working thing

author: Samuel W <samuel.wilhelmsson@gmail.com> 2024-02-25 15:53:36 +0100
committer: Samuel W <samuel.wilhelmsson@gmail.com> 2024-02-25 15:53:36 +0100
commit: 8488643e5efe4c89ee1abe6f05a8857b8ab122d1 (patch)
tree: 802f3e2512fa430fb2a1ef5dc370c57a229d595b /main.go
parent: 9a59ce82149865f059157e8a050b7a3e15ca55b2 (diff)
download: tinygram-8488643e5efe4c89ee1abe6f05a8857b8ab122d1.tar.gz
tinygram-8488643e5efe4c89ee1abe6f05a8857b8ab122d1.zip
1 files changed, 136 insertions, 8 deletions
diff --git a/main.go b/main.go
index 8bf3459..6b23ace 100644
--- a/main.go
+++ b/main.go
@@ -1,10 +1,19 @@
 package main
 
 import (
+	"bufio"
 	"fmt"
+	"io"
+	"net/http"
+	"os"
+	"path"
 	"time"
 
+	"github.com/google/uuid"
+	"github.com/gorilla/sessions"
+	"github.com/labstack/echo-contrib/session"
 	"github.com/labstack/echo/v4"
+	"github.com/labstack/echo/v4/middleware"
 	"gorm.io/driver/sqlite"
 	"gorm.io/gorm"
 )
@@ -16,21 +25,47 @@ type Post struct {
 }
 
 func main() {
-	e := echo.New()
 
-	db, err := gorm.Open(sqlite.Open("gorm.db"), &gorm.Config{})
+	dbPath := os.Getenv("DB_PATH")
+	if dbPath == "" {
+		dbPath = "tinygram.db"
+	}
 
-	post := Post{
-		Description: "Test image :>",
-		ImageID:     "/static/firstpost.png",
+	sessionSecret := os.Getenv("SESSION_SECRET")
+	if sessionSecret == "" {
+		fmt.Println("NEED TO PROVIDE A SECRET")
+		return
 	}
-	db.AutoMigrate(Post{})
 
-	db.Create(&post)
+	passwordFilePath := os.Getenv("PASSWORD_FILE_PATH")
+	if passwordFilePath == "" {
+		passwordFilePath = "password.txt"
+	}
+
+	assetsPath := os.Getenv("ASSETS_PATH")
+	if assetsPath == "" {
+		assetsPath = "assets"
+	}
+
+	e := echo.New()
+	// e.Use(middleware.Logger())
+	e.Use(middleware.Recover())
+	e.Use(middleware.Secure())
+
+	e.Use(middleware.CSRFWithConfig(middleware.CSRFConfig{
+		TokenLookup: "form:_csrf",
+	}))
+
+	e.Use(session.Middleware(sessions.NewCookieStore([]byte(sessionSecret))))
+
+	db, err := gorm.Open(sqlite.Open(dbPath), &gorm.Config{})
+
+	db.AutoMigrate(Post{})
 
 	if err != nil {
-		fmt.Errorf("opening db: %w", err)
+		fmt.Printf("opening db: %v", err)
 	}
+
 	e.Static("/static", "assets")
 
 	e.GET("/", func(c echo.Context) error {
@@ -44,6 +79,99 @@ func main() {
 		return nil
 	})
 
+	e.GET("/login", func(c echo.Context) error {
+		component := loginPage(c.Get(middleware.DefaultCSRFConfig.ContextKey).(string))
+		err := component.Render(c.Request().Context(), c.Response().Writer)
+		if err != nil {
+			return err
+		}
+		return nil
+	})
+
+	e.POST("/login", func(c echo.Context) error {
+		// read password file, check content, add session if correct
+		file, err := os.Open(passwordFilePath)
+		if err != nil {
+			c.Response().Header().Set("HX-Redirect", "/")
+			return c.NoContent(http.StatusUnauthorized)
+		}
+
+		// check provided password against file
+		s := bufio.NewScanner(file)
+		s.Scan()
+		expected := s.Text()
+		formPass := c.FormValue("password")
+
+		if expected != formPass {
+			c.Response().Header().Set("HX-Redirect", "/")
+			return c.NoContent(http.StatusUnauthorized)
+		}
+
+		sess, _ := session.Get("session", c)
+		sess.Options = &sessions.Options{
+			Path:     "/",
+			MaxAge:   86400 * 7,
+			HttpOnly: true,
+		}
+		sess.Values["user"] = "admin"
+		sess.Save(c.Request(), c.Response())
+
+		c.Response().Header().Set("HX-Redirect", "/upload")
+		return c.NoContent(http.StatusOK)
+	})
+
+	e.GET("/upload", func(c echo.Context) error {
+		sess, _ := session.Get("session", c)
+		if sess.Values["user"] != "admin" {
+			return c.Redirect(http.StatusSeeOther, "/login")
+		}
+		component := uploadPage(c.Get(middleware.DefaultCSRFConfig.ContextKey).(string))
+		err := component.Render(c.Request().Context(), c.Response().Writer)
+		if err != nil {
+			return err
+		}
+		return nil
+	})
+
+	e.POST("/upload", func(c echo.Context) error {
+		file, err := c.FormFile("file")
+		if err != nil {
+			return err
+		}
+		src, err := file.Open()
+		if err != nil {
+			return err
+		}
+		defer src.Close()
+
+		filename, err := uuid.NewRandom()
+		if err != nil {
+			return err
+		}
+
+		dst, err := os.Create(path.Join("assets", filename.String())) //RANDOMIZE
+		if err != nil {
+			return err
+		}
+		defer dst.Close()
+
+		// Copy
+		if _, err = io.Copy(dst, src); err != nil {
+			return err
+		}
+
+		description := c.FormValue("description")
+
+		post := Post{
+			Description: description,
+			ImageID:     "/static/" + filename.String(),
+		}
+		db.Create(&post)
+
+		c.Response().Header().Set("HX-Redirect", "/")
+		return c.NoContent(http.StatusOK)
+	})
+
 	e.GET("/posts", func(c echo.Context) error {
 		after, err := time.Parse(time.RFC3339, c.QueryParam("after"))
author	Samuel W <samuel.wilhelmsson@gmail.com>	2024-02-25 15:53:36 +0100
committer	Samuel W <samuel.wilhelmsson@gmail.com>	2024-02-25 15:53:36 +0100
commit	8488643e5efe4c89ee1abe6f05a8857b8ab122d1 (patch)
tree	802f3e2512fa430fb2a1ef5dc370c57a229d595b /main.go
parent	9a59ce82149865f059157e8a050b7a3e15ca55b2 (diff)
download	tinygram-8488643e5efe4c89ee1abe6f05a8857b8ab122d1.tar.gz tinygram-8488643e5efe4c89ee1abe6f05a8857b8ab122d1.zip