTx(ctx)
if err != nil {
return errors.Wrap(err, "creating transaction")
}
defer tx.Rollback(ctx)
app, err := NewTokenStore(tx).CreateApplication(ctx, database.InternalApplicationName)
if err != nil {
return errors.Wrap(err, "creating internal application")
}
newCfg := cfg
newCfg.InternalApplication = &app.ID
cfg, err = NewConfigStore(tx).Set(ctx, cfg, newCfg)
if err != nil {
return errors.Wrap(err, "updating configuration")
}
err = tx.Commit(ctx)
if err != nil {
return errors.Wrap(err, "committing transaction")
}
}
return nil
}
// Acquire acquires a connection from the database pool. // Acquire acquires a connection from the database pool.
// It is the caller's responsibility to call the Release method. // It is the caller's responsibility to call the Release method.
func (base *Base) Acquire(ctx context.Context) (ReleaseableQuerier, error) { func (base *Base) Acquire(ctx context.Context) (ReleaseableQuerier, error) {

View file

@ -48,3 +48,8 @@ func Get[T any](ctx context.Context, querier Querier, query *sqlf.Query) (T, err
} }
return dst, nil return dst, nil
} }
func Exec(ctx context.Context, querier Querier, query *sqlf.Query) error {
_, err := querier.Exec(ctx, query.Query(sqlf.PostgresBindVar), query.Args()...)
return err
}

View file

@ -0,0 +1,52 @@
package sql
import (
"context"
"time"
"emperror.dev/errors"
"git.sleepycat.moe/sam/mercury/internal/database"
"github.com/keegancsmith/sqlf"
"github.com/oklog/ulid/v2"
)
// TokenStore is the interface to tokens in the database.
type TokenStore struct {
q Querier
}
// NewTokenStore creates a new TokenStore instance.
func NewTokenStore(q Querier) *TokenStore {
return &TokenStore{q: q}
}
func (s *TokenStore) Get(ctx context.Context, id ulid.ULID) (database.Token, error) {
q := sqlf.Sprintf("SELECT * FROM tokens WHERE id = %s", id)
t, err := Get[database.Token](ctx, s.q, q)
return t, errors.Wrap(err, "executing query")
}
func (s *TokenStore) GetApplication(ctx context.Context, id ulid.ULID) (database.Application, error) {
q := sqlf.Sprintf("SELECT * FROM applications WHERE id = %s", id)
app, err := Get[database.Application](ctx, s.q, q)
return app, errors.Wrap(err, "executing query")
}
func (s *TokenStore) Create(ctx context.Context, userID, appID ulid.ULID, scopes []string, expires time.Time) (database.Token, error) {
q := sqlf.Sprintf(`INSERT INTO tokens
(id, user_id, app_id, scopes, expires)
values (%s, %s, %s, %v, %v)
RETURNING *`, makeULID(), userID, appID, scopes, expires)
t, err := Get[database.Token](ctx, s.q, q)
return t, errors.Wrap(err, "executing query")
}
func (s *TokenStore) CreateApplication(ctx context.Context, name string) (database.Application, error) {
q := sqlf.Sprintf("INSERT INTO applications (id, name) VALUES (%s, %s) RETURNING *", makeULID(), name)
app, err := Get[database.Application](ctx, s.q, q)
return app, errors.Wrap(err, "executing query")
}

View file

@ -0,0 +1,45 @@
package database
import (
"time"
"github.com/golang-jwt/jwt/v4"
"github.com/oklog/ulid/v2"
)
const InternalApplicationName = "mercury_internal"
const TokenCookieName = "mercury_token"
type Application struct {
ID ulid.ULID
Name string
}
type Token struct {
ID ulid.ULID
AppID ulid.ULID
UserID ulid.ULID
Scopes []string
Expires time.Time
}
func (t Token) ToClaims() TokenClaims {
createdAt := ulid.Time(t.ID.Time())
return TokenClaims{
TokenID: t.ID,
UserID: t.UserID,
RegisteredClaims: jwt.RegisteredClaims{
Issuer: "mercury",
ExpiresAt: jwt.NewNumericDate(t.Expires),
IssuedAt: jwt.NewNumericDate(createdAt),
NotBefore: jwt.NewNumericDate(createdAt),
},
}
}
type TokenClaims struct {
TokenID ulid.ULID `json:"jti"`
UserID ulid.ULID `json:"sub"`
jwt.RegisteredClaims
}

