some-automoderation/routes/login_page.go

package routes

import (
	"context"
	"embed"
	"fmt"
	"html/template"
	"log"
	"math/rand"
	"net/http"
	"strconv"

	"sunshine.industries/some-automoderation/rooms"
	"sunshine.industries/some-automoderation/sessions"
)

// function to register all http routes for servicing auth pages and logic
func registerLoginRoutes(
	templateFs *embed.FS,
	sessionSM sessions.SessionManagement,
	roomsM rooms.RoomManager,
) {
	// login page
	http.HandleFunc(loginPath, func(w http.ResponseWriter, r *http.Request) {
		renderLoginPage(w)
	})
	http.HandleFunc("/login/join", joinRoomHandler(templateFs, sessionSM, roomsM))
	http.HandleFunc("/login/create", createRoomHandler(templateFs, sessionSM, roomsM))
	http.HandleFunc("/login/room-name-check", checkRoomName(templateFs, roomsM))
}

const authCookieName = "auth"
const loginPath = "/login"
type contextKey string

func getContextSession(ctx context.Context) sessions.SessionData {
	return ctx.Value(contextKey("session")).(sessions.SessionData)
}

// checks sessionId from cookie
// when non-zero session found - pass to next http.Hander
// when no session available - render same as login page and redirect to /
func authedPageMiddleware(
	sessionsM sessions.SessionManagement, next http.Handler,
) http.Handler {
	returnNoAccess := func(w http.ResponseWriter, r *http.Request) {
			log.Printf("auth middle > restricting access to %s", r.URL.Path)
			w.Header().Add("HX-Replace-Url", loginPath)
			renderLoginPage(w)
	}
	rerturnSuccess := func(w http.ResponseWriter, r *http.Request, session sessions.SessionData) {
			ctx := context.WithValue(r.Context(), contextKey("session"), session)
			log.Printf("auth middle > allowing access to %s for %+v", r.URL.Path, session)
			next.ServeHTTP(w, r.WithContext(ctx))
	}
	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
		sessionCookie, err := r.Cookie(authCookieName)
		if err != nil {
			returnNoAccess(w, r)
			return
		}
		// TODO log here, why i get 'error readin 0'
		sessionId, err := strconv.Atoi(sessionCookie.Value)
		if err != nil {
			returnNoAccess(w, r)
			return
		}
		session := sessionsM.Get(sessionId)
		if session == (sessions.SessionData{}) {
			returnNoAccess(w, r)
			return
		} else {
			rerturnSuccess(w, r, session)
			return
		}
	})
}

func renderLoginPage(w http.ResponseWriter) {
	var templFile = "templates/login.gohtml"
	tmpl := template.Must(template.ParseFS(templateFs, templFile))
	err := tmpl.Execute(w, nil)
	if err != nil {
		log.Printf("my error in executing template, huh\n %s", err)
	}
}

func createRoomHandler(	templateFs *embed.FS,
	sessionSM sessions.SessionManagement,
	roomsM rooms.RoomManager,
) http.HandlerFunc {
	return func(w http.ResponseWriter, r *http.Request) {
		err := r.ParseForm()
		if err != nil {
			// TODO return error notice somehow
			w.WriteHeader(http.StatusBadRequest)
		}
		roomName := r.PostFormValue("roomName")
		_, exists, _ := roomsM.Get(roomName)
		if exists {
			// TODO return anouther error notice
			log.Printf("error, room name occupied %s", roomName)
			return
		}
		person := rooms.Person{
			PersonId: rand.Int(),
			Name: r.PostFormValue("personalName"),
			PasswordHash: r.PostFormValue("personalPassword"), // TODO hash the password, not to store
		}
		newRoom := rooms.Room{
			Name: roomName,
			PasswordHash: r.PostFormValue("roomPassword"), // TODO hash the password, not to store
			AdminIds: []int{person.PersonId},
			Paricipants: []rooms.Person{person},
		}
		err = roomsM.Save(newRoom)
		if err != nil {
			log.Printf("what am i to do? error saving room %s", err)
			// todo return error notice somehow
		}
		newSessionId, err := sessionSM.Save(newRoom.Name, person.PersonId)
		if err != nil {
			log.Printf("what am i to do? error saving session %s", err)
			// todo return error notice somehow
		}
		http.SetCookie(w, &http.Cookie{
			Name: authCookieName,
			Value: fmt.Sprint(newSessionId),
			Secure: true,
			HttpOnly: true,
			Path: "/",
		})
		var templFile = "templates/index.gohtml"
		tmpl := template.Must(template.ParseFS(templateFs, templFile))
		w.Header().Add("HX-Retarget", "body")
		w.Header().Add("HX-Push-Url", "/")
		err = tmpl.Execute(w, nil)
		if err != nil {
			log.Printf("my error in executing template, huh\n %s", err)
		}
	}
}

