router/user.go

package router

import (
	"errors"
	"net/http"

	"forge.capytal.company/capytalcode/project-comicverse/service"
	"forge.capytal.company/capytalcode/project-comicverse/templates"
	"forge.capytal.company/loreddev/x/smalltrip/exception"
	"forge.capytal.company/loreddev/x/smalltrip/middleware"
	"forge.capytal.company/loreddev/x/tinyssert"
)

type userController struct {
	assert    tinyssert.Assertions
	templates templates.ITemplate
	service   *service.UserService

	loginPath string
}

func newUserController(
	service *service.UserService,
	templates templates.ITemplate,
	assert tinyssert.Assertions,
) userController {
	return userController{
		assert:    assert,
		templates: templates,
		service:   service,
	}
}

func (ctrl userController) login(w http.ResponseWriter, r *http.Request) {
	ctrl.assert.NotNil(ctrl.templates)
	ctrl.assert.NotNil(ctrl.service)

	if r.Method == http.MethodGet {
		err := ctrl.templates.ExecuteTemplate(w, "login", nil)
		if err != nil {
			exception.InternalServerError(err).ServeHTTP(w, r)
		}
		return
	}
	if r.Method != http.MethodPost {
		exception.MethodNotAllowed([]string{http.MethodGet, http.MethodPost}).
			ServeHTTP(w, r)
		return
	}

	user, passwd := r.FormValue("username"), r.FormValue("password")
	if user == "" {
		exception.BadRequest(errors.New(`missing "username" form value`)).ServeHTTP(w, r)
		return
	}
	if passwd == "" {
		exception.BadRequest(errors.New(`missing "password" form value`)).ServeHTTP(w, r)
		return
	}

	// TODO: Move token issuing to it's own service, make UserService.Login just return the user
	token, _, err := ctrl.service.Login(user, passwd)
	if errors.Is(err, service.ErrNotFound) {
		exception.NotFound(exception.WithError(errors.New("user not found"))).ServeHTTP(w, r)
		return
	} else if err != nil {
		exception.InternalServerError(err).ServeHTTP(w, r)
		return
	}

	// TODO: harden the cookie policy to the same domain
	cookie := &http.Cookie{
		Path:     "/",
		HttpOnly: true,
		Name:     "token",
		Value:    token,
	}
	http.SetCookie(w, cookie)

	http.Redirect(w, r, "/", http.StatusSeeOther)
}

func (ctrl userController) register(w http.ResponseWriter, r *http.Request) {
	ctrl.assert.NotNil(ctrl.templates)
	ctrl.assert.NotNil(ctrl.service)

	if r.Method == http.MethodGet {
		err := ctrl.templates.ExecuteTemplate(w, "register", nil)
		if err != nil {
			exception.InternalServerError(err).ServeHTTP(w, r)
		}
		return
	}

	if r.Method != http.MethodPost {
		exception.MethodNotAllowed([]string{http.MethodGet, http.MethodPost}).ServeHTTP(w, r)
		return
	}

	user, passwd := r.FormValue("username"), r.FormValue("password")
	if user == "" {
		exception.BadRequest(errors.New(`missing "username" form value`)).ServeHTTP(w, r)
		return
	}
	if passwd == "" {
		exception.BadRequest(errors.New(`missing "password" form value`)).ServeHTTP(w, r)
		return
	}

	_, err := ctrl.service.Register(user, passwd)
	if err != nil {
		exception.InternalServerError(err).ServeHTTP(w, r)
		return
	}

	// TODO: Move token issuing to it's own service, make UserService.Login just return the user
	token, _, err := ctrl.service.Login(user, passwd)
	if err == service.ErrNotFound {
		exception.NotFound(exception.WithError(errors.New("user not found"))).ServeHTTP(w, r)
		return
	} else if err != nil {
		exception.InternalServerError(err).ServeHTTP(w, r)
		return
	}

