From c98e6b56bdd930ca42b10996f1a6d037bf69441f Mon Sep 17 00:00:00 2001
From: Vicente Ferrari Smith <vicenteferrarismith@gmail.com>
Date: Tue, 14 May 2024 11:50:23 +0000
Subject: [PATCH] git-svn-id: svn://losandesgames.com/alfheim-website@2
 15359d88-9307-4e75-a9c1-e5686e5897df

---
 account/index.html | 10 ++++---
 handlers.go        | 67 ++++++++++++++++++++++++++++++----------------
 models/models.go   | 16 ++++++++---
 static/style.css   | 10 +++++++
 4 files changed, 73 insertions(+), 30 deletions(-)

diff --git a/account/index.html b/account/index.html
index eccdfec..98141cd 100644
--- a/account/index.html
+++ b/account/index.html
@@ -1,6 +1,8 @@
 {{define "body"}}
-hello
-<div>{{.Username}}</div>
-<div>{{.Color}}</div>
-whut
+<div class="account-wrapper">
+	<div>Username: {{.Username}}</div>
+	<div>First name: {{.Firstname}}</div>
+	<div>Last name: {{.Lastname}}</div>
+	<div>Color: {{.Color}}</div>
+</div>
 {{end}}
diff --git a/handlers.go b/handlers.go
index 60c8bdd..4d4469b 100644
--- a/handlers.go
+++ b/handlers.go
@@ -4,10 +4,12 @@ import "fmt"
 import "log"
 import "net/http"
 import "html/template"
-import "strconv"
+//import "strconv"
 import "strings"
 import "unicode/utf8"
 import "alfheimgame/models"
+import "errors"
+import "runtime/debug"
 
 type templatedata struct {
 	Formerrors map[string]string
@@ -66,6 +68,7 @@ func login(w http.ResponseWriter, r *http.Request) {
 			}
 
 		case http.MethodPost:
+			session, _ := store.Get(r, "id");
 			logindata := LoginData{username: r.FormValue("username"), password: r.FormValue("password")}
 
 			errors := make(map[string]string)
@@ -90,6 +93,13 @@ func login(w http.ResponseWriter, r *http.Request) {
 					http.Error(w, "Internal Server Error", 500)
 				}
 			}
+
+			id, _ := users.Authenticate(logindata.username, logindata.password)
+			if id > 0 {
+				session.Values["id"] = id
+				session.Save(r, w)
+				http.Redirect(w, r, "/account", http.StatusSeeOther)
+			}
 	}
 }
 
@@ -143,30 +153,41 @@ func register(w http.ResponseWriter, r *http.Request) {
 }
 
 func account(w http.ResponseWriter, r *http.Request) {
-	id, err := strconv.Atoi(r.URL.Query().Get("id"))
-	if err != nil || id < 1 {
-		http.NotFound(w, r)
-		return
-	}
-	account, err := users.Get_account(int32(id));
-	if err != nil {
-		log.Fatal(err);
-	}
+	session, _ := store.Get(r, "id")
+	//id, err := strconv.Atoi(r.URL.Query().Get("id"))
+	//if err != nil || id < 1 {
+	//	http.NotFound(w, r)
+	//	return
+	//}
+	//account, err := users.Get_account(int32(id));
+	//if err != nil {
+	//	log.Fatal(err);
+	//}
 
-	text, err := template.ParseFiles("base.html", "account/index.html")
-	if err != nil {
-		http.Error(w, "Internal Server Error", 500)
-		log.Fatal(err)
-	}
+	id, ok := session.Values["id"].(int32)
+	if !ok {
+		trace := fmt.Sprintf("%s\n%s",  errors.New("type assertion to int32 failed").Error(), debug.Stack())
+		log.Println(trace)
+		http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)
+	} else {
+		account, err := users.Get_account(id)
+		fmt.Println(account)
 
-	switch r.Method {
-		case http.MethodGet:
-			text.Execute(w, account)
-			if err != nil {
-				log.Fatal(err)
-				http.Error(w, "Internal Server Error", 500)
-			}
-			fmt.Printf("executed");
+		text, err := template.ParseFiles("base.html", "account/index.html")
+
+		if err != nil {
+			http.Error(w, "Internal Server Error", 500)
+			log.Fatal(err)
+		}
+
+		switch r.Method {
+			case http.MethodGet:
+				text.Execute(w, account)
+				if err != nil {
+					log.Fatal(err)
+					http.Error(w, "Internal Server Error", 500)
+				}
+		}
 
 		//case http.MethodPost:
 		//	data := LoginData{username: r.FormValue("username"), password: r.FormValue("password")}
diff --git a/models/models.go b/models/models.go
index 9e83fd4..42c026b 100644
--- a/models/models.go
+++ b/models/models.go
@@ -5,6 +5,7 @@ import "time"
 import "golang.org/x/crypto/bcrypt"
 import "database/sql"
 import _ "github.com/lib/pq"
+import "fmt"
 
 var Errnorecord           = errors.New("no matching record found")
 var Errinvalidcredentials = errors.New("invalid credentials")
@@ -39,10 +40,11 @@ func (m *Usermodel) Insert(username string, password string, firstname string, l
 }
 
 func (m *Usermodel) Get_account(id int32) (Account, error) {
-	stmt := `SELECT id, username, password, color FROM accounts WHERE id = $1;`
+	stmt := `SELECT id, username, password, color, firstname, lastname, email, created FROM accounts WHERE id = $1;`
 	row := m.DB.QueryRow(stmt, id)
 	var account Account
-	err := row.Scan(&account.Id, &account.Username, &account.Password, &account.Color)
+	err := row.Scan(&account.Id, &account.Username, &account.Password, &account.Color, &account.Firstname, &account.Lastname, &account.Email, &account.Created)
+	fmt.Println(err)
 	if err == sql.ErrNoRows {
 		return Account{}, sql.ErrNoRows
 	} else if err != nil {
@@ -52,10 +54,18 @@ func (m *Usermodel) Get_account(id int32) (Account, error) {
 	return account, nil
 }
 
-func (m *Usermodel) Authenticate(username string, password string) (int, error) {
+func (m *Usermodel) Authenticate(username string, password string) (int32, error) {
 	var id int32
 	var hashedpassword []byte
 	row := m.DB.QueryRow("SELECT id, password FROM accounts WHERE username = $1", username)
 	err := row.Scan(&id, &hashedpassword)
+	err = bcrypt.CompareHashAndPassword(hashedpassword, []byte(password))
 
+	if err == bcrypt.ErrMismatchedHashAndPassword {
+		return 0, bcrypt.ErrMismatchedHashAndPassword
+	} else if err != nil {
+		return 0, err
+	}
+
+	return id, nil
 }
diff --git a/static/style.css b/static/style.css
index 52b771c..353d7a3 100644
--- a/static/style.css
+++ b/static/style.css
@@ -55,6 +55,16 @@ main {
 	margin-right: auto;
 }
 
+.account-wrapper {
+	background: transparent;
+	border: 2px solid white;
+	backdrop-filter: blur(20px);
+	box-shadow: 0 0 10px rgba(0, 0, 0, 0.2);
+	border-radius: 15px;
+	padding: 30px 40px;
+	font-size: x-large;
+}
+
 .wrapper {
 	background: transparent;
 	border: 2px solid white;