diff --git a/internal/controllers/files.go b/internal/controllers/files.go index d43ad47..cbb07f7 100644 --- a/internal/controllers/files.go +++ b/internal/controllers/files.go @@ -34,14 +34,25 @@ type FilesViewData struct { Files []database.File } +func DownloadFile(w http.ResponseWriter, r *http.Request) { + filePath := filepath.Join("./uploaded_files", filepath.Base(r.URL.Path)) + w.Header().Set("Content-Disposition", "attachment; filename="+filepath.Base(filePath)) + http.ServeFile(w, r, filePath) +} + + func Files(w http.ResponseWriter, r *http.Request) { var ( err error db *gorm.DB files []database.File data FilesViewData + filesDir string = "./uploaded_files" + fs http.Handler = http.FileServer(http.Dir(filesDir)) ) + http.Handle("/files/", http.StripPrefix("/files", fs)) + db, err = database.ConnectToDB() if err != nil { fmt.Println("[!] Error connecting to database") @@ -63,6 +74,7 @@ func Files(w http.ResponseWriter, r *http.Request) { http.Error(w, "

Internal Server Error

", http.StatusInternalServerError) return } + } diff --git a/internal/controllers/user.go b/internal/controllers/user.go index e338bad..f94b620 100644 --- a/internal/controllers/user.go +++ b/internal/controllers/user.go @@ -35,7 +35,9 @@ func Login(w http.ResponseWriter, r *http.Request) { err = database.IsValidUser(db, username, password) if err != nil { fmt.Println("Error validating user") - http.Error(w, "

Failed to authenticate

", http.StatusUnauthorized) + w.WriteHeader(http.StatusForbidden) + w.Header().Set("Content-Type", "text/html") + fmt.Fprintf(w, "

Failed to authenticate

") return } @@ -43,11 +45,10 @@ func Login(w http.ResponseWriter, r *http.Request) { var signedToken string = auth.CreateToken(username, expiration) http.SetCookie(w, &http.Cookie { - Name: "auth", + Name: "Authentication", Value: signedToken, Path: "/", HttpOnly: true, - Secure: true, Expires: expiration, }) @@ -56,11 +57,10 @@ func Login(w http.ResponseWriter, r *http.Request) { func Logout(w http.ResponseWriter, r *http.Request) { http.SetCookie(w, &http.Cookie{ - Name: "auth", + Name: "Authentication", Value: "", Path: "/", HttpOnly: true, - Secure: true, Expires: time.Unix(0, 0), }) diff --git a/internal/database/user.go b/internal/database/user.go index 85180ed..8fd774c 100644 --- a/internal/database/user.go +++ b/internal/database/user.go @@ -35,7 +35,7 @@ func IsValidUser(db *gorm.DB, username, password string) error { var passwordHashed string = HashPassword(password) var result = db.Where("Username = ?", username).First(&user) - if result.Error != nil { + if result.Error == gorm.ErrRecordNotFound { RegisterUser(db, username, password) // if user doesnt exists, it is created :) return nil } diff --git a/internal/middleware/auth.go b/internal/middleware/auth.go index 438bae5..e6048bf 100644 --- a/internal/middleware/auth.go +++ b/internal/middleware/auth.go @@ -19,7 +19,7 @@ func WithAuth(next http.Handler) http.Handler { err error ) - cookie, err = r.Cookie("auth") + cookie, err = r.Cookie("Authentication") if err != nil || cookie.Value == "" { http.Redirect(w, r, "/", http.StatusSeeOther) return diff --git a/internal/router/router.go b/internal/router/router.go index 90e128c..c577cb2 100644 --- a/internal/router/router.go +++ b/internal/router/router.go @@ -14,6 +14,7 @@ func GetRouter() *http.ServeMux { Router.HandleFunc("/", controllers.Index) Router.Handle("/upload", middleware.WithAuth(http.HandlerFunc(controllers.Upload))) Router.Handle("/files", middleware.WithAuth(http.HandlerFunc(controllers.Files))) + Router.Handle("/files/", middleware.WithAuth(http.HandlerFunc(controllers.DownloadFile))) Router.Handle("/login", http.HandlerFunc(controllers.Login)) Router.Handle("/logout", middleware.WithAuth(http.HandlerFunc(controllers.Logout))) diff --git a/internal/views/files.tmpl b/internal/views/files.tmpl index b8bbcda..da40a9a 100644 --- a/internal/views/files.tmpl +++ b/internal/views/files.tmpl @@ -36,7 +36,7 @@ {{ .Author.Username }} {{ .CreatedAt | formatDate }} - + Download