	// TODO: harden the cookie policy to the same domain
	cookie := &http.Cookie{
		Path:     "/",
		HttpOnly: true,
		Name:     "token",
		Value:    token,
	}
	http.SetCookie(w, cookie)

	http.Redirect(w, r, "/", http.StatusSeeOther)
}

func (ctrl userController) authMiddleware(next http.Handler) http.Handler {
	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
		if ctrl.isLogged(r) {
			http.Redirect(w, r, ctrl.loginPath, http.StatusTemporaryRedirect)
		}
		next.ServeHTTP(w, r)
	})
}

var _ middleware.Middleware = userController{}.authMiddleware

func (ctrl userController) isLogged(r *http.Request) bool {
	// TODO: Check if token in valid (depends on token service being implemented)
	cs := r.CookiesNamed("token")
	return len(cs) > 0
}
feat: user controller 2025-05-30 18:05:40 -03:00			`package router`

			`import (`
			`"errors"`
			`"net/http"`

			`"forge.capytal.company/capytalcode/project-comicverse/service"`
			`"forge.capytal.company/capytalcode/project-comicverse/templates"`
			`"forge.capytal.company/loreddev/x/smalltrip/exception"`
refactor: rename files to their singular form 2025-06-10 10:34:14 -03:00			`"forge.capytal.company/loreddev/x/smalltrip/middleware"`
feat: user controller 2025-05-30 18:05:40 -03:00			`"forge.capytal.company/loreddev/x/tinyssert"`
			`)`

			`type userController struct {`
			`assert tinyssert.Assertions`
			`templates templates.ITemplate`
			`service *service.UserService`
refactor: rename files to their singular form 2025-06-10 10:34:14 -03:00
			`loginPath string`
feat: user controller 2025-05-30 18:05:40 -03:00			`}`

feat(router): handle /login and /register routes 2025-06-06 16:33:24 -03:00			`func newUserController(`
			`service *service.UserService,`
			`templates templates.ITemplate,`
			`assert tinyssert.Assertions,`
			`) userController {`
			`return userController{`
			`assert: assert,`
			`templates: templates,`
			`service: service,`
			`}`
			`}`

refactor(router): rename c receiver to ctrl 2025-06-09 19:27:46 -03:00			`func (ctrl userController) login(w http.ResponseWriter, r *http.Request) {`
			`ctrl.assert.NotNil(ctrl.templates)`
			`ctrl.assert.NotNil(ctrl.service)`
feat: user controller 2025-05-30 18:05:40 -03:00
			`if r.Method == http.MethodGet {`
refactor(router): rename c receiver to ctrl 2025-06-09 19:27:46 -03:00			`err := ctrl.templates.ExecuteTemplate(w, "login", nil)`
feat: user controller 2025-05-30 18:05:40 -03:00			`if err != nil {`
			`exception.InternalServerError(err).ServeHTTP(w, r)`
			`}`
			`return`
			`}`
			`if r.Method != http.MethodPost {`
			`exception.MethodNotAllowed([]string{http.MethodGet, http.MethodPost}).`
			`ServeHTTP(w, r)`
			`return`
			`}`

			`user, passwd := r.FormValue("username"), r.FormValue("password")`
			`if user == "" {`
fix(router,users): correct username form value name on error 2025-06-06 16:34:16 -03:00			exception.BadRequest(errors.New(`missing "username" form value`)).ServeHTTP(w, r)
feat: user controller 2025-05-30 18:05:40 -03:00			`return`
			`}`
			`if passwd == "" {`
			exception.BadRequest(errors.New(`missing "password" form value`)).ServeHTTP(w, r)
			`return`
			`}`

feat(router,users): return token cookie on login 2025-06-06 16:34:41 -03:00			`// TODO: Move token issuing to it's own service, make UserService.Login just return the user`
refactor(router): rename c receiver to ctrl 2025-06-09 19:27:46 -03:00			`token, _, err := ctrl.service.Login(user, passwd)`
feat(router,users): return token cookie on login 2025-06-06 16:34:41 -03:00			`if errors.Is(err, service.ErrNotFound) {`
			`exception.NotFound(exception.WithError(errors.New("user not found"))).ServeHTTP(w, r)`
			`return`
			`} else if err != nil {`
			`exception.InternalServerError(err).ServeHTTP(w, r)`
			`return`
			`}`

