vfs/alfheim-website
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

git-svn-id: svn://losandesgames.com/alfheim-website@13 15359d88-9307-4e75-a9c1-e5686e5897df

Browse Source
This commit is contained in:
Vicente Ferrari Smith 2024-05-20 16:15:24 +00:00
parent e66a5aa872
commit 09c553609f
6 changed files with 114 additions and 41 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

74
handlers.go
View File

@ -13,18 +13,21 @@ import "strings";
import "unicode/utf8";
import "errors";
import "runtime/debug";
import "github.com/stripe/stripe-go/v78";
import "github.com/stripe/stripe-go/v78/price";
type templatedata struct {
AuthenticatedUser int32;
FormErrors map[string]string;
Account Account;
Prices []stripe.Price
}
func favicon(w http.ResponseWriter, r *http.Request) {
http.ServeFile(w, r, "favicon.ico");
}
func authenticated_user(r *http.Request) int32 {
func authenticated_user(w http.ResponseWriter, r *http.Request) int32 {
session, err := store.Get(r, "id");
if err != nil {
fmt.Println(err);
@ -39,6 +42,19 @@ func authenticated_user(r *http.Request) int32 {
return 0;
}
// check if the saved id exists in the database, otherwise it's a bad id and has to be removed from the cookies
exists := users.Exists_account(id);
if !exists {
session, _ := store.Get(r, "id");
session.Values["id"] = 0;
session.Save(r, w);
return 0;
}
return id;
}
@ -48,7 +64,7 @@ func home(w http.ResponseWriter, r *http.Request) {
return;
}
id := authenticated_user(r);
id := authenticated_user(w, r);
account, err := users.Get_account(id);
text, err := template.ParseFiles("ui/base.html", "ui/index.html");
@ -111,7 +127,7 @@ func login(w http.ResponseWriter, r *http.Request) {
if len(errors) > 0 {
err := text.Execute(w, templatedata{AuthenticatedUser: authenticated_user(r), FormErrors: errors});
err := text.Execute(w, templatedata{AuthenticatedUser: authenticated_user(w, r), FormErrors: errors});
if err != nil {
log.Fatal(err);
http.Error(w, "Internal Server Error", 500);
@ -123,7 +139,7 @@ func login(w http.ResponseWriter, r *http.Request) {
id, err := users.Authenticate(username, password);
if err == ErrInvalidCredentials {
errors["generic"] = "Email or Password is incorrect";
err := text.Execute(w, templatedata{AuthenticatedUser: authenticated_user(r), FormErrors: errors});
err := text.Execute(w, templatedata{AuthenticatedUser: authenticated_user(w, r), FormErrors: errors});
if err != nil {
log.Fatal(err);
http.Error(w, "Internal Server Error", 500);
@ -148,7 +164,7 @@ func logout(w http.ResponseWriter, r *http.Request) {
log.Fatal(err);
}
id := authenticated_user(r);
id := authenticated_user(w, r);
account, err := users.Get_account(id);
switch r.Method {
@ -161,9 +177,9 @@ func logout(w http.ResponseWriter, r *http.Request) {
}
case http.MethodPost:
session, _ := store.Get(r, "id");;
session, _ := store.Get(r, "id");
session.Values["id"] = 0;;
session.Values["id"] = 0;
session.Save(r, w);
http.Redirect(w, r, "/", http.StatusSeeOther);
}
@ -176,7 +192,7 @@ func register(w http.ResponseWriter, r *http.Request) {
log.Fatal(err);
}
id := authenticated_user(r);
id := authenticated_user(w, r);
account, err := users.Get_account(id);
switch r.Method {
@ -207,7 +223,7 @@ func register(w http.ResponseWriter, r *http.Request) {
if len(errors) > 0 {
err := text.Execute(w, templatedata{AuthenticatedUser: authenticated_user(r), FormErrors: errors});
err := text.Execute(w, templatedata{AuthenticatedUser: authenticated_user(w, r), FormErrors: errors});
if err != nil {
log.Fatal(err);
http.Error(w, "Internal Server Error", 500);
@ -237,11 +253,12 @@ func account(w http.ResponseWriter, r *http.Request) {
// log.Fatal(err);;
//};
id := authenticated_user(r);
id := authenticated_user(w, r);
account, err := users.Get_account(id);
text, err := template.ParseFiles("ui/base.html", "ui/account.html");
fmt.Println(id, account)
text, err := template.ParseFiles("ui/base.html", "ui/account.html");
if err != nil {
http.Error(w, "Internal Server Error", 500);
log.Fatal(err);
@ -256,7 +273,7 @@ func account(w http.ResponseWriter, r *http.Request) {
}
}
//case http.MethodPost:;
//case http.MethodPost:
// text.Execute(w, false);
// if err != nil {;
// log.Fatal(err);
@ -264,9 +281,9 @@ func account(w http.ResponseWriter, r *http.Request) {
// };
}
func deleteaccount(w http.ResponseWriter, r *http.Request) {;
func deleteaccount(w http.ResponseWriter, r *http.Request) {
id := authenticated_user(r);
id := authenticated_user(w, r);
switch r.Method {
case http.MethodPost:
@ -281,3 +298,32 @@ func deleteaccount(w http.ResponseWriter, r *http.Request) {;
http.Redirect(w, r, "/", http.StatusSeeOther);
}
}
func subscribe(w http.ResponseWriter, r *http.Request) {
id := authenticated_user(w, r);
account, err := users.Get_account(id);
params := &stripe.PriceListParams{};
params.Limit = stripe.Int64(3)
params.AddExpand("data.product");
results := price.List(params);
prices := make([]stripe.Price, 0);
for results.Next() {
fmt.Println(results.Current())
prices = append(prices, *results.Price());
}
text, err := template.ParseFiles("ui/base.html", "ui/subscribe.html");
if err != nil {
http.Error(w, "Internal Server Error", 500);
log.Fatal(err);
}
err = text.Execute(w, templatedata{AuthenticatedUser: id, Account: account, Prices: prices});
if err != nil {
log.Fatal(err);
http.Error(w, "Internal Server Error", 500);
}
}

