HS-Esslingen/swb6-it-sec
Archived
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

save username in cookie

Browse source
This commit is contained in:
Florian Hoss 2022-04-04 11:40:34 +02:00
parent 539a36dffe
commit 2d98665f92
7 changed files with 149 additions and 95 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

29
Lab01/app/database/database.go
View file

@ -30,14 +30,31 @@ func (db *Database) CreateUser(username string, password string) error {
return result.Error return result.Error
} }
func (db *Database) LoginUser(username string, password string) (bool, error) { func (db *Database) LoginUser(username string, password string) bool {
user := User{Username: username, Password: password} user := User{Username: username, Password: password}
result := db.ORM.Where("username = ? AND password = ?", username, password).Find(&user) result := db.ORM.Where("username = ? AND password = ?", username, password).Find(&user)
if result.Error != nil {
return false, result.Error
}
if result.RowsAffected == 1 { if result.RowsAffected == 1 {
return true, nil db.ORM.Model(&user).Update("logged_in", true)
return true
} }
return false, nil return false
}
func (db *Database) LogoutUser(username string) bool {
user := User{Username: username}
result := db.ORM.Where("username = ? and logged_in = ?", username, true).Find(&user)
if result.RowsAffected == 1 {
db.ORM.Model(&user).Update("logged_in", false)
return true
}
return false
}
func (db *Database) UserIsLoggedIn(username string) bool {
user := User{Username: username}
result := db.ORM.Where("username = ? and logged_in = ?", username, true).Find(&user)
if result.RowsAffected == 1 {
return true
}
return false
} }

6
Lab01/app/database/types.go
View file

@ -10,7 +10,7 @@ type Database struct {
} }
type User struct { type User struct {
Username string `gorm:"primaryKey"` Username string `gorm:"primaryKey"`
Password string Password string
CreatedAt int64 `gorm:"autoCreateTime"` LoggedIn bool
} }

