diff options
Diffstat (limited to 'main.go')
| -rw-r--r-- | main.go | 46 |
1 files changed, 38 insertions, 8 deletions
@@ -15,17 +15,27 @@ import ( "database/sql" "encoding/json" "encoding/base64" + "sync" + + "github.com/satori/go.uuid" ) var db *sql.DB const baseDocDir string = "docs" +var sessionIds sync.Map + type Doc struct { Name string Link string } +type UserSession struct { + User + SessionId string +} + func serveTemplate(w http.ResponseWriter, r *http.Request, view string, data interface{}) { var nav string = "templates/nav.html" if u, err := checkSession(w, r); u != nil && err == nil { @@ -57,12 +67,15 @@ func checkSession(w http.ResponseWriter, r *http.Request) (*User, error) { if err != nil { return nil, err } - var user User + var user UserSession err = json.Unmarshal(ub64, &user) if err != nil { return nil, err } - return &user, nil + if sessionId, ok := sessionIds.Load(user.User.User); !ok || sessionId != user.SessionId { + return nil, errors.New("Invalid session ID") + } + return &user.User, nil } func sendError(w http.ResponseWriter, r *http.Request, s string, status int) { @@ -121,6 +134,9 @@ func index(w http.ResponseWriter, r *http.Request) { } serveTemplate(w, r, "templates/user.html", data) return + } else if err != nil { + sendError(w, r, err.Error(), http.StatusInternalServerError) + return } serveTemplate(w, r, "templates/index.html", nil) } @@ -171,6 +187,10 @@ func createuser(w http.ResponseWriter, r *http.Request) { email := r.FormValue("email") pass := r.FormValue("pass") cpass := r.FormValue("cpass") + if len(pass) < 10 { + sendFlashError(w, r, "/createuser", errors.New("Le mot de passe doit avoir une longeur supérieure ou égale à 10 caractères.")) + return + } if pass != cpass { sendFlashError(w, r, "/createuser", errors.New("Le mot de passe et la confirmation du mot de passe ne sont pas les mêmes.")) return @@ -225,11 +245,15 @@ func sendFlashError(w http.ResponseWriter, r *http.Request, url string, err erro func logout(w http.ResponseWriter, r *http.Request) { switch r.Method { case http.MethodGet: - http.SetCookie(w, &http.Cookie{ - Name: "session", - Value: "", - MaxAge: -1, - }) + u, err := checkSession(w, r) + if u != nil && err == nil { + http.SetCookie(w, &http.Cookie{ + Name: "session", + Value: "", + MaxAge: -1, + }) + sessionIds.Delete(u.User) + } http.Redirect(w, r, "/", http.StatusSeeOther) default: sendInvalidMethod(w, r) @@ -255,7 +279,13 @@ func login(w http.ResponseWriter, r *http.Request) { return } user.Pass = "" - jsonData, err := json.Marshal(user) + sessionId := uuid.NewV4().String() + sessionIds.Store(user.User, sessionId) + us := UserSession { + user, + sessionId, + } + jsonData, err := json.Marshal(us) if err != nil { sendFlashError(w, r, "/login", err) return |