			`// TODO: harden the cookie policy to the same domain`
			`cookie := &http.Cookie{`
feat(router): set session token cookie 2025-06-09 19:19:00 -03:00			`Path: "/",`
			`HttpOnly: true,`
			`Name: "token",`
			`Value: token,`
feat(router,users): return token cookie on login 2025-06-06 16:34:41 -03:00			`}`
			`http.SetCookie(w, cookie)`

			`http.Redirect(w, r, "/", http.StatusSeeOther)`
feat: user controller 2025-05-30 18:05:40 -03:00			`}`
feat(router,users): return token cookie on login 2025-06-06 16:34:41 -03:00
refactor(router): rename c receiver to ctrl 2025-06-09 19:19:27 -03:00			`func (ctrl userController) register(w http.ResponseWriter, r *http.Request) {`
			`ctrl.assert.NotNil(ctrl.templates)`
			`ctrl.assert.NotNil(ctrl.service)`
feat(router,users): register method for creating a new user 2025-06-06 16:34:59 -03:00
			`if r.Method == http.MethodGet {`
refactor(router): rename c receiver to ctrl 2025-06-09 19:19:27 -03:00			`err := ctrl.templates.ExecuteTemplate(w, "register", nil)`
feat(router,users): register method for creating a new user 2025-06-06 16:34:59 -03:00			`if err != nil {`
			`exception.InternalServerError(err).ServeHTTP(w, r)`
			`}`
			`return`
			`}`

			`if r.Method != http.MethodPost {`
			`exception.MethodNotAllowed([]string{http.MethodGet, http.MethodPost}).ServeHTTP(w, r)`
			`return`
			`}`

			`user, passwd := r.FormValue("username"), r.FormValue("password")`
			`if user == "" {`
			exception.BadRequest(errors.New(`missing "username" form value`)).ServeHTTP(w, r)
			`return`
			`}`
			`if passwd == "" {`
			exception.BadRequest(errors.New(`missing "password" form value`)).ServeHTTP(w, r)
			`return`
			`}`

refactor(router): rename c receiver to ctrl 2025-06-09 19:19:27 -03:00			`_, err := ctrl.service.Register(user, passwd)`
feat(router,users): register method for creating a new user 2025-06-06 16:34:59 -03:00			`if err != nil {`
			`exception.InternalServerError(err).ServeHTTP(w, r)`
			`return`
			`}`

			`// TODO: Move token issuing to it's own service, make UserService.Login just return the user`
refactor(router): rename c receiver to ctrl 2025-06-09 19:19:27 -03:00			`token, _, err := ctrl.service.Login(user, passwd)`
feat(router,users): register method for creating a new user 2025-06-06 16:34:59 -03:00			`if err == service.ErrNotFound {`
			`exception.NotFound(exception.WithError(errors.New("user not found"))).ServeHTTP(w, r)`
			`return`
			`} else if err != nil {`
			`exception.InternalServerError(err).ServeHTTP(w, r)`
			`return`
			`}`

			`// TODO: harden the cookie policy to the same domain`
			`cookie := &http.Cookie{`
feat(router): set session token cookie 2025-06-09 19:19:00 -03:00			`Path: "/",`
			`HttpOnly: true,`
			`Name: "token",`
			`Value: token,`
feat(router,users): register method for creating a new user 2025-06-06 16:34:59 -03:00			`}`
			`http.SetCookie(w, cookie)`

			`http.Redirect(w, r, "/", http.StatusSeeOther)`
			`}`
feat(router): show landing page if user is not logged in 2025-06-09 19:18:29 -03:00
refactor: rename files to their singular form 2025-06-10 10:34:14 -03:00			`func (ctrl userController) authMiddleware(next http.Handler) http.Handler {`
			`return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {`
			`if ctrl.isLogged(r) {`
			`http.Redirect(w, r, ctrl.loginPath, http.StatusTemporaryRedirect)`
			`}`
			`next.ServeHTTP(w, r)`
			`})`
			`}`

			`var _ middleware.Middleware = userController{}.authMiddleware`

feat(router): show landing page if user is not logged in 2025-06-09 19:18:29 -03:00			`func (ctrl userController) isLogged(r *http.Request) bool {`
			`// TODO: Check if token in valid (depends on token service being implemented)`
			`cs := r.CookiesNamed("token")`
			`return len(cs) > 0`
			`}`