Dragon-Knight/internal/routes/auth.go

package routes

import (
	"fmt"
	"strings"

	"dk/internal/auth"
	"dk/internal/csrf"
	"dk/internal/database"
	"dk/internal/middleware"
	"dk/internal/password"
	"dk/internal/router"
	"dk/internal/template"
	"dk/internal/template/components"
	"dk/internal/users"

	"github.com/valyala/fasthttp"
)

// RegisterAuthRoutes sets up authentication routes
func RegisterAuthRoutes(r *router.Router) {
	// Guest routes
	guestGroup := r.Group("")
	guestGroup.Use(middleware.RequireGuest("/"))

	guestGroup.Get("/login", showLogin)
	guestGroup.Post("/login", processLogin())
	guestGroup.Get("/register", showRegister)
	guestGroup.Post("/register", processRegister())

	// Authenticated routes
	authGroup := r.Group("")
	authGroup.Use(middleware.RequireAuth("/login"))

	authGroup.Post("/logout", processLogout())
}

// showLogin displays the login form
func showLogin(ctx router.Ctx, params []string) {
	loginTmpl, err := template.Cache.Load("auth/login.html")
	if err != nil {
		ctx.SetStatusCode(fasthttp.StatusInternalServerError)
		fmt.Fprintf(ctx, "Template error: %v", err)
		return
	}

	loginFormData := map[string]any{
		"csrf_token":    csrf.GetToken(ctx, auth.Manager),
		"csrf_field":    csrf.HiddenField(ctx, auth.Manager),
		"error_message": "",
	}

	loginContent := loginTmpl.RenderNamed(loginFormData)

	pageData := components.NewPageData("Login - Dragon Knight", loginContent)
	if err := components.RenderPage(ctx, pageData, nil); err != nil {
		ctx.SetStatusCode(fasthttp.StatusInternalServerError)
		fmt.Fprintf(ctx, "Template error: %v", err)
		return
	}
}

// processLogin handles login form submission
func processLogin() router.Handler {
	return func(ctx router.Ctx, params []string) {
		if !csrf.ValidateFormToken(ctx, auth.Manager) {
			ctx.SetStatusCode(fasthttp.StatusForbidden)
			ctx.WriteString("CSRF validation failed")
			return
		}

		email := strings.TrimSpace(string(ctx.PostArgs().Peek("email")))
		userPassword := string(ctx.PostArgs().Peek("password"))

		if email == "" || userPassword == "" {
			showLoginError(ctx, "Email and password are required")
			return
		}

		user, err := auth.Manager.Authenticate(email, userPassword)
		if err != nil {
			showLoginError(ctx, "Invalid email or password")
			return
		}

		middleware.Login(ctx, auth.Manager, user)

		// Transfer CSRF token from cookie to session for authenticated user
		if cookieToken := csrf.GetTokenFromCookie(ctx); cookieToken != "" {
			if session := csrf.GetCurrentSession(ctx); session != nil {
				csrf.StoreToken(session, cookieToken)
			}
		}

		ctx.Redirect("/", fasthttp.StatusFound)
	}
}

// showRegister displays the registration form
func showRegister(ctx router.Ctx, _ []string) {
	registerTmpl, err := template.Cache.Load("auth/register.html")
	if err != nil {
		ctx.SetStatusCode(fasthttp.StatusInternalServerError)
		fmt.Fprintf(ctx, "Template error: %v", err)
		return
	}

	registerContent := registerTmpl.RenderNamed(map[string]any{
		"csrf_token":    csrf.GetToken(ctx, auth.Manager),
		"csrf_field":    csrf.HiddenField(ctx, auth.Manager),
		"error_message": "",
		"username":      "",
		"email":         "",
	})

	pageData := components.NewPageData("Register - Dragon Knight", registerContent)
	if err := components.RenderPage(ctx, pageData, nil); err != nil {
		ctx.SetStatusCode(fasthttp.StatusInternalServerError)
		fmt.Fprintf(ctx, "Template error: %v", err)
		return
	}
}

// processRegister handles registration form submission
func processRegister() router.Handler {
	return func(ctx router.Ctx, params []string) {
		if !csrf.ValidateFormToken(ctx, auth.Manager) {
			ctx.SetStatusCode(fasthttp.StatusForbidden)
			ctx.WriteString("CSRF validation failed")
			return
		}

		username := strings.TrimSpace(string(ctx.PostArgs().Peek("username")))
		email := strings.TrimSpace(string(ctx.PostArgs().Peek("email")))
		userPassword := string(ctx.PostArgs().Peek("password"))
		confirmPassword := string(ctx.PostArgs().Peek("confirm_password"))

		if err := validateRegistration(username, email, userPassword, confirmPassword); err != nil {
			showRegisterError(ctx, err.Error(), username, email)
			return
		}

		if _, err := users.GetByUsername(username); err == nil {
			showRegisterError(ctx, "Username already exists", username, email)
			return
		}

		if _, err := users.GetByEmail(email); err == nil {
			showRegisterError(ctx, "Email already registered", username, email)
			return
		}

		user := users.New()
		user.Username = username
		user.Email = email
		user.Password = password.Hash(userPassword)
		user.ClassID = 1
		user.Auth = 1

		if err := user.Insert(); err != nil {
			showRegisterError(ctx, "Failed to create account", username, email)
			return
		}

