diff --git a/internal/controllers/user.go b/internal/controllers/user.go index 5f37a4f..4a247c2 100644 --- a/internal/controllers/user.go +++ b/internal/controllers/user.go @@ -4,6 +4,7 @@ import ( "net/http" "strings" "time" + "fmt" "github.com/jean0t/EurekaFile/internal/auth" "github.com/jean0t/EurekaFile/internal/database" @@ -13,18 +14,25 @@ import ( func Login(w http.ResponseWriter, r *http.Request) { var err error - var username string = r.FormValue("username") - var password string = r.FormValue("password") + var username string = strings.TrimSpace(r.FormValue("username")) + var password string = strings.TrimSpace(r.FormValue("password")) var db *gorm.DB + if username == "" || password == "" { + http.Redirect(w, r, "/", http.StatusUnauthorized) + return + } + db, err= database.ConnectToDB() if err != nil { + fmt.Println("Error connecting to DB") http.Redirect(w, r, "/", http.StatusUnauthorized) return } - err = database.IsValidUser(db, username, strings.TrimSpace(password)) + err = database.IsValidUser(db, username, password) if err != nil { + fmt.Println("Error validating user") http.Redirect(w, r, "/", http.StatusUnauthorized) return } @@ -42,7 +50,6 @@ func Login(w http.ResponseWriter, r *http.Request) { }) http.Redirect(w, r, "/upload", http.StatusSeeOther) - return } func Logout(w http.ResponseWriter, r *http.Request) { @@ -50,8 +57,9 @@ func Logout(w http.ResponseWriter, r *http.Request) { Name: "auth", Value: "", Path: "/", - Expires: time.Unix(0, 0), HttpOnly: true, + Secure: true, + Expires: time.Unix(0, 0), }) http.Redirect(w, r, "/", http.StatusSeeOther) diff --git a/internal/database/db.go b/internal/database/db.go index a966cc9..48e78f6 100644 --- a/internal/database/db.go +++ b/internal/database/db.go @@ -55,6 +55,11 @@ func RegisterUser(db *gorm.DB, username, password string) error { } var result = db.Create(&user) + + if result.Error != nil { + fmt.Println("[!] Error in register is: ", result.Error) + } + return result.Error } diff --git a/internal/middleware/auth.go b/internal/middleware/auth.go index b994990..8b16fb4 100644 --- a/internal/middleware/auth.go +++ b/internal/middleware/auth.go @@ -18,8 +18,13 @@ func WithAuth(next http.Handler) http.Handler { var jwtKey []byte = []byte(os.Getenv("JWT_SECRET")) return http.HandlerFunc(func (w http.ResponseWriter, r *http.Request) { - cookie, err := r.Cookie("auth") - if err != nil { + var ( + cookie *http.Cookie + err error + ) + + cookie, err = r.Cookie("auth") + if err != nil || cookie.Value == "" { http.Redirect(w, r, "/", http.StatusSeeOther) return } diff --git a/internal/router/router.go b/internal/router/router.go index 560bcc6..90e128c 100644 --- a/internal/router/router.go +++ b/internal/router/router.go @@ -14,7 +14,7 @@ func GetRouter() *http.ServeMux { Router.HandleFunc("/", controllers.Index) Router.Handle("/upload", middleware.WithAuth(http.HandlerFunc(controllers.Upload))) Router.Handle("/files", middleware.WithAuth(http.HandlerFunc(controllers.Files))) - Router.Handle("/login", middleware.WithAuth(http.HandlerFunc(controllers.Login))) + Router.Handle("/login", http.HandlerFunc(controllers.Login)) Router.Handle("/logout", middleware.WithAuth(http.HandlerFunc(controllers.Logout))) return Router