26
main.go
View File

@ -24,31 +24,6 @@ var store = sessions.NewCookieStore(key);
var emailrx = regexp.MustCompile("/^[a-zA-Z0-9.!#$%&'*+\\/=?^_`{|}~-]+@[a-zA-Z0-9](?:[a-zA-Z0-9-]{0,61}[a-zA-Z0-9])?(?:\\.[a-zA-Z0-9](?:[a-zA-Z0-9-]{0,61}[a-zA-Z0-9])?)*$/");
func secure_headers(next http.Handler) http.Handler {;
fn := func(w http.ResponseWriter, r *http.Request) {;
w.Header().Set("X-XSS-Protection", "1; mode=block");
w.Header().Set("X-Frame-Options", "deny");
next.ServeHTTP(w, r);
}
return http.HandlerFunc(fn);
}
func require_authenticated_user(next http.HandlerFunc) http.HandlerFunc {
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
// If the user is not authenticated, redirect them to the login page and;
// return from the middleware chain so that no subsequent handlers in;
// the chain are executed.;
if authenticated_user(r) == 0 {
http.Redirect(w, r, "/login", http.StatusSeeOther);
return;
}
// Otherwise call the next handler in the chain.;
next.ServeHTTP(w, r);
});
}
func main() {
addr := flag.String("addr", ":8080", "HTTP network address");
flag.Parse();
@ -103,6 +78,7 @@ func main() {
mux.HandleFunc("/register", register);
mux.HandleFunc("/account", require_authenticated_user(account));
mux.HandleFunc("/deleteaccount", require_authenticated_user(deleteaccount));
mux.HandleFunc("/subscribe", subscribe);
log.Fatal(http.ListenAndServe(*addr, secure_headers(mux)));

28
middleware.go Normal file
View File

@ -0,0 +1,28 @@
package main;
import "net/http";
func secure_headers(next http.Handler) http.Handler {
fn := func(w http.ResponseWriter, r *http.Request) {
w.Header().Set("X-XSS-Protection", "1; mode=block");
w.Header().Set("X-Frame-Options", "deny");
next.ServeHTTP(w, r);
}
return http.HandlerFunc(fn);
}
func require_authenticated_user(next http.HandlerFunc) http.HandlerFunc {
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
// If the user is not authenticated, redirect them to the login page and;
// return from the middleware chain so that no subsequent handlers in;
// the chain are executed.;
if authenticated_user(w, r) == 0 {
http.Redirect(w, r, "/login", http.StatusSeeOther);
return;
}
// Otherwise call the next handler in the chain.;
next.ServeHTTP(w, r);
});
}

18
models.go
View File

@ -45,8 +45,8 @@ func (m *Usermodel) Insert(username string, password string, firstname string, l
row := m.DB.QueryRow(stmt, username, string(hashedpassword), firstname, lastname, email);
if row.Err() != nil {
fmt.Println(err);
return err;
fmt.Println(row.Err());
return row.Err();
}
err = row.Scan(&insertid);
@ -129,3 +129,17 @@ func (m *Usermodel) Authenticate(username string, password string) (int32, error
return id, nil;
}
func (m *Usermodel) Exists_account(id int32) bool {
var exists bool;
stmt := `SELECT EXISTS(SELECT 1 FROM accounts WHERE id = $1);`;
row := m.DB.QueryRow(stmt, id);
if row.Err() != nil {
fmt.Println(row.Err());
}
row.Scan(&exists);
fmt.Println(exists);
return exists;
}

2
ui/base.html
View File

@ -19,6 +19,8 @@
<nav>
<a href="/"><h1 class="maintitle">Alfheim</h1></a>
<div class="navbuttons">
<a href="/subscribe"><div class="loginbutton"><strong>Subscribe</strong></div></a>
{{if .AuthenticatedUser}}
<a href="/account"><div class="loginbutton"><strong>Account</strong></div></a>
<a href="/logout"><div class="loginbutton"><strong>Log out</strong></div></a>

7
ui/subscribe.html Normal file
View File

@ -0,0 +1,7 @@
{{define "body"}}
{{range .Prices}}
<div class="wrapper">
{{.}}
</div>
{{end}}
{{end}}