login redirect

go.mod

@@ -0,0 +1,5 @@
+module klice25
+
+go 1.24.6
+
+require github.com/mattn/go-sqlite3 v1.14.32

insertTestData.sql

@@ -4,11 +4,11 @@ INSERT INTO DIFFICULTY_LEVELS (id, level_name) VALUES
     (2, 'Střední'),
     (3, 'Těžká');
 
--- Vložení týmů
+-- Vložení týmů: heslo1, heslo2, heslo3
 INSERT INTO TEAMS (id, name, city, difficulty_level, password, last_cipher, penalty) VALUES
-    (1, 'Rychlé šípy', 'Praha', 1, 'heslo1', 0, 0),
-    (2, 'Vlčí smečka', 'Brno', 2, 'heslo2', 0, 10),
-    (3, 'Orli', 'Ostrava', 3, 'heslo3', 1, 5);
+    (1, 'Rychlé šípy', 'Praha', 1, '4bc2ef0648cdf275032c83bb1e87dd554d47f4be293670042212c8a01cc2ccbe', 0, 0),
+    (2, 'Vlčí smečka', 'Brno', 2, '274efeaa827a33d7e35be9a82cd6150b7caf98f379a4252aa1afce45664dcbe1', 0, 10),
+    (3, 'Orli', 'Ostrava', 3, '05af533c6614544a704c4cf51a45be5c10ff19bd10b7aa1dfe47efc0fd059ede', 1, 5);
 
 -- Vložení pozic
 INSERT INTO POSITIONS (id, gps, clue) VALUES
@@ -34,6 +34,6 @@ INSERT INTO TASKS (id, cipher_id, position_id, difficulty_level, order_num, end_
     (2, 2, 2, 2, 2, 'Hledej QR kód u stromu.'),
     (3, 3, 3, 3, 3, 'Gratulujeme, jsi v cíli!');
 
--- Vložení admina
+-- Vložení admina: heslo
 INSERT INTO ADMINS (id, username, password) VALUES
-    (1, 'admin', 'adminheslo');
+    (1, 'admin', '56b1db8133d9eb398aabd376f07bf8ab5fc584ea0b8bd6a1770200cb613ca005');

klice.go

@@ -0,0 +1,143 @@
+package main
+
+import (
+	"crypto/sha256"
+	"database/sql"
+	"encoding/hex"
+	"fmt"
+	"io"
+	"net/http"
+	"os"
+
+	_ "github.com/mattn/go-sqlite3"
+)
+
+var db *sql.DB
+
+func hashPassword(password string) string {
+	hash := sha256.Sum256([]byte(password))
+	return hex.EncodeToString(hash[:])
+}
+
+func loginHandler(w http.ResponseWriter, r *http.Request) {
+	if r.Method == http.MethodPost {
+		// Handle login logic here
+		if err := r.ParseForm(); err != nil {
+			http.Error(w, "Could not parse form", http.StatusBadRequest)
+			return
+		}
+		password := r.FormValue("password")
+		hashedPassword := hashPassword(password)
+		var teamID int
+
+		err := db.QueryRow("SELECT id FROM teams WHERE password = ?", hashedPassword).Scan(&teamID)
+		if err == sql.ErrNoRows {
+			http.Error(w, "No team found", http.StatusUnauthorized)
+			return
+		} else if err != nil {
+			http.Error(w, "Could not retrieve team", http.StatusInternalServerError)
+			return
+		}
+
+		var sessionID string
+		sessionID = hashedPassword
+		cookie := &http.Cookie{
+			Name:  "session_id",
+			Value: sessionID,
+			Path:  "/",
+		}
+		http.SetCookie(w, cookie)
+
+		redir, err := r.Cookie("url")
+		if err == nil {
+			redir.MaxAge = -1
+			http.SetCookie(w, redir)
+			http.Redirect(w, r, redir.Value, http.StatusSeeOther)
+		} else {
+			http.Redirect(w, r, "/team", http.StatusSeeOther)
+		}
+	} else if r.Method == http.MethodGet {
+		loginPage, err := os.Open("login.html")
+		if err != nil {
+			http.Error(w, "Could not open login page", http.StatusInternalServerError)
+			return
+		}
+		defer loginPage.Close()
+
+		io.Copy(w, loginPage)
+	}
+}
+
+func logoutHandler(w http.ResponseWriter, r *http.Request) {
+	cookie := &http.Cookie{
+		Name:     "session_id",
+		Value:    "",
+		Path:     "/",
+		MaxAge:   -1,
+		HttpOnly: true,
+		SameSite: http.SameSiteStrictMode,
+	}
+	http.SetCookie(w, cookie)
+
+	http.Redirect(w, r, "/login", http.StatusSeeOther)
+}
+
+func isLoggedIn(w http.ResponseWriter, r *http.Request) (bool, int) {
+	var exist bool = true
+	var teamID int
+	cookie, err := r.Cookie("session_id")
+	if err != nil {
+		exist = false
+	} else {
+		err = db.QueryRow("SELECT id FROM teams WHERE password = ?", cookie.Value).Scan(&teamID)
+		if err == sql.ErrNoRows {
+			exist = false
+		} else if err != nil {
+			exist = false
+		}
+	}
+
+	if !exist {
+		redir := &http.Cookie{
+			Name:     "url",
+			Value:    r.URL.String(),
+			MaxAge:   300,
+			Path:     "/",
+			HttpOnly: true,
+			SameSite: http.SameSiteStrictMode,
+		}
+		http.SetCookie(w, redir)
+		http.Redirect(w, r, "/login", http.StatusSeeOther)
+		return false, 0
+	}
+	return true, teamID
+}
+
+func teamInfoHandler(w http.ResponseWriter, r *http.Request) {
+	if loggedIn, teamID := isLoggedIn(w, r); loggedIn {
+		var teamName, city string
+		err := db.QueryRow("SELECT name, city FROM teams WHERE id = ?", teamID).Scan(&teamName, &city)
+		if err != nil {
+			http.Error(w, "Could not retrieve team information", http.StatusInternalServerError)
+			return
+		}
+		fmt.Fprintf(w, "Team Name: %s, City: %s", teamName, city)
+	}
+}
+
+func main() {
+	var err error
+	db, err = sql.Open("sqlite3", "./klice.db?_fk=on")
+	if err != nil {
+		fmt.Println("Error opening database:", err)
+		return
+	}
+	defer db.Close()
+
+	http.HandleFunc("/login", loginHandler)
+	http.HandleFunc("/logout", logoutHandler)
+	http.HandleFunc("/team", teamInfoHandler)
+
+	fmt.Println("Server started at :8080")
+	http.ListenAndServe(":8080", nil)
+}

login.html

@@ -0,0 +1,20 @@
+<!DOCTYPE html>
+<html lang="cs">
+
+<head>
+    <meta charset="UTF-8">
+    <meta name="viewport" content="width=device-width, initial-scale=1.0">
+    <title>Login</title>
+</head>
+
+<body>
+    <h1>Login</h1>
+    <form action="/login" method="post">
+        <label for="password">Heslo:</label>
+        <input type="password" id="password" name="password" required>
+        <br>
+        <button type="submit">Přihlásit se</button>
+    </form>
+</body>
+
+</html>