tulip/server/login.go

package server

import (
	"database/sql"
	"errors"
	"github.com/1f349/tulip/database"
	"github.com/1f349/tulip/pages"
	"github.com/google/uuid"
	"github.com/julienschmidt/httprouter"
	"golang.org/x/crypto/bcrypt"
	"net/http"
	"net/url"
)

func (h *HttpServer) LoginGet(rw http.ResponseWriter, req *http.Request, _ httprouter.Params, auth UserAuth) {
	if !auth.IsGuest() {
		h.SafeRedirect(rw, req)
		return
	}

	rw.Header().Set("Content-Type", "text/html")
	rw.WriteHeader(http.StatusOK)
	pages.RenderPageTemplate(rw, "login", map[string]any{
		"ServiceName": h.serviceName,
		"Redirect":    req.URL.Query().Get("redirect"),
	})
}

func (h *HttpServer) LoginPost(rw http.ResponseWriter, req *http.Request, _ httprouter.Params, auth UserAuth) {
	un := req.FormValue("username")
	pw := req.FormValue("password")
	var userSub uuid.UUID
	var hasOtp bool
	if h.DbTx(rw, func(tx *database.Tx) error {
		loginUser, hasOtpRaw, err := tx.CheckLogin(un, pw)
		if err != nil {
			if errors.Is(err, sql.ErrNoRows) || errors.Is(err, bcrypt.ErrMismatchedHashAndPassword) {
				http.Redirect(rw, req, "/login?mismatch=1", http.StatusFound)
				return nil
			}
			http.Error(rw, "Internal server error", http.StatusInternalServerError)
			return err
		}
		userSub = loginUser.Sub
		hasOtp = hasOtpRaw
		return nil
	}) {
		return
	}

	// only continues if the above tx succeeds
	auth.Data = SessionData{
		ID:      userSub,
		NeedOtp: hasOtp,
	}
	if auth.SaveSessionData() != nil {
		http.Error(rw, "Failed to save session", http.StatusInternalServerError)
		return
	}

	if hasOtp {
		originUrl, err := url.Parse(req.FormValue("redirect"))
		if err != nil {
			http.Error(rw, "400 Bad Request: Invalid redirect URL", http.StatusBadRequest)
			return
		}
		redirectUrl := PrepareRedirectUrl("/login/otp", originUrl)
		http.Redirect(rw, req, redirectUrl.String(), http.StatusFound)
		return
	}

	h.SafeRedirect(rw, req)
}