v1.1

2025-07-17 12:17:47 -04:00 · 2025-07-17 12:17:47 -04:00 · 7ddc339eba
commit 7ddc339eba
parent 152adc8e3c
5 changed files with 91 additions and 81 deletions
--- a/html/genqr.html
+++ b/html/genqr.html
@ -38,7 +38,7 @@
    const path = window.location.pathname;
    const parts = path.split("/");
    const user = parts.pop();
-    let url = location.protocol + "//" + location.host + "/u/" + user;
+    let url = location.protocol + "//" + location.host + "/u/" + user.toLowerCase();

    const qrcode = new QRCode(document.getElementById('qr'), {
        text: url,
@ -52,7 +52,7 @@
    let qrLink = document.getElementById("qr-link");
    let qrImg = document.querySelector("#qr img");
    console.log(qrImg.src);
-    qrLink.setAttribute("download", "qrcode-" + user + ".png");
+    qrLink.setAttribute("download", "qrcode-" + user.toLowerCase() + ".png");

    const delay = ms => new Promise(res => setTimeout(res, ms));
    const setHref = async () => {
--- a/main.go
+++ b/main.go
@ -3,7 +3,6 @@ package main
 import (
 	"context"
 	"github.com/gin-contrib/cors"
-	"github.com/gin-contrib/sessions"
 	"github.com/gin-gonic/gin"
 	"log"
 	"os"
@ -23,8 +22,8 @@ func main() {

 	r := gin.Default()
 	gin.SetMode(gin.ReleaseMode)
-	createSessionStore()
-	r.Use(sessions.Sessions("luggageinfo_session", sessionStore))
+	//createSessionStore()
+	//r.Use(sessions.Sessions("luggageinfo_session", sessionStore))
 	createRateLimiters()

 	allowedOrigins := strings.Split(os.Getenv("CORS_ALLOWED_ORIGINS"), ",")
@ -41,8 +40,8 @@ func main() {
 	r.LoadHTMLGlob("./templates/*")

 	r.GET("/", htmlRL, webRoot)
-	r.GET("/register", htmlRL, webRegister)
-	r.GET("/register/success", htmlRL, webRegisterSuccess)
+	//r.GET("/register", htmlRL, webRegister)
+	//r.GET("/register/success", htmlRL, webRegisterSuccess)
 	r.GET("/qr/:user", htmlRL, webQr)
 	r.GET("/ping", webPing)

@ -50,16 +49,16 @@ func main() {
 	api.GET("/u/:user", jsonRL, webUserApi)
 	api.GET("/verify/:user", jsonRL, webVerifyUserApi)
 	api.GET("/checkname/:user", jsonRL, webCheckNameApi)
-	api.POST("/register", jsonRL, webRegisterApi)
+	//api.POST("/register", jsonRL, webRegisterApi)

 	user := r.Group("/u")
 	user.GET("/:user", htmlRL, webUser)
 	user.GET("/:user/info", htmlRL, webUserInfo)

-	auth := r.Group("/auth")
-	auth.GET("/login", htmlRL, webLoginAuth)
-	auth.POST("/login", htmlRL, webLoginAuthPost)
-	auth.GET("/logout", htmlRL, webLogoutAuth)
+	//auth := r.Group("/auth")
+	//auth.GET("/login", htmlRL, webLoginAuth)
+	//auth.POST("/login", htmlRL, webLoginAuthPost)
+	//auth.GET("/logout", htmlRL, webLogoutAuth)

 	err := r.Run()
 	if err != nil {
--- a/static/register.js
+++ b/static/register.js
@ -1,4 +1,4 @@
-const form = document.getElementById("reg-form"); // Replace #my-form with your form's ID
+const form = document.getElementById("reg-form");

 form.addEventListener("submit", async (event) => {
    event.preventDefault();
--- a/static/verify.js
+++ b/static/verify.js
@ -1,10 +1,10 @@
-document.getElementById("submitBtn").addEventListener('click', function(e) {
-    let code = document.getElementById("code").value;
-    console.log("Clicked: " + code);
+let submitBtn = document.getElementById("submitBtn");
+submitBtn.addEventListener('click', function(e) {
+    let code = document.getElementById("code").value.replaceAll(" ", "");

