h/projectreshoot
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge pull request #1 from Haelnorr/accountpage

Browse Source 
Basic account page completed
This commit is contained in:
Haelnorr
2025-02-16 12:51:08 +11:00
committed by GitHub
parent ea4dd2a407 840c595cf5
commit 1dca9215d3
30 changed files with 1248 additions and 197 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
contexts/user.go
View File

@@ -5,14 +5,19 @@ import (
"projectreshoot/db" "projectreshoot/db"
) )
type AuthenticatedUser struct {
*db.User
Fresh int64
}
// Return a new context with the user added in // Return a new context with the user added in
func SetUser(ctx context.Context, u *db.User) context.Context { func SetUser(ctx context.Context, u *AuthenticatedUser) context.Context {
return context.WithValue(ctx, contextKeyAuthorizedUser, u) return context.WithValue(ctx, contextKeyAuthorizedUser, u)
} }
// Retrieve a user from the given context. Returns nil if not set // Retrieve a user from the given context. Returns nil if not set
func GetUser(ctx context.Context) *db.User { func GetUser(ctx context.Context) *AuthenticatedUser {
user, ok := ctx.Value(contextKeyAuthorizedUser).(*db.User) user, ok := ctx.Value(contextKeyAuthorizedUser).(*AuthenticatedUser)
if !ok { if !ok {
return nil return nil
} }

18
cookies/delete.go
View File

@@ -1,18 +0,0 @@
package cookies
import (
"net/http"
"time"
)
// Tell the browser to delete the cookie matching the name provided
// Path must match the original set cookie for it to delete
func DeleteCookie(w http.ResponseWriter, name string, path string) {
http.SetCookie(w, &http.Cookie{
Name: name,
Value: "",
Path: path,
Expires: time.Unix(0, 0), // Expire in the past
MaxAge: -1, // Immediately expire
})
}

37
cookies/functions.go Normal file
View File

@@ -0,0 +1,37 @@
package cookies
import (
"net/http"
"time"
)
// Tell the browser to delete the cookie matching the name provided
// Path must match the original set cookie for it to delete
func DeleteCookie(w http.ResponseWriter, name string, path string) {
http.SetCookie(w, &http.Cookie{
Name: name,
Value: "",
Path: path,
Expires: time.Unix(0, 0), // Expire in the past
MaxAge: -1, // Immediately expire
HttpOnly: true,
})
}
// Set a cookie with the given name, path and value. maxAge directly relates
// to cookie MaxAge (0 for no max age, >0 for TTL in seconds)
func SetCookie(
w http.ResponseWriter,
name string,
path string,
value string,
maxAge int,
) {
http.SetCookie(w, &http.Cookie{
Name: name,
Value: value,
Path: path,
HttpOnly: true,
MaxAge: maxAge,
})
}

3
cookies/pagefrom.go
View File

@@ -32,6 +32,5 @@ func SetPageFrom(w http.ResponseWriter, r *http.Request, trustedHost string) {
} else { } else {
pageFrom = parsedURL.Path pageFrom = parsedURL.Path
} }
pageFromCookie := &http.Cookie{Name: "pagefrom", Value: pageFrom, Path: "/"} SetCookie(w, "pagefrom", "/", pageFrom, 0)
http.SetCookie(w, pageFromCookie)
} }

60
db/user.go Normal file
View File

@@ -0,0 +1,60 @@
package db
import (
"database/sql"
"github.com/pkg/errors"
"golang.org/x/crypto/bcrypt"
)
type User struct {
ID int // Integer ID (index primary key)
Username string // Username (unique)
Password_hash string // Bcrypt password hash
Created_at int64 // Epoch timestamp when the user was added to the database
Bio string // Short byline set by the user
}
// Uses bcrypt to set the users Password_hash from the given password
func (user *User) SetPassword(conn *sql.DB, password string) error {
hashedPassword, err := bcrypt.GenerateFromPassword([]byte(password), bcrypt.DefaultCost)
if err != nil {
return errors.Wrap(err, "bcrypt.GenerateFromPassword")
}
user.Password_hash = string(hashedPassword)
query := `UPDATE users SET password_hash = ? WHERE id = ?`
_, err = conn.Exec(query, user.Password_hash, user.ID)
if err != nil {
return errors.Wrap(err, "conn.Exec")
}
return nil
}
// Uses bcrypt to check if the given password matches the users Password_hash
func (user *User) CheckPassword(password string) error {
err := bcrypt.CompareHashAndPassword([]byte(user.Password_hash), []byte(password))
if err != nil {
return errors.Wrap(err, "bcrypt.CompareHashAndPassword")
}
return nil
}
// Change the user's username
func (user *User) ChangeUsername(conn *sql.DB, newUsername string) error {
query := `UPDATE users SET username = ? WHERE id = ?`
_, err := conn.Exec(query, newUsername, user.ID)
if err != nil {
return errors.Wrap(err, "conn.Exec")
}
return nil
}
// Change the user's bio
func (user *User) ChangeBio(conn *sql.DB, newBio string) error {
query := `UPDATE users SET bio = ? WHERE id = ?`
_, err := conn.Exec(query, newBio, user.ID)
if err != nil {
return errors.Wrap(err, "conn.Exec")
}
return nil
}