View file

@ -1,8 +1,13 @@
package app package app
import ( import (
"context"
"encoding/base64"
"emperror.dev/errors" "emperror.dev/errors"
"git.sleepycat.moe/sam/mercury/config" "git.sleepycat.moe/sam/mercury/config"
"git.sleepycat.moe/sam/mercury/internal/concurrent"
"git.sleepycat.moe/sam/mercury/internal/database"
"git.sleepycat.moe/sam/mercury/internal/database/sql" "git.sleepycat.moe/sam/mercury/internal/database/sql"
"git.sleepycat.moe/sam/mercury/web/templates" "git.sleepycat.moe/sam/mercury/web/templates"
"github.com/flosch/pongo2/v6" "github.com/flosch/pongo2/v6"
@ -10,31 +15,54 @@ import (
"github.com/go-chi/chi/v5/middleware" "github.com/go-chi/chi/v5/middleware"
) )
const (
ErrSecretKeyEmpty = errors.Sentinel("core.secret_key cannot be empty")
)
type App struct { type App struct {
Router chi.Router Router chi.Router
Config config.Config AppConfig config.Config
DBConfig *concurrent.Value[database.Config]
Database *sql.Base Database *sql.Base
tmpl *pongo2.TemplateSet tmpl *pongo2.TemplateSet
tokenKey []byte
} }
func NewApp(cfg config.Config, db *sql.Base) (*App, error) { func NewApp(ctx context.Context, cfg config.Config, db *sql.Base) (*App, error) {
app := &App{ app := &App{
Router: chi.NewRouter(), Router: chi.NewRouter(),
Config: cfg, AppConfig: cfg,
Database: db, Database: db,
} }
if cfg.Core.SecretKey == "" {
return nil, ErrSecretKeyEmpty
}
tokenKey, err := base64.RawStdEncoding.DecodeString(cfg.Core.SecretKey)
if err != nil {
return nil, errors.Wrap(err, "decoding core.secret_key")
}
app.tokenKey = tokenKey
tmpl, err := templates.New(cfg.Core.Dev) tmpl, err := templates.New(cfg.Core.Dev)
if err != nil { if err != nil {
return nil, errors.Wrap(err, "creating templates") return nil, errors.Wrap(err, "creating templates")
} }
app.tmpl = tmpl app.tmpl = tmpl
if cfg.Core.Dev {
app.Router.Use(app.Logger) app.Router.Use(app.Logger)
}
app.Router.Use(middleware.Recoverer) app.Router.Use(middleware.Recoverer)
dbCfg, err := app.Config().Get(ctx)
if err != nil {
return nil, errors.Wrap(err, "getting database config")
}
app.DBConfig = concurrent.NewValue(dbCfg)
return app, nil return app, nil
} }
@ -52,9 +80,23 @@ func (a *App) Blog(q ...sql.Querier) *sql.BlogStore {
return sql.NewBlogStore(q[0]) return sql.NewBlogStore(q[0])
} }
func (a *App) Config(q ...sql.Querier) *sql.ConfigStore {
if len(q) == 0 || q[0] == nil {
return sql.NewConfigStore(a.Database.PoolQuerier())
}
return sql.NewConfigStore(q[0])
}
func (a *App) Post(q ...sql.Querier) *sql.PostStore { func (a *App) Post(q ...sql.Querier) *sql.PostStore {
if len(q) == 0 || q[0] == nil { if len(q) == 0 || q[0] == nil {
return sql.NewPostStore(a.Database.PoolQuerier()) return sql.NewPostStore(a.Database.PoolQuerier())
} }
return sql.NewPostStore(q[0]) return sql.NewPostStore(q[0])
} }
func (a *App) Token(q ...sql.Querier) *sql.TokenStore {
if len(q) == 0 || q[0] == nil {
return sql.NewTokenStore(a.Database.PoolQuerier())
}
return sql.NewTokenStore(q[0])
}

