First commit

2025-09-15 18:57:04 +00:00 · 2017-11-19 21:10:04 -08:00 · 2017-11-19 21:10:04 -08:00 · 8ffb773f43
commit 8ffb773f43
2121 changed files with 1118910 additions and 0 deletions
--- a/server/ui/controller/login.go
+++ b/server/ui/controller/login.go
@ -0,0 +1,91 @@
+// Copyright 2017 Frédéric Guillot. All rights reserved.
+// Use of this source code is governed by the Apache 2.0
+// license that can be found in the LICENSE file.
+
+package controller
+
+import (
+	"github.com/miniflux/miniflux2/server/core"
+	"github.com/miniflux/miniflux2/server/ui/form"
+	"log"
+	"net/http"
+	"time"
+
+	"github.com/tomasen/realip"
+)
+
+func (c *Controller) ShowLoginPage(ctx *core.Context, request *core.Request, response *core.Response) {
+	if ctx.IsAuthenticated() {
+		response.Redirect(ctx.GetRoute("unread"))
+		return
+	}
+
+	response.Html().Render("login", tplParams{
+		"csrf": ctx.GetCsrfToken(),
+	})
+}
+
+func (c *Controller) CheckLogin(ctx *core.Context, request *core.Request, response *core.Response) {
+	authForm := form.NewAuthForm(request.GetRequest())
+	tplParams := tplParams{
+		"errorMessage": "Invalid username or password.",
+		"csrf":         ctx.GetCsrfToken(),
+	}
+
+	if err := authForm.Validate(); err != nil {
+		log.Println(err)
+		response.Html().Render("login", tplParams)
+		return
+	}
+
+	if err := c.store.CheckPassword(authForm.Username, authForm.Password); err != nil {
+		log.Println(err)
+		response.Html().Render("login", tplParams)
+		return
+	}
+
+	sessionToken, err := c.store.CreateSession(
+		authForm.Username,
+		request.GetHeaders().Get("User-Agent"),
+		realip.RealIP(request.GetRequest()),
+	)
+	if err != nil {
+		response.Html().ServerError(err)
+		return
+	}
+
+	log.Printf("[UI:CheckLogin] username=%s just logged in\n", authForm.Username)
+
+	cookie := &http.Cookie{
+		Name:     "sessionID",
+		Value:    sessionToken,
+		Path:     "/",
+		Secure:   request.IsHTTPS(),
+		HttpOnly: true,
+	}
+
+	response.SetCookie(cookie)
+	response.Redirect(ctx.GetRoute("unread"))
+}
+
+func (c *Controller) Logout(ctx *core.Context, request *core.Request, response *core.Response) {
+	user := ctx.GetLoggedUser()
+
+	sessionCookie := request.GetCookie("sessionID")
+	if err := c.store.RemoveSessionByToken(user.ID, sessionCookie); err != nil {
+		log.Printf("[UI:Logout] %v", err)
+	}
+
+	cookie := &http.Cookie{
+		Name:     "sessionID",
+		Value:    "",
+		Path:     "/",
+		Secure:   request.IsHTTPS(),
+		HttpOnly: true,
+		MaxAge:   -1,
+		Expires:  time.Date(1970, 1, 1, 0, 0, 0, 0, time.UTC),
+	}
+
+	response.SetCookie(cookie)
+	response.Redirect(ctx.GetRoute("login"))
+}