108
db/user_functions.go Normal file
View File

@@ -0,0 +1,108 @@
package db
import (
"database/sql"
"fmt"
"github.com/pkg/errors"
)
// Creates a new user in the database and returns a pointer
func CreateNewUser(conn *sql.DB, username string, password string) (*User, error) {
query := `INSERT INTO users (username) VALUES (?)`
_, err := conn.Exec(query, username)
if err != nil {
return nil, errors.Wrap(err, "conn.Exec")
}
user, err := GetUserFromUsername(conn, username)
if err != nil {
return nil, errors.Wrap(err, "GetUserFromUsername")
}
err = user.SetPassword(conn, password)
if err != nil {
return nil, errors.Wrap(err, "user.SetPassword")
}
return user, nil
}
// Fetches data from the users table using "WHERE column = 'value'"
func fetchUserData(conn *sql.DB, column string, value interface{}) (*sql.Rows, error) {
query := fmt.Sprintf(
`SELECT
id,
username,
password_hash,
created_at,
bio
FROM users
WHERE %s = ? COLLATE NOCASE LIMIT 1`,
column,
)
rows, err := conn.Query(query, value)
if err != nil {
return nil, errors.Wrap(err, "conn.Query")
}
return rows, nil
}
// Scan the next row into the provided user pointer. Calls rows.Next() and
// assumes only row in the result. Providing a rows object with more than 1
// row may result in undefined behaviour.
func scanUserRow(user *User, rows *sql.Rows) error {
for rows.Next() {
err := rows.Scan(
&user.ID,
&user.Username,
&user.Password_hash,
&user.Created_at,
&user.Bio,
)
if err != nil {
return errors.Wrap(err, "rows.Scan")
}
}
return nil
}
// Queries the database for a user matching the given username.
// Query is case insensitive
func GetUserFromUsername(conn *sql.DB, username string) (*User, error) {
rows, err := fetchUserData(conn, "username", username)
if err != nil {
return nil, errors.Wrap(err, "fetchUserData")
}
defer rows.Close()
var user User
err = scanUserRow(&user, rows)
if err != nil {
return nil, errors.Wrap(err, "scanUserRow")
}
return &user, nil
}
// Queries the database for a user matching the given ID.
func GetUserFromID(conn *sql.DB, id int) (*User, error) {
rows, err := fetchUserData(conn, "id", id)
if err != nil {
return nil, errors.Wrap(err, "fetchUserData")
}
defer rows.Close()
var user User
err = scanUserRow(&user, rows)
if err != nil {
return nil, errors.Wrap(err, "scanUserRow")
}
return &user, nil
}
// Checks if the given username is unique. Returns true if not taken
func CheckUsernameUnique(conn *sql.DB, username string) (bool, error) {
query := `SELECT 1 FROM users WHERE username = ? COLLATE NOCASE LIMIT 1`
rows, err := conn.Query(query, username)
if err != nil {
return false, errors.Wrap(err, "conn.Query")
}
defer rows.Close()
taken := rows.Next()
return !taken, nil
}

125
db/users.go
View File

@@ -1,125 +0,0 @@
package db
import (
"database/sql"
"github.com/pkg/errors"
"golang.org/x/crypto/bcrypt"
)
type User struct {
ID int // Integer ID (index primary key)
Username string // Username (unique)
Password_hash string // Bcrypt password hash
Created_at int64 // Epoch timestamp when the user was added to the database
}
// Uses bcrypt to set the users Password_hash from the given password
func (user *User) SetPassword(conn *sql.DB, password string) error {
hashedPassword, err := bcrypt.GenerateFromPassword([]byte(password), bcrypt.DefaultCost)
if err != nil {
return errors.Wrap(err, "bcrypt.GenerateFromPassword")
}
user.Password_hash = string(hashedPassword)
query := `UPDATE users SET password_hash = ? WHERE id = ?`
result, err := conn.Exec(query, user.Password_hash, user.ID)
if err != nil {
return errors.Wrap(err, "conn.Exec")
}
ra, err := result.RowsAffected()
if err != nil {
return errors.Wrap(err, "result.RowsAffected")
}
if ra != 1 {
return errors.New("Password was not updated")
}
return nil
}
// Uses bcrypt to check if the given password matches the users Password_hash
func (user *User) CheckPassword(password string) error {
err := bcrypt.CompareHashAndPassword([]byte(user.Password_hash), []byte(password))
if err != nil {
return errors.Wrap(err, "bcrypt.CompareHashAndPassword")
}
return nil
}
// Creates a new user in the database and returns a pointer
func CreateNewUser(conn *sql.DB, username string, password string) (*User, error) {
query := `INSERT INTO users (username) VALUES (?)`
_, err := conn.Exec(query, username)
if err != nil {
return nil, errors.Wrap(err, "conn.Exec")
}
user, err := GetUserFromUsername(conn, username)
if err != nil {
return nil, errors.Wrap(err, "GetUserFromUsername")
}
err = user.SetPassword(conn, password)
if err != nil {
return nil, errors.Wrap(err, "user.SetPassword")
}
return user, nil
}
// Queries the database for a user matching the given username.
// Query is case insensitive
func GetUserFromUsername(conn *sql.DB, username string) (*User, error) {
query := `SELECT id, username, password_hash, created_at FROM users
WHERE username = ? COLLATE NOCASE`
rows, err := conn.Query(query, username)
if err != nil {
return nil, errors.Wrap(err, "conn.Query")
}
defer rows.Close()
var user User
for rows.Next() {
err := rows.Scan(
&user.ID,
&user.Username,
&user.Password_hash,
&user.Created_at,
)
if err != nil {
return nil, errors.Wrap(err, "rows.Scan")
}
}
return &user, nil
}
// Queries the database for a user matching the given ID.
func GetUserFromID(conn *sql.DB, id int) (*User, error) {
query := `SELECT id, username, password_hash, created_at FROM users
WHERE id = ?`
rows, err := conn.Query(query, id)
if err != nil {
return nil, errors.Wrap(err, "conn.Query")
}
defer rows.Close()
var user User
for rows.Next() {
err := rows.Scan(
&user.ID,
&user.Username,
&user.Password_hash,
&user.Created_at,
)
if err != nil {
return nil, errors.Wrap(err, "rows.Scan")
}
}
return &user, nil
}
// Checks if the given username is unique. Returns true if not taken
func CheckUsernameUnique(conn *sql.DB, username string) (bool, error) {
query := `SELECT 1 FROM users WHERE username = ? COLLATE NOCASE LIMIT 1`
rows, err := conn.Query(query, username)
if err != nil {
return false, errors.Wrap(err, "conn.Query")
}
defer rows.Close()
taken := rows.Next()
return !taken, nil
}

