diff --git a/internal/controllers/files.go b/internal/controllers/files.go
index d43ad47..cbb07f7 100644
--- a/internal/controllers/files.go
+++ b/internal/controllers/files.go
@@ -34,14 +34,25 @@ type FilesViewData struct {
Files []database.File
}
+func DownloadFile(w http.ResponseWriter, r *http.Request) {
+ filePath := filepath.Join("./uploaded_files", filepath.Base(r.URL.Path))
+ w.Header().Set("Content-Disposition", "attachment; filename="+filepath.Base(filePath))
+ http.ServeFile(w, r, filePath)
+}
+
+
func Files(w http.ResponseWriter, r *http.Request) {
var (
err error
db *gorm.DB
files []database.File
data FilesViewData
+ filesDir string = "./uploaded_files"
+ fs http.Handler = http.FileServer(http.Dir(filesDir))
)
+ http.Handle("/files/", http.StripPrefix("/files", fs))
+
db, err = database.ConnectToDB()
if err != nil {
fmt.Println("[!] Error connecting to database")
@@ -63,6 +74,7 @@ func Files(w http.ResponseWriter, r *http.Request) {
http.Error(w, "
Internal Server Error
", http.StatusInternalServerError)
return
}
+
}
diff --git a/internal/controllers/user.go b/internal/controllers/user.go
index e338bad..f94b620 100644
--- a/internal/controllers/user.go
+++ b/internal/controllers/user.go
@@ -35,7 +35,9 @@ func Login(w http.ResponseWriter, r *http.Request) {
err = database.IsValidUser(db, username, password)
if err != nil {
fmt.Println("Error validating user")
- http.Error(w, "Failed to authenticate
", http.StatusUnauthorized)
+ w.WriteHeader(http.StatusForbidden)
+ w.Header().Set("Content-Type", "text/html")
+ fmt.Fprintf(w, "Failed to authenticate
")
return
}
@@ -43,11 +45,10 @@ func Login(w http.ResponseWriter, r *http.Request) {
var signedToken string = auth.CreateToken(username, expiration)
http.SetCookie(w, &http.Cookie {
- Name: "auth",
+ Name: "Authentication",
Value: signedToken,
Path: "/",
HttpOnly: true,
- Secure: true,
Expires: expiration,
})
@@ -56,11 +57,10 @@ func Login(w http.ResponseWriter, r *http.Request) {
func Logout(w http.ResponseWriter, r *http.Request) {
http.SetCookie(w, &http.Cookie{
- Name: "auth",
+ Name: "Authentication",
Value: "",
Path: "/",
HttpOnly: true,
- Secure: true,
Expires: time.Unix(0, 0),
})
diff --git a/internal/database/user.go b/internal/database/user.go
index 85180ed..8fd774c 100644
--- a/internal/database/user.go
+++ b/internal/database/user.go
@@ -35,7 +35,7 @@ func IsValidUser(db *gorm.DB, username, password string) error {
var passwordHashed string = HashPassword(password)
var result = db.Where("Username = ?", username).First(&user)
- if result.Error != nil {
+ if result.Error == gorm.ErrRecordNotFound {
RegisterUser(db, username, password) // if user doesnt exists, it is created :)
return nil
}
diff --git a/internal/middleware/auth.go b/internal/middleware/auth.go
index 438bae5..e6048bf 100644
--- a/internal/middleware/auth.go
+++ b/internal/middleware/auth.go
@@ -19,7 +19,7 @@ func WithAuth(next http.Handler) http.Handler {
err error
)
- cookie, err = r.Cookie("auth")
+ cookie, err = r.Cookie("Authentication")
if err != nil || cookie.Value == "" {
http.Redirect(w, r, "/", http.StatusSeeOther)
return
diff --git a/internal/router/router.go b/internal/router/router.go
index 90e128c..c577cb2 100644
--- a/internal/router/router.go
+++ b/internal/router/router.go
@@ -14,6 +14,7 @@ func GetRouter() *http.ServeMux {
Router.HandleFunc("/", controllers.Index)
Router.Handle("/upload", middleware.WithAuth(http.HandlerFunc(controllers.Upload)))
Router.Handle("/files", middleware.WithAuth(http.HandlerFunc(controllers.Files)))
+ Router.Handle("/files/", middleware.WithAuth(http.HandlerFunc(controllers.DownloadFile)))
Router.Handle("/login", http.HandlerFunc(controllers.Login))
Router.Handle("/logout", middleware.WithAuth(http.HandlerFunc(controllers.Logout)))
diff --git a/internal/views/files.tmpl b/internal/views/files.tmpl
index b8bbcda..da40a9a 100644
--- a/internal/views/files.tmpl
+++ b/internal/views/files.tmpl
@@ -36,7 +36,7 @@
{{ .Author.Username }} |
{{ .CreatedAt | formatDate }} |
-
+
Download
|