package main import ( "context" "database/sql" "errors" "log" "net/http" "strconv" "strings" "time" "golang.org/x/crypto/bcrypt" "github.com/google/uuid" _ "github.com/mattn/go-sqlite3" "stevenlr.com/timer/model" "stevenlr.com/timer/view" ) func insertTimer(tx *sql.Tx, name string, seconds int) error { now := model.MakeTimeNow() end := model.Time(time.Time(now).Add(time.Duration(seconds) * time.Second)) id := model.MakeUUID() _, err := tx.Exec(` INSERT INTO Timer VALUES ($1, $2, $3, $4)`, id, name, now, end) return err } func initializeDatabase(db *sql.DB) error { tx, err := db.Begin() if err != nil { return err } defer tx.Rollback() _, err = tx.Exec(`PRAGMA user_version = 1`) if err != nil { return err } _, err = tx.Exec(` CREATE TABLE Timer ( Id BLOB NOT NULL UNIQUE, Name TEXT NOT NULL, StartTime TEXT NOT NULL, EndTime TEXT NOT NULL, PRIMARY KEY (id) )`) if err != nil { return err } err = insertTimer(tx, "My timer", 600) if err != nil { return err } err = insertTimer(tx, "My timer2", 600) if err != nil { return err } _, err = tx.Exec(` CREATE TABLE User ( Id BLOB NOT NULL UNIQUE, Name TEXT NOT NULL, Salt TEXT NOT NULL, Password BLOB NOT NULL, PRIMARY KEY (id) )`) if err != nil { return err } userUuidStr := "7015cee7-89a5-4057-b7c9-7e0128ad5086" var userId model.UUID err = userId.Scan(userUuidStr) if err != nil { return err } userPasswordClear := "steven" password, err := bcrypt.GenerateFromPassword([]byte(userUuidStr+userPasswordClear), bcrypt.MinCost) if err != nil { return err } _, err = tx.Exec(`INSERT INTO User VALUES ($1, $2, $3, $4)`, userId, "steven", userUuidStr, password) if err != nil { return err } return tx.Commit() } func queryAllTimers(db *sql.DB) []model.Timer { rows, err := db.Query("SELECT Id, Name FROM Timer") if err != nil { log.Fatalln(err) } timers := []model.Timer{} for rows.Next() { var t model.Timer if err := rows.Scan(&t.Id, &t.Name); err == nil { timers = append(timers, t) } } return timers } func queryUserByName(db *sql.DB, name string) *model.User { row := db.QueryRow("SELECT Id, Name, Salt, Password FROM User WHERE Name=$1", name) if row == nil { return nil } var user model.User row.Scan(&user.Id, &user.Name, &user.Salt, &user.Password) return &user } func queryUserById(db *sql.DB, id model.UUID) *model.User { row := db.QueryRow("SELECT Id, Name, Salt, Password FROM User WHERE Id=$1", id) if row == nil { return nil } var user model.User row.Scan(&user.Id, &user.Name, &user.Salt, &user.Password) return &user } func queryTimer(db *sql.DB, idStr string) *model.Timer { var id model.UUID if err := id.Scan(idStr); err != nil { return nil } row := db.QueryRow("SELECT Id, Name, StartTime, EndTime FROM Timer WHERE Id=$1", id) var t model.Timer if err := row.Scan(&t.Id, &t.Name, &t.StartTime, &t.EndTime); err == nil { return &t } return nil } func deleteTimer(db *sql.DB, idStr string) bool { var id model.UUID if err := id.Scan(idStr); err != nil { return false } res, err := db.Exec("DELETE FROM Timer WHERE Id=$1", id) if err != nil { return false } affected, err := res.RowsAffected() return err == nil && affected == 1 } func updateTimerEndTime(db *sql.DB, id model.UUID, endTime model.Time) bool { res, err := db.Exec("UPDATE Timer SET EndTime=$1 WHERE Id=$2", endTime, id) if err != nil { return false } affected, err := res.RowsAffected() return err == nil && affected == 1 } type Session struct { UserId model.UUID } type MyServer struct { db *sql.DB sessions map[string]Session } const SessionCookieName = "timerSession" func removeCookie(cookieName string, w http.ResponseWriter) { cookie := http.Cookie{ Name: cookieName, Value: "", MaxAge: -1, } http.SetCookie(w, &cookie) } func (server *MyServer) findCurrentUser(w http.ResponseWriter, r *http.Request) *model.User { cookie, err := r.Cookie(SessionCookieName) if err != nil { return nil } userId, ok := server.sessions[cookie.Value] if !ok { removeCookie(SessionCookieName, w) return nil } user := queryUserById(server.db, userId.UserId) if user == nil { removeCookie(SessionCookieName, w) } return user } func (server *MyServer) handleNotFound(w http.ResponseWriter, _ *http.Request) { w.WriteHeader(http.StatusNotFound) view.Error404().Render(context.Background(), w) } func (server *MyServer) handleMain(w http.ResponseWriter, r *http.Request) { currentUser := server.findCurrentUser(w, r) if r.URL.Path == "/" { timers := queryAllTimers(server.db) view.Main(view.TimersList(timers), currentUser).Render(context.Background(), w) } else { server.handleNotFound(w, r) } } func (server *MyServer) handleTimer(w http.ResponseWriter, r *http.Request) { currentUser := server.findCurrentUser(w, r) timer := queryTimer(server.db, r.PathValue("timerId")) if timer != nil { view.Main(view.TimerView(*timer), currentUser).Render(context.Background(), w) } else { server.handleNotFound(w, r) } } func parseDuration(value string) (time.Duration, error) { const nullDuration = time.Duration(0) if len(value) == 0 { return nullDuration, errors.New("Empty duration string") } var unit time.Duration switch value[len(value)-1] { case 's': unit = time.Second case 'm': unit = time.Minute case 'h': unit = time.Hour case 'd': unit = time.Duration(24) * time.Hour case 'w': unit = time.Duration(24*7) * time.Hour default: return nullDuration, errors.New("Invalid duration format") } amount, err := strconv.ParseInt(value[0:len(value)-1], 10, 64) if err != nil || amount < 0 { return nullDuration, errors.New("Invalid duration value") } return time.Duration(amount) * unit, nil } func (server *MyServer) handleTimerAddTime(w http.ResponseWriter, r *http.Request) { timer := queryTimer(server.db, r.PathValue("timerId")) if timer == nil { server.handleNotFound(w, r) return } if timer.IsFinished() { w.WriteHeader(http.StatusBadRequest) return } duration, err := parseDuration(r.PathValue("timeToAdd")) if err != nil { w.WriteHeader(http.StatusBadRequest) w.Write([]byte(err.Error())) return } timer.EndTime.Add(duration) res := updateTimerEndTime(server.db, timer.Id, timer.EndTime) if !res { w.WriteHeader(http.StatusBadRequest) return } view.TimerView(*timer).Render(context.Background(), w) } func (server *MyServer) handleDeleteTimer(w http.ResponseWriter, r *http.Request) { success := deleteTimer(server.db, r.PathValue("timerId")) if !success { w.WriteHeader(http.StatusNotFound) } } func (server *MyServer) handlePutTimer(w http.ResponseWriter, r *http.Request) { timerName := strings.TrimSpace(r.FormValue("timerName")) days, err := strconv.ParseInt(strings.TrimSpace(r.FormValue("days")), 10, 32) if err != nil { w.WriteHeader(http.StatusBadRequest) view.TimerCreateForm(timerName, "Error parsing days").Render(context.Background(), w) return } hours, err := strconv.ParseInt(strings.TrimSpace(r.FormValue("hours")), 10, 32) if err != nil { w.WriteHeader(http.StatusBadRequest) view.TimerCreateForm(timerName, "Error parsing hours").Render(context.Background(), w) return } tx, err := server.db.Begin() if err != nil { w.WriteHeader(http.StatusInternalServerError) view.TimerCreateForm(timerName, "Internal server error").Render(context.Background(), w) return } defer tx.Rollback() if timerName == "" { w.WriteHeader(http.StatusBadRequest) view.TimerCreateForm("", "Timer name cannot be empty").Render(context.Background(), w) return } err = insertTimer(tx, timerName, int(((max(days, 0)*24)+max(hours, 0))*3600)) if err != nil { w.WriteHeader(http.StatusInternalServerError) view.TimerCreateForm(timerName, "Internal server error").Render(context.Background(), w) return } tx.Commit() timers := queryAllTimers(server.db) view.TimersList(timers).Render(context.Background(), w) } func (server *MyServer) handlePostLogin(w http.ResponseWriter, r *http.Request) { if server.findCurrentUser(w, r) != nil { w.Header().Add("HX-Redirect", "/") return } userName := r.FormValue("user") userPass := r.FormValue("password") user := queryUserByName(server.db, userName) if user == nil { w.WriteHeader(http.StatusBadRequest) view.LoginFormError(nil, "Incorrect credentials").Render(context.Background(), w) return } err := bcrypt.CompareHashAndPassword(user.Password, []byte(user.Salt+userPass)) if err != nil { w.WriteHeader(http.StatusBadRequest) view.LoginFormError(nil, "Incorrect credentials").Render(context.Background(), w) return } sessionId, err := uuid.NewRandom() if err != nil { w.WriteHeader(http.StatusInternalServerError) view.LoginFormError(nil, "Internal server error").Render(context.Background(), w) return } cookie := http.Cookie{ Name: SessionCookieName, Value: sessionId.String(), HttpOnly: true, Secure: true, } server.sessions[sessionId.String()] = Session{UserId: user.Id} http.SetCookie(w, &cookie) w.Header().Add("HX-Redirect", "/") } func (server *MyServer) handlePostLogout(w http.ResponseWriter, r *http.Request) { if cookie, err := r.Cookie(SessionCookieName); err == nil { delete(server.sessions, cookie.Value) removeCookie(SessionCookieName, w) } w.Header().Add("HX-Redirect", "/") } func main() { log.Println("Starting...") db, err := sql.Open("sqlite3", ":memory:") if err != nil { log.Fatalln(err) } defer db.Close() if err := initializeDatabase(db); err != nil { log.Fatalln(err) } myServer := MyServer{db: db, sessions: make(map[string]Session)} fs := http.FileServer(http.Dir("static/")) http.Handle("GET /static/", http.StripPrefix("/static/", fs)) http.HandleFunc("POST /login", myServer.handlePostLogin) http.HandleFunc("POST /logout", myServer.handlePostLogout) http.HandleFunc("GET /timer/{timerId}", myServer.handleTimer) http.HandleFunc("POST /timer/{timerId}/addTime/{timeToAdd}", myServer.handleTimerAddTime) http.HandleFunc("DELETE /timer/{timerId}", myServer.handleDeleteTimer) http.HandleFunc("PUT /timer", myServer.handlePutTimer) http.HandleFunc("GET /", myServer.handleMain) log.Println("Started!") http.ListenAndServe("0.0.0.0:80", nil) }