137
handlers/account.go Normal file
View File

@@ -0,0 +1,137 @@
package handlers
import (
"database/sql"
"net/http"
"projectreshoot/contexts"
"projectreshoot/cookies"
"projectreshoot/db"
"projectreshoot/view/component/account"
"projectreshoot/view/page"
"github.com/pkg/errors"
"github.com/rs/zerolog"
)
// Renders the account page on the 'General' subpage
func HandleAccountPage() http.Handler {
return http.HandlerFunc(
func(w http.ResponseWriter, r *http.Request) {
cookie, err := r.Cookie("subpage")
subpage := cookie.Value
if err != nil {
subpage = "General"
}
page.Account(subpage).Render(r.Context(), w)
},
)
}
// Handles a request to change the subpage for the Accou/accountnt page
func HandleAccountSubpage() http.Handler {
return http.HandlerFunc(
func(w http.ResponseWriter, r *http.Request) {
r.ParseForm()
subpage := r.FormValue("subpage")
cookies.SetCookie(w, "subpage", "/account", subpage, 300)
account.AccountContainer(subpage).Render(r.Context(), w)
},
)
}
// Handles a request to change the users username
func HandleChangeUsername(
logger *zerolog.Logger,
conn *sql.DB,
) http.Handler {
return http.HandlerFunc(
func(w http.ResponseWriter, r *http.Request) {
r.ParseForm()
newUsername := r.FormValue("username")
unique, err := db.CheckUsernameUnique(conn, newUsername)
if err != nil {
logger.Error().Err(err).Msg("Error updating username")
w.WriteHeader(http.StatusInternalServerError)
return
}
if !unique {
account.ChangeUsername("Username is taken", newUsername).
Render(r.Context(), w)
return
}
user := contexts.GetUser(r.Context())
err = user.ChangeUsername(conn, newUsername)
if err != nil {
logger.Error().Err(err).Msg("Error updating username")
w.WriteHeader(http.StatusInternalServerError)
return
}
w.Header().Set("HX-Refresh", "true")
},
)
}
// Handles a request to change the users bio
func HandleChangeBio(
logger *zerolog.Logger,
conn *sql.DB,
) http.Handler {
return http.HandlerFunc(
func(w http.ResponseWriter, r *http.Request) {
r.ParseForm()
newBio := r.FormValue("bio")
leng := len([]rune(newBio))
if leng > 128 {
account.ChangeBio("Bio limited to 128 characters", newBio).
Render(r.Context(), w)
return
}
user := contexts.GetUser(r.Context())
err := user.ChangeBio(conn, newBio)
if err != nil {
logger.Error().Err(err).Msg("Error updating bio")
w.WriteHeader(http.StatusInternalServerError)
return
}
w.Header().Set("HX-Refresh", "true")
},
)
}
func validateChangePassword(conn *sql.DB, r *http.Request) (string, error) {
r.ParseForm()
formPassword := r.FormValue("password")
formConfirmPassword := r.FormValue("confirm-password")
if formPassword != formConfirmPassword {
return "", errors.New("Passwords do not match")
}
if len(formPassword) > 72 {
return "", errors.New("Password exceeds maximum length of 72 bytes")
}
return formPassword, nil
}
// Handles a request to change the users password
func HandleChangePassword(
logger *zerolog.Logger,
conn *sql.DB,
) http.Handler {
return http.HandlerFunc(
func(w http.ResponseWriter, r *http.Request) {
newPass, err := validateChangePassword(conn, r)
if err != nil {
account.ChangePassword(err.Error()).Render(r.Context(), w)
return
}
user := contexts.GetUser(r.Context())
err = user.SetPassword(conn, newPass)
if err != nil {
logger.Error().Err(err).Msg("Error updating password")
w.WriteHeader(http.StatusInternalServerError)
return
}
w.Header().Set("HX-Refresh", "true")
},
)
}

2
handlers/profile.go
View File

@@ -5,7 +5,7 @@ import (
"projectreshoot/view/page" "projectreshoot/view/page"
) )
func HandleProfile() http.Handler { func HandleProfilePage() http.Handler {
return http.HandlerFunc( return http.HandlerFunc(
func(w http.ResponseWriter, r *http.Request) { func(w http.ResponseWriter, r *http.Request) {
page.Profile().Render(r.Context(), w) page.Profile().Render(r.Context(), w)

119
handlers/reauthenticatate.go Normal file
View File

@@ -0,0 +1,119 @@
package handlers
import (
"database/sql"
"net/http"
"projectreshoot/config"
"projectreshoot/contexts"
"projectreshoot/cookies"
"projectreshoot/jwt"
"projectreshoot/view/component/form"
"github.com/pkg/errors"
"github.com/rs/zerolog"
)
// Get the tokens from the request
func getTokens(
config *config.Config,
conn *sql.DB,
r *http.Request,
) (*jwt.AccessToken, *jwt.RefreshToken, error) {
// get the existing tokens from the cookies
atStr, rtStr := cookies.GetTokenStrings(r)
aT, err := jwt.ParseAccessToken(config, conn, atStr)
if err != nil {
return nil, nil, errors.Wrap(err, "jwt.ParseAccessToken")
}
rT, err := jwt.ParseRefreshToken(config, conn, rtStr)
if err != nil {
return nil, nil, errors.Wrap(err, "jwt.ParseRefreshToken")
}
return aT, rT, nil
}
// Revoke the given token pair
func revokeTokenPair(
conn *sql.DB,
aT *jwt.AccessToken,
rT *jwt.RefreshToken,
) error {
err := jwt.RevokeToken(conn, aT)
if err != nil {
return errors.Wrap(err, "jwt.RevokeToken")
}
err = jwt.RevokeToken(conn, rT)
if err != nil {
return errors.Wrap(err, "jwt.RevokeToken")
}
return nil
}
// Issue new tokens for the user, invalidating the old ones
func refreshTokens(
config *config.Config,
conn *sql.DB,
w http.ResponseWriter,
r *http.Request,
) error {
aT, rT, err := getTokens(config, conn, r)
if err != nil {
return errors.Wrap(err, "getTokens")
}
rememberMe := map[string]bool{
"session": false,
"exp": true,
}[aT.TTL]
// issue new tokens for the user
user := contexts.GetUser(r.Context())
err = cookies.SetTokenCookies(w, r, config, user.User, true, rememberMe)
if err != nil {
return errors.Wrap(err, "cookies.SetTokenCookies")
}
err = revokeTokenPair(conn, aT, rT)
if err != nil {
return errors.Wrap(err, "revokeTokenPair")
}
return nil
}
// Validate the provided password
func validatePassword(
r *http.Request,
) error {
r.ParseForm()
password := r.FormValue("password")
user := contexts.GetUser(r.Context())
err := user.CheckPassword(password)
if err != nil {
return errors.Wrap(err, "user.CheckPassword")
}
return nil
}
// Handle request to reauthenticate (i.e. make token fresh again)
func HandleReauthenticate(
logger *zerolog.Logger,
config *config.Config,
conn *sql.DB,
) http.Handler {
return http.HandlerFunc(
func(w http.ResponseWriter, r *http.Request) {
err := validatePassword(r)
if err != nil {
w.WriteHeader(445)
form.ConfirmPassword("Incorrect password").Render(r.Context(), w)
return
}
err = refreshTokens(config, conn, w, r)
if err != nil {
logger.Error().Err(err).Msg("Failed to refresh user tokens")
w.WriteHeader(http.StatusInternalServerError)
return
}
w.WriteHeader(http.StatusOK)
},
)
}

