CHANGE: refractor + refined user routes, added change pw form and function

2025-02-23 15:46:34 +01:00
parent 64468271d1
commit fdd6416ad9
12 changed files with 331 additions and 188 deletions
--- a/Backend/endpoints/time.go
+++ b/Backend/endpoints/time.go
@@ -28,27 +28,26 @@ func TimeHandler(w http.ResponseWriter, r *http.Request) {
 	}
 }

-func parseTimestamp(r *http.Request , get_key string, fallback string) (time.Time, error) {
+func parseTimestamp(r *http.Request, get_key string, fallback string) (time.Time, error) {
 	_timestamp_get := r.URL.Query().Get(get_key)
-	if(_timestamp_get == "") {
+	if _timestamp_get == "" {
 		_timestamp_get = fallback
 	}
 	timestamp_get, err := time.Parse("2006-01-02", _timestamp_get)
-	if(err != nil){
+	if err != nil {
 		return time.Now(), err
 	}
 	return timestamp_get, nil
 }

-
 // Returns bookings from DB with similar card uid -> checks for card uid in http query params
 func getBookings(w http.ResponseWriter, r *http.Request) {
 	var user models.User
 	var err error
-	if(helper.GetEnv("GO_ENV", "production") == "debug"){
+	if helper.GetEnv("GO_ENV", "production") == "debug" {
 		user, err = (*models.User).GetByPersonalNummer(nil, 123)
-	}else{
-		if(!Session.Exists(r.Context(), "user")){
+	} else {
+		if !Session.Exists(r.Context(), "user") {
 			log.Println("No user in session storage!")
 			http.Error(w, "Not logged in!", http.StatusForbidden)
 			return
@@ -56,7 +55,7 @@ func getBookings(w http.ResponseWriter, r *http.Request) {

 		user, err = (*models.User).GetByPersonalNummer(nil, Session.GetInt(r.Context(), "user"))
 	}
-	if(err != nil){
+	if err != nil {
 		log.Println("No user found with the given personal number!")
 		http.Error(w, "No user found", http.StatusNotFound)
 		return
@@ -64,18 +63,18 @@ func getBookings(w http.ResponseWriter, r *http.Request) {

 	// TODO add config for timeoffset
 	tsFrom, err := parseTimestamp(r, "time_from", time.Now().AddDate(0, -1, 0).Format("2006-01-02"))
-	if(err != nil ){
+	if err != nil {
 		log.Println("Error parsing 'from' time", err)
 		http.Error(w, "Timestamp 'from' cannot be parsed!", http.StatusBadRequest)
 		return
 	}
 	tsTo, err := parseTimestamp(r, "time_to", time.Now().Format("2006-01-02"))
-	if(err != nil ){
+	if err != nil {
 		log.Println("Error parsing 'to' time", err)
 		http.Error(w, "Timestamp 'to' cannot be parsed!", http.StatusBadRequest)
 		return
 	}
-	tsTo = tsTo.AddDate(0,0,1) // so that today is inside
+	tsTo = tsTo.AddDate(0, 0, 1) // so that today is inside

 	bookings, err := (*models.Booking).GetBookingsGrouped(nil, user.CardUID, tsFrom, tsTo)
 	if err != nil {
@@ -87,22 +86,22 @@ func getBookings(w http.ResponseWriter, r *http.Request) {
 	templates.TimeDashboard(bookings).Render(ctx, w)
 }

-func updateBooking(w http.ResponseWriter, r *http.Request){
+func updateBooking(w http.ResponseWriter, r *http.Request) {
 	r.ParseForm()
-	for index, possibleBooking := range r.PostForm{
-		if(index[:7] == "booking"){
+	for index, possibleBooking := range r.PostForm {
+		if index[:7] == "booking" {
 			booking_id, err := strconv.Atoi(index[8:])
-			if(err != nil){
+			if err != nil {
 				log.Println("Error parsing bookingId", err)
 				continue
 			}
 			booking, err := (*models.Booking).GetBookingById(nil, booking_id)
-			if(err != nil){
+			if err != nil {
 				log.Println("Error getting booking!", err)
 				continue
 			}
 			parsedTime, err := time.ParseInLocation("15:04", possibleBooking[0], time.Local)
-			if(err != nil){
+			if err != nil {
 				log.Println("Error parsing time!", err)
 				continue
 			}
@@ -113,17 +112,17 @@ func updateBooking(w http.ResponseWriter, r *http.Request){
 	getBookings(w, r)
 }

-func getBookingsAPI(w http.ResponseWriter, r *http.Request){
+func getBookingsAPI(w http.ResponseWriter, r *http.Request) {
 	_user_pn := r.URL.Query().Get("personal_nummer")
 	user_pn, err := strconv.Atoi(_user_pn)
-	if(err != nil){
+	if err != nil {
 		log.Println("No personal numver found!")
 		http.Error(w, "No personal number found", http.StatusBadRequest)
 		return
 	}

 	user, err := (*models.User).GetByPersonalNummer(nil, user_pn)
-	if(err != nil){
+	if err != nil {
 		log.Println("No user found with the given personal number!")
 		http.Error(w, "No user found", http.StatusNotFound)
 		return
@@ -131,18 +130,18 @@ func getBookingsAPI(w http.ResponseWriter, r *http.Request){