115
Lab01/app/templates/index.tmpl → Lab01/app/templates/_base.tmpl
View file

@ -1,27 +1,3 @@
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<title>{{ .title }}</title>
{{template "head" .}}
</head>
<body>
{{template "navbar" .}}
<div class="position-absolute top-50 start-50 translate-middle text-center">
{{if .loggedIn}}
<div>Welcome to the {{ .title }}.</div>
{{else}}
<div>
<a class="link-secondary" href="/login">Login</a> to continue.
</div>
{{end}}
</div>
{{template "scripts" .}}
</body>
</html>
{{define "head"}} {{define "head"}}
<link rel="apple-touch-icon" sizes="180x180" href="../static/icons/apple-touch-icon.png"> <link rel="apple-touch-icon" sizes="180x180" href="../static/icons/apple-touch-icon.png">
<link rel="icon" type="image/png" sizes="32x32" href="../static/icons/favicon-32x32.png"> <link rel="icon" type="image/png" sizes="32x32" href="../static/icons/favicon-32x32.png">
@ -37,7 +13,7 @@
{{define "navbar"}} {{define "navbar"}}
<nav class="navbar navbar-expand-md navbar-light bg-light"> <nav class="navbar navbar-expand-md navbar-light bg-light">
<div class="container-fluid"> <div class="container-fluid">
<a class="navbar-brand" href="/">SuperSave</a> <a class="navbar-brand" href="/">SuperSafe</a>
<button class="navbar-toggler" type="button" data-bs-toggle="collapse" <button class="navbar-toggler" type="button" data-bs-toggle="collapse"
data-bs-target="#navbarSupportedContent" data-bs-target="#navbarSupportedContent"
aria-controls="navbarSupportedContent" aria-expanded="false" aria-label="Toggle navigation"> aria-controls="navbarSupportedContent" aria-expanded="false" aria-label="Toggle navigation">
@ -45,18 +21,15 @@
</button> </button>
<div class="collapse navbar-collapse" id="navbarSupportedContent"> <div class="collapse navbar-collapse" id="navbarSupportedContent">
<ul class="ms-auto navbar-nav mb-2 mb-lg-0"> <ul class="ms-auto navbar-nav mb-2 mb-lg-0">
{{if .loggedIn}} <li class="nav-item me-2">
<li class="nav-item me-2"> <a hidden id="button-tasks" class="btn btn-primary" href="/tasks">Tasks</a>
<a class="btn btn-primary" href="/tasks">Tasks</a> </li>
</li> <li class="nav-item me-2">
<li class="nav-item"> <a hidden id="button-login" class="btn btn-primary" href="/login">Login</a>
<a class="btn btn-danger" href="/logout">Logout</a> </li>
</li> <li class="nav-item">
{{else}} <button hidden id="button-logout" class="btn btn-danger" onclick="logout()">Logout</button>
<li class="nav-item"> </li>
<a class="btn btn-primary" href="/login">Login</a>
</li>
{{end}}
</ul> </ul>
</div> </div>
</div> </div>
@ -90,9 +63,67 @@
{{end}} {{end}}
{{define "scripts"}} {{define "scripts"}}
<script src="https://cdn.jsdelivr.net/npm/bootstrap@5.1.3/dist/js/bootstrap.bundle.min.js" <script>
integrity="sha384-ka7Sk0Gln4gmtz2MlQnikT1wXgYsOg+OMhuP+IlRH9sENBO0LRn5q+8nbTov4+1p" const button_login = document.getElementById("button-login");
crossorigin="anonymous"></script> const button_logout = document.getElementById("button-logout");
const button_tasks = document.getElementById("button-tasks");
const username = getCookie("username");
function setCookie(cookie_name, cookie_value, cookie_expiry) {
const d = new Date();
d.setTime(d.getTime() + (cookie_expiry * 24 * 60 * 60 * 1000));
let expires = "expires=" + d.toUTCString();
document.cookie = cookie_name + "=" + cookie_value + ";" + expires + ";path=/;SameSite=Lax"
}
function deleteCookie(cookie_name) {
document.cookie = cookie_name + "=" + ";expires=Thu, 01 Jan 1970 00:00:00 UTC;path=/;SameSite=Lax"
}
function getCookie(cookie_name) {
let name = cookie_name + "=";
let decodedCookie = decodeURIComponent(document.cookie);
let cookieArray = decodedCookie.split('; ');
let result;
cookieArray.forEach(val => {
if (val.indexOf(name) === 0) result = val.substring(name.length);
})
return result;
}
function redirect(location) {
window.location.href = location;
}
async function userLoggedIn() {
let data = new FormData();
data.append("username", username);
const response = await fetch("/user", {method: 'POST', body: data});
const json = await response.json();
if (json.logged_in === true) {
button_login.hidden = true;
button_logout.hidden = false;
button_tasks.hidden = false;
} else {
button_login.hidden = false;
button_logout.hidden = true;
button_tasks.hidden = true;
}
return json.logged_in
}
async function logout() {
button_logout.disabled = true;
let data = new FormData();
data.append("username", username);
const response = await fetch("/logout", {method: 'POST', body: data});
deleteCookie("username");
response.ok && redirect("/");
}
</script>
{{end}}
{{define "formScripts"}}
<script> <script>
let form = document.querySelector('.needs-validation') let form = document.querySelector('.needs-validation')
if (form) { if (form) {
@ -113,9 +144,5 @@
form.classList.add('was-validated'); form.classList.add('was-validated');
}, false); }, false);
} }
function redirect(location) {
window.location.href = location;
}
</script> </script>
{{end}} {{end}}

5
Lab01/app/templates/login.tmpl
View file

@ -16,12 +16,15 @@
</div> </div>
{{template "scripts" .}} {{template "scripts" .}}
{{template "formScripts" .}}
<script> <script>
userLoggedIn().then((loggedIn) => loggedIn && redirect("/"));
async function submitForm(formData) { async function submitForm(formData) {
const response = await fetch("/login", {method: 'POST', body: formData, redirect: 'follow'}); const response = await fetch("/login", {method: 'POST', body: formData, redirect: 'follow'});
if (response.ok) { if (response.ok) {
const json = await response.json(); const json = await response.json();
console.log("JSON:", json.message); setCookie("username", json.username, 1);
redirect("/"); redirect("/");
} else { } else {
redirect("/login"); redirect("/login");

4
Lab01/app/templates/register.tmpl
View file

@ -15,14 +15,14 @@
<a class="link-secondary" href="/login">Login instead</a> <a class="link-secondary" href="/login">Login instead</a>
</div> </div>
{{template "scripts" .}} {{template "scripts" .}}
{{template "formScripts" .}}
<script> <script>
async function submitForm(formData) { async function submitForm(formData) {
const response = await fetch("/register", {method: 'POST', body: formData, redirect: 'follow'}); const response = await fetch("/register", {method: 'POST', body: formData, redirect: 'follow'});
if (response.ok) { if (response.ok) {
const json = await response.json(); const json = await response.json();
console.log("JSON:", json.message); console.log(json);
redirect("/"); redirect("/");
} else { } else {
redirect("/register"); redirect("/register");

