165 lines
4.7 KiB
Go
165 lines
4.7 KiB
Go
package webpage
|
|
|
|
import (
|
|
"app/database"
|
|
"github.com/gin-contrib/static"
|
|
"github.com/gin-gonic/gin"
|
|
"net/http"
|
|
)
|
|
|
|
func (wp *Webpage) redirectHome(c *gin.Context) {
|
|
c.Redirect(http.StatusTemporaryRedirect, "/view/tasks")
|
|
}
|
|
|
|
func (wp *Webpage) isLoggedInMiddleware(c *gin.Context) bool {
|
|
username := c.Request.Header.Get("username")
|
|
if wp.Database.UserIsLoggedIn(username) {
|
|
return true
|
|
} else {
|
|
c.JSON(401, gin.H{"message": "unauthorized"})
|
|
return false
|
|
}
|
|
}
|
|
|
|
func (wp *Webpage) defineRoutes() {
|
|
|
|
view := wp.Router.Group("/view")
|
|
{
|
|
view.GET("/tasks", func(c *gin.Context) {
|
|
c.HTML(http.StatusOK, "tasks.tmpl", gin.H{"title": "Tasks"})
|
|
})
|
|
view.GET("/login", func(c *gin.Context) {
|
|
c.HTML(http.StatusOK, "login.tmpl", gin.H{"title": "Login"})
|
|
})
|
|
view.GET("/register", func(c *gin.Context) {
|
|
c.HTML(http.StatusOK, "register.tmpl", gin.H{"title": "Register"})
|
|
})
|
|
}
|
|
tasks := wp.Router.Group("/tasks")
|
|
{
|
|
tasks.GET("", func(c *gin.Context) {
|
|
if wp.isLoggedInMiddleware(c) {
|
|
username := c.Request.Header.Get("username")
|
|
filter := c.Query("filter")
|
|
if filter != "" {
|
|
// SQL Injection: http://localhost:8080/tasks?filter=' or 1=1--
|
|
tasks := wp.Database.FilteredTasks(username, filter)
|
|
c.JSON(200, gin.H{"tasks": tasks})
|
|
return
|
|
}
|
|
tasks := wp.Database.GetAllTasks(username)
|
|
c.JSON(200, gin.H{"tasks": tasks})
|
|
}
|
|
})
|
|
tasks.POST("", func(c *gin.Context) {
|
|
if wp.isLoggedInMiddleware(c) {
|
|
username := c.Request.Header.Get("username")
|
|
description, existing := c.GetPostForm("description")
|
|
if existing == false || description == "" {
|
|
c.JSON(400, gin.H{"message": "bad post form"})
|
|
return
|
|
}
|
|
task := wp.Database.CreateTask(username, description)
|
|
c.JSON(200, gin.H{"task": task})
|
|
}
|
|
})
|
|
tasks.DELETE("", func(c *gin.Context) {
|
|
if wp.isLoggedInMiddleware(c) {
|
|
id := c.Query("id")
|
|
ok := wp.Database.DeleteTask(id)
|
|
if !ok {
|
|
c.JSON(500, gin.H{"message": "cannot delete task"})
|
|
return
|
|
}
|
|
c.JSON(200, gin.H{"message": "success"})
|
|
}
|
|
})
|
|
tasks.PUT("", func(c *gin.Context) {
|
|
if wp.isLoggedInMiddleware(c) {
|
|
id := c.Query("id")
|
|
done := c.Query("done")
|
|
ok := wp.Database.UpdateTask(id, done)
|
|
if !ok {
|
|
c.JSON(500, gin.H{"message": "cannot update task"})
|
|
return
|
|
}
|
|
c.JSON(200, gin.H{"message": "success"})
|
|
}
|
|
})
|
|
}
|
|
|
|
auth := wp.Router.Group("/auth")
|
|
{
|
|
auth.GET("/user", func(c *gin.Context) {
|
|
username := c.Request.Header.Get("username")
|
|
if username != "" {
|
|
success := wp.Database.UserIsLoggedIn(username)
|
|
c.JSON(200, gin.H{"logged_in": success, "username": username})
|
|
return
|
|
}
|
|
c.JSON(200, gin.H{"logged_in": false, "username": ""})
|
|
})
|
|
auth.PUT("/user", func(c *gin.Context) {
|
|
username := c.Query("username")
|
|
password := c.Query("password")
|
|
wp.Database.ChangeUserPassword(username, password)
|
|
c.JSON(200, gin.H{"message": "success"})
|
|
})
|
|
auth.POST("/logout", func(c *gin.Context) {
|
|
username, uExisting := c.GetPostForm("username")
|
|
if uExisting == false || username == "" {
|
|
c.JSON(400, gin.H{"message": "bad post form"})
|
|
return
|
|
}
|
|
success := wp.Database.LogoutUser(username)
|
|
c.JSON(200, gin.H{"logged_out": success, "username": username})
|
|
})
|
|
auth.POST("/login", func(c *gin.Context) {
|
|
username, uExisting := c.GetPostForm("username")
|
|
password, pExisting := c.GetPostForm("password")
|
|
if uExisting == false || pExisting == false || username == "" || password == "" {
|
|
c.JSON(400, gin.H{"message": "no valid post form"})
|
|
return
|
|
}
|
|
success := wp.Database.LoginUser(username, password)
|
|
if success == true {
|
|
c.JSON(200, gin.H{"logged_in": success, "username": username})
|
|
return
|
|
}
|
|
c.JSON(401, gin.H{"message": "user or password not found"})
|
|
})
|
|
auth.POST("/register", func(c *gin.Context) {
|
|
username, uExisting := c.GetPostForm("username")
|
|
password, pExisting := c.GetPostForm("password")
|
|
if uExisting == false || pExisting == false || username == "" || password == "" {
|
|
c.JSON(400, gin.H{"message": "no valid post form"})
|
|
return
|
|
}
|
|
err := wp.Database.CreateUser(username, password)
|
|
if err != nil {
|
|
c.JSON(500, gin.H{"message": err.Error()})
|
|
return
|
|
}
|
|
c.JSON(200, gin.H{"message": "user registered", "username": username})
|
|
})
|
|
}
|
|
wp.Router.NoRoute(func(c *gin.Context) {
|
|
wp.redirectHome(c)
|
|
})
|
|
}
|
|
|
|
func (wp *Webpage) initialize() {
|
|
wp.Database = database.Database{Location: "sqlite.db"}
|
|
wp.Database.Initialize()
|
|
}
|
|
|
|
func (wp *Webpage) Run() {
|
|
wp.initialize()
|
|
wp.Router = gin.New()
|
|
wp.Router.Use(gin.Recovery())
|
|
wp.Router.SetTrustedProxies(nil)
|
|
wp.Router.Use(static.Serve("/static", static.LocalFile("./static", false)))
|
|
wp.Router.LoadHTMLGlob("templates/*")
|
|
wp.defineRoutes()
|
|
wp.Router.Run()
|
|
}
|