View file

@ -29,7 +29,7 @@ func (a *App) Logger(next http.Handler) http.Handler {
} }
// log end request // log end request
log.Info(). log.Debug().
Timestamp(). Timestamp().
Str("remote_ip", r.RemoteAddr). Str("remote_ip", r.RemoteAddr).
Str("url", r.URL.Path). Str("url", r.URL.Path).

View file

@ -14,6 +14,7 @@ func (app *App) Template(w http.ResponseWriter, r *http.Request, tmplName string
} }
tctx := pongo2.Context{ tctx := pongo2.Context{
"config": app.DBConfig.Get(),
"flash_message": app.getFlash(w, r), "flash_message": app.getFlash(w, r),
} }
tctx.Update(ctx) tctx.Update(ctx)

41
web/app/token.go Normal file
View file

@ -0,0 +1,41 @@
package app
import (
"context"
"fmt"
"emperror.dev/errors"
"git.sleepycat.moe/sam/mercury/internal/database"
"github.com/golang-jwt/jwt/v4"
)
func (app *App) TokenToJWT(token database.Token) (string, error) {
t := jwt.NewWithClaims(jwt.SigningMethodHS256, token.ToClaims())
return t.SignedString(app.tokenKey)
}
func (app *App) ParseToken(ctx context.Context, token string) (t database.Token, err error) {
parsed, err := jwt.ParseWithClaims(token, &database.TokenClaims{}, func(t *jwt.Token) (interface{}, error) {
if _, ok := t.Method.(*jwt.SigningMethodHMAC); !ok {
return nil, fmt.Errorf(`unexpected signing method "%v"`, t.Header["alg"])
}
return app.tokenKey, nil
})
if err != nil {
return t, errors.Wrap(err, "parsing token")
}
c, ok := parsed.Claims.(*database.TokenClaims)
if !ok || !parsed.Valid {
return t, fmt.Errorf("unknown claims type %T", parsed.Claims)
}
t, err = app.Token().Get(ctx, c.TokenID)
if err != nil {
return t, errors.Wrap(err, "getting token from database")
}
return t, nil
}

View file

@ -1,11 +1,92 @@
package auth package auth
import ( import (
"math"
"net/http" "net/http"
"time"
"git.sleepycat.moe/sam/mercury/internal/database"
"github.com/flosch/pongo2/v6" "github.com/flosch/pongo2/v6"
"github.com/rs/zerolog/log"
) )
func (app *Auth) GetLogin(w http.ResponseWriter, r *http.Request) { func (app *Auth) GetLogin(w http.ResponseWriter, r *http.Request) {
app.Template(w, r, "auth/login.tpl", pongo2.Context{}) app.Template(w, r, "auth/login.tpl", pongo2.Context{
"totp": false,
})
}
func (app *Auth) PostLogin(w http.ResponseWriter, r *http.Request) {
ctx := r.Context()
username := r.FormValue("username")
password := r.FormValue("password")
if username == "" {
app.Flash(w, "Username cannot be empty.")
app.Template(w, r, "auth/login.tpl", pongo2.Context{
"totp": false,
"flash_message": "Username cannot be empty.",
})
return
} else if password == "" {
app.Flash(w, "Password cannot be empty.")
app.Template(w, r, "auth/login.tpl", pongo2.Context{
"totp": false,
"flash_message": "Password cannot be empty.",
})
return
}
conn, err := app.Database.Acquire(ctx)
if err != nil {
log.Err(err).Msg("acquiring database connection")
return
}
defer conn.Release()
acct, err := app.Account(conn).ByUsername(ctx, username, "")
if err != nil {
log.Err(err).Msg("finding account")
app.Flash(w, "Username or password is invalid.")
app.Template(w, r, "auth/login.tpl", pongo2.Context{
"totp": false,
"flash_message": "Username or password is invalid.",
})
return
}
passwordValid, _ := acct.PasswordValid(password)
if !passwordValid {
app.Template(w, r, "auth/login.tpl", pongo2.Context{
"totp": false,
"flash_message": "Username or password is invalid.",
})
return
}
// TODO: totp
// create a new token
token, err := app.Token(conn).Create(
ctx, acct.ID, *app.DBConfig.Get().InternalApplication, []string{"all"}, time.Now().Add(math.MaxInt64))
if err != nil {
log.Err(err).Msg("creating token")
return
}
ts, err := app.TokenToJWT(token)
if err != nil {
log.Err(err).Msg("signing token string")
return
}
http.SetCookie(w, &http.Cookie{
Name: database.TokenCookieName,
Value: ts,
Path: "/",
Expires: token.Expires,
})
http.Redirect(w, r, "/web", http.StatusSeeOther)
} }