15
middleware/authentication.go
View File

@@ -3,6 +3,7 @@ package middleware
import ( import (
"database/sql" "database/sql"
"net/http" "net/http"
"time"
"projectreshoot/config" "projectreshoot/config"
"projectreshoot/contexts" "projectreshoot/contexts"
@@ -52,7 +53,7 @@ func getAuthenticatedUser(
conn *sql.DB, conn *sql.DB,
w http.ResponseWriter, w http.ResponseWriter,
r *http.Request, r *http.Request,
) (*db.User, error) { ) (*contexts.AuthenticatedUser, error) {
// Get token strings from cookies // Get token strings from cookies
atStr, rtStr := cookies.GetTokenStrings(r) atStr, rtStr := cookies.GetTokenStrings(r)
// Attempt to parse the access token // Attempt to parse the access token
@@ -69,14 +70,22 @@ func getAuthenticatedUser(
return nil, errors.Wrap(err, "refreshAuthTokens") return nil, errors.Wrap(err, "refreshAuthTokens")
} }
// New token pair sent, return the authorized user // New token pair sent, return the authorized user
return user, nil authUser := contexts.AuthenticatedUser{
User: user,
Fresh: time.Now().Unix(),
}
return &authUser, nil
} }
// Access token valid // Access token valid
user, err := aT.GetUser(conn) user, err := aT.GetUser(conn)
if err != nil { if err != nil {
return nil, errors.Wrap(err, "rT.GetUser") return nil, errors.Wrap(err, "rT.GetUser")
} }
return user, nil authUser := contexts.AuthenticatedUser{
User: user,
Fresh: aT.Fresh,
}
return &authUser, nil
} }
// Attempt to authenticate the user and add their account details // Attempt to authenticate the user and add their account details

21
middleware/reauthentication.go Normal file
View File

@@ -0,0 +1,21 @@
package middleware
import (
"net/http"
"projectreshoot/contexts"
"time"
)
func RequiresFresh(
next http.Handler,
) http.Handler {
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
user := contexts.GetUser(r.Context())
isFresh := time.Now().Before(time.Unix(user.Fresh, 0))
if !isFresh {
w.WriteHeader(444)
return
}
next.ServeHTTP(w, r)
})
}

3
schema.sql
View File

@@ -8,7 +8,8 @@ CREATE TABLE IF NOT EXISTS "users" (
id INTEGER PRIMARY KEY AUTOINCREMENT, id INTEGER PRIMARY KEY AUTOINCREMENT,
username TEXT NOT NULL UNIQUE, username TEXT NOT NULL UNIQUE,
password_hash TEXT DEFAULT "", password_hash TEXT DEFAULT "",
created_at INTEGER DEFAULT (unixepoch()) created_at INTEGER DEFAULT (unixepoch()),
bio TEXT DEFAULT ""
) STRICT; ) STRICT;
CREATE TRIGGER cleanup_expired_tokens CREATE TRIGGER cleanup_expired_tokens
AFTER INSERT ON jwtblacklist AFTER INSERT ON jwtblacklist

34
server/routes.go
View File

@@ -60,9 +60,41 @@ func addRoutes(
// Logout // Logout
mux.Handle("POST /logout", handlers.HandleLogout(config, logger, conn)) mux.Handle("POST /logout", handlers.HandleLogout(config, logger, conn))
// Reauthentication request
mux.Handle("POST /reauthenticate",
middleware.RequiresLogin(
handlers.HandleReauthenticate(logger, config, conn),
))
// Profile page // Profile page
mux.Handle("GET /profile", mux.Handle("GET /profile",
middleware.RequiresLogin( middleware.RequiresLogin(
handlers.HandleProfile(), handlers.HandleProfilePage(),
))
// Account page
mux.Handle("GET /account",
middleware.RequiresLogin(
handlers.HandleAccountPage(),
))
mux.Handle("POST /account-select-page",
middleware.RequiresLogin(
handlers.HandleAccountSubpage(),
))
mux.Handle("POST /change-username",
middleware.RequiresLogin(
middleware.RequiresFresh(
handlers.HandleChangeUsername(logger, conn),
),
))
mux.Handle("POST /change-bio",
middleware.RequiresLogin(
handlers.HandleChangeBio(logger, conn),
))
mux.Handle("POST /change-password",
middleware.RequiresLogin(
middleware.RequiresFresh(
handlers.HandleChangePassword(logger, conn),
),
)) ))
} }

