139 lines
4.0 KiB
Go
139 lines
4.0 KiB
Go
package web
|
|
|
|
import (
|
|
"billit/internal/auth"
|
|
"net/http"
|
|
"net/url"
|
|
"strings"
|
|
|
|
"github.com/labstack/echo/v4"
|
|
)
|
|
|
|
// AuthHandlers holds auth service reference
|
|
type AuthHandlers struct {
|
|
auth *auth.Service
|
|
}
|
|
|
|
// NewAuthHandlers creates handlers with auth service
|
|
func NewAuthHandlers(authService *auth.Service) *AuthHandlers {
|
|
return &AuthHandlers{auth: authService}
|
|
}
|
|
|
|
// LoginPageHandler renders the login page (home page)
|
|
func (h *AuthHandlers) LoginPageHandler(c echo.Context) error {
|
|
// Check if already logged in
|
|
cookie, err := c.Cookie("auth_token")
|
|
if err == nil && cookie.Value != "" {
|
|
_, err := h.auth.ValidateToken(cookie.Value)
|
|
if err == nil {
|
|
// Already logged in, redirect to home
|
|
return c.Redirect(http.StatusFound, "/home")
|
|
}
|
|
}
|
|
// Capture redirect URL from query param
|
|
redirectURL := c.QueryParam("redirect")
|
|
return Render(c, LoginPage("", "", redirectURL))
|
|
}
|
|
|
|
// LoginHandler handles login form submission
|
|
func (h *AuthHandlers) LoginHandler(c echo.Context) error {
|
|
email := strings.TrimSpace(c.FormValue("email"))
|
|
password := c.FormValue("password")
|
|
redirectURL := c.FormValue("redirect")
|
|
|
|
if email == "" || password == "" {
|
|
return Render(c, LoginPage("Email and password are required", email, redirectURL))
|
|
}
|
|
|
|
token, err := h.auth.Login(email, password)
|
|
if err != nil {
|
|
return Render(c, LoginPage("Invalid email or password", email, redirectURL))
|
|
}
|
|
|
|
// Set HTTP-only cookie
|
|
cookie := h.auth.CreateAuthCookie(token)
|
|
c.SetCookie(cookie)
|
|
|
|
// Redirect to original URL or home page
|
|
if redirectURL != "" && strings.HasPrefix(redirectURL, "/") {
|
|
return c.Redirect(http.StatusFound, redirectURL)
|
|
}
|
|
return c.Redirect(http.StatusFound, "/home")
|
|
}
|
|
|
|
// RegisterPageHandler renders the registration page
|
|
func (h *AuthHandlers) RegisterPageHandler(c echo.Context) error {
|
|
return Render(c, RegisterPage("", ""))
|
|
}
|
|
|
|
// RegisterHandler handles registration form submission
|
|
func (h *AuthHandlers) RegisterHandler(c echo.Context) error {
|
|
email := strings.TrimSpace(c.FormValue("email"))
|
|
password := c.FormValue("password")
|
|
confirmPassword := c.FormValue("confirm_password")
|
|
|
|
if email == "" || password == "" {
|
|
return Render(c, RegisterPage("Email and password are required", email))
|
|
}
|
|
|
|
if password != confirmPassword {
|
|
return Render(c, RegisterPage("Passwords do not match", email))
|
|
}
|
|
|
|
if len(password) < 8 {
|
|
return Render(c, RegisterPage("Password must be at least 8 characters", email))
|
|
}
|
|
|
|
_, err := h.auth.Register(email, password)
|
|
if err != nil {
|
|
if err == auth.ErrUserExists {
|
|
return Render(c, RegisterPage("An account with this email already exists", email))
|
|
}
|
|
return Render(c, RegisterPage(err.Error(), email))
|
|
}
|
|
|
|
// Auto-login after registration
|
|
token, err := h.auth.Login(email, password)
|
|
if err != nil {
|
|
return c.Redirect(http.StatusFound, "/")
|
|
}
|
|
|
|
cookie := h.auth.CreateAuthCookie(token)
|
|
c.SetCookie(cookie)
|
|
|
|
return c.Redirect(http.StatusFound, "/home")
|
|
}
|
|
|
|
// LogoutHandler clears the auth cookie and redirects to login
|
|
func (h *AuthHandlers) LogoutHandler(c echo.Context) error {
|
|
cookie := h.auth.ClearAuthCookie()
|
|
c.SetCookie(cookie)
|
|
return c.Redirect(http.StatusFound, "/")
|
|
}
|
|
|
|
// AuthMiddleware protects routes that require authentication
|
|
func (h *AuthHandlers) AuthMiddleware(next echo.HandlerFunc) echo.HandlerFunc {
|
|
return func(c echo.Context) error {
|
|
cookie, err := c.Cookie("auth_token")
|
|
if err != nil || cookie.Value == "" {
|
|
// No cookie - redirect to login with original URL for post-login redirect
|
|
redirectPath := url.QueryEscape(c.Request().URL.RequestURI())
|
|
return c.Redirect(http.StatusFound, "/?redirect="+redirectPath)
|
|
}
|
|
|
|
claims, err := h.auth.ValidateToken(cookie.Value)
|
|
if err != nil {
|
|
// Invalid/expired token - show session expired dialog
|
|
c.SetCookie(h.auth.ClearAuthCookie())
|
|
redirectPath := url.QueryEscape(c.Request().URL.RequestURI())
|
|
return Render(c, SessionExpiredPage(redirectPath))
|
|
}
|
|
|
|
// Store user info in context
|
|
c.Set("user_id", claims.UserID)
|
|
c.Set("user_email", claims.Email)
|
|
|
|
return next(c)
|
|
}
|
|
}
|