67
web/auth/signup.go Normal file
View file

@ -0,0 +1,67 @@
package auth
import (
"net/http"
"git.sleepycat.moe/sam/mercury/internal/database/sql"
"github.com/flosch/pongo2/v6"
"github.com/rs/zerolog/log"
)
func (app *Auth) GetSignup(w http.ResponseWriter, r *http.Request) {
app.Template(w, r, "auth/signup.tpl", pongo2.Context{})
}
func (app *Auth) PostSignup(w http.ResponseWriter, r *http.Request) {
ctx := r.Context()
username := r.FormValue("username")
email := r.FormValue("email")
password := r.FormValue("password")
password2 := r.FormValue("repeat_password")
if username == "" {
app.Template(w, r, "auth/signup.tpl", pongo2.Context{"flash_message": "Username cannot be empty."})
return
} else if password == "" {
app.Template(w, r, "auth/signup.tpl", pongo2.Context{"flash_message": "Password cannot be empty."})
return
} else if password != password2 {
app.Template(w, r, "auth/signup.tpl", pongo2.Context{"flash_message": "Passwords don't match."})
return
} else if email == "" {
app.Template(w, r, "auth/signup.tpl", pongo2.Context{"flash_message": "Email address cannot be empty."})
return
}
tx, err := app.Database.BeginTx(ctx)
if err != nil {
log.Err(err).Msg("acquiring database connection")
return
}
defer tx.Rollback(ctx)
acct, err := app.Account(tx).CreateLocal(ctx, username, email, []byte(password))
if err != nil {
if err == sql.ErrUsernameTaken {
app.Template(w, r, "auth/signup.tpl", pongo2.Context{"flash_message": "Username is already taken."})
return
}
log.Err(err).Msg("creating account")
return
}
_, err = app.Blog(tx).Create(ctx, acct.ID, username)
if err != nil {
log.Err(err).Msg("creating blog")
return
}
err = tx.Commit(ctx)
if err != nil {
log.Err(err).Msg("committing transaction")
return
}
app.Flash(w, "Successfully created account!")
http.Redirect(w, r, "/auth/login", http.StatusSeeOther)
}

View file

@ -34,7 +34,7 @@ func New(app *app.App) *Frontend {
App: app, App: app,
} }
if app.Config.Core.Dev { if app.AppConfig.Core.Dev {
glue, err := vueglue.NewVueGlue(&vueglue.ViteConfig{ glue, err := vueglue.NewVueGlue(&vueglue.ViteConfig{
Environment: "development", Environment: "development",
AssetsPath: "frontend", AssetsPath: "frontend",
@ -100,7 +100,7 @@ func (app *Frontend) ServeFrontend(w http.ResponseWriter, r *http.Request) {
} }
func (app *Frontend) ServeStaticAssets(w http.ResponseWriter, r *http.Request) { func (app *Frontend) ServeStaticAssets(w http.ResponseWriter, r *http.Request) {
if app.Config.Core.Dev { if app.AppConfig.Core.Dev {
// TODO: this is unsafe // TODO: this is unsafe
path := filepath.Join("web/frontend/assets/", chi.URLParam(r, "*")) path := filepath.Join("web/frontend/assets/", chi.URLParam(r, "*"))
http.ServeFile(w, r, path) http.ServeFile(w, r, path)

