feat: updated docs and added description to files

Backend/endpoints/user.go

@@ -1,8 +1,18 @@
 package endpoints
 
+// this is not directly an endpoint as it servers all requests for "/user"
+// and routes the furter to "login", "logout", and "settings"
+
 import (
-	"arbeitszeitmessung/helper"
+	"arbeitszeitmessung/models"
+	"arbeitszeitmessung/templates"
+	"context"
+	"log"
 	"net/http"
+	"strconv"
+	"time"
+
+	"github.com/alexedwards/scs/v2"
 )
 
 func UserHandler(w http.ResponseWriter, r *http.Request) {
@@ -16,31 +26,63 @@ func UserHandler(w http.ResponseWriter, r *http.Request) {
 	}
 }
 
-func LoginHandler(w http.ResponseWriter, r *http.Request) {
-	switch r.Method {
-	case http.MethodGet:
-		showLoginPage(w, r, true, "")
-	case http.MethodPost:
-		loginUser(w, r)
-	default:
-		http.Error(w, "Method not allowed!", http.StatusMethodNotAllowed)
-	}
+var Session *scs.SessionManager
+
+func CreateSessionManager(lifetime time.Duration) *scs.SessionManager {
+	Session = scs.New()
+	Session.Lifetime = lifetime
+	return Session
 }
 
-func UserSettingsHandler(w http.ResponseWriter, r *http.Request) {
-	helper.RequiresLogin(Session, w, r)
-
-	switch r.Method {
-	case http.MethodGet:
-		showUserPage(w, r, 0)
-	case http.MethodPost:
-		switch r.FormValue("action") {
-		case "change-pass":
-			changePassword(w, r)
-		case "logout-user":
-			logoutUser(w, r)
-		}
-	default:
-		http.Error(w, "Method not allowed!", http.StatusMethodNotAllowed)
+func showLoginPage(w http.ResponseWriter, r *http.Request, success bool, errorMsg string) {
+	r = r.WithContext(context.WithValue(r.Context(), "session", Session))
+	if Session.Exists(r.Context(), "user") {
+		http.Redirect(w, r, "/time", http.StatusSeeOther)
 	}
+	templates.LoginPage(success, errorMsg).Render(r.Context(), w)
+}
+
+func loginUser(w http.ResponseWriter, r *http.Request) {
+	err := r.ParseForm()
+	if err != nil {
+		log.Println("Error parsing form!", err)
+		showLoginPage(w, r, false, "Internal error!")
+		return
+	}
+	_personal_nummer := r.FormValue("personal_nummer")
+	if _personal_nummer == "" {
+		log.Println("No personal_nummer provided!")
+		showLoginPage(w, r, false, "Keine Personalnummer gesetzt.")
+		return
+	}
+	personal_nummer, err := strconv.Atoi(_personal_nummer)
+	if err != nil {
+		log.Println("Cannot parse personal nubmer!")
+		showLoginPage(w, r, false, "Personalnummer ist nicht valide gesetzt.")
+		return
+	}
+	user, err := models.GetUserByPersonalNr(personal_nummer)
+	if err != nil {
+		log.Println("No user found under this personal number!", err)
+		showLoginPage(w, r, false, "Nutzer unter dieser Personalnummer nicht gefunden.")
+		return
+	}
+
+	password := r.FormValue("password")
+	if user.Login(password) {
+		log.Printf("New succesfull user login from %s %s (%d)!\n", user.Vorname, user.Name, user.PersonalNummer)
+		Session.Put(r.Context(), "user", user.PersonalNummer)
+		Session.Commit(r.Context())
+		http.Redirect(w, r, "/time", http.StatusSeeOther) //with this browser always uses GET
+	}
+	showLoginPage(w, r, false, "")
+}
+
+func logoutUser(w http.ResponseWriter, r *http.Request) {
+	log.Println("Loggin out user!")
+	err := Session.Destroy(r.Context())
+	if err != nil {
+		log.Println("Error destroying session!", err)
+	}
+	http.Redirect(w, r, "/user/login", http.StatusSeeOther)
 }