af9ffddf84
Add renderTemplate helper method on Handlers that renders templates to a bytes.Buffer first, then writes to the ResponseWriter only on success. This prevents partial/corrupt HTML when template execution fails partway through. Applied to all template rendering call sites in: - setup.go (HandleSetupGET, renderSetupError) - auth.go (HandleLoginGET, HandleLoginPOST error paths) - dashboard.go (HandleDashboard) - app.go (HandleAppNew, HandleAppCreate, HandleAppDetail, HandleAppEdit, HandleAppUpdate, HandleAppDeployments)
79 lines
2.0 KiB
Go
79 lines
2.0 KiB
Go
package handlers
|
|
|
|
import (
|
|
"net/http"
|
|
|
|
"git.eeqj.de/sneak/upaas/templates"
|
|
)
|
|
|
|
// HandleLoginGET returns the login page handler.
|
|
func (h *Handlers) HandleLoginGET() http.HandlerFunc {
|
|
tmpl := templates.GetParsed()
|
|
|
|
return func(writer http.ResponseWriter, request *http.Request) {
|
|
data := h.addGlobals(map[string]any{}, request)
|
|
|
|
h.renderTemplate(writer, tmpl, "login.html", data)
|
|
}
|
|
}
|
|
|
|
// HandleLoginPOST handles the login form submission.
|
|
func (h *Handlers) HandleLoginPOST() http.HandlerFunc {
|
|
tmpl := templates.GetParsed()
|
|
|
|
return func(writer http.ResponseWriter, request *http.Request) {
|
|
parseErr := request.ParseForm()
|
|
if parseErr != nil {
|
|
http.Error(writer, "Bad Request", http.StatusBadRequest)
|
|
|
|
return
|
|
}
|
|
|
|
username := request.FormValue("username")
|
|
password := request.FormValue("password")
|
|
|
|
data := h.addGlobals(map[string]any{
|
|
"Username": username,
|
|
}, request)
|
|
|
|
if username == "" || password == "" {
|
|
data["Error"] = "Username and password are required"
|
|
h.renderTemplate(writer, tmpl, "login.html", data)
|
|
|
|
return
|
|
}
|
|
|
|
user, authErr := h.auth.Authenticate(request.Context(), username, password)
|
|
if authErr != nil {
|
|
data["Error"] = "Invalid username or password"
|
|
h.renderTemplate(writer, tmpl, "login.html", data)
|
|
|
|
return
|
|
}
|
|
|
|
sessionErr := h.auth.CreateSession(writer, request, user)
|
|
if sessionErr != nil {
|
|
h.log.Error("failed to create session", "error", sessionErr)
|
|
|
|
data["Error"] = "Failed to create session"
|
|
h.renderTemplate(writer, tmpl, "login.html", data)
|
|
|
|
return
|
|
}
|
|
|
|
http.Redirect(writer, request, "/", http.StatusSeeOther)
|
|
}
|
|
}
|
|
|
|
// HandleLogout handles logout requests.
|
|
func (h *Handlers) HandleLogout() http.HandlerFunc {
|
|
return func(writer http.ResponseWriter, request *http.Request) {
|
|
destroyErr := h.auth.DestroySession(writer, request)
|
|
if destroyErr != nil {
|
|
h.log.Error("failed to destroy session", "error", destroyErr)
|
|
}
|
|
|
|
http.Redirect(writer, request, "/login", http.StatusSeeOther)
|
|
}
|
|
}
|