Added page protection for unauthorized access

handlers/index.go

@@ -12,7 +12,11 @@ func HandleRoot() http.Handler {
 	return http.HandlerFunc(
 		func(w http.ResponseWriter, r *http.Request) {
 			if r.URL.Path != "/" {
-				page.Error("404", "Page not found", "The page or resource you have requested does not exist").Render(r.Context(), w)
+				page.Error(
+					"404",
+					"Page not found",
+					"The page or resource you have requested does not exist",
+				).Render(r.Context(), w)
 				return
 			}
 			page.Index().Render(r.Context(), w)

handlers/profile.go

@@ -0,0 +1,14 @@
+package handlers
+
+import (
+	"net/http"
+	"projectreshoot/view/page"
+)
+
+func HandleProfile() http.Handler {
+	return http.HandlerFunc(
+		func(w http.ResponseWriter, r *http.Request) {
+			page.Profile().Render(r.Context(), w)
+		},
+	)
+}

handlers/register.go

@@ -28,6 +28,9 @@ func validateRegistration(conn *sql.DB, r *http.Request) (*db.User, error) {
 	if formPassword != formConfirmPassword {
 		return nil, errors.New("Passwords do not match")
 	}
+	if len(formPassword) > 72 {
+		return nil, errors.New("Password exceeds maximum length of 72 bytes")
+	}
 	user, err := db.CreateNewUser(conn, formUsername, formPassword)
 	if err != nil {
 		return nil, errors.Wrap(err, "db.CreateNewUser")
@@ -47,7 +50,8 @@ func HandleRegisterRequest(
 			user, err := validateRegistration(conn, r)
 			if err != nil {
 				if err.Error() != "Username is taken" &&
-					err.Error() != "Passwords do not match" {
+					err.Error() != "Passwords do not match" &&
+					err.Error() != "Password exceeds maximum length of 72 bytes" {
 					logger.Warn().Caller().Err(err).Msg("Registration request failed")
 					w.WriteHeader(http.StatusInternalServerError)
 				} else {