diff options
| -rw-r--r-- | main.go | 5 | ||||
| -rw-r--r-- | store.go | 13 | ||||
| -rw-r--r-- | templates/login.tmpl | 2 |
3 files changed, 16 insertions, 4 deletions
@@ -46,12 +46,15 @@ func (app *App) loginHandler(w http.ResponseWriter, r *http.Request) { if r.Method == http.MethodPost { username := r.FormValue("username") password := r.FormValue("password") + next := r.FormValue("next") hash := md5.Sum([]byte(password)) dst := make([]byte, hex.EncodedLen(md5.Size)) hex.Encode(dst, hash[:]) u, ok := app.GetUser(username) - next := r.FormValue("next") if ok && subtle.ConstantTimeCompare(u.Password, dst) == 1 { + s := app.NewSession(u.Id) + c := http.Cookie{Name: "id", Value: s.Id, Domain: ".horel.test"} + http.SetCookie(w, &c) http.Redirect(w, r, next, http.StatusSeeOther) } else { app.Template.ExecuteTemplate(w, "login.tmpl", struct { @@ -20,6 +20,7 @@ type User struct { type Store interface { GetSession(id string) (*Session, bool) + NewSession(userId int64) *Session GetUser(name string) (*User, bool) } @@ -42,7 +43,7 @@ func (store *PgStore) GetSession(id string) (*Session, bool) { return s, true } s = new(Session) - row := store.QueryRow("SELECT id, user_id FROM session WHERE id = $1", id) + row := store.QueryRow("SELECT id, user_id FROM sessions WHERE id = $1", id) if err := row.Scan(&s.Id, &s.UserId); err != nil { return nil, false } @@ -50,9 +51,17 @@ func (store *PgStore) GetSession(id string) (*Session, bool) { return s, true } +func (store *PgStore) NewSession(userId int64) *Session { + var id string + store.QueryRow("INSERT INTO sessions(user_id) VALUES ($1) RETURNING id", userId).Scan(&id) + s := &Session{id, userId} + store.sessionCache[s.Id] = s + return s +} + func (store *PgStore) GetUser(name string) (*User, bool) { u := &User{Name: name} - row := store.QueryRow("SELECT id, password FROM user WHERE name = $1", name) + row := store.QueryRow("SELECT id, password FROM users WHERE name = $1", name) if err := row.Scan(&u.Id, &u.Password); err != nil { return nil, false } diff --git a/templates/login.tmpl b/templates/login.tmpl index 67d0000..6f76a4a 100644 --- a/templates/login.tmpl +++ b/templates/login.tmpl @@ -29,7 +29,7 @@ button:hover {background-color: #1967be; border-color: #1862b5} <input type="password" id="password" name="password" placeholder="Mot de passe"/> <button type="submit" name="login">Se Connecter</button> - <input type="hidden" id="next" value="{{.Next}}"/> + <input type="hidden" name="next" value="{{.Next}}"/> </div> <hr> </form> |