117
view/component/account/changebio.templ Normal file
View File

@@ -0,0 +1,117 @@
package account
import "projectreshoot/contexts"
templ ChangeBio(err string, bio string) {
{{
user := contexts.GetUser(ctx)
if bio == "" {
bio = user.Bio
}
}}
<form
hx-post="/change-bio"
hx-swap="outerHTML"
class="w-[90%] mx-auto mt-5"
x-data={ templ.JSFuncCall("bioComponent", bio, user.Bio, err).CallInline }
>
<script>
function bioComponent(newBio, oldBio, err) {
return {
bio: newBio,
initialBio: oldBio,
err: err,
bioLenText: '',
updateTextArea() {
this.$nextTick(() => {
if (this.$refs.bio) {
this.$refs.bio.style.height = 'auto';
this.$refs.bio.style.height = `
${this.$refs.bio.scrollHeight+20}px`;
};
this.bioLenText = `${this.bio.length}/128`;
});
},
resetBio() {
this.bio = this.initialBio;
this.err = "",
this.updateTextArea();
},
init() {
this.$nextTick(() => {
// this timeout makes sure the textarea resizes on
// page render correctly. seems 20ms is the sweet
// spot between a noticable delay and not working
setTimeout(() => {
this.updateTextArea();
}, 20);
});
}
};
}
</script>
<div
class="flex flex-col"
>
<div
class="flex flex-col sm:flex-row sm:items-center relative"
>
<label
for="bio"
class="text-lg w-20"
>Bio</label>
<div
class="relative sm:ml-5 ml-0 w-fit"
>
<textarea
type="text"
id="bio"
name="bio"
class="py-1 px-4 rounded-lg text-md
bg-surface0 border border-surface2 w-60
disabled:opacity-50 disabled:pointer-events-none"
required
aria-describedby="bio-error"
x-model="bio"
x-ref="bio"
@input="updateTextArea()"
maxlength="128"
></textarea>
<span
class="absolute right-0 pr-2 bottom-0 pb-2 text-overlay2"
x-text="bioLenText"
></span>
</div>
</div>
<div class="mt-2 sm:ml-25">
<button
class="rounded-lg bg-blue py-1 px-2 text-mantle
hover:cursor-pointer hover:bg-blue/75 transition"
x-cloak
x-show="bio !== initialBio"
x-transition.opacity.duration.500ms
>
Update
</button>
<button
class="rounded-lg bg-overlay0 py-1 px-2 text-mantle
hover:cursor-pointer hover:bg-surface2 transition"
type="button"
href="#"
x-cloak
x-show="bio !== initialBio"
x-transition.opacity.duration.500ms
@click="resetBio()"
>
Cancel
</button>
</div>
</div>
<p
class="block text-red sm:ml-26 mt-1 transition"
x-cloak
x-show="err"
x-text="err"
></p>
</form>
}

141
view/component/account/changepassword.templ Normal file
View File

@@ -0,0 +1,141 @@
package account
templ ChangePassword(err string) {
<form
hx-post="/change-password"
hx-swap="outerHTML"
class="w-[90%] mx-auto mt-5"
x-data={ templ.JSFuncCall(
"passwordComponent", err,
).CallInline }
>
<script>
function passwordComponent(err) {
return {
password: "",
confirmPassword: "",
err: err,
reset() {
this.err = "";
this.password = "";
this.confirmPassword = "";
},
};
}
</script>
<div
class="flex flex-col"
>
<div
class="flex flex-col sm:flex-row sm:items-center relative w-fit"
>
<label
for="password"
class="text-lg w-40"
>New Password</label>
<input
type="password"
id="password"
name="password"
class="py-1 px-4 rounded-lg text-md
bg-surface0 border border-surface2 w-50 sm:ml-5
disabled:opacity-50 ml-0 disabled:pointer-events-none"
required
aria-describedby="password-error"
x-model="password"
/>
<div
class="absolute inset-y-0 end-0 pt-9
pointer-events-none sm:pt-2 pe-2"
x-show="err"
x-cloak
>
<svg
class="size-5 text-red"
width="16"
height="16"
fill="currentColor"
viewBox="0 0 16 16"
aria-hidden="true"
>
<path
d="M16 8A8 8 0 1 1 0 8a8 8 0 0 1 16 0zM8
4a.905.905 0 0 0-.9.995l.35 3.507a.552.552 0 0
0 1.1 0l.35-3.507A.905.905 0 0 0 8 4zm.002 6a1
1 0 1 0 0 2 1 1 0 0 0 0-2z"
></path>
</svg>
</div>
</div>
<div
class="flex flex-col sm:flex-row sm:items-center relative mt-2 w-fit"
>
<label
for="confirm-password"
class="text-lg w-40"
>Confirm Password</label>
<input
type="password"
id="confirm-password"
name="confirm-password"
class="py-1 px-4 rounded-lg text-md
bg-surface0 border border-surface2 w-50 sm:ml-5
disabled:opacity-50 ml-0 disabled:pointer-events-none"
required
aria-describedby="password-error"
x-model="confirmPassword"
/>
<div
class="absolute inset-y-0 pe-2 end-0 pt-9
pointer-events-none sm:pt-2"
x-show="err"
x-cloak
>
<svg
class="size-5 text-red"
width="16"
height="16"
fill="currentColor"
viewBox="0 0 16 16"
aria-hidden="true"
>
<path
d="M16 8A8 8 0 1 1 0 8a8 8 0 0 1 16 0zM8
4a.905.905 0 0 0-.9.995l.35 3.507a.552.552 0 0
0 1.1 0l.35-3.507A.905.905 0 0 0 8 4zm.002 6a1
1 0 1 0 0 2 1 1 0 0 0 0-2z"
></path>
</svg>
</div>
</div>
<div class="mt-2 sm:ml-43">
<button
class="rounded-lg bg-blue py-1 px-2 text-mantle sm:ml-2
hover:cursor-pointer hover:bg-blue/75 transition"
x-cloak
x-show="password !== '' || confirmPassword !== ''"
x-transition.opacity.duration.500ms
>
Update
</button>
<button
class="rounded-lg bg-overlay0 py-1 px-2 text-mantle
hover:cursor-pointer hover:bg-surface2 transition"
type="button"
x-cloak
x-show="password !== '' || confirmPassword !== ''"
x-transition.opacity.duration.500ms
@click="reset()"
>
Cancel
</button>
</div>
</div>
<p
class="block text-red sm:ml-45 mt-1 transition"
x-cloak
x-show="err"
x-text="err"
></p>
</form>
}

