better castle

server/handlers/login.go

@@ -2,23 +2,24 @@ package handlers
 
 import (
 	"encoding/json"
-	// "errors"
+	"errors"
+	"log"
 	"net/http"
 	// "strings"
+	
+	"hyperia/db"
 
-	"github.com/rs/zerolog/log"
-
-	// "github.com/alexedwards/argon2id"
+	"github.com/alexedwards/argon2id"
 )
 
 type loginRequest struct {
-	Name     string `json:"name"`
+	Email     string `json:"email"`
 	Password string `json:"password"`
 }
 
 type user struct {
 	ID   int    `json:"id"`
-	Name string `json:"name"`
+	Email string `json:"email"`
 }
 
 func HandleLogin(w http.ResponseWriter, r *http.Request) {
@@ -33,75 +34,38 @@ func HandleLogin(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
-	// user, err := getUserByCredentials(creds.Name, creds.Password)
-	// if err != nil {
-	// 	http.Error(w, "Unauthorized: "+err.Error(), http.StatusUnauthorized)
-	// 	return
-	// }
+	user, err := getUserByCredentials(creds)
+	if err != nil {
+		http.Error(w, "Unauthorized: "+ err.Error(), http.StatusUnauthorized)
+		return
+	}
 
 	w.Header().Set("Content-Type", "application/json")
-			http.Error(w, "Not implemented", http.StatusMethodNotAllowed)
-	// json.NewEncoder(w).Encode(user)
+	http.Error(w, "Not implemented", http.StatusMethodNotAllowed)
+	json.NewEncoder(w).Encode(user)
 }
 
-// func getUserByCredentials(name string, password string) (*user, error) {
-// 	var id int
-// 	var dbName, dbHash string
+func getUserByCredentials(loginCreds loginRequest) (map[string]interface{}, error) {
 
-// 	name = strings.TrimSpace(strings.ToLower(name))
-// 	err := DB.QueryRow("SELECT id, name, password FROM users WHERE LOWER(name) = LOWER($1)", name).Scan(&id, &dbName, &dbHash)
-// 	if err != nil {
-// 		return nil, errors.New("user not found")
-// 	}
-
-// 	match, err := argon2id.ComparePasswordAndHash(password, dbHash)
-// 	if err != nil || !match {
-// 		return nil, errors.New("invalid password")
-// 	}
-
-// 	return &user{
-// 		ID:   id,
-// 		Name: dbName,
-// 	}, nil
-// }
-
-func HandleApplicantLogin(w http.ResponseWriter, r *http.Request) {
-	if r.Method != http.MethodPost {
-		http.Error(w, "Only POST allowed", http.StatusMethodNotAllowed)
-		return
-	}
-
-	var creds loginRequest
-	if err := json.NewDecoder(r.Body).Decode(&creds); err != nil {
-		http.Error(w, "Invalid JSON", http.StatusBadRequest)
-		return
-	}
-
-	// exists, err := EmailExists(creds.Name)
-	// if err != nil {
-	// 	log.Err(err).Msg("error checking email")
-	// 	http.Error(w, "Internal server error", http.StatusInternalServerError)
-	// 	return
-	// }
-	// if !exists {
-	// 	http.Error(w, "Email does not exist.", http.StatusConflict)
-	// 	return
-	// }
-
-	token, err := generateVerificationToken(creds.Name)
+	// email := strings.TrimSpace(strings.ToLower(loginCreds.Email))
+	
+	user, err := db.Get.User("1")
+	// err := DB.QueryRow("SELECT id, name, password FROM users WHERE LOWER(name) = LOWER($1)", name).Scan(&id, &dbName, &dbHash)
 	if err != nil {
-		log.Err(err).Msg("error generating verification token")
-		http.Error(w, "Error, please try again later.", http.StatusInternalServerError)
-		return
+		return nil, errors.New("user not found")
 	}
 
-	err = sendWelcomeEmail(creds.Name, token)
-	if err != nil {
-		log.Err(err).Msg("error sending welcome email")
-		http.Error(w, "Failed to send email", http.StatusInternalServerError)
-		return
+	dbPassword, ok := user["password"].(string)
+	if !ok {
+		return nil, errors.New("password format is invalid")
 	}
 
-	w.WriteHeader(http.StatusOK)
-	w.Write([]byte("OK"))
-}
+	log.Println("pass: ", loginCreds, loginCreds.Password, dbPassword)
+
+	match, err := argon2id.ComparePasswordAndHash(loginCreds.Password, dbPassword)
+	if err != nil || !match {
+		return nil, errors.New("invalid password")
+	}
+
+	return user, nil
+}