// checking whether the room name already exists
// toggle button between Join or Create
func checkRoomName(	templateFs *embed.FS,
	roomsM rooms.RoomManager,
) http.HandlerFunc {
	return func(w http.ResponseWriter, r *http.Request) {
		err := r.ParseForm()
		if err != nil {
			w.WriteHeader(http.StatusBadRequest)
		}
		roomName := r.PostFormValue("roomName")
		_, isFound, err := roomsM.Get(roomName)
		if err != nil {
			log.Printf("/login/room-name-check error finding room %s\n", err)
		}
		var templFile = "templates/login.gohtml"
		tmpl := template.Must(template.ParseFS(templateFs, templFile))
		err = tmpl.ExecuteTemplate(w, "formButton", isFound)
	}
}

func joinRoomHandler(	templateFs *embed.FS,
	sessionSM sessions.SessionManagement,
	roomsM rooms.RoomManager,
) http.HandlerFunc {
	return func(w http.ResponseWriter, r *http.Request) {
		err := r.ParseForm()
		if err != nil {
			w.WriteHeader(http.StatusBadRequest)
		}

		roomName := r.PostFormValue("roomName")
		roomPass := r.PostFormValue("roomPassword")
		personName := r.PostFormValue("personalName")
		personPass := r.PostFormValue("personalPassword")

		// a) get room data
		room, _, err := roomsM.Get(roomName)
		if err != nil {
			log.Printf("/login/join error getting room %s", roomName)
			w.WriteHeader(http.StatusBadRequest)
			// TODO render error to be put in error place
			return
		} else {
			log.Printf("/login/submit found room %+v", room)
		}

		// b) check if room password OK
		if room.PasswordHash != roomPass {
			log.Printf("/login/join bad room pass for %+v", room)
			w.WriteHeader(http.StatusForbidden)
			// TODO render error to be put in error place
			return
		}

		var person rooms.Person
		for _, participant := range room.Paricipants {
			if participant.Name == personName {
				person = participant
			}
		}
		// c) check if such person exists,
		// knownPerson, found :=
		// check the password
		if (person != rooms.Person{}) && person.PasswordHash != personPass {
			log.Printf("/login/join bad person pass for %+s", person.Name)
			w.WriteHeader(http.StatusForbidden)
			// TODO render error to be put in error place
			return
		}
		// person joining for thethe first time
		if (person == rooms.Person{}) {
			log.Printf("/login/join room pass correct, new person joins")
			// creating a new person with provided password hash
			person = rooms.Person{
				Name: personName,
				PasswordHash: personPass,
				PersonId: rand.Int(),
			}
			err := roomsM.Update(context.TODO(), room.Name, func(fromRoom rooms.Room) (toRoom rooms.Room) {
				toRoom = fromRoom
				toRoom.Paricipants = append(toRoom.Paricipants, person)
				return toRoom
			})
			if err != nil {
				log.Printf("/login/join problem adding person to room", person.Name)
				w.WriteHeader(http.StatusInternalServerError)
				// TODO render error to be put in error place
				// with message try again 
				return
			}
		}
		// TODO handle context and cancells, with separate function that writeds new updated room
		// now we have room and person, can create a session
		// and we've checked password

		newSessionId, err := sessionSM.Save(room.Name, person.PersonId)
		if err != nil {
			log.Printf("/login/submit > error saving session %s", err)
		}
		http.SetCookie(w, &http.Cookie{
			Name: authCookieName,
			Value: fmt.Sprint(newSessionId),
			Secure: true,
			HttpOnly: true,
			Path: "/",
		})
		log.Printf("is is %d. room things %s & %s, personal things %s and %s. \n found room %+v",
			newSessionId, roomName, roomPass, personName, personPass, room,
		)
		// TODO render what? index page with some data passed?
		// or, what? i could just redirect to / for now
		w.Header().Add("HX-Redirect", "/")
	}
}