lucifer/controllers/user-controller.go

package controllers

import (
	"encoding/json"
	"net/http"
	"time"

	"git.aiterp.net/lucifer/lucifer/internal/respond"
	"git.aiterp.net/lucifer/lucifer/models"
	"github.com/gorilla/mux"
)

// The UserController is a controller for all user inports.
type UserController struct {
	users models.UserRepository
}

// getUsers (`GET /`): List users
func (c *UserController) getUsers(w http.ResponseWriter, r *http.Request) {
	if session := models.SessionFromContext(r.Context()); session == nil {
		respond.Error(w, 403, "permission_denied", "You must log in")
		return
	}

	users, err := c.users.List(r.Context())
	if err != nil {
		respond.Error(w, 500, "db_error", err.Error())
		return
	}

	respond.JSON(w, 200, users)
}

// login (`POST /login`): Log in as user
func (c *UserController) login(w http.ResponseWriter, r *http.Request) {
	loginData := struct {
		Username string `json:"username"`
		Password string `json:"password"`
	}{}

	err := json.NewDecoder(r.Body).Decode(&loginData)
	if err != nil {
		respond.Error(w, 400, "invalid_json", "Input is not valid JSON.")
		return
	}

	user, err := c.users.FindByName(r.Context(), loginData.Username)
	if err != nil {
		respond.Error(w, http.StatusUnauthorized, "login_failed", "Login failed.")
		return
	}

	if err := user.CheckPassword(loginData.Password); err != nil {
		respond.Error(w, http.StatusUnauthorized, "login_failed", "Login failed.")
		return
	}

	session := models.Session{
		Expires: time.Now().Add(7 * 24 * time.Hour),
		UserID:  user.ID,
	}
	session.GenerateID()

	http.SetCookie(w, session.Cookie())

	respond.JSON(w, 200, user)
}

// Mount mounts the controller
func (c *UserController) Mount(router *mux.Router, prefix string) {
	sub := router.PathPrefix(prefix).Subrouter()

	sub.HandleFunc("/", c.getUsers).Methods("GET")
	sub.HandleFunc("/login", c.login).Methods("POST")
}

// NewUserController creates a new UserController.
func NewUserController(users models.UserRepository) *UserController {
	return &UserController{users: users}
}