basic session support for account management

public/style.css

@@ -89,4 +89,23 @@ pre {
 }
 .dir-header a {
   text-decoration: none;
+}
+
+.fancy-button {
+  outline: 0;
+  border: none;
+  background-color: var(--accent-color);
+  color: #000;
+  font-size: 1.2rem;
+  padding: 0.4em 0.8em;
+  margin: 0.5em;
+  border-radius: 16px;
+
+  cursor: pointer;
+
+  transition: 0.1s background-color;
+}
+
+.fancy-button:hover {
+  background-color: var(--accent-color-bri);
 }

public/template/account_management.ecr

@@ -6,9 +6,20 @@
     <meta name="viewport" content="width=device-width, initial-scale=1.0" />
     <link rel="stylesheet" href="/style.css" />
     <title>Account Management</title>
+    <style>
+      body {
+        max-width: 800px;
+        margin: auto;
+        padding: 1em;
+      }
+    </style>
   </head>
-  <body style="max-width: 800px; margin: auto; padding-top: 1em;">
-    <h1>Account Management</h1>
-    <i>hewwo</i>
+  <body>
+    hewwo, <b><%= username %></b>!<br><br>
+    <el>
+      <li>Nothing is implemented right now for account management</li>
+      <li>This is just a test list</li>
+      <li>Did you know your account ID is <%= account_id %>?</li>
+    </el>
   </body>
 </html>

public/template/login.ecr

@@ -0,0 +1,51 @@
+<!DOCTYPE html>
+<html lang="en">
+  <head>
+    <meta charset="UTF-8" />
+    <link rel="icon" type="image/png" href="/favicon.png" />
+    <meta name="viewport" content="width=device-width, initial-scale=1.0" />
+    <link rel="stylesheet" href="/style.css" />
+    <title>Login</title>
+    <style>
+      body {
+        min-height: 100vh;
+        text-align: center;
+        width: 100%;
+        margin: 0;
+
+        display: flex;
+        align-items: center;
+        justify-content: center;
+      }
+      form {
+        display: flex;
+        flex-direction: column;
+        gap: 0.5em;
+        align-items: center;
+        justify-content: center;
+        max-width: 800px;
+        height: 100%;
+        padding: 1em;
+      }
+      .error {
+        color: #f33;
+      }
+    </style>
+  </head>
+  <body>
+    <form action="/accounts/" method="post">
+      <img src="/favicon.png" width="64" height="auto" class="spinny">
+      <br>
+      <label for="username">Username</label>
+      <input type="text" id="username" name="username" minlength="3" maxlength="16" required />
+      <label for="password">Password</label>
+      <input type="password" id="password" name="password" minlength="6" required />
+
+      <%- if error -%>
+        <div class="error"><%= error %></div>
+      <%- end -%>
+
+      <input type="submit" value="Login" class="fancy-button" />
+    </form>
+  </body>
+</html>

shard.lock

@@ -8,6 +8,10 @@ shards:
     git: https://github.com/gdotdesign/cr-dotenv.git
     version: 1.0.0
 
+  http-session:
+    git: https://github.com/straight-shoota/http-session.git
+    version: 0.2.0+git.commit.7bd278a5567f89cdc348e3d468bd25d561319492
+
   migrate:
     git: https://github.com/oatmealine/migrate.cr.git
     version: 0.5.0+git.commit.a4a24df3d05d0481c76ccd42e45cc48fa3fc1e73

shard.yml

@@ -21,6 +21,8 @@ dependencies:
   toml:
     github: crystal-community/toml.cr
     branch: master
+  http-session:
+    github: straight-shoota/http-session
 
 crystal: 1.6.2
 

src/lib/templates.cr

@@ -1,3 +1,5 @@
+require "http-session"
+
 module CrystalGauntlet::Templates
   extend self
 
@@ -14,3 +16,22 @@ module CrystalGauntlet::Templates
     )
   end
 end
+
+module CrystalGauntlet
+  record UserSession, username : String, account_id : Int32, user_id : Int32
+
+  # todo: replace memory storage with sqlite maybe? has to be hand-written but oh well
+  @@session_storage = HTTPSession::Storage::Memory(UserSession).new
+  @@sessions : HTTPSession::Manager(UserSession) = HTTPSession::Manager.new(@@session_storage, HTTP::Cookie.new("surveillance_device", "", secure: false, http_only: true, max_age: 365.days))
+
+  spawn do
+    session_storage.run_gc_loop
+  end
+
+  def self.session_storage
+    @@session_storage
+  end
+  def self.sessions
+    @@sessions
+  end
+end

src/template_endpoints/account_management.cr

@@ -1,5 +1,5 @@
 require "uri"
-require "compress/gzip"
+require "http-session"
 
 include CrystalGauntlet
 
@@ -10,5 +10,55 @@ CrystalGauntlet.template_endpoints["/#{config_get("general.append_path").as(Stri
 
 CrystalGauntlet.template_endpoints["/accounts"] = ->(context : HTTP::Server::Context) {
   context.response.content_type = "text/html"
-  ECR.embed("./public/template/account_management.ecr", context.response)
+
+  if session = CrystalGauntlet.sessions.get(context)
+    logged_in = true
+    account_id = session.account_id
+    user_id = session.user_id
+    username = session.username
+  else
+    logged_in = false
+    account_id = nil
+    user_id = nil
+    username = nil
+  end
+
+  body = context.request.body
+  if body
+    begin
+      params = URI::Params.parse(body.gets_to_end)
+      username = params["username"].strip
+      password = params["password"].strip
+
+      if username.empty? || password.empty?
+        raise "Invalid username or password"
+      end
+
+      # todo: dedup this code with the login account endpoint maybe
+      result = DATABASE.query_all("select id, password from accounts where username = ?", username, as: {Int32, String})
+      if result.size > 0
+        account_id, hash = result[0]
+        bcrypt = Crypto::Bcrypt::Password.new(hash)
+
+        if bcrypt.verify(password)
+          user_id = Accounts.get_user_id(account_id)
+          logged_in = true
+          LOG.debug { "#{username} logged in" }
+          CrystalGauntlet.sessions.set(context, UserSession.new(username, account_id, user_id))
+        else
+          raise "Invalid password"
+        end
+      else
+        raise "No such user exists"
+      end
+    rescue error
+      LOG.error(exception: error) {"whar...."}
+    end
+  end
+
+  if logged_in
+    ECR.embed("./public/template/account_management.ecr", context.response)
+  else
+    ECR.embed("./public/template/login.ecr", context.response)
+  end
 }