PersonalWebsite/Webserver/Admin.go

package Webserver

import (
	"fmt"
	"log"
	"mime/multipart"
	"net/http"
	"strconv"
	"time"

	"PersonalWebsite/Database"
	"PersonalWebsite/Helper"
	"PersonalWebsite/Variables"

	"github.com/gorilla/mux"
	"github.com/gorilla/sessions"
	"golang.org/x/crypto/bcrypt"
)

func CheckAuth(w http.ResponseWriter, r *http.Request) bool {
	var (
		session        *sessions.Session
		lastActiveUnix int64
		lastActive     time.Time
		auth           bool
		exists         bool
		e              error
	)
	session, e = Variables.CookieStore.Get(r, Variables.CookieName)
	if e != nil {
		return false
	}

	auth, exists = session.Values["authenticated"].(bool)
	if !(auth && exists) {
		return false
	}

	lastActiveUnix, exists = session.Values["lastActive"].(int64)
	if !exists {
		return false
	}
	lastActive = time.Unix(lastActiveUnix, 0)

	lastActive.Add(12 * time.Hour)
	if time.Now().Before(lastActive) {
		session.Values = make(map[interface{}]interface{})
		session.Values["authenticated"] = false
		session.AddFlash("Login Expired")
		e = session.Save(r, w)
		if e != nil {
			log.Println(e.Error())
		}

		return false
	}

	session.Values["lastLogin"] = time.Now().Unix()
	e = session.Save(r, w)
	if e != nil {
		log.Println(e.Error())
		return false
	}

	return true
}

func AdminView(w http.ResponseWriter, r *http.Request) {
	var (
		v          = make(map[string]interface{})
		urlParams  map[string]string
		page       string
		pageInt    int
		pageOffset int
		posts      []Database.Post
		exists     bool
		e          error
	)

	if !CheckAuth(w, r) {
		http.Redirect(w, r, "/admin/login", 302)
		return
	}

	switch r.Method {
	case http.MethodGet:

		urlParams = mux.Vars(r)

		page, exists = urlParams["page"]
		if exists {
			pageInt, e = strconv.Atoi(page)
			if e != nil {
				log.Fatal("Url Parameter page cannot be converted to an int")
			}
		} else {
			pageInt = 0
		}

		pageOffset = pageInt * 10

		posts, e = Database.GetPostsList(10, pageOffset)

		v["Posts"] = posts

		ServeTemplate(w, r, "html/admin/admin-index.gohtml", v)
		return
	}
}

func comparePasswords(hashedPwd, plainPwd string) bool {
	var (
		e error
	)
	e = bcrypt.CompareHashAndPassword(
		[]byte(hashedPwd),
		[]byte(plainPwd),
	)
	if e != nil {
		return false
	}

	return true
}

func AdminLogin(w http.ResponseWriter, r *http.Request) {
	var (
		session  *sessions.Session
		v        = make(map[string]interface{})
		flashes  []interface{}
		username string
		password string
		e        error
	)

	if CheckAuth(w, r) {
		http.Redirect(w, r, "/admin", 302)
		return
	}

	session, e = Variables.CookieStore.Get(r, Variables.CookieName)
	if e != nil {
		log.Println("Could not get session cookie")
		http.Error(w, "Error", http.StatusInternalServerError)
		return
	}

	switch r.Method {
	case http.MethodGet:
		flashes = session.Flashes()
		e = session.Save(r, w)
		if e != nil {
			log.Println(e.Error())
			return
		}
		if len(flashes) > 0 {
			v["FlashMsg"] = flashes[0].(string)
		}

		ServeTemplate(w, r, "html/admin/admin-login.gohtml", v)
		return

	case http.MethodPost:
		e = r.ParseForm()
		if e != nil {
			log.Println(e.Error())
			http.Redirect(w, r, "/login", 302)
		}

		username = r.FormValue("username")
		password = r.FormValue("password")

		if username != Variables.AdminPassword && !comparePasswords(Variables.AdminPassword, password) {
			session.AddFlash("Invalid Username or Password")
			e = session.Save(r, w)
			if e != nil {
				log.Println(e.Error())
			}
			http.Redirect(w, r, "/admin/login", 302)
			return

