514 lines
12 KiB
Go
514 lines
12 KiB
Go
package main
|
|
|
|
import (
|
|
"context"
|
|
"crypto/rand"
|
|
"database/sql"
|
|
"encoding/base64"
|
|
"errors"
|
|
"log"
|
|
"net/http"
|
|
"strconv"
|
|
"strings"
|
|
"time"
|
|
|
|
"golang.org/x/crypto/bcrypt"
|
|
|
|
_ "github.com/mattn/go-sqlite3"
|
|
|
|
"stevenlr.com/timer/model"
|
|
"stevenlr.com/timer/view"
|
|
)
|
|
|
|
func generateRandomString(len int) (string, error) {
|
|
bin := make([]byte, len)
|
|
_, err := rand.Read(bin)
|
|
if err != nil {
|
|
return "", err
|
|
}
|
|
return base64.StdEncoding.EncodeToString(bin), nil
|
|
}
|
|
|
|
func generateSessionId() (string, error) {
|
|
return generateRandomString(66)
|
|
}
|
|
|
|
func generateTimerToken() (string, error) {
|
|
return generateRandomString(66)
|
|
}
|
|
|
|
func insertTimer(tx *sql.Tx, name string, seconds int, ownerId model.UUID) error {
|
|
now := model.MakeTimeNow()
|
|
end := model.Time(time.Time(now).Add(time.Duration(seconds) * time.Second))
|
|
id := model.MakeUUID()
|
|
token, _ := generateTimerToken()
|
|
_, err := tx.Exec(`
|
|
INSERT INTO Timer VALUES ($1, $2, $3, $4, $5, $6)`, id, name, now, end, ownerId, token)
|
|
return err
|
|
}
|
|
|
|
func initializeDatabaseV1(db *sql.DB) error {
|
|
tx, err := db.Begin()
|
|
if err != nil {
|
|
return err
|
|
}
|
|
defer tx.Rollback()
|
|
|
|
_, err = tx.Exec(`PRAGMA user_version = 1`)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
|
|
_, err = tx.Exec(`
|
|
CREATE TABLE Timer (
|
|
Id BLOB NOT NULL UNIQUE,
|
|
Name TEXT NOT NULL,
|
|
StartTime TEXT NOT NULL,
|
|
EndTime TEXT NOT NULL,
|
|
Owner BLOB NOT NULL,
|
|
Token TEXT NOT NULL UNIQUE,
|
|
PRIMARY KEY (Id)
|
|
)`)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
|
|
_, err = tx.Exec(`
|
|
CREATE TABLE User (
|
|
Id BLOB NOT NULL UNIQUE,
|
|
Name TEXT NOT NULL,
|
|
Salt TEXT NOT NULL,
|
|
Password BLOB NOT NULL,
|
|
PRIMARY KEY (id)
|
|
)`)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
|
|
userName := "admin"
|
|
userPassword := "admin"
|
|
salt, err := generateRandomString(33)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
|
|
password, err := bcrypt.GenerateFromPassword([]byte(salt+userPassword), bcrypt.MinCost)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
|
|
_, err = tx.Exec(`INSERT INTO User VALUES ($1, $2, $3, $4)`, model.MakeUUID(), userName, salt, password)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
|
|
return tx.Commit()
|
|
}
|
|
|
|
func migrateDatabaseV2(db *sql.DB) error {
|
|
tx, err := db.Begin()
|
|
if err != nil {
|
|
return err
|
|
}
|
|
defer tx.Rollback()
|
|
|
|
_, err = tx.Exec(`PRAGMA user_version = 2`)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
|
|
_, err = tx.Exec("CREATE INDEX TimerTokenIndex ON Timer(Token)")
|
|
if err != nil {
|
|
return err
|
|
}
|
|
|
|
return tx.Commit()
|
|
}
|
|
|
|
func initializeDatabase(db *sql.DB) error {
|
|
initialVersion := 0
|
|
row := db.QueryRow("PRAGMA user_version")
|
|
row.Scan(&initialVersion)
|
|
|
|
if initialVersion < 1 {
|
|
log.Println("Initializing DB V1")
|
|
err := initializeDatabaseV1(db)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
}
|
|
|
|
if initialVersion < 2 {
|
|
log.Println("Migrating DB to V2")
|
|
err := migrateDatabaseV2(db)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
}
|
|
|
|
return nil
|
|
}
|
|
|
|
func queryAllTimers(db *sql.DB, owner model.UUID) []model.Timer {
|
|
rows, err := db.Query("SELECT Id, Name FROM Timer WHERE Owner=$1", owner)
