This commit is contained in:
Andre Henriques 2023-10-25 14:22:45 +01:00
parent beeb42be56
commit 0d4b8917d1
3 changed files with 150 additions and 1 deletions

View File

@ -204,6 +204,102 @@ func usersEndpints(db *sql.DB, handle *Handle) {
return nil
})
handle.Get("/user/info", func(w http.ResponseWriter, r *http.Request, c *Context) *Error {
if !CheckAuthLevel(1, w, r, c) {
return nil
}
if c.Mode == JSON {
return c.Error500(nil)
}
LoadBasedOnAnswer(c.Mode, w, "users/edit.html", c.AddMap(AnyMap{
"Email": c.User.Email,
}))
return nil
})
handle.Post("/user/info/email", func(w http.ResponseWriter, r *http.Request, c *Context) *Error {
if !CheckAuthLevel(1, w, r, c) {
return nil
}
if c.Mode == JSON {
return c.Error500(nil)
}
r.ParseForm()
if CheckEmpty(r.Form, "email") {
return c.Error400(nil, "Email Not provided", w, "users/edit.html", "mainbody", c.AddMap(AnyMap{
"Email": c.User.Email,
}))
}
c.Logger.Warn("test", "email", r.Form.Get("email"))
_, err := c.Db.Exec("update users set email=$1 where id=$2", r.Form.Get("email"), c.User.Id)
if err != nil {
return c.Error500(err)
}
LoadBasedOnAnswer(c.Mode, w, "users/edit.html", c.AddMap(AnyMap{
"Email": r.Form.Get("email"),
}))
return nil
})
handle.Post("/user/info/password", func(w http.ResponseWriter, r *http.Request, c *Context) *Error {
if !CheckAuthLevel(1, w, r, c) {
return nil
}
if c.Mode == JSON {
return c.Error500(nil)
}
r.ParseForm()
f := r.Form
if CheckEmpty(f, "old_password") || CheckEmpty(f, "password") || CheckEmpty(f, "password2") {
return c.Error400(nil, "OldPassword, Password or Password2 not provided!", w, "users/edit.html", "mainbody", c.AddMap(AnyMap{
"Email": c.User.Email,
"NoUserOrPassword": true,
}))
}
password := f.Get("password")
password2 := f.Get("password2")
if password != password2 {
return c.Error400(nil, "New passwords did not match", w, "users/edit.html", "mainbody", c.AddMap(AnyMap{
"Email": c.User.Email,
"PasswordNotTheSame": true,
}))
}
_, login := generateToken(db, c.User.Email, f.Get("old_password"))
if !login {
return c.Error400(nil, "Password was incorrect", w, "users/edit.html", "mainbody", c.AddMap(AnyMap{
"Email": c.User.Email,
"NoUserOrPassword": true,
}))
}
salt := generateSalt()
hash_password, err := hashPassword(password, salt)
if err != nil {
return c.Error500(err)
}
_, err = db.Exec("update users set salt=$1, password=$2 where id=$3", salt, hash_password, c.User.Id)
if err != nil {
return c.Error500(err)
}
LoadBasedOnAnswer(c.Mode, w, "users/edit.html", c.AddMap(AnyMap{
"email": c.User.Email,
}))
return nil
})
handle.Get("/logout", func(w http.ResponseWriter, r *http.Request, c *Context) *Error {
if c.Mode == JSON {
panic("TODO handle json")

View File

@ -15,6 +15,9 @@
<li class="expand"></li>
{{ if .Context.User }}
<li>
<a hx-get="/user/info" hx-headers='{"REQUEST-TYPE": "htmlfull"}' hx-push-url="true" hx-swap="outerHTML" hx-target=".app">
User Info
</a>
<a hx-get="/logout" hx-headers='{"REQUEST-TYPE": "htmlfull"}' hx-push-url="true" hx-swap="outerHTML" hx-target=".app">
Logout
</a>

50
views/users/edit.html Normal file
View File

@ -0,0 +1,50 @@
{{ define "title" }}
User Info
{{ end }}
{{define "mainbody"}}
<div class="login-page">
<div>
<h1>
User Infomation
</h1>
<form method="post" action="/user/info/email" {{if .Submited}}class="submitted"{{end}} >
<fieldset>
<label for="email">Email</label>
<input type="email" required name="email" {{if .Email}} value="{{.Email}}" {{end}} />
</fieldset>
<button>
Update
</button>
</form>
<form method="post" action="/user/info/password" {{if .Submited}}class="submitted"{{end}} >
<fieldset>
<label for="old_password">Old Password</label>
<input required name="old_password" type="password" />
{{if .NoUserOrPassword}}
<span class="form-msg error">
Either the password is incorrect
</span>
{{end}}
</fieldset>
<fieldset>
<label for="password">New Password</label>
<input required name="password" type="password" />
</fieldset>
<fieldset>
<label for="password2">Repeat New Password</label>
<input required name="password2" type="password" />
{{if .PasswordNotTheSame}}
<span class="form-msg error">
Either the passwords are not the same
</span>
{{end}}
</fieldset>
<button>
Update
</button>
</form>
</div>
</div>
{{end}}