		}

		session.Values["authenticated"] = true
		session.Values["lastActive"] = time.Now().Unix()
		session.Save(r, w)

		http.Redirect(w, r, "/admin", 302)
		return
	}
}

func AdminNewPost(w http.ResponseWriter, r *http.Request) {
	var (
		session                     *sessions.Session
		v                           = make(map[string]interface{})
		flashes                     []interface{}
		title, subject, intro, body string
		bodyPath                    string
		mainFilePath                string = ""
		fileUpload                  []*multipart.FileHeader
		//otherImgs                   string
		e error
	)

	if !CheckAuth(w, r) {
		http.Redirect(w, r, "/admin/login", 302)
		return
	}

	session, e = Variables.CookieStore.Get(r, Variables.CookieName)
	if e != nil {
		log.Println("Could not get session cookie")
		http.Error(w, "Error", http.StatusInternalServerError)
		return
	}

	switch r.Method {
	case http.MethodGet:
		flashes = session.Flashes()
		e = session.Save(r, w)
		if e != nil {
			log.Println(e.Error())
			return
		}
		if len(flashes) > 0 {
			v["FlashMsg"] = flashes[0].(string)
		}

		ServeTemplate(w, r, "html/admin/admin-new-post.gohtml", v)
		return

	case http.MethodPost:

		title = r.FormValue("title")
		subject = r.FormValue("subject")
		intro = r.FormValue("intro")
		body = r.FormValue("body")

		bodyPath, e = Helper.WriteBody(title, body)
		if e != nil {
			log.Fatal(e)
		}

		r.ParseMultipartForm(32 << 20) // 32MB is the default used by FormFile
		fileUpload = r.MultipartForm.File["img"]

		Helper.UploadFiles(fileUpload)

		if len(fileUpload) == 1 {
			mainFilePath = fileUpload[0].Filename
		}

		fileUpload = r.MultipartForm.File["files"]

		Helper.UploadFiles(fileUpload)

		Database.CreatePost(
			Database.Post{
				Title:     title,
				Subject:   subject,
				Intro:     intro,
				HtmlPath:  bodyPath,
				MainImage: mainFilePath,
			},
		)

		http.Redirect(w, r, "/admin", 302)
		return
	}
}

func AdminEditPost(w http.ResponseWriter, r *http.Request) {
	var (
		session                     *sessions.Session
		v                           = make(map[string]interface{})
		urlParams                   map[string]string
		flashes                     []interface{}
		title, subject, intro, body string
		bodyPath                    string
		post                        Database.Post
		fileUpload                  []*multipart.FileHeader
		e                           error
	)

	if !CheckAuth(w, r) {
		http.Redirect(w, r, "/admin/login", 302)
		return
	}

	session, e = Variables.CookieStore.Get(r, Variables.CookieName)
	if e != nil {
		log.Println("Could not get session cookie")
		http.Error(w, "Error", http.StatusInternalServerError)
		return
	}

	switch r.Method {
	case http.MethodGet:
		flashes = session.Flashes()
		e = session.Save(r, w)
		if e != nil {
			log.Println(e.Error())
			return
		}
		if len(flashes) > 0 {
			v["FlashMsg"] = flashes[0].(string)
		}

		urlParams = mux.Vars(r)

		post, e = Database.GetPostById(urlParams["id"])
		if e != nil {
			log.Fatal("Cannot get Post by id")
		}

		post.Body, e = Helper.GetFileContents(post.HtmlPath)
		if e != nil {
			log.Fatal("Cannot read body file")
		}

		v["Post"] = post

		ServeTemplate(w, r, "html/admin/admin-update-post.gohtml", v)
		return

	case http.MethodPost:

		urlParams = mux.Vars(r)

		post, e = Database.GetPostById(urlParams["id"])
		if e != nil {
			log.Fatal("Cannot get Post by id")
		}

		title = r.FormValue("title")
		subject = r.FormValue("subject")
		intro = r.FormValue("intro")
		body = r.FormValue("body")

		if title != post.Title {
			defer Helper.DeleteOldPostFile(post.Title)
		}

		bodyPath, e = Helper.WriteBody(title, body)
		if e != nil {
			log.Fatal(e)
		}

		r.ParseMultipartForm(32 << 20) // 32MB is the default used by FormFile
		fileUpload = r.MultipartForm.File["img"]

		Helper.UploadFiles(fileUpload)

		if len(fileUpload) == 1 {
			post.MainImage = fileUpload[0].Filename
		}

		fileUpload = r.MultipartForm.File["files"]

		Helper.UploadFiles(fileUpload)

		post.Title = title
		post.Subject = subject
		post.Intro = intro
		post.HtmlPath = bodyPath

		Database.UpdatePost(
			post,
		)

		http.Redirect(w, r, fmt.Sprintf("/admin/post/%s/edit", post.ID), 302)
		return
	}
}