    const path = window.location.pathname;
    const parts = path.split("/");
-    const user = parts.pop();
+    const user = parts.pop().toLowerCase();

    fetch("/api/verify/" + user, {
        method: 'GET',
@ -15,8 +15,9 @@ document.getElementById("submitBtn").addEventListener('click', function(e) {
    }).then(response => response.json())
        .then(data => {
            let statusText = document.getElementById("status");
-            console.log(data);
            statusText.classList.remove("hidden");
+            console.log("Status Code: " + data.status);
+            console.log("Code Type: " + typeof data.status)
            if (data.status === 404) {
                // Not found
                statusText.innerText = "User with that code not found";
@ -29,4 +30,10 @@ document.getElementById("submitBtn").addEventListener('click', function(e) {
                statusText.innerText = "Error, please send this to Steven to be fixed. Error: " + data.error;
            }
        })
-})
+});
+
+document.getElementById("code").addEventListener('keyup', function(e) {
+    if (e.key === "Enter") {
+        submitBtn.click();
+    }
+});
--- a/web.go
+++ b/web.go
@ -7,6 +7,7 @@ import (
 	"github.com/gin-contrib/sessions"
 	"github.com/gin-contrib/sessions/cookie"
 	"github.com/gin-gonic/gin"
+	"html/template"
 	"net/http"
 	"os"
 	"strconv"
@ -87,39 +88,41 @@ func webPing(c *gin.Context) {
 }

 func webUserApi(c *gin.Context) {
-	user, err := db.queryUser(c.Param("user"))
+	user, err := db.queryUser(strings.ToLower(c.Param("user")))
+	if err != nil {
+		if errors.Is(err, NoEntriesFoundError) {
+			c.AbortWithStatusJSON(http.StatusUnauthorized, gin.H{
+				"status": 401,
+				"error":  "Unauthorized",
+			})
+			return
+		}
+		c.AbortWithStatusJSON(http.StatusUnauthorized, gin.H{
+			"status": 500,
+			"error":  fmt.Sprintf("Internal Server Error: %s", err.Error()),
+		})
+		return
+	}
 	if user.CurrentToken == nil {
 		c.AbortWithStatusJSON(http.StatusUnauthorized, gin.H{
 			"status": 401,
 			"error":  "Unauthorized",
 		})
-	} else if strings.Compare(c.Query("token"), *user.CurrentToken) == 0 {
-		if err != nil {
-			if errors.Is(err, NoEntriesFoundError) {
-				c.AbortWithStatusJSON(http.StatusUnauthorized, gin.H{
-					"status": 401,
-					"error":  "Unauthorized",
-				})
-			} else {
-				fmt.Printf("Error: %s\n", err)
-				c.AbortWithStatusJSON(http.StatusInternalServerError, gin.H{
-					"status": 500,
-					"error":  err.Error(),
-				})
-			}
-		} else {
-			c.JSON(http.StatusOK, user)
-		}
-	} else {
-		c.AbortWithStatusJSON(http.StatusUnauthorized, gin.H{
-			"status": 401,
-			"error":  "Unauthorized",
-		})
+		return
 	}
+	if strings.Compare(c.Query("token"), *user.CurrentToken) == 0 {
+		user.Status = 200
+		c.JSON(http.StatusOK, user)
+		return
+	}
+	c.AbortWithStatusJSON(http.StatusUnauthorized, gin.H{
+		"status": 401,
+		"error":  "Unauthorized",
+	})
 }

