semlanik
/
gostfix


			
				
					
						
						
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158
							/*
 * MIT License
 *
 * Copyright (c) 2020 Alexey Edelev <semlanik@gmail.com>
 *
 * This file is part of gostfix project https://git.semlanik.org/semlanik/gostfix
 *
 * Permission is hereby granted, free of charge, to any person obtaining a copy of this
 * software and associated documentation files (the "Software"), to deal in the Software
 * without restriction, including without limitation the rights to use, copy, modify,
 * merge, publish, distribute, sublicense, and/or sell copies of the Software, and
 * to permit persons to whom the Software is furnished to do so, subject to the following
 * conditions:
 *
 * The above copyright notice and this permission notice shall be included in all copies
 * or substantial portions of the Software.
 *
 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED,
 * INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
 * PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE
 * FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR
 * OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
 * DEALINGS IN THE SOFTWARE.
 */

package web

import (
	"fmt"
	template "html/template"
	"log"
	"net/http"

	"git.semlanik.org/semlanik/gostfix/common"
	"git.semlanik.org/semlanik/gostfix/config"
	"git.semlanik.org/semlanik/gostfix/utils"
)

func (s *Server) handleRegister(w http.ResponseWriter, r *http.Request) {
	if !config.ConfigInstance().RegistrationEnabled {
		s.error(http.StatusNotImplemented, "Registration is disabled on this server", w)
		return
	}

	//Check if user already logged in and entered register page accidently
	if s.authenticator.Verify(s.extractAuth(w, r)) {
		http.Redirect(w, r, "/m/0", http.StatusTemporaryRedirect)
		return
	}

	switch r.Method {
	case "GET":
		fmt.Fprint(w, s.templater.ExecuteRegister(&struct {
			Version string
			Domain  string
		}{common.Version, config.ConfigInstance().MyDomain}))
		return
	case "POST":
		user := r.FormValue("user")
		password := r.FormValue("password")
		fullName := r.FormValue("fullName")
		if user != "" && password != "" && fullName != "" {
			ok, email := s.checkEmail(user)
			if ok && len(password) < 128 && len(fullName) < 128 && utils.RegExpUtilsInstance().FullNameChecker.MatchString(fullName) {
				err := s.storage.AddUser(email, password, fullName)
				if err != nil {
					log.Println(err.Error())
					s.error(http.StatusInternalServerError, "Unable to create user", w)
					return
				}

				s.scanner.Reconfigure()
				token, _ := s.authenticator.Login(email, password)
				s.login(email, token, w, r)
				return
			}
		}
	}

	s.error(http.StatusNotImplemented, "Invalid registration handling", w)
}

func (s *Server) handleLogin(w http.ResponseWriter, r *http.Request) {
	switch r.Method {
	case "GET":
		//Check if user already logged in and entered login page accidently
		if s.authenticator.Verify(s.extractAuth(w, r)) {
			http.Redirect(w, r, "/m/0", http.StatusTemporaryRedirect)
			return
		}
	case "POST":
		//Check passed in form login/password pair first
		user := r.FormValue("user")
		password := r.FormValue("password")
		token, ok := s.authenticator.Login(user, password)
		if ok {
			s.login(user, token, w, r)
			return
		}
	}

	var signupTemplate template.HTML
	if config.ConfigInstance().RegistrationEnabled {
		signupTemplate = template.HTML(s.templater.ExecuteSignup(""))
	} else {
		signupTemplate = ""
	}

	//Otherwise make sure user logged out and show login page
	s.logout(w, r)
	fmt.Fprint(w, s.templater.ExecuteLogin(&struct {
		Version string
		Signup  template.HTML
	}{common.Version, signupTemplate}))
}

func (s *Server) handleLogout(w http.ResponseWriter, r *http.Request) {
	s.logout(w, r)
	http.Redirect(w, r, "/login", http.StatusTemporaryRedirect)
}

func (s *Server) handleCheckEmail(w http.ResponseWriter, r *http.Request) {
	if err := r.ParseForm(); err == nil {
		if ok, _ := s.checkEmail(r.FormValue("user")); ok {
			w.Write([]byte{0})
			return
		}
		s.error(http.StatusNotAcceptable, "Email exists", w)
		return
	}
	s.error(http.StatusBadRequest, "Invalid arguments", w)
	return
}

func (s *Server) checkEmail(user string) (bool, string) {
	email := user + "@" + config.ConfigInstance().MyDomain
	return utils.RegExpUtilsInstance().EmailChecker.MatchString(email) && !s.storage.CheckEmailExists(email), email
}

func (s *Server) logout(w http.ResponseWriter, r *http.Request) {
	session, err := s.sessionStore.Get(r, CookieSessionToken)
	if err == nil {
		if session.Values["user"] != nil && session.Values["token"] != nil {
			s.authenticator.Logout(session.Values["user"].(string), session.Values["token"].(string))
		}
		session.Values["user"] = ""
		session.Values["token"] = ""
		session.Save(r, w)
	}
}

func (s *Server) login(user, token string, w http.ResponseWriter, r *http.Request) {
	session, _ := s.sessionStore.Get(r, CookieSessionToken)
	session.Values["user"] = user
	session.Values["token"] = token
	session.Save(r, w)
	http.Redirect(w, r, "/m/0", http.StatusTemporaryRedirect)
}