Finished :)

api/auth.go

@@ -0,0 +1,80 @@
+package api
+
+import (
+	"net/http"
+	"time"
+
+	"sprintpadawan/lib"
+)
+
+func handleLogin(w http.ResponseWriter, r *http.Request) {
+	if r.Method == http.MethodGet {
+		if isLoggedIn(r) {
+			http.Redirect(w, r, "/", http.StatusSeeOther)
+			return
+		}
+		renderTemplate(w, "login.html", nil)
+		return
+	}
+
+	username := r.FormValue("username")
+	password := r.FormValue("password")
+
+	user, err := lib.GetUserByUsername(username)
+	if err != nil || !lib.CheckPasswordHash(password, user.PasswordHash) {
+		renderTemplate(w, "login.html", map[string]string{"Error": "Invalid credentials"})
+		return
+	}
+
+	sessionID, _ := lib.CreateSession(user.ID)
+	http.SetCookie(w, &http.Cookie{
+		Name:     "session_token",
+		Value:    sessionID,
+		Expires:  time.Now().Add(24 * time.Hour),
+		HttpOnly: true,
+		Path:     "/",
+	})
+
+	http.Redirect(w, r, "/", http.StatusSeeOther)
+}
+
+func handleRegister(w http.ResponseWriter, r *http.Request) {
+	if r.Method == http.MethodGet {
+		if isLoggedIn(r) {
+			http.Redirect(w, r, "/", http.StatusSeeOther)
+			return
+		}
+		renderTemplate(w, "register.html", nil)
+		return
+	}
+
+	username := r.FormValue("username")
+	password := r.FormValue("password")
+	confirm := r.FormValue("confirm_password")
+
+	if password != confirm {
+		renderTemplate(w, "register.html", map[string]string{"Error": "Passwords do not match"})
+		return
+	}
+
+	if err := lib.CreateUser(username, password); err != nil {
+		renderTemplate(w, "register.html", map[string]string{"Error": "Username taken"})
+		return
+	}
+
+	http.Redirect(w, r, "/login", http.StatusSeeOther)
+}
+
+func handleLogout(w http.ResponseWriter, r *http.Request) {
+	cookie, err := r.Cookie("session_token")
+	if err == nil {
+		lib.DeleteSession(cookie.Value)
+	}
+	http.SetCookie(w, &http.Cookie{
+		Name:    "session_token",
+		Value:   "",
+		Expires: time.Now().Add(-1 * time.Hour),
+		Path:    "/",
+	})
+	http.Redirect(w, r, "/login", http.StatusSeeOther)
+}