|
|
if err != nil {
|
|
log.Fatalln(err)
|
|
}
|
|
|
|
timers := []model.Timer{}
|
|
for rows.Next() {
|
|
var t model.Timer
|
|
if err := rows.Scan(&t.Id, &t.Name); err == nil {
|
|
timers = append(timers, t)
|
|
}
|
|
}
|
|
|
|
return timers
|
|
}
|
|
|
|
func queryUserByName(db *sql.DB, name string) *model.User {
|
|
row := db.QueryRow("SELECT Id, Name, Salt, Password FROM User WHERE Name=$1", name)
|
|
if row == nil {
|
|
return nil
|
|
}
|
|
|
|
var user model.User
|
|
row.Scan(&user.Id, &user.Name, &user.Salt, &user.Password)
|
|
|
|
return &user
|
|
}
|
|
|
|
func queryUserById(db *sql.DB, id model.UUID) *model.User {
|
|
row := db.QueryRow("SELECT Id, Name, Salt, Password FROM User WHERE Id=$1", id)
|
|
if row == nil {
|
|
return nil
|
|
}
|
|
|
|
var user model.User
|
|
row.Scan(&user.Id, &user.Name, &user.Salt, &user.Password)
|
|
|
|
return &user
|
|
}
|
|
|
|
func queryTimer(db *sql.DB, idStr string, userId model.UUID) *model.Timer {
|
|
var id model.UUID
|
|
if err := id.Scan(idStr); err != nil {
|
|
return nil
|
|
}
|
|
|
|
row := db.QueryRow("SELECT Id, Name, StartTime, EndTime, Owner, Token FROM Timer WHERE Id=$1 AND Owner=$2", id, userId)
|
|
|
|
var t model.Timer
|
|
if err := row.Scan(&t.Id, &t.Name, &t.StartTime, &t.EndTime, &t.Owner, &t.Token); err == nil {
|
|
return &t
|
|
}
|
|
|
|
return nil
|
|
}
|
|
|
|
func deleteTimer(db *sql.DB, idStr string, userId model.UUID) bool {
|
|
var id model.UUID
|
|
if err := id.Scan(idStr); err != nil {
|
|
return false
|
|
}
|
|
|
|
res, err := db.Exec("DELETE FROM Timer WHERE Id=$1 AND Owner=$2", id, userId)
|
|
if err != nil {
|
|
return false
|
|
}
|
|
|
|
affected, err := res.RowsAffected()
|
|
return err == nil && affected == 1
|
|
}
|
|
|
|
func updateTimerEndTime(db *sql.DB, id model.UUID, endTime model.Time, userId model.UUID) bool {
|
|
res, err := db.Exec("UPDATE Timer SET EndTime=$1 WHERE Id=$2 AND Owner=$3", endTime, id, userId)
|
|
if err != nil {
|
|
return false
|
|
}
|
|
|
|
affected, err := res.RowsAffected()
|
|
return err == nil && affected == 1
|
|
}
|
|
|
|
type Session struct {
|
|
UserId model.UUID
|
|
}
|
|
|
|
type MyServer struct {
|
|
db *sql.DB
|
|
sessions map[string]Session
|
|
}
|
|
|
|
const SessionCookieName = "timerSession"
|
|
|
|
func removeCookie(cookieName string, w http.ResponseWriter) {
|
|
cookie := http.Cookie{
|
|
Name: cookieName,
|
|
Value: "",
|
|
MaxAge: -1,
|
|
}
|
|
http.SetCookie(w, &cookie)
|
|
}
|
|
|
|
func (server *MyServer) findCurrentUser(w http.ResponseWriter, r *http.Request) *model.User {
|
|
cookie, err := r.Cookie(SessionCookieName)
|
|
if err != nil {
|
|
return nil
|
|
}
|
|
|
|
userId, ok := server.sessions[cookie.Value]
|
|
if !ok {
|
|
removeCookie(SessionCookieName, w)
|
|
return nil
|
|
}
|
|
|
|
user := queryUserById(server.db, userId.UserId)
|
|
if user == nil {
|
|
removeCookie(SessionCookieName, w)
|
|
}
|
|
|
|
return user
|
|
}
|
|
|
|
func (server *MyServer) handleNotFound(w http.ResponseWriter, _ *http.Request) {
|
|
w.WriteHeader(http.StatusNotFound)
|
|
view.Error404().Render(context.Background(), w)
|
|
}
|
|
|
|
func (server *MyServer) handleMain(w http.ResponseWriter, r *http.Request) {
|
|
currentUser := server.findCurrentUser(w, r)
|
|
if r.URL.Path == "/" {
|
|
timers := make([]model.Timer, 0)
|
|
if currentUser != nil {
|
|
timers = queryAllTimers(server.db, currentUser.Id)
|
|
}
|
|