 func webVerifyUserApi(c *gin.Context) {
-	user, err := db.queryUser(c.Param("user"))
+	user, err := db.queryUser(strings.ToLower(c.Param("user")))
 	if err != nil {
 		if errors.Is(err, NoEntriesFoundError) {
 			c.AbortWithStatusJSON(http.StatusNotFound, gin.H{
@ -137,12 +140,11 @@ func webVerifyUserApi(c *gin.Context) {
 		})
 		return
 	}
-	codes := strings.Split(user.SecretCodes, "'")
-	responded := false
+	codes := strings.Split(user.SecretCodes, ",")
+	codeHeader := c.GetHeader("Authorization")
+	reqCodeRaw := strings.Split(codeHeader, " ")
+	reqCode := strings.ReplaceAll(reqCodeRaw[len(reqCodeRaw)-1], " ", "")
 	for _, code := range codes {
-		codeHeader := c.GetHeader("Authorization")
-		reqCodeRaw := strings.Split(codeHeader, " ")
-		reqCode := strings.ReplaceAll(reqCodeRaw[len(reqCodeRaw)-1], " ", "")
 		if strings.Compare(code, reqCode) == 0 {
 			token, err := GenerateToken(16)
 			if err != nil {
@ -151,39 +153,31 @@ func webVerifyUserApi(c *gin.Context) {
 					"user":   "",
 					"error":  err.Error(),
 				})
-				responded = true
 				return
-			} else {
-				err = db.updateToken(user.UserName, token)
-				if err != nil {
-					c.JSON(http.StatusInternalServerError, gin.H{
-						"status": 500,
-						"user":   "",
-						"error":  err.Error(),
-					})
-					responded = true
-					return
-				} else {
-					user.Status = 200
-					c.JSON(http.StatusOK, gin.H{
-						"status": 200,
-						"user":   user.UserName,
-						"error":  "",
-						"token":  token,
-					})
-					responded = true
-					break
-				}
 			}
+			err = db.updateToken(user.UserName, token) // TODO make a more robust system for authorizing info page
+			if err != nil {
+				c.JSON(http.StatusInternalServerError, gin.H{
+					"status": 500,
+					"user":   "",
+					"error":  err.Error(),
+				})
+				return
+			}
+			user.Status = 200
+			c.JSON(http.StatusOK, gin.H{
+				"user":  user.UserName,
+				"error": "",
+				"token": token,
+			})
+			return
 		}
 	}
-	if !responded {
-		c.JSON(http.StatusNotFound, gin.H{
-			"status": "404",
-			"user":   "",
-			"error":  "User not found",
-		})
-	}
+	c.JSON(http.StatusNotFound, gin.H{
+		"status": 404,
+		"user":   "",
+		"error":  "User not found",
+	})
 }

 func webCheckNameApi(c *gin.Context) {
@ -197,7 +191,7 @@ func webCheckNameApi(c *gin.Context) {
 	}
 	anyMatch := false
 	for _, user := range users {
-		if strings.Compare(user, c.Param("user")) == 0 {
+		if strings.Compare(user, strings.ToLower(c.Param("user"))) == 0 {
 			anyMatch = true
 			break
 		}
@ -242,11 +236,21 @@ func webUser(c *gin.Context) {
 }

 func webUserInfo(c *gin.Context) {
-	user, err := db.queryUser(c.Param("user"))
+	user, err := db.queryUser(strings.ToLower(c.Param("user")))
+	if err != nil {
+		if errors.Is(err, NoEntriesFoundError) {
+			body := template.HTML("The user searched is not found, please try again.")
+			c.HTML(http.StatusNotFound, "base.html.tmpl", gin.H{
+				"header": "User Not Found",
+				"body":   body,
+			})
+			return
+		}
+	}
 	if user.CurrentToken == nil {
 		c.HTML(http.StatusUnauthorized, "base.html.tmpl", gin.H{
 			"header": "Unauthorized",
-			"body":   "You don't have the right token :/",
+			"body":   "You don't have the right token, please try again.",
 		})
 		return
 	}
@ -255,7 +259,7 @@ func webUserInfo(c *gin.Context) {
 			if errors.Is(err, NoEntriesFoundError) {
 				c.HTML(http.StatusUnauthorized, "base.html.tmpl", gin.H{
 					"header": "Unauthorized",
-					"body":   "You don't have the right token :/",
+					"body":   "You don't have the right token, please try again.",
 				})
 				return
 			}