		// Auto-login after registration
		middleware.Login(ctx, auth.Manager, user)

		// Transfer CSRF token from cookie to session for authenticated user
		if cookieToken := csrf.GetTokenFromCookie(ctx); cookieToken != "" {
			if session := csrf.GetCurrentSession(ctx); session != nil {
				csrf.StoreToken(session, cookieToken)
			}
		}

		ctx.Redirect("/", fasthttp.StatusFound)
	}
}

// processLogout handles logout
func processLogout() router.Handler {
	return func(ctx router.Ctx, params []string) {
		// Validate CSRF token
		if !csrf.ValidateFormToken(ctx, auth.Manager) {
			ctx.SetStatusCode(fasthttp.StatusForbidden)
			ctx.WriteString("CSRF validation failed")
			return
		}

		middleware.Logout(ctx, auth.Manager)
		ctx.Redirect("/", fasthttp.StatusFound)
	}
}

// Helper functions

func showLoginError(ctx router.Ctx, errorMsg string) {
	loginTmpl, err := template.Cache.Load("auth/login.html")
	if err != nil {
		ctx.SetStatusCode(fasthttp.StatusInternalServerError)
		fmt.Fprintf(ctx, "Template error: %v", err)
		return
	}

	var errorHTML string
	if errorMsg != "" {
		errorHTML = fmt.Sprintf(`<div style="color: red; margin-bottom: 1rem;">%s</div>`, errorMsg)
	}

	loginFormData := map[string]any{
		"csrf_token":    csrf.GetToken(ctx, auth.Manager),
		"csrf_field":    csrf.HiddenField(ctx, auth.Manager),
		"error_message": errorHTML,
	}

	loginContent := loginTmpl.RenderNamed(loginFormData)

	ctx.SetStatusCode(fasthttp.StatusBadRequest)
	pageData := components.NewPageData("Login - Dragon Knight", loginContent)
	if err := components.RenderPage(ctx, pageData, nil); err != nil {
		ctx.SetStatusCode(fasthttp.StatusInternalServerError)
		fmt.Fprintf(ctx, "Template error: %v", err)
		return
	}
}

func showRegisterError(ctx router.Ctx, errorMsg, username, email string) {
	registerTmpl, err := template.Cache.Load("auth/register.html")
	if err != nil {
		ctx.SetStatusCode(fasthttp.StatusInternalServerError)
		fmt.Fprintf(ctx, "Template error: %v", err)
		return
	}

	var errorHTML string
	if errorMsg != "" {
		errorHTML = fmt.Sprintf(`<div style="color: red; margin-bottom: 1rem;">%s</div>`, errorMsg)
	}

	registerFormData := map[string]any{
		"csrf_token":    csrf.GetToken(ctx, auth.Manager),
		"csrf_field":    csrf.HiddenField(ctx, auth.Manager),
		"error_message": errorHTML,
		"username":      username,
		"email":         email,
	}

	registerContent := registerTmpl.RenderNamed(registerFormData)

	ctx.SetStatusCode(fasthttp.StatusBadRequest)
	pageData := components.NewPageData("Register - Dragon Knight", registerContent)
	if err := components.RenderPage(ctx, pageData, nil); err != nil {
		ctx.SetStatusCode(fasthttp.StatusInternalServerError)
		fmt.Fprintf(ctx, "Template error: %v", err)
		return
	}
}

func validateRegistration(username, email, password, confirmPassword string) error {
	if username == "" {
		return fmt.Errorf("username is required")
	}
	if len(username) < 3 {
		return fmt.Errorf("username must be at least 3 characters")
	}
	if email == "" {
		return fmt.Errorf("email is required")
	}
	if !strings.Contains(email, "@") {
		return fmt.Errorf("invalid email address")
	}
	if password == "" {
		return fmt.Errorf("password is required")
	}
	if len(password) < 6 {
		return fmt.Errorf("password must be at least 6 characters")
	}
	if password != confirmPassword {
		return fmt.Errorf("passwords do not match")
	}
	return nil
}

// createUser inserts a new user into the database
// This is a simplified version - in a real app you'd have a proper users.Create function
func createUser(user *users.User) error {
	query := `INSERT INTO users (username, password, email, verified, auth) VALUES (?, ?, ?, ?, ?)`

	err := database.Exec(query, user.Username, user.Password, user.Email, user.Verified, user.Auth)
	if err != nil {
		return fmt.Errorf("failed to insert user: %w", err)
	}

	// Get the user ID (simplified - in real app you'd return it from insert)
	createdUser, err := users.GetByUsername(user.Username)
	if err != nil {
		return fmt.Errorf("failed to get created user: %w", err)
	}

	user.ID = createdUser.ID
	return nil
}