view.Main(view.TimersList(timers, currentUser != nil), currentUser).Render(context.Background(), w)
|
|
} else {
|
|
server.handleNotFound(w, r)
|
|
}
|
|
}
|
|
|
|
func (server *MyServer) handleTimer(w http.ResponseWriter, r *http.Request) {
|
|
currentUser := server.findCurrentUser(w, r)
|
|
if currentUser == nil {
|
|
server.handleNotFound(w, r)
|
|
return
|
|
}
|
|
|
|
timer := queryTimer(server.db, r.PathValue("timerId"), currentUser.Id)
|
|
if timer != nil && timer.Owner == currentUser.Id {
|
|
view.Main(view.TimerView(*timer), currentUser).Render(context.Background(), w)
|
|
} else {
|
|
server.handleNotFound(w, r)
|
|
}
|
|
}
|
|
|
|
func parseDuration(value string) (time.Duration, error) {
|
|
const nullDuration = time.Duration(0)
|
|
if len(value) == 0 {
|
|
return nullDuration, errors.New("Empty duration string")
|
|
}
|
|
|
|
var unit time.Duration
|
|
switch value[len(value)-1] {
|
|
case 's':
|
|
unit = time.Second
|
|
case 'm':
|
|
unit = time.Minute
|
|
case 'h':
|
|
unit = time.Hour
|
|
case 'd':
|
|
unit = time.Duration(24) * time.Hour
|
|
case 'w':
|
|
unit = time.Duration(24*7) * time.Hour
|
|
default:
|
|
return nullDuration, errors.New("Invalid duration format")
|
|
}
|
|
|
|
amount, err := strconv.ParseInt(value[0:len(value)-1], 10, 64)
|
|
if err != nil || amount < 0 {
|
|
return nullDuration, errors.New("Invalid duration value")
|
|
}
|
|
|
|
return time.Duration(amount) * unit, nil
|
|
}
|
|
|
|
func (server *MyServer) handleTimerAddTime(w http.ResponseWriter, r *http.Request) {
|
|
currentUser := server.findCurrentUser(w, r)
|
|
if currentUser == nil {
|
|
w.WriteHeader(http.StatusUnauthorized)
|
|
return
|
|
}
|
|
|
|
timer := queryTimer(server.db, r.PathValue("timerId"), currentUser.Id)
|
|
if timer == nil {
|
|
server.handleNotFound(w, r)
|
|
return
|
|
}
|
|
|
|
if timer.IsFinished() {
|
|
w.WriteHeader(http.StatusBadRequest)
|
|
return
|
|
}
|
|
|
|
duration, err := parseDuration(r.PathValue("timeToAdd"))
|
|
if err != nil {
|
|
w.WriteHeader(http.StatusBadRequest)
|
|
w.Write([]byte(err.Error()))
|
|
return
|
|
}
|
|
|
|
timer.EndTime.Add(duration)
|
|
res := updateTimerEndTime(server.db, timer.Id, timer.EndTime, currentUser.Id)
|
|
if !res {
|
|
w.WriteHeader(http.StatusBadRequest)
|
|
return
|
|
}
|
|
|
|
view.TimerView(*timer).Render(context.Background(), w)
|
|
}
|
|
|
|
func (server *MyServer) handleDeleteTimer(w http.ResponseWriter, r *http.Request) {
|
|
user := server.findCurrentUser(w, r)
|
|
if user == nil {
|
|
w.WriteHeader(http.StatusUnauthorized)
|
|
return
|
|
}
|
|
|
|
success := deleteTimer(server.db, r.PathValue("timerId"), user.Id)
|
|
if !success {
|
|
w.WriteHeader(http.StatusNotFound)
|
|
}
|
|
}
|
|
|
|
func (server *MyServer) handlePutTimer(w http.ResponseWriter, r *http.Request) {
|
|
timerName := strings.TrimSpace(r.FormValue("timerName"))
|
|
|
|
user := server.findCurrentUser(w, r)
|
|
if user == nil {
|
|
w.WriteHeader(http.StatusBadRequest)
|
|
view.TimerCreateForm(timerName, "You are not signed in").Render(context.Background(), w)
|
|
return
|
|
}
|
|
|
|
days, err := strconv.ParseInt(strings.TrimSpace(r.FormValue("days")), 10, 32)
|
|
if err != nil {
|
|
w.WriteHeader(http.StatusBadRequest)
|
|
view.TimerCreateForm(timerName, "Error parsing days").Render(context.Background(), w)
|
|
return
|
|
}
|
|
|
|
hours, err := strconv.ParseInt(strings.TrimSpace(r.FormValue("hours")), 10, 32)
|
|
if err != nil {
|
|
w.WriteHeader(http.StatusBadRequest)
|
|