108
view/component/account/changeusername.templ Normal file
View File

@@ -0,0 +1,108 @@
package account
import "projectreshoot/contexts"
templ ChangeUsername(err string, username string) {
{{
user := contexts.GetUser(ctx)
if username == "" {
username = user.Username
}
}}
<form
hx-post="/change-username"
hx-swap="outerHTML"
class="w-[90%] mx-auto mt-5"
x-data={ templ.JSFuncCall(
"usernameComponent", username, user.Username, err,
).CallInline }
>
<script>
function usernameComponent(newUsername, oldUsername, err) {
return {
username: newUsername,
initialUsername: oldUsername,
err: err,
resetUsername() {
this.username = this.initialUsername;
this.err = "";
},
};
}
</script>
<div
class="flex flex-col sm:flex-row"
>
<div
class="flex flex-col sm:flex-row sm:items-center relative"
>
<label
for="username"
class="text-lg w-20"
>Username</label>
<input
type="text"
id="username"
name="username"
class="py-1 px-4 rounded-lg text-md
bg-surface0 border border-surface2 w-50 sm:ml-5
disabled:opacity-50 ml-0 disabled:pointer-events-none"
required
aria-describedby="username-error"
x-model="username"
/>
<div
class="absolute inset-y-0 sm:start-68 start-43 pt-9
pointer-events-none sm:pt-2"
x-show="err"
x-cloak
>
<svg
class="size-5 text-red"
width="16"
height="16"
fill="currentColor"
viewBox="0 0 16 16"
aria-hidden="true"
>
<path
d="M16 8A8 8 0 1 1 0 8a8 8 0 0 1 16 0zM8
4a.905.905 0 0 0-.9.995l.35 3.507a.552.552 0 0
0 1.1 0l.35-3.507A.905.905 0 0 0 8 4zm.002 6a1
1 0 1 0 0 2 1 1 0 0 0 0-2z"
></path>
</svg>
</div>
</div>
<div class="mt-2 sm:mt-0">
<button
class="rounded-lg bg-blue py-1 px-2 text-mantle sm:ml-2
hover:cursor-pointer hover:bg-blue/75 transition"
x-cloak
x-show="username !== initialUsername"
x-transition.opacity.duration.500ms
>
Update
</button>
<button
class="rounded-lg bg-overlay0 py-1 px-2 text-mantle
hover:cursor-pointer hover:bg-surface2 transition"
type="button"
href="#"
x-cloak
x-show="username !== initialUsername"
x-transition.opacity.duration.500ms
@click="resetUsername()"
>
Cancel
</button>
</div>
</div>
<p
class="block text-red sm:ml-26 mt-1 transition"
x-cloak
x-show="err"
x-text="err"
></p>
</form>
}

26
view/component/account/container.templ Normal file
View File

@@ -0,0 +1,26 @@
package account
templ AccountContainer(subpage string) {
<div
id="account-container"
class="flex max-w-200 min-h-100 mx-auto bg-mantle mt-10 rounded-xl"
x-data="{big:window.innerWidth >=768, open:false}"
@resize.window="big = window.innerWidth >= 768"
>
@SelectMenu(subpage)
<div class="mt-5 w-full md:ml-[200px] ml-[40px] transition-all duration-300">
<div
class="pl-5 text-2xl text-subtext1 border-b
border-overlay0 w-[90%] mx-auto"
>
{ subpage }
</div>
switch subpage {
case "General":
@AccountGeneral()
case "Security":
@AccountSecurity()
}
</div>
</div>
}

8
view/component/account/general.templ Normal file
View File

@@ -0,0 +1,8 @@
package account
templ AccountGeneral() {
<div>
@ChangeUsername("", "")
@ChangeBio("", "")
</div>
}

7
view/component/account/security.templ Normal file
View File

@@ -0,0 +1,7 @@
package account
templ AccountSecurity() {
<div>
@ChangePassword("")
</div>
}

91
view/component/account/selectmenu.templ Normal file
View File

@@ -0,0 +1,91 @@
package account
import "fmt"
type MenuItem struct {
name string
href string
}
func getMenuItems() []MenuItem {
return []MenuItem{
{
name: "General",
href: "general",
},
{
name: "Security",
href: "security",
},
{
name: "Preferences",
href: "preferences",
},
}
}
templ SelectMenu(activePage string) {
{{
menuItems := getMenuItems()
page := fmt.Sprintf("{page:'%s'}", activePage)
}}
<form
hx-post="/account-select-page"
hx-target="#account-container"
hx-swap="outerHTML"
class="relative"
>
<div
class="bg-surface0 border-e border-overlay0 ease-in-out
absolute top-0 left-0 z-1
rounded-l-xl h-full overflow-hidden transition-all duration-300"
x-bind:style="(open || big) ? 'width: 200px;' : 'width: 40px;'"
>
<div x-show="!big">
<button
type="button"
@click="open = !open"
class="block rounded-lg p-2.5 md:hidden transition
bg-surface0 text-subtext0 hover:text-overlay2/75"
>
<span class="sr-only">Toggle menu</span>
<svg
xmlns="http://www.w3.org/2000/svg"
class="size-5"
fill="none"
viewBox="0 0 24 24"
stroke="currentColor"
stroke-width="2"
>
<path
stroke-linecap="round"
stroke-linejoin="round"
d="M4 6h16M4 12h16M4 18h16"
></path>
</svg>
</button>
</div>
<div class="px-4 py-6" x-show="(open || big)">
<ul class="mt-6 space-y-1" x-data={ page }>
for _, item := range menuItems {
{{
activebind := fmt.Sprintf("page === '%s' && 'bg-mantle'", item.name)
}}
<li>
<button
type="submit"
name="subpage"
value={ item.name }
class="block rounded-lg px-4 py-2 text-md
hover:bg-mantle hover:cursor-pointer"
:class={ activebind }
>
{ item.name }
</button>
</li>
}
</ul>
</div>
</div>
</form>
}