View file

@ -12,13 +12,19 @@ func Routes(app *app.App) {
app.Router.Route("/auth", func(r chi.Router) { app.Router.Route("/auth", func(r chi.Router) {
auth := auth.New(app) auth := auth.New(app)
r.Get("/login", auth.GetLogin) r.Get("/login", auth.GetLogin)
r.Post("/login", auth.PostLogin)
r.Get("/sign_up", auth.GetSignup)
r.Post("/sign_up", auth.PostSignup)
}) })
// web app handlers // web app handlers
// also assets // also assets
app.Router.Group(func(r chi.Router) {
frontend := frontend.New(app) frontend := frontend.New(app)
app.Router.HandleFunc(frontend.AssetsPath(), frontend.ServeAssets) r.HandleFunc(frontend.AssetsPath(), frontend.ServeAssets)
app.Router.HandleFunc("/static/*", frontend.ServeStaticAssets) r.HandleFunc("/static/*", frontend.ServeStaticAssets)
app.Router.HandleFunc("/web", frontend.ServeFrontend) r.HandleFunc("/web", frontend.ServeFrontend)
app.Router.HandleFunc("/web/*", frontend.ServeFrontend) r.HandleFunc("/web/*", frontend.ServeFrontend)
})
} }

View file

@ -1,9 +1,13 @@
{% extends 'base.tpl' %} {% extends 'base.tpl' %}
{% block title %} {% block title %}
Log in Log in • {{ config.Name }}
{% endblock %} {% endblock %}
{% block content %} {% block content %}
<div class="auth"> <div class="auth">
{% if flash_message %}
<p>{{ flash_message }}</p>
{% endif %}
{% if not totp %}
<form method="post"> <form method="post">
<p> <p>
<label for="username">Username</label> <label for="username">Username</label>
@ -15,5 +19,15 @@
</p> </p>
<input type="submit" value="Log in" /> <input type="submit" value="Log in" />
</form> </form>
{% else %}
<form method="post">
<p>
<label for="totp_code">Two-factor authentication code</label>
<input type="text" name="totp_code" />
</p>
<input type="text" name="totp_ticket" value="{{ totp_ticket }}" disabled />
<input type="submit" value="Log in" />
</form>
{% endif %}
</div> </div>
{% endblock %} {% endblock %}

View file

@ -0,0 +1,30 @@
{% extends 'base.tpl' %}
{% block title %}
Sign up &bull; {{ config.Name }}
{% endblock %}
{% block content %}
<div class="auth">
{% if flash_message %}
<p>{{ flash_message }}</p>
{% endif %}
<form method="post">
<p>
<label for="username">Username</label>
<input type="text" name="username" />
</p>
<p>
<label for="username">Email</label>
<input type="email" name="email" />
</p>
<p>
<label for="username">Password</label>
<input type="password" name="password" />
</p>
<p>
<label for="username">Repeat password</label>
<input type="password" name="repeat_password" />
</p>
<input type="submit" value="Sign up" />
</form>
</div>
{% endblock %}

View file

@ -4,7 +4,7 @@
<meta charset="UTF-8"> <meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0"> <meta name="viewport" content="width=device-width, initial-scale=1.0">
<link rel="stylesheet" type="text/css" href="/static/css/style.css" /> <link rel="stylesheet" type="text/css" href="/static/css/style.css" />
<title>{% block title %}Mercury{% endblock %}</title> <title>{% block title %}{{ config.Name }}{% endblock %}</title>
</head> </head>
<body> <body>
{% block content %} {% block content %}