rentease/internal/server/handle_auth.go

package server

import (
	"net/http"

	"github.com/gorilla/sessions"
	"github.com/labstack/echo-contrib/session"
	"github.com/labstack/echo/v4"

	"github.com/rjNemo/rentease/constant"
	"github.com/rjNemo/rentease/internal/auth"
	"github.com/rjNemo/rentease/internal/view"
)

const (
	sessionName = "rentease"
	sessionAge  = 86400 * 7 // 7 days
)

func handleLoginPage() echo.HandlerFunc {
	return func(c echo.Context) error {
		return renderTempl(c, http.StatusOK, view.Login(view.LoginFormViewModel{}))
	}
}

func handleLogin(as *auth.Service) echo.HandlerFunc {
	return func(c echo.Context) error {
		sess, err := session.Get(sessionName, c)
		if err != nil {
			return err
		}
		sess.Options = &sessions.Options{
			Path:     constant.RouteLogin,
			MaxAge:   sessionAge,
			HttpOnly: true,
		}

		email := c.FormValue("email")
		password := c.FormValue("password")
		if !as.Authenticate(email, password) {
			lfvm := view.LoginFormViewModel{
				Email:    email,
				Password: password,
				Errors:   make(map[string]string),
			}
			lfvm.Errors["credentials"] = "invalid credentials"
			return renderTempl(c, http.StatusUnauthorized, view.LoginForm(lfvm))
		}

		sess.Values["foo"] = "bar"
		if err := sess.Save(c.Request(), c.Response()); err != nil {
			return err
		}
		return hxRedirect(c, http.StatusOK, constant.RouteBooking)
	}
}