90
view/component/form/confirmpass.templ Normal file
View File

@@ -0,0 +1,90 @@
package form
templ ConfirmPassword(err string) {
<form
hx-post="/reauthenticate"
x-data={ templ.JSFuncCall(
"confirmPassData", err,
).CallInline }
x-on:htmx:xhr:loadstart="submitted=true;buttontext='Loading...'"
>
<script>
function confirmPassData(err) {
return {
submitted: false,
buttontext: 'Confirm',
errMsg: err,
reset() {
this.err = "";
},
};
}
</script>
<div
class="grid gap-y-4"
>
<div class="mt-5">
<div class="relative">
<input
type="password"
id="password"
name="password"
class="py-3 px-4 block w-full rounded-lg text-sm
focus:border-blue focus:ring-blue bg-base
disabled:opacity-50 disabled:pointer-events-none"
placeholder="Confirm password"
required
aria-describedby="password-error"
@input="reset()"
/>
<div
class="absolute inset-y-0 end-0
pointer-events-none pe-3 pt-3"
x-show="errMsg"
x-cloak
>
<svg
class="size-5 text-red"
width="16"
height="16"
fill="currentColor"
viewBox="0 0 16 16"
aria-hidden="true"
>
<path
d="M16 8A8 8 0 1 1 0 8a8 8 0 0 1 16 0zM8
4a.905.905 0 0 0-.9.995l.35 3.507a.552.552 0 0
0 1.1 0l.35-3.507A.905.905 0 0 0 8 4zm.002 6a1
1 0 1 0 0 2 1 1 0 0 0 0-2z"
></path>
</svg>
</div>
</div>
<p
class="text-center text-xs text-red mt-2"
id="password-error"
x-show="errMsg"
x-cloak
x-text="errMsg"
></p>
</div>
<button
x-bind:disabled="submitted"
x-text="buttontext"
type="submit"
class="w-full py-3 px-4 inline-flex justify-center items-center
gap-x-2 rounded-lg border border-transparent transition
bg-blue hover:bg-blue/75 text-mantle hover:cursor-pointer
disabled:bg-blue/60 disabled:cursor-default"
></button>
<button
type="button"
class="w-full py-3 px-4 inline-flex justify-center items-center
gap-x-2 rounded-lg border border-transparent transition
bg-surface2 hover:bg-surface1 hover:cursor-pointer
disabled:cursor-default"
@click="showConfirmPasswordModal=false"
>Cancel</button>
</div>
</form>
}

35
view/component/form/loginform.templ
View File

@@ -1,31 +1,34 @@
package form package form
import "fmt"
// Login Form. If loginError is not an empty string, it will display the // Login Form. If loginError is not an empty string, it will display the
// contents of loginError to the user. // contents of loginError to the user.
// If loginError is "Username or password incorrect" it will also show // If loginError is "Username or password incorrect" it will also show
// error icons on the username and password field // error icons on the username and password field
templ LoginForm(loginError string) { templ LoginForm(loginError string) {
{{ {{ credErr := "Username or password incorrect" }}
errCreds := "false"
if loginError == "Username or password incorrect" {
errCreds = "true"
}
xdata := fmt.Sprintf(
"{credentialError: %s, errorMessage: '%s'}",
errCreds,
loginError,
)
}}
<form <form
hx-post="/login" hx-post="/login"
x-data="{ submitted: false, buttontext: 'Login' }" x-data={ templ.JSFuncCall(
"loginFormData", loginError, credErr,
).CallInline }
x-on:htmx:xhr:loadstart="submitted=true;buttontext='Loading...'" x-on:htmx:xhr:loadstart="submitted=true;buttontext='Loading...'"
> >
<script>
function loginFormData(err, credError) {
return {
submitted: false,
buttontext: 'Login',
errorMessage: err,
credentialError: err === credError ? true : false,
resetErr() {
this.errorMessage = "";
this.credentialError = false;
},
};
}
</script>
<div <div
class="grid gap-y-4" class="grid gap-y-4"
x-data={ xdata }
> >
<!-- Form Group --> <!-- Form Group -->
<div> <div>
@@ -44,6 +47,7 @@ templ LoginForm(loginError string) {
disabled:pointer-events-none" disabled:pointer-events-none"
required required
aria-describedby="username-error" aria-describedby="username-error"
@input="resetErr()"
/> />
<div <div
class="absolute inset-y-0 end-0 class="absolute inset-y-0 end-0
@@ -93,6 +97,7 @@ templ LoginForm(loginError string) {
disabled:opacity-50 disabled:pointer-events-none" disabled:opacity-50 disabled:pointer-events-none"
required required
aria-describedby="password-error" aria-describedby="password-error"
@input="resetErr()"
/> />
<div <div
class="absolute inset-y-0 end-0 class="absolute inset-y-0 end-0

44
view/component/form/registerform.templ
View File

@@ -1,36 +1,41 @@
package form package form
import "fmt"
// Login Form. If loginError is not an empty string, it will display the // Login Form. If loginError is not an empty string, it will display the
// contents of loginError to the user. // contents of loginError to the user.
templ RegisterForm(registerError string) { templ RegisterForm(registerError string) {
{{ {{
errUsername := "false" usernameErr := "Username is taken"
errPasswords := "false" passErrs := []string{
if registerError == "Username is taken" { "Password exceeds maximum length of 72 bytes",
errUsername = "true" "Passwords do not match",
} else if registerError == "Passwords do not match" ||
registerError == "Password exceeds maximum length of 72 bytes" {
errPasswords = "true"
} }
xdata := fmt.Sprintf(
"{errUsername: %s, errPasswords: %s, errorMessage: '%s'}",
errUsername,
errPasswords,
registerError,
)
}} }}
<form <form
hx-post="/register" hx-post="/register"
x-data="{ submitted: false, buttontext: 'Login' }" x-data={ templ.JSFuncCall(
"registerFormData", registerError, usernameErr, passErrs,
).CallInline }
x-on:htmx:xhr:loadstart="submitted=true;buttontext='Loading...'" x-on:htmx:xhr:loadstart="submitted=true;buttontext='Loading...'"
> >
<script>
function registerFormData(err, usernameErr, passErrs) {
return {
submitted: false,
buttontext: 'Register',
errorMessage: err,
errUsername: err === usernameErr ? true : false,
errPasswords: passErrs.includes(err) ? true : false,
resetErr() {
this.errorMessage = "";
this.errUsername = false;
this.errPasswords = false;
},
};
}
</script>
<div <div
class="grid gap-y-4" class="grid gap-y-4"
x-data={ xdata }
> >
<!-- Form Group -->
<div> <div>
<label <label
for="email" for="email"
@@ -47,6 +52,7 @@ templ RegisterForm(registerError string) {
disabled:pointer-events-none" disabled:pointer-events-none"
required required
aria-describedby="username-error" aria-describedby="username-error"
@input="resetErr()"
/> />
<div <div
class="absolute inset-y-0 end-0 class="absolute inset-y-0 end-0
@@ -96,6 +102,7 @@ templ RegisterForm(registerError string) {
disabled:opacity-50 disabled:pointer-events-none" disabled:opacity-50 disabled:pointer-events-none"
required required
aria-describedby="password-error" aria-describedby="password-error"
@input="resetErr()"
/> />
<div <div
class="absolute inset-y-0 end-0 class="absolute inset-y-0 end-0
@@ -138,6 +145,7 @@ templ RegisterForm(registerError string) {
disabled:opacity-50 disabled:pointer-events-none" disabled:opacity-50 disabled:pointer-events-none"
required required
aria-describedby="confirm-password-error" aria-describedby="confirm-password-error"
@input="resetErr()"
/> />
<div <div
class="absolute inset-y-0 end-0 class="absolute inset-y-0 end-0