view.TimerCreateForm(timerName, "Error parsing hours").Render(context.Background(), w)
|
|
return
|
|
}
|
|
|
|
tx, err := server.db.Begin()
|
|
if err != nil {
|
|
w.WriteHeader(http.StatusInternalServerError)
|
|
view.TimerCreateForm(timerName, "Internal server error").Render(context.Background(), w)
|
|
return
|
|
}
|
|
defer tx.Rollback()
|
|
|
|
if timerName == "" {
|
|
w.WriteHeader(http.StatusBadRequest)
|
|
view.TimerCreateForm("", "Timer name cannot be empty").Render(context.Background(), w)
|
|
return
|
|
}
|
|
|
|
err = insertTimer(tx, timerName, int(((max(days, 0)*24)+max(hours, 0))*3600), user.Id)
|
|
if err != nil {
|
|
w.WriteHeader(http.StatusInternalServerError)
|
|
view.TimerCreateForm(timerName, "Internal server error").Render(context.Background(), w)
|
|
return
|
|
}
|
|
|
|
tx.Commit()
|
|
|
|
timers := queryAllTimers(server.db, user.Id)
|
|
view.TimersList(timers, user != nil).Render(context.Background(), w)
|
|
}
|
|
|
|
func (server *MyServer) handlePostLogin(w http.ResponseWriter, r *http.Request) {
|
|
if server.findCurrentUser(w, r) != nil {
|
|
w.Header().Add("HX-Redirect", "/")
|
|
return
|
|
}
|
|
|
|
userName := r.FormValue("user")
|
|
userPass := r.FormValue("password")
|
|
|
|
user := queryUserByName(server.db, userName)
|
|
if user == nil {
|
|
w.WriteHeader(http.StatusBadRequest)
|
|
view.LoginFormError(nil, "Incorrect credentials").Render(context.Background(), w)
|
|
return
|
|
}
|
|
|
|
err := bcrypt.CompareHashAndPassword(user.Password, []byte(user.Salt+userPass))
|
|
if err != nil {
|
|
w.WriteHeader(http.StatusBadRequest)
|
|
view.LoginFormError(nil, "Incorrect credentials").Render(context.Background(), w)
|
|
return
|
|
}
|
|
|
|
sessionId, err := generateSessionId()
|
|
if err != nil {
|
|
w.WriteHeader(http.StatusInternalServerError)
|
|
view.LoginFormError(nil, "Internal server error").Render(context.Background(), w)
|
|
return
|
|
}
|
|
|
|
cookie := http.Cookie{
|
|
Name: SessionCookieName,
|
|
Value: sessionId,
|
|
HttpOnly: true,
|
|
Secure: true,
|
|
}
|
|
server.sessions[sessionId] = Session{UserId: user.Id}
|
|
http.SetCookie(w, &cookie)
|
|
w.Header().Add("HX-Redirect", "/")
|
|
}
|
|
|
|
func (server *MyServer) handlePostLogout(w http.ResponseWriter, r *http.Request) {
|
|
if cookie, err := r.Cookie(SessionCookieName); err == nil {
|
|
delete(server.sessions, cookie.Value)
|
|
removeCookie(SessionCookieName, w)
|
|
}
|
|
w.Header().Add("HX-Redirect", "/")
|
|
}
|
|
|
|
func main() {
|
|
log.Println("Starting...")
|
|
|
|
db, err := sql.Open("sqlite3", "file:timer.db")
|
|
if err != nil {
|
|
log.Fatalln(err)
|
|
}
|
|
defer db.Close()
|
|
|
|
if err := initializeDatabase(db); err != nil {
|
|
log.Fatalln(err)
|
|
}
|
|
|
|
myServer := MyServer{db: db, sessions: make(map[string]Session)}
|
|
|
|
fs := http.FileServer(http.Dir("static/"))
|
|
http.Handle("GET /static/", http.StripPrefix("/static/", fs))
|
|
|
|
http.HandleFunc("POST /login", myServer.handlePostLogin)
|
|
http.HandleFunc("POST /logout", myServer.handlePostLogout)
|
|
http.HandleFunc("GET /timer/{timerId}", myServer.handleTimer)
|
|
http.HandleFunc("POST /timer/{timerId}/addTime/{timeToAdd}", myServer.handleTimerAddTime)
|
|
http.HandleFunc("DELETE /timer/{timerId}", myServer.handleDeleteTimer)
|
|
http.HandleFunc("PUT /timer", myServer.handlePutTimer)
|
|
http.HandleFunc("GET /", myServer.handleMain)
|
|
|
|
log.Println("Started!")
|
|
http.ListenAndServe("0.0.0.0:80", nil)
|
|
}
|