Various fixes (#5)

* Fixes #1 * Fixes #2 * Fixes #3 * Fixes #4
2021-12-13 20:33:50 +01:00
parent c2493c238f
commit b5ba3d0387
234 changed files with 872 additions and 58627 deletions
--- a/routes/activate.go
+++ b/routes/activate.go
@ -14,6 +14,7 @@ func (controller Controller) Activate(c *gin.Context) {
 	pd := PageData{
 		Title:           "Activate",
 		IsAuthenticated: isAuthenticated(c),
+		CacheParameter:  controller.config.CacheParameter,
 	}
 	token := c.Param("token")
 	activationToken := models.Token{
@ -32,6 +33,15 @@ func (controller Controller) Activate(c *gin.Context) {
 		return
 	}

+	if activationToken.HasExpired() {
+		pd.Messages = append(pd.Messages, Message{
+			Type:    "error",
+			Content: activationError,
+		})
+		c.HTML(http.StatusBadRequest, "activate.html", pd)
+		return
+	}
+
 	user := models.User{}
 	user.ID = uint(activationToken.ModelID)

--- a/routes/admin.go
+++ b/routes/admin.go
@ -9,6 +9,7 @@ func (controller Controller) Admin(c *gin.Context) {
 	pd := PageData{
 		Title:           "Admin",
 		IsAuthenticated: isAuthenticated(c),
+		CacheParameter:  controller.config.CacheParameter,
 	}
 	c.HTML(http.StatusOK, "admin.html", pd)
 }
--- a/routes/forgotpassword.go
+++ b/routes/forgotpassword.go
@ -11,12 +11,14 @@ import (
 	"net/http"
 	"net/url"
 	"path"
+	"time"
 )

 func (controller Controller) ForgotPassword(c *gin.Context) {
 	pd := PageData{
 		Title:           "Forgot Password",
 		IsAuthenticated: isAuthenticated(c),
+		CacheParameter:  controller.config.CacheParameter,
 	}
 	c.HTML(http.StatusOK, "forgotpassword.html", pd)
 }
@ -25,6 +27,7 @@ func (controller Controller) ForgotPasswordPost(c *gin.Context) {
 	pd := PageData{
 		Title:           "Forgot Password",
 		IsAuthenticated: isAuthenticated(c),
+		CacheParameter:  controller.config.CacheParameter,
 	}
 	email := c.PostForm("email")
 	user := models.User{Email: email}
@ -57,6 +60,8 @@ func (controller Controller) forgotPasswordEmailHandler(userID uint, email strin

 	forgotPasswordToken.ModelID = int(userID)
 	forgotPasswordToken.ModelType = "User"
+	// The token will expire 10 minutes after it was created
+	forgotPasswordToken.ExpiresAt = time.Now().Add(time.Minute * 10)

 	res = controller.db.Save(&forgotPasswordToken)
 	if res.Error != nil || res.RowsAffected == 0 {
--- a/routes/index.go
+++ b/routes/index.go
@ -9,6 +9,7 @@ func (controller Controller) Index(c *gin.Context) {
 	pd := PageData{
 		Title:           "Home",
 		IsAuthenticated: isAuthenticated(c),
+		CacheParameter:  controller.config.CacheParameter,
 	}
 	c.HTML(http.StatusOK, "index.html", pd)
 }
--- a/routes/login.go
+++ b/routes/login.go
@ -14,7 +14,9 @@ import (

 func (controller Controller) Login(c *gin.Context) {
 	pd := PageData{
-		Title: "Login",
+		Title:           "Login",
+		IsAuthenticated: isAuthenticated(c),
+		CacheParameter:  controller.config.CacheParameter,
 	}
 	c.HTML(http.StatusOK, "login.html", pd)
 }
@ -24,6 +26,7 @@ func (controller Controller) LoginPost(c *gin.Context) {
 	pd := PageData{
 		Title:           "Login",
 		IsAuthenticated: isAuthenticated(c),
+		CacheParameter:  controller.config.CacheParameter,
 	}
 	email := c.PostForm("email")
 	user := models.User{Email: email}
@ -76,7 +79,7 @@ func (controller Controller) LoginPost(c *gin.Context) {
 	}

