login works, start of backend

This commit is contained in:
overflowerror 2022-03-30 20:41:59 +02:00
parent de1f236b27
commit 00498f13e2
8 changed files with 75 additions and 25 deletions

View file

@ -3,9 +3,10 @@
route GET "/backend" backendHome
backendHome() {
requireLoggedIn
htmlContent
endHeaders
title="Backend"
content="$(template "templates/backend.fragment.templ")"
content="$(getRecipesByUsername "$username" | template "templates/backend.fragment.templ")"
template "templates/layout.html.templ"
}

View file

@ -2,22 +2,34 @@
route GET "/login" loginForm
loginForm() {
htmlContent
endHeaders
title="Login"
content="$(template "templates/login.fragment.templ")"
template "templates/layout.html.templ"
if isLoggedIn; then
redirect "/backend"
endHeaders
else
htmlContent
endHeaders
title="Login"
fail=0
test "$(queryString "status")"
content="$(template "templates/login.fragment.templ")"
template "templates/layout.html.templ"
fi
}
route POST "/login" login
login() {
cacheFormData
username="$(formData "username")"
password="$(formData "password")"
if loginUser "$username" "$password"; then
echo "ok"
setLoggedIn "$username"
redirect "/backend"
else
echo "ko"
redirect "/login?status=fail"
fi
endHeaders
}

16
data/recipes.sh Normal file
View file

@ -0,0 +1,16 @@
#!/bin/bash
getRecipesByUsername() {
local username="$1"
query <<EOF
SELECT
recipes.id,
name
FROM recipes
INNER JOIN users
ON recipes.userFk = users.id
WHERE
users.username = '$(escape "$username")'
EOF
}

View file

@ -5,16 +5,16 @@ createSalt() {
}
hashPassword() {
password="$1"
salt="$2"
echo "$password$salt" | sha512sum | cut -d' ' -f1
_password="$1"
_salt="$2"
echo "$_password$_salt" | sha512sum | cut -d' ' -f1
}
createUser() {
username="$1"
password="$2"
salt="$(createSalt)"
password="$(hashPassword "$password" "$salt")"
local username="$1"
local password="$2"
local salt="$(createSalt)"
local password="$(hashPassword "$password" "$salt")"
echo "INSERT INTO users (username, password, salt) VALUES (
'$(escape "$username")',
'$(escape "$password")',
@ -23,16 +23,16 @@ createUser() {
}
loginUser() {
username="$1"
password="$2"
local username="$1"
local password="$2"
result="$(echo "SELECT password, salt FROM users WHERE username='$(escape "$username")'" | query)"
hash="$(echo "$result" | getColumns 1)"
salt="$(echo "$result" | getColumns 2)"
local result="$(echo "SELECT password, salt FROM users WHERE username='$(escape "$username")'" | query)"
local hash="$(echo "$result" | getColumns 1)"
local salt="$(echo "$result" | getColumns 2)"
password="$(hashPassword "$password" "$salt")"
local password="$(hashPassword "$password" "$salt")"
# return true if password is correct
test "$password" != "$hash"
test "$password" = "$hash"
return
}

View file

@ -13,11 +13,14 @@
. utils/headers.sh
. data/users.sh
. data/recipes.sh
. controller/users.sh
. controller/home.sh
. controller/backend.sh
. credentials.sh
connect "$mysqlHost" "$mysqlUser" "$mysqlPassword" "$mysqlDB"
router

View file

@ -1,2 +1,12 @@
<h1>Hi</h1>
You are {{ print $username }}.
<ul>
{{ while read line; do }}
<li>
<a href="/recipe?id={{ echo "$line" | getColumns 1 }}">
{{ echo "$line" | getColumns 2 }}
</a>
</li>
{{ done }}
</ul>

View file

@ -1,4 +1,7 @@
<form method="POST" action="?">
{{ if test $(queryString "status" = "fail"); then }}
<p>Login failed</p>
{{ fi }}
<input type="text" placeholder="Username" name="username"><br />
<input type="password" placeholder="Password" name="password"><br />
<input type="submit" name="submit"><br />

View file

@ -4,6 +4,11 @@ _sessionKeyUsername="username"
username=""
setLoggedIn() {
startSession
setSessionValue "$_sessionKeyUsername" "$1"
}
isLoggedIn() {
username="$(getSessionValue "$_sessionKeyUsername")"
test ! -z "$username"