Added bcrypt auth

wybiral · wybiral · commit 74b6d1de74df · 2017-11-04T12:39:22.000-05:00
diff --git a/main.go b/main.go
@@ -5,6 +5,7 @@ import (
 	"github.com/gorilla/mux"
 	"github.com/gorilla/sessions"
 	"github.com/go-redis/redis"
+	"golang.org/x/crypto/bcrypt"
 	"html/template"
 )
 
@@ -22,14 +23,21 @@ func main() {
 	r.HandleFunc("/", indexPostHandler).Methods("POST")
 	r.HandleFunc("/login", loginGetHandler).Methods("GET")
 	r.HandleFunc("/login", loginPostHandler).Methods("POST")
-	r.HandleFunc("/test", testGetHandler).Methods("GET")
+	r.HandleFunc("/register", registerGetHandler).Methods("GET")
+	r.HandleFunc("/register", registerPostHandler).Methods("POST")
 	fs := http.FileServer(http.Dir("./static/"))
 	r.PathPrefix("/static/").Handler(http.StripPrefix("/static/", fs))
 	http.Handle("/", r)
 	http.ListenAndServe(":8080", nil)
 }
 
 func indexGetHandler(w http.ResponseWriter, r *http.Request) {
+	session, _ := store.Get(r, "session")
+	_, ok := session.Values["username"]
+	if !ok {
+		http.Redirect(w, r, "/login", 302)
+		return
+	}
 	comments, err := client.LRange("comments", 0, 10).Result()
 	if err != nil {
 		return
@@ -51,20 +59,34 @@ func loginGetHandler(w http.ResponseWriter, r *http.Request) {
 func loginPostHandler(w http.ResponseWriter, r *http.Request) {
 	r.ParseForm()
 	username := r.PostForm.Get("username")
+	password := r.PostForm.Get("password")
+	hash, err := client.Get("user:" + username).Bytes()
+	if err != nil {
+		return
+	}
+	err = bcrypt.CompareHashAndPassword(hash, []byte(password))
+	if err != nil {
+		return
+	}
 	session, _ := store.Get(r, "session")
 	session.Values["username"] = username
 	session.Save(r, w)
+	http.Redirect(w, r, "/", 302)
 }
 
-func testGetHandler(w http.ResponseWriter, r *http.Request) {
-	session, _ := store.Get(r, "session")
-	untyped, ok := session.Values["username"]
-	if !ok {
-		return
-	}
-	username, ok := untyped.(string)
-	if !ok {
+func registerGetHandler(w http.ResponseWriter, r *http.Request) {
+	templates.ExecuteTemplate(w, "register.html", nil)
+}
+
+func registerPostHandler(w http.ResponseWriter, r *http.Request) {
+	r.ParseForm()
+	username := r.PostForm.Get("username")
+	password := r.PostForm.Get("password")
+	cost := bcrypt.DefaultCost
+	hash, err := bcrypt.GenerateFromPassword([]byte(password), cost)
+	if err != nil {
 		return
 	}
-	w.Write([]byte(username))
-}
+	client.Set("user:" + username, hash, 0)
+	http.Redirect(w, r, "/login", 302)
+}
diff --git a/templates/login.html b/templates/login.html
@@ -4,7 +4,8 @@
     </head>
     <body>
         <form method="POST">
-            Username: <input name="username">
+            <div>Username: <input name="username"></div>
+            <div>Password: <input name="password"></div>
             <div>
                 <button type="submit">Login</button>
             </div>
diff --git a/templates/register.html b/templates/register.html
@@ -0,0 +1,14 @@
+<html>
+    <head>
+        <title>Register</title>
+    </head>
+    <body>
+        <form method="POST">
+            <div>Username: <input name="username"></div>
+            <div>Password: <input name="password"></div>
+            <div>
+                <button type="submit">Register</button>
+            </div>
+        </form>
+    </body>
+</html>
