login user

Author: avoidik

cmd/web/handlers.go

@@ -161,11 +161,54 @@ func (app *App) CreateUser(w http.ResponseWriter, r *http.Request) {
 }
 
 func (app *App) LoginUser(w http.ResponseWriter, r *http.Request) {
-	fmt.Fprint(w, "LoginUser")
+	session := app.sessions.Load(r)
+	flash, err := session.PopString(w, "flash")
+	if err != nil {
+		app.ServerError(w, err)
+		return
+	}
+
+	app.RenderHtml(w, r, "login.page.html", &HtmlData{
+		Form:  &forms.LoginUser{},
+		Flash: flash,
+	})
 }
 
 func (app *App) VerifyUser(w http.ResponseWriter, r *http.Request) {
-	fmt.Fprint(w, "VerifyUser")
+	err := r.ParseForm()
+	if err != nil {
+		app.ClientError(w, http.StatusBadRequest)
+		return
+	}
+
+	form := &forms.LoginUser{
+		Email:    r.PostForm.Get("email"),
+		Password: r.PostForm.Get("password"),
+	}
+
+	if !form.Valid() {
+		app.RenderHtml(w, r, "login.page.html", &HtmlData{Form: form})
+		return
+	}
+
+	currentUserId, err := app.database.VerifyUser(form.Email, form.Password)
+	if err == models.ErrInvalidCredentials {
+		form.Failures["Generic"] = "Email or Password incorret"
+		app.RenderHtml(w, r, "login.page.html", &HtmlData{Form: form})
+		return
+	} else if err != nil {
+		app.ServerError(w, err)
+		return
+	}
+
+	session := app.sessions.Load(r)
+	err = session.PutInt(w, "currentUserId", currentUserId)
+	if err != nil {
+		app.ServerError(w, err)
+		return
+	}
+
+	http.Redirect(w, r, "/snippet/new", http.StatusSeeOther)
 }
 
 func (app *App) LogoutUser(w http.ResponseWriter, r *http.Request) {

pkg/forms/forms.go

@@ -22,6 +22,12 @@ type SignupUser struct {
 	Failures map[string]string
 }
 
+type LoginUser struct {
+	Email    string
+	Password string
+	Failures map[string]string
+}
+
 func (ns *NewSnippet) Valid() bool {
 	ns.Failures = make(map[string]string)
 
@@ -68,3 +74,21 @@ func (su *SignupUser) Valid() bool {
 
 	return len(su.Failures) == 0
 }
+
+func (lu *LoginUser) Valid() bool {
+	lu.Failures = make(map[string]string)
+
+	if len(strings.TrimSpace(lu.Email)) == 0 {
+		lu.Failures["Email"] = "Email is required"
+	} else if len(strings.TrimSpace(lu.Email)) > 254 || !rxEmail.MatchString(lu.Email) {
+		lu.Failures["Email"] = "Email is not valid"
+	}
+
+	if len(strings.TrimSpace(lu.Password)) == 0 {
+		lu.Failures["Password"] = "Password is required"
+	} else if utf8.RuneCountInString(lu.Password) < 8 {
+		lu.Failures["Password"] = "Password is too short"
+	}
+
+	return len(lu.Failures) == 0
+}

pkg/models/database.go

@@ -12,7 +12,10 @@ type Database struct {
 	*sql.DB
 }
 
-var ErrDuplicateEmail = errors.New("models: email address already in use")
+var (
+	ErrDuplicateEmail     = errors.New("models: email address already in use")
+	ErrInvalidCredentials = errors.New("models: invalid credentials")
+)
 
 func (db *Database) GetSnippet(id int) (*Snippet, error) {
 	stmt := `SELECT id, title, content, created, expires FROM snippets
@@ -153,3 +156,27 @@ func (db *Database) InsertUser(name, email, password string) error {
 	}
 	return err
 }
+
+func (db *Database) VerifyUser(email, password string) (int, error) {
+	stmt := `SELECT id, password FROM users
+	WHERE email = ?`
+
+	var id int
+	var hashedPassword []byte
+	row := db.QueryRow(stmt, email)
+	err := row.Scan(&id, &hashedPassword)
+	if err == sql.ErrNoRows {
+		return 0, ErrInvalidCredentials
+	} else if err != nil {
+		return 0, err
+	}
+
+	err = bcrypt.CompareHashAndPassword(hashedPassword, []byte(password))
+	if err == bcrypt.ErrMismatchedHashAndPassword {
+		return 0, ErrInvalidCredentials
+	} else if err != nil {
+		return 0, err
+	}
+
+	return id, nil
+}

ui/html/login.page.html

@@ -0,0 +1,35 @@
+{{define "page-title"}}Login{{end}}
+
+{{define "page-body"}}
+    {{with .Flash}}
+    <div class="flash">{{.}}</div>
+    {{end}}
+    <form action="/user/login" method="POST" novalidate>
+        {{with .Form}}
+            {{with .Failures.Generic}}
+            <div class="error">{{.}}</div>
+            {{end}}
+            <div>
+                <label>Email:</label>
+                {{with .Failures.Email}}
+                <label class="error">{{.}}</label>
+                {{end}}
+                <input type="email" name="email" value="{{.Email}}">
+            </div>
+            <div>
+                <label>Password:</label>
+                {{with .Failures.Password}}
+                <label class="error">{{.}}</label>
+                {{end}}
+                <input type="password" name="password">
+            </div>
+            <div>
+                <input type="submit" value="Submit">
+            </div>
+        {{end}}
+    </form>
+{{end}}
+
+{{define "page-footer"}}
+Entrance to a heaven
+{{- end}}