21
Lab01/app/templates/tasks.tmpl Normal file
View file

@ -0,0 +1,21 @@
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<title>{{ .title }}</title>
{{template "head" .}}
</head>
<body>
{{template "navbar" .}}
<div class="position-absolute top-50 start-50 translate-middle">
<div class="fs-3">{{ .title }}</div>
<hr>
</div>
{{template "scripts" .}}
<script>
userLoggedIn().then((loggedIn) => !loggedIn && redirect("/login"));
</script>
</body>
</html>

64
Lab01/app/webpage/webpage.go
View file

@ -8,47 +8,39 @@ import (
) )
func (wp *Webpage) redirectHome(c *gin.Context) { func (wp *Webpage) redirectHome(c *gin.Context) {
c.Redirect(http.StatusTemporaryRedirect, "/") c.Redirect(http.StatusTemporaryRedirect, "/tasks")
}
func (wp *Webpage) userIsLoggedIn(c *gin.Context) bool {
if wp.isLoggedIn {
wp.redirectHome(c)
return true
}
return false
} }
func (wp *Webpage) defineRoutes() { func (wp *Webpage) defineRoutes() {
wp.Router.GET("/", func(c *gin.Context) { wp.Router.GET("/tasks", func(c *gin.Context) {
c.HTML(http.StatusOK, "index.tmpl", gin.H{ c.HTML(http.StatusOK, "tasks.tmpl", gin.H{"title": "Tasks"})
"title": "SuperSafe", })
"loggedIn": wp.isLoggedIn, wp.Router.GET("/login", func(c *gin.Context) {
}) c.HTML(http.StatusOK, "login.tmpl", gin.H{"title": "Login"})
})
wp.Router.GET("/register", func(c *gin.Context) {
c.HTML(http.StatusOK, "register.tmpl", gin.H{"title": "Register"})
}) })
wp.Router.GET("/login", func(c *gin.Context) { wp.Router.POST("/user", func(c *gin.Context) {
if wp.userIsLoggedIn(c) { username, uExisting := c.GetPostForm("username")
if uExisting == false || username == "" {
c.JSON(400, gin.H{"message": "bad post form"})
return return
} }
c.HTML(http.StatusOK, "login.tmpl", gin.H{ success := wp.Database.UserIsLoggedIn(username)
"title": "Login", c.JSON(200, gin.H{"logged_in": success, "username": username})
"loggedIn": wp.isLoggedIn,
})
}) })
wp.Router.GET("/logout", func(c *gin.Context) { wp.Router.POST("/logout", func(c *gin.Context) {
wp.isLoggedIn = false username, uExisting := c.GetPostForm("username")
wp.redirectHome(c) if uExisting == false || username == "" {
}) c.JSON(400, gin.H{"message": "bad post form"})
return
wp.Router.GET("/register", func(c *gin.Context) { }
wp.userIsLoggedIn(c) success := wp.Database.LogoutUser(username)
c.HTML(http.StatusOK, "register.tmpl", gin.H{ c.JSON(200, gin.H{"logged_out": success, "username": username})
"title": "Register",
"loggedIn": wp.isLoggedIn,
})
}) })
wp.Router.POST("/login", func(c *gin.Context) { wp.Router.POST("/login", func(c *gin.Context) {
@ -58,17 +50,11 @@ func (wp *Webpage) defineRoutes() {
c.JSON(400, gin.H{"message": "bad post form"}) c.JSON(400, gin.H{"message": "bad post form"})
return return
} }
success, err := wp.Database.LoginUser(username, password) success := wp.Database.LoginUser(username, password)
if err != nil {
c.JSON(500, gin.H{"message": err.Error()})
return
}
if success == true { if success == true {
wp.isLoggedIn = true c.JSON(200, gin.H{"logged_in": success, "username": username})
c.JSON(200, gin.H{"message": "login successfull"})
return return
} }
wp.isLoggedIn = false
c.JSON(401, gin.H{"message": "user or password not found"}) c.JSON(401, gin.H{"message": "user or password not found"})
}) })