 	// TODO add config for timeoffset
 	tsFrom, err := parseTimestamp(r, "time_from", time.Now().AddDate(0, -1, 0).Format("2006-01-02"))
-	if(err != nil ){
+	if err != nil {
 		log.Println("Error parsing 'from' time", err)
 		http.Error(w, "Timestamp 'from' cannot be parsed!", http.StatusBadRequest)
 		return
 	}
 	tsTo, err := parseTimestamp(r, "time_to", time.Now().Format("2006-01-02"))
-	if(err != nil ){
+	if err != nil {
 		log.Println("Error parsing 'to' time", err)
 		http.Error(w, "Timestamp 'to' cannot be parsed!", http.StatusBadRequest)
 		return
 	}
-	tsTo = tsTo.AddDate(0,0,1) // so that today is inside
+	tsTo = tsTo.AddDate(0, 0, 1) // so that today is inside

 	bookings, err := (*models.Booking).GetBookingsGrouped(nil, user.CardUID, tsFrom, tsTo)
 	if err != nil {
--- a/Backend/endpoints/time_create.go
+++ b/Backend/endpoints/time_create.go
@@ -29,7 +29,7 @@ func TimeCreateHandler(w http.ResponseWriter, r *http.Request) {
 // Creates a booking from the http query params -> no body needed
 // after that entry wi'll be written to database and the booking is returned as json
 func createBooking(w http.ResponseWriter, r *http.Request) {
-	if(!checkPassword(r)){
+	if !checkPassword(r) {
 		log.Println("Wrong or no API key provided!")
 		http.Error(w, "Wrong or no API key provided", http.StatusUnauthorized)
 		return
--- a/Backend/endpoints/user.go
+++ b/Backend/endpoints/user.go
@@ -18,24 +18,42 @@ func CreateSessionManager(lifetime time.Duration) *scs.SessionManager {
 	Session.Lifetime = lifetime
 	return Session
 }
-
-func LoginHandler(w http.ResponseWriter, r *http.Request){
-	switch r.Method{
-		case http.MethodGet: showForm(w, r, false)
+func LoginHandler(w http.ResponseWriter, r *http.Request) {
+	switch r.Method {
+	case http.MethodGet:
+		showLoginForm(w, r, false)
 		break
-		case http.MethodPost: loginUser(w, r)
+	case http.MethodPost:
+		loginUser(w, r)
 		break
-		default:
-		showForm(w, r, false)
+	default:
+		showLoginForm(w, r, false)
 		break
 	}
 }

-func showForm(w http.ResponseWriter, r *http.Request, failed bool){
+func UserHandler(w http.ResponseWriter, r *http.Request) {
+	if !Session.Exists(r.Context(), "user") {
+		http.Redirect(w, r, "/user/login", http.StatusTemporaryRedirect)
+	}
+	switch r.Method {
+	case http.MethodGet:
+		showPWForm(w, r, 0)
+		break
+	case http.MethodPost:
+		changePassword(w, r)
+		break
+	default:
+		http.Error(w, "Method not allowed!", http.StatusMethodNotAllowed)
+		break
+	}
+}
+
+func showLoginForm(w http.ResponseWriter, r *http.Request, failed bool) {
 	templates.LoginForm(failed).Render(r.Context(), w)
 }

-func loginUser(w http.ResponseWriter, r *http.Request){
+func loginUser(w http.ResponseWriter, r *http.Request) {
 	err := r.ParseForm()
 	if err != nil {
 		log.Println("Error parsing form!", err)
@@ -43,32 +61,64 @@ func loginUser(w http.ResponseWriter, r *http.Request){
 		return
 	}
 	_personal_nummer := r.FormValue("personal_nummer")
-	if(_personal_nummer == ""){
+	if _personal_nummer == "" {
 		log.Println("No personal_nummer provided!")
 		http.Error(w, "No personal_nummer provided", http.StatusBadRequest)
 		return
 	}
 	personal_nummer, err := strconv.Atoi(_personal_nummer)
-	if(err != nil){
+	if err != nil {
 		log.Println("Cannot parse personal nubmer!")
 		http.Error(w, "Cannot parse number", http.StatusBadRequest)
 		return
 	}

 	user, err := (*models.User).GetByPersonalNummer(nil, personal_nummer)
-	if(err != nil){
+	if err != nil {
 		log.Println("No user found under this personal number!")
 		http.Error(w, "No user found!", http.StatusNotFound)
 	}

 	password := r.FormValue("password")
-	if(user.Login(password)){
+	if user.Login(password) {
 		log.Printf("New succesfull user login from %s %s!\n", user.Vorname, user.Name)
 		Session.Put(r.Context(), "user", user.PersonalNummer)
 		http.Redirect(w, r, "/time", http.StatusSeeOther) //with this browser always uses GET
-	}else{
-		showForm(w, r, true)
+	} else {
+		showLoginForm(w, r, true)
 	}
-
-showForm(w, r, false)
+	showLoginForm(w, r, false)
+}
+
+// change user password and store salted hash in db
+func changePassword(w http.ResponseWriter, r *http.Request) {
+	err := r.ParseForm()
+	if err != nil {
+		log.Println("Error parsing form!", err)
+		http.Error(w, "Error parsing form error", http.StatusBadRequest)
+		return
+	}
+	password := r.FormValue("password")
+	newPassword := r.FormValue("new_password")
+	if password == "" || newPassword == "" || newPassword != r.FormValue("new_password_repeat") {
+		showPWForm(w, r, http.StatusBadRequest)
+	}
+	user, err := (*models.User).GetByPersonalNummer(nil, Session.GetInt(r.Context(), "user"))
+	if err != nil {
+		log.Println("Error getting user!", err)
+		showPWForm(w, r, http.StatusBadRequest)
+	}
+	auth, err := user.ChangePass(password, newPassword)
+	if err != nil {
+		log.Println("Error when changing password!", err)
+	}
+	if auth {
+		showPWForm(w, r, http.StatusOK)
+		return
+	}
+	showPWForm(w, r, http.StatusUnauthorized)
+}
+
+func showPWForm(w http.ResponseWriter, r *http.Request, status int) {
+	templates.UserForm(status).Render(r.Context(), w)
 }