From 7ddc339ebad3fbde75043dccd1869f8a162ce875 Mon Sep 17 00:00:00 2001 From: Steven Tracey Date: Thu, 17 Jul 2025 12:17:47 -0400 Subject: [PATCH] v1.1 --- html/genqr.html | 4 +- main.go | 19 ++++--- static/register.js | 2 +- static/verify.js | 19 ++++--- web.go | 128 +++++++++++++++++++++++---------------------- 5 files changed, 91 insertions(+), 81 deletions(-) diff --git a/html/genqr.html b/html/genqr.html index 882b70a..e2fb527 100644 --- a/html/genqr.html +++ b/html/genqr.html @@ -38,7 +38,7 @@ const path = window.location.pathname; const parts = path.split("/"); const user = parts.pop(); - let url = location.protocol + "//" + location.host + "/u/" + user; + let url = location.protocol + "//" + location.host + "/u/" + user.toLowerCase(); const qrcode = new QRCode(document.getElementById('qr'), { text: url, @@ -52,7 +52,7 @@ let qrLink = document.getElementById("qr-link"); let qrImg = document.querySelector("#qr img"); console.log(qrImg.src); - qrLink.setAttribute("download", "qrcode-" + user + ".png"); + qrLink.setAttribute("download", "qrcode-" + user.toLowerCase() + ".png"); const delay = ms => new Promise(res => setTimeout(res, ms)); const setHref = async () => { diff --git a/main.go b/main.go index abd29ba..91cdcf4 100644 --- a/main.go +++ b/main.go @@ -3,7 +3,6 @@ package main import ( "context" "github.com/gin-contrib/cors" - "github.com/gin-contrib/sessions" "github.com/gin-gonic/gin" "log" "os" @@ -23,8 +22,8 @@ func main() { r := gin.Default() gin.SetMode(gin.ReleaseMode) - createSessionStore() - r.Use(sessions.Sessions("luggageinfo_session", sessionStore)) + //createSessionStore() + //r.Use(sessions.Sessions("luggageinfo_session", sessionStore)) createRateLimiters() allowedOrigins := strings.Split(os.Getenv("CORS_ALLOWED_ORIGINS"), ",") @@ -41,8 +40,8 @@ func main() { r.LoadHTMLGlob("./templates/*") r.GET("/", htmlRL, webRoot) - r.GET("/register", htmlRL, webRegister) - r.GET("/register/success", htmlRL, webRegisterSuccess) + //r.GET("/register", htmlRL, webRegister) + //r.GET("/register/success", htmlRL, webRegisterSuccess) r.GET("/qr/:user", htmlRL, webQr) r.GET("/ping", webPing) @@ -50,16 +49,16 @@ func main() { api.GET("/u/:user", jsonRL, webUserApi) api.GET("/verify/:user", jsonRL, webVerifyUserApi) api.GET("/checkname/:user", jsonRL, webCheckNameApi) - api.POST("/register", jsonRL, webRegisterApi) + //api.POST("/register", jsonRL, webRegisterApi) user := r.Group("/u") user.GET("/:user", htmlRL, webUser) user.GET("/:user/info", htmlRL, webUserInfo) - auth := r.Group("/auth") - auth.GET("/login", htmlRL, webLoginAuth) - auth.POST("/login", htmlRL, webLoginAuthPost) - auth.GET("/logout", htmlRL, webLogoutAuth) + //auth := r.Group("/auth") + //auth.GET("/login", htmlRL, webLoginAuth) + //auth.POST("/login", htmlRL, webLoginAuthPost) + //auth.GET("/logout", htmlRL, webLogoutAuth) err := r.Run() if err != nil { diff --git a/static/register.js b/static/register.js index bc726b8..347ab3a 100644 --- a/static/register.js +++ b/static/register.js @@ -1,4 +1,4 @@ -const form = document.getElementById("reg-form"); // Replace #my-form with your form's ID +const form = document.getElementById("reg-form"); form.addEventListener("submit", async (event) => { event.preventDefault(); diff --git a/static/verify.js b/static/verify.js index 40924ad..a7a9cac 100644 --- a/static/verify.js +++ b/static/verify.js @@ -1,10 +1,10 @@ -document.getElementById("submitBtn").addEventListener('click', function(e) { - let code = document.getElementById("code").value; - console.log("Clicked: " + code); +let submitBtn = document.getElementById("submitBtn"); +submitBtn.addEventListener('click', function(e) { + let code = document.getElementById("code").value.replaceAll(" ", ""); const path = window.location.pathname; const parts = path.split("/"); - const user = parts.pop(); + const user = parts.pop().toLowerCase(); fetch("/api/verify/" + user, { method: 'GET', @@ -15,8 +15,9 @@ document.getElementById("submitBtn").addEventListener('click', function(e) { }).then(response => response.json()) .then(data => { let statusText = document.getElementById("status"); - console.log(data); statusText.classList.remove("hidden"); + console.log("Status Code: " + data.status); + console.log("Code Type: " + typeof data.status) if (data.status === 404) { // Not found statusText.innerText = "User with that code not found"; @@ -29,4 +30,10 @@ document.getElementById("submitBtn").addEventListener('click', function(e) { statusText.innerText = "Error, please send this to Steven to be fixed. Error: " + data.error; } }) -}) \ No newline at end of file +}); + +document.getElementById("code").addEventListener('keyup', function(e) { + if (e.key === "Enter") { + submitBtn.click(); + } +}); \ No newline at end of file diff --git a/web.go b/web.go index 3c49a53..a800fc4 100644 --- a/web.go +++ b/web.go @@ -7,6 +7,7 @@ import ( "github.com/gin-contrib/sessions" "github.com/gin-contrib/sessions/cookie" "github.com/gin-gonic/gin" + "html/template" "net/http" "os" "strconv" @@ -87,39 +88,41 @@ func webPing(c *gin.Context) { } func webUserApi(c *gin.Context) { - user, err := db.queryUser(c.Param("user")) + user, err := db.queryUser(strings.ToLower(c.Param("user"))) + if err != nil { + if errors.Is(err, NoEntriesFoundError) { + c.AbortWithStatusJSON(http.StatusUnauthorized, gin.H{ + "status": 401, + "error": "Unauthorized", + }) + return + } + c.AbortWithStatusJSON(http.StatusUnauthorized, gin.H{ + "status": 500, + "error": fmt.Sprintf("Internal Server Error: %s", err.Error()), + }) + return + } if user.CurrentToken == nil { c.AbortWithStatusJSON(http.StatusUnauthorized, gin.H{ "status": 401, "error": "Unauthorized", }) - } else if strings.Compare(c.Query("token"), *user.CurrentToken) == 0 { - if err != nil { - if errors.Is(err, NoEntriesFoundError) { - c.AbortWithStatusJSON(http.StatusUnauthorized, gin.H{ - "status": 401, - "error": "Unauthorized", - }) - } else { - fmt.Printf("Error: %s\n", err) - c.AbortWithStatusJSON(http.StatusInternalServerError, gin.H{ - "status": 500, - "error": err.Error(), - }) - } - } else { - c.JSON(http.StatusOK, user) - } - } else { - c.AbortWithStatusJSON(http.StatusUnauthorized, gin.H{ - "status": 401, - "error": "Unauthorized", - }) + return } + if strings.Compare(c.Query("token"), *user.CurrentToken) == 0 { + user.Status = 200 + c.JSON(http.StatusOK, user) + return + } + c.AbortWithStatusJSON(http.StatusUnauthorized, gin.H{ + "status": 401, + "error": "Unauthorized", + }) } func webVerifyUserApi(c *gin.Context) { - user, err := db.queryUser(c.Param("user")) + user, err := db.queryUser(strings.ToLower(c.Param("user"))) if err != nil { if errors.Is(err, NoEntriesFoundError) { c.AbortWithStatusJSON(http.StatusNotFound, gin.H{ @@ -137,12 +140,11 @@ func webVerifyUserApi(c *gin.Context) { }) return } - codes := strings.Split(user.SecretCodes, "'") - responded := false + codes := strings.Split(user.SecretCodes, ",") + codeHeader := c.GetHeader("Authorization") + reqCodeRaw := strings.Split(codeHeader, " ") + reqCode := strings.ReplaceAll(reqCodeRaw[len(reqCodeRaw)-1], " ", "") for _, code := range codes { - codeHeader := c.GetHeader("Authorization") - reqCodeRaw := strings.Split(codeHeader, " ") - reqCode := strings.ReplaceAll(reqCodeRaw[len(reqCodeRaw)-1], " ", "") if strings.Compare(code, reqCode) == 0 { token, err := GenerateToken(16) if err != nil { @@ -151,39 +153,31 @@ func webVerifyUserApi(c *gin.Context) { "user": "", "error": err.Error(), }) - responded = true return - } else { - err = db.updateToken(user.UserName, token) - if err != nil { - c.JSON(http.StatusInternalServerError, gin.H{ - "status": 500, - "user": "", - "error": err.Error(), - }) - responded = true - return - } else { - user.Status = 200 - c.JSON(http.StatusOK, gin.H{ - "status": 200, - "user": user.UserName, - "error": "", - "token": token, - }) - responded = true - break - } } + err = db.updateToken(user.UserName, token) // TODO make a more robust system for authorizing info page + if err != nil { + c.JSON(http.StatusInternalServerError, gin.H{ + "status": 500, + "user": "", + "error": err.Error(), + }) + return + } + user.Status = 200 + c.JSON(http.StatusOK, gin.H{ + "user": user.UserName, + "error": "", + "token": token, + }) + return } } - if !responded { - c.JSON(http.StatusNotFound, gin.H{ - "status": "404", - "user": "", - "error": "User not found", - }) - } + c.JSON(http.StatusNotFound, gin.H{ + "status": 404, + "user": "", + "error": "User not found", + }) } func webCheckNameApi(c *gin.Context) { @@ -197,7 +191,7 @@ func webCheckNameApi(c *gin.Context) { } anyMatch := false for _, user := range users { - if strings.Compare(user, c.Param("user")) == 0 { + if strings.Compare(user, strings.ToLower(c.Param("user"))) == 0 { anyMatch = true break } @@ -242,11 +236,21 @@ func webUser(c *gin.Context) { } func webUserInfo(c *gin.Context) { - user, err := db.queryUser(c.Param("user")) + user, err := db.queryUser(strings.ToLower(c.Param("user"))) + if err != nil { + if errors.Is(err, NoEntriesFoundError) { + body := template.HTML("The user searched is not found, please try again.") + c.HTML(http.StatusNotFound, "base.html.tmpl", gin.H{ + "header": "User Not Found", + "body": body, + }) + return + } + } if user.CurrentToken == nil { c.HTML(http.StatusUnauthorized, "base.html.tmpl", gin.H{ "header": "Unauthorized", - "body": "You don't have the right token :/", + "body": "You don't have the right token, please try again.", }) return } @@ -255,7 +259,7 @@ func webUserInfo(c *gin.Context) { if errors.Is(err, NoEntriesFoundError) { c.HTML(http.StatusUnauthorized, "base.html.tmpl", gin.H{ "header": "Unauthorized", - "body": "You don't have the right token :/", + "body": "You don't have the right token, please try again.", }) return }