From 975acbf0401694d36987da72b6929c950d89aaab Mon Sep 17 00:00:00 2001
From: Konotorii <79553360+konotorii@users.noreply.github.com>
Date: Sun, 2 Jun 2024 12:50:21 -0400
Subject: [PATCH] feat: sessions, engine rework

---
 main.go | 109 +++++++++++++++++++++++++++++++++++++++++++++++++++-----
 1 file changed, 101 insertions(+), 8 deletions(-)

diff --git a/main.go b/main.go
index 937dab5..1034412 100644
--- a/main.go
+++ b/main.go
@@ -1,21 +1,114 @@
 package main
 
-//import "net/http"
-//import "io"
-//import "log"
-
 //import "github.com/sunshineplan/imgconv"
 
 import (
+	"fmt"
+	_ "io"
+	"log"
+	"net/http"
+	"os"
+	"strings"
+
+	"github.com/gin-contrib/sessions"
+	"github.com/gin-contrib/sessions/cookie"
 	"github.com/gin-gonic/gin"
 )
 
+const userKey = "user"
+
+var secret = []byte(os.Getenv("SECRET"))
+
 func main() {
-	router := gin.Default()
+	r := engine()
+	r.Use(gin.Logger())
+	if err := engine().Run(":8080"); err != nil {
+		log.Fatal("unable to start:", err)
+	}
+}
+
+func engine() *gin.Engine {
+	r := gin.New()
+
+	r.Use(sessions.Sessions("session", cookie.NewStore(secret)))
+
+	r.GET("/img", getServeImage)
+	r.POST("/login", login)
+	r.GET("/logout", logout)
+
+	admin := r.Group("/admin")
+	admin.Use(AuthRequired)
+	{
+		admin.POST("/upload", postImage)
+	}
+
+	return r
+}
+
+func getServeImage(c *gin.Context) {
+
+}
+
+func postImage(c *gin.Context) {
+	// Single file
+	file, _ := c.FormFile("file")
+	log.Println(file.Filename)
+
+	// Upload the file to specific dst.
+	c.SaveUploadedFile(file, "./public")
+
+	c.String(http.StatusOK, fmt.Sprintf("'%s' uploaded!", file.Filename))
+}
+
+func AuthRequired(c *gin.Context) {
+	session := sessions.Default(c)
+	user := session.Get(userKey)
+	if user == nil {
+		// Abort the request with the appropriate error code
+		c.AbortWithStatusJSON(http.StatusUnauthorized, gin.H{"error": "unauthorized"})
+		return
+	}
+	// Continue down the chain to handler etc
+	c.Next()
+}
+
+func login(c *gin.Context) {
+	session := sessions.Default(c)
+	username := c.PostForm("username")
+	password := c.PostForm("password")
+
+	// Validate form input
+	if strings.Trim(username, " ") == "" || strings.Trim(password, " ") == "" {
+		c.JSON(http.StatusBadRequest, gin.H{"error": "Parameters can't be empty"})
+		return
+	}
+
+	// Check for username and password match, usually from a database
+	if username != "hello" || password != "itsme" {
+		c.JSON(http.StatusUnauthorized, gin.H{"error": "Authentication failed"})
+		return
+	}
 
-	router.Run("localhost:8000")
+	// Save the username in the session
+	session.Set(userKey, username) // In real world usage you'd set this to the users ID
+	if err := session.Save(); err != nil {
+		c.JSON(http.StatusInternalServerError, gin.H{"error": "Failed to save session"})
+		return
+	}
+	c.JSON(http.StatusOK, gin.H{"message": "Successfully authenticated user"})
 }
 
-func convertImage(c *gin.Context) {
-	url := c.Param("url")
+func logout(c *gin.Context) {
+	session := sessions.Default(c)
+	user := session.Get(userKey)
+	if user == nil {
+		c.JSON(http.StatusBadRequest, gin.H{"error": "Invalid session token"})
+		return
+	}
+	session.Delete(userKey)
+	if err := session.Save(); err != nil {
+		c.JSON(http.StatusInternalServerError, gin.H{"error": "Failed to save session"})
+		return
+	}
+	c.JSON(http.StatusOK, gin.H{"message": "Successfully logged out"})
 }