 	// Session is valid for 1 hour
-	ses.DeletedAt.Time = time.Now().Add(time.Hour * 1)
+	ses.ExpiresAt = time.Now().Add(time.Hour)
 	ses.UserID = user.ID

 	res = controller.db.Save(&ses)
--- a/routes/main.go
+++ b/routes/main.go
@ -24,6 +24,7 @@ type PageData struct {
 	Title           string
 	Messages        []Message
 	IsAuthenticated bool
+	CacheParameter  string
 }

 type Message struct {
--- a/routes/noroute.go
+++ b/routes/noroute.go
@ -9,6 +9,7 @@ func (controller Controller) NoRoute(c *gin.Context) {
 	pd := PageData{
 		Title:           "404 Not Found",
 		IsAuthenticated: isAuthenticated(c),
+		CacheParameter:  controller.config.CacheParameter,
 	}
 	c.HTML(http.StatusOK, "404.html", pd)
 }
--- a/routes/register.go
+++ b/routes/register.go
@ -3,6 +3,7 @@ package routes
 import (
 	"fmt"
 	"github.com/gin-gonic/gin"
+	"github.com/go-playground/validator/v10"
 	email2 "github.com/uberswe/golang-base-project/email"
 	"github.com/uberswe/golang-base-project/models"
 	"github.com/uberswe/golang-base-project/util"
@ -12,12 +13,14 @@ import (
 	"net/http"
 	"net/url"
 	"path"
+	"time"
 )

 func (controller Controller) Register(c *gin.Context) {
 	pd := PageData{
 		Title:           "Register",
 		IsAuthenticated: isAuthenticated(c),
+		CacheParameter:  controller.config.CacheParameter,
 	}
 	c.HTML(http.StatusOK, "register.html", pd)
 }
@ -29,6 +32,7 @@ func (controller Controller) RegisterPost(c *gin.Context) {
 	pd := PageData{
 		Title:           "Register",
 		IsAuthenticated: isAuthenticated(c),
+		CacheParameter:  controller.config.CacheParameter,
 	}
 	password := c.PostForm("password")
 	if len(password) < 8 {
@ -53,6 +57,21 @@ func (controller Controller) RegisterPost(c *gin.Context) {
 	}

 	email := c.PostForm("email")
+
+	// Validate the email
+	validate := validator.New()
+	err = validate.Var(email, "required,email")
+
+	if err != nil {
+		pd.Messages = append(pd.Messages, Message{
+			Type:    "error",
+			Content: registerError,
+		})
+		log.Println(err)
+		c.HTML(http.StatusInternalServerError, "register.html", pd)
+		return
+	}
+
 	user := models.User{Email: email}

 	res := controller.db.Where(&user).First(&user)
@ -115,6 +134,7 @@ func (controller Controller) activationEmailHandler(userID uint, email string) {

 	activationToken.ModelID = int(userID)
 	activationToken.ModelType = "User"
+	activationToken.ExpiresAt = time.Now().Add(time.Minute * 10)

 	res = controller.db.Save(&activationToken)
 	if res.Error != nil || res.RowsAffected == 0 {
--- a/routes/resendactivation.go
+++ b/routes/resendactivation.go
@ -11,6 +11,7 @@ func (controller Controller) ResendActivation(c *gin.Context) {
 	pd := PageData{
 		Title:           "Resend Activation Email",
 		IsAuthenticated: isAuthenticated(c),
+		CacheParameter:  controller.config.CacheParameter,
 	}
 	c.HTML(http.StatusOK, "resendactivation.html", pd)
 }
@ -19,6 +20,7 @@ func (controller Controller) ResendActivationPost(c *gin.Context) {
 	pd := PageData{
 		Title:           "Resend Activation Email",
 		IsAuthenticated: isAuthenticated(c),
+		CacheParameter:  controller.config.CacheParameter,
 	}
 	email := c.PostForm("email")
 	user := models.User{Email: email}
--- a/routes/resetpassword.go
+++ b/routes/resetpassword.go
@ -19,6 +19,7 @@ func (controller Controller) ResetPassword(c *gin.Context) {
 		PageData: PageData{
 			Title:           "Reset Password",
 			IsAuthenticated: isAuthenticated(c),
+			CacheParameter:  controller.config.CacheParameter,
 		},
 		Token: token,
 	}
@ -34,6 +35,7 @@ func (controller Controller) ResetPasswordPost(c *gin.Context) {
 		PageData: PageData{
 			Title:           "Reset Password",
 			IsAuthenticated: isAuthenticated(c),
+			CacheParameter:  controller.config.CacheParameter,
 		},
 		Token: token,
 	}
@ -63,6 +65,15 @@ func (controller Controller) ResetPasswordPost(c *gin.Context) {
 		return
 	}

+	if forgotPasswordToken.HasExpired() {
+		pd.Messages = append(pd.Messages, Message{
+			Type:    "error",
+			Content: resetError,
+		})
+		c.HTML(http.StatusBadRequest, "resetpassword.html", pd)
+		return
+	}
+
 	user := models.User{}
 	user.ID = uint(forgotPasswordToken.ModelID)
 	res = controller.db.Where(&user).First(&user)
--- a/routes/search.go
+++ b/routes/search.go
@ -18,6 +18,7 @@ func (controller Controller) Search(c *gin.Context) {
 		PageData: PageData{
 			Title:           "Search",
 			IsAuthenticated: isAuthenticated(c),
+			CacheParameter:  controller.config.CacheParameter,
 		},
 	}
 	search := c.PostForm("search")