69 lines
1.7 KiB
Go
69 lines
1.7 KiB
Go
package login
|
||
|
||
import (
|
||
"app/shelfly/internal/jwt"
|
||
"app/shelfly/internal/models"
|
||
"encoding/json"
|
||
"fmt"
|
||
"net/http"
|
||
|
||
"golang.org/x/crypto/bcrypt"
|
||
"gorm.io/gorm"
|
||
)
|
||
|
||
func LoginHandler(db *gorm.DB) http.HandlerFunc {
|
||
return func(w http.ResponseWriter, r *http.Request) {
|
||
w.Header().Set("Content-Type", "application/json")
|
||
|
||
var u =models.User{}
|
||
var user =models.User{}
|
||
json.NewDecoder(r.Body).Decode(&u)
|
||
fmt.Printf("The user request value %v", u)
|
||
fmt.Println(u.Email)
|
||
user=u;
|
||
|
||
d :=db.Where("Email = ?", u.Email).First(&user)
|
||
if d.Error != nil {
|
||
fmt.Println("Erreur lors de la requête :", d.Error)
|
||
} else {
|
||
// Afficher les données récupérées
|
||
fmt.Printf("Utilisateur trouvé : %+v\n", user)
|
||
}
|
||
|
||
if u.Email != user.Email {
|
||
// Handle email mismatch
|
||
fmt.Fprint(w, "Invalid credentials")
|
||
w.WriteHeader(http.StatusUnauthorized)
|
||
|
||
return
|
||
}
|
||
|
||
if err := bcrypt.CompareHashAndPassword([]byte(user.Password), []byte(u.Password)); err != nil {
|
||
fmt.Fprint(w, "Invalid credentials")
|
||
w.WriteHeader(http.StatusUnauthorized)
|
||
return
|
||
}
|
||
tokenString, err := jwt.CreateToken(user.Username)
|
||
if err != nil {
|
||
w.WriteHeader(http.StatusInternalServerError)
|
||
fmt.Errorf("No username found")
|
||
}
|
||
|
||
// 4. Configurer un cookie HTTP-only
|
||
http.SetCookie(w, &http.Cookie{
|
||
Name: "token",
|
||
Value: tokenString,
|
||
Path: "/",
|
||
HttpOnly: true, // Empêche l’accès via JS (mitige XSS)
|
||
Secure: false, // Passez à true en HTTPS
|
||
// SameSite et Domain peuvent être précisés selon votre config
|
||
})
|
||
|
||
// 5. Réponse JSON (optionnel)
|
||
w.Header().Add("Hx-Redirect", "/dashboard")
|
||
w.WriteHeader(http.StatusOK)
|
||
w.Write([]byte(`{"message": "Connected"}`))
|
||
|
||
return
|
||
|
||
}} |