2
view/component/nav/navbarright.templ
View File

@@ -35,7 +35,7 @@ templ navRight() {
> >
<button <button
x-on:click="isActive = !isActive" x-on:click="isActive = !isActive"
class="h-full py-2 px-4 text-mantle" class="h-full py-2 px-4 text-mantle hover:cursor-pointer"
> >
<span class="sr-only">Profile</span> <span class="sr-only">Profile</span>
{ user.Username } { user.Username }

2
view/component/nav/sidenav.templ
View File

@@ -8,7 +8,7 @@ templ sideNav(navItems []NavItem) {
<div <div
x-show="open" x-show="open"
x-transition x-transition
class="absolute w-full bg-mantle sm:hidden" class="absolute w-full bg-mantle sm:hidden z-10"
> >
<div class="px-4 py-6"> <div class="px-4 py-6">
<ul class="space-y-1"> <ul class="space-y-1">

21
view/component/popup/confirmPasswordModal.templ Normal file
View File

@@ -0,0 +1,21 @@
package popup
import "projectreshoot/view/component/form"
templ ConfirmPasswordModal() {
<div
class="z-50 absolute bg-overlay0/55 top-0 left-0 right-0 bottom-0"
x-show="showConfirmPasswordModal"
x-cloak
>
<div
class="p-5 mt-25 w-fit max-w-100 text-center rounded-lg bg-mantle mx-auto"
>
<div class="text-xl">
To complete this action you need to confirm your password
</div>
@form.ConfirmPassword("")
</div>
</div>
}

2
view/component/errorPopup.templ → view/component/popup/errorPopup.templ
View File

@@ -1,4 +1,4 @@
package component package popup
templ ErrorPopup() { templ ErrorPopup() {
<div <div

48
view/layout/global.templ
View File

@@ -2,7 +2,7 @@ package layout
import "projectreshoot/view/component/nav" import "projectreshoot/view/component/nav"
import "projectreshoot/view/component/footer" import "projectreshoot/view/component/footer"
import "projectreshoot/view/component" import "projectreshoot/view/component/popup"
// Global page layout. Includes HTML document settings, header tags // Global page layout. Includes HTML document settings, header tags
// navbar and footer // navbar and footer
@@ -40,22 +40,56 @@ templ Global() {
<script src="https://unpkg.com/alpinejs" defer></script> <script src="https://unpkg.com/alpinejs" defer></script>
<script> <script>
// uncomment this line to enable logging of htmx events // uncomment this line to enable logging of htmx events
//htmx.logAll(); // htmx.logAll();
</script>
<script>
const bodyData = {
showError: false,
showConfirmPasswordModal: false,
handleHtmxBeforeOnLoad(event) {
const requestPath = event.detail.pathInfo.requestPath;
if (requestPath === "/reauthenticate") {
// handle password incorrect on refresh attempt
if (event.detail.xhr.status === 445) {
event.detail.shouldSwap = true;
event.detail.isError = false;
} else if (event.detail.xhr.status === 200) {
this.showConfirmPasswordModal = false;
}
}
},
// handle errors from the server on HTMX requests
handleHtmxError(event) {
const errorCode = event.detail.errorInfo.error;
// internal server error
if (errorCode.includes('Code 500')) {
this.showError = true;
setTimeout(() => this.showError = false, 6000);
}
// user is authorized but needs to refresh their login
if (errorCode.includes('Code 444')) {
this.showConfirmPasswordModal = true;
}
},
};
</script> </script>
</head> </head>
<body <body
class="bg-base text-text ubuntu-mono-regular overflow-x-hidden" class="bg-base text-text ubuntu-mono-regular overflow-x-hidden"
x-data="{ showError: false }" x-data="bodyData"
x-on:htmx:error="if ($event.detail.errorInfo.error.includes('Code 500')) x-on:htmx:error="handleHtmxError($event)"
showError = true; setTimeout(() => showError = false, 6000)" x-on:htmx:before-on-load="handleHtmxBeforeOnLoad($event)"
> >
@component.ErrorPopup() @popup.ErrorPopup()
@popup.ConfirmPasswordModal()
<div <div
id="main-content" id="main-content"
class="flex flex-col h-screen justify-between" class="flex flex-col h-screen justify-between"
> >
@nav.Navbar() @nav.Navbar()
<div id="page-content" class="mb-auto"> <div id="page-content" class="mb-auto px-5">
{ children... } { children... }
</div> </div>
@footer.Footer() @footer.Footer()

10
view/page/account.templ Normal file
View File

@@ -0,0 +1,10 @@
package page
import "projectreshoot/view/layout"
import "projectreshoot/view/component/account"
templ Account(subpage string) {
@layout.Global() {
@account.AccountContainer(subpage)
}
}