admin login

admin.go

@@ -0,0 +1,72 @@
+package main
+
+import (
+	"database/sql"
+	"encoding/base64"
+	"net/http"
+	"regexp"
+)
+
+func adminLoginHandler(w http.ResponseWriter, r *http.Request) {
+	if r.Method == http.MethodGet {
+		http.ServeFile(w, r, "templates/adminLogin.html")
+		return
+	} else if r.Method == http.MethodPost {
+		err := r.ParseForm()
+		if err != nil {
+			http.Error(w, "Error parsing form", http.StatusBadRequest)
+			return
+		}
+		username := r.FormValue("username")
+		password := r.FormValue("password")
+		err = db.QueryRow("SELECT 1 FROM admins WHERE username=? AND PASSWORD=?", username, hashPassword(password)).Scan(new(int))
+		if err == sql.ErrNoRows {
+			http.Error(w, "Invalid credentials", http.StatusUnauthorized)
+			return
+		} else if err != nil {
+			http.Error(w, "Database error", http.StatusInternalServerError)
+			return
+		}
+		http.SetCookie(w, &http.Cookie{Name: "admin_session",
+			Value:    base64.StdEncoding.EncodeToString([]byte(username + ":" + hashPassword(password))),
+			Path:     "/admin/",
+			HttpOnly: true,
+			MaxAge:   3600})
+		http.Redirect(w, r, "/admin/", http.StatusSeeOther)
+		return
+	}
+}
+
+func adminLogoutHandler(w http.ResponseWriter, r *http.Request) {
+	http.SetCookie(w, &http.Cookie{Name: "admin_session", Value: "", Path: "/admin/", HttpOnly: true, MaxAge: -1})
+	http.Redirect(w, r, "/admin/login", http.StatusSeeOther)
+}
+
+func isAdmin(r *http.Request) bool {
+	cookie, err := r.Cookie("admin_session")
+	if err != nil {
+		return false
+	}
+	decoded, err := base64.StdEncoding.DecodeString(cookie.Value)
+	if err != nil {
+		return false
+	}
+	var username, passwordHash string
+	regexp := regexp.MustCompile(`^([^:]+):([a-f0-9]+)$`)
+	matches := regexp.FindStringSubmatch(string(decoded))
+	if len(matches) != 3 {
+		return false
+	}
+	username = matches[1]
+	passwordHash = matches[2]
+	err = db.QueryRow("SELECT 1 FROM admins WHERE username=? AND PASSWORD=?", username, passwordHash).Scan(new(int))
+	return err != sql.ErrNoRows && err == nil
+}
+
+func adminHandler(w http.ResponseWriter, r *http.Request) {
+	if !isAdmin(r) {
+		http.Redirect(w, r, "/admin/login", http.StatusSeeOther)
+		return
+	}
+	w.Write([]byte("Welcome to the admin panel!"))
+}

klice.go

@@ -117,13 +117,35 @@ func isLoggedIn(w http.ResponseWriter, r *http.Request) (bool, int) {
 
 func teamInfoHandler(w http.ResponseWriter, r *http.Request) {
 	if loggedIn, teamID := isLoggedIn(w, r); loggedIn {
-		var teamName, city, last_cipher, penalty string
-		err := db.QueryRow("SELECT name, city, last_cipher, penalty FROM teams WHERE id = ?", teamID).Scan(&teamName, &city, &last_cipher, &penalty)
+		var teamName string
+		var difficultyLevelID int
+		var difficultyLevel string
+		var lastCipher int
+		var penalty int
+
+		err := db.QueryRow("SELECT name, difficulty_level, last_cipher, penalty FROM teams WHERE id = ?", teamID).Scan(&teamName, &difficultyLevelID, &lastCipher, &penalty)
 		if err != nil {
-			http.Error(w, "Could not retrieve team information", http.StatusInternalServerError)
+			http.Error(w, "Could not retrieve team info", http.StatusInternalServerError)
+			return
+		}
+		err = db.QueryRow("SELECT level_name FROM difficulty_levels WHERE id = ?", difficultyLevelID).Scan(&difficultyLevel)
+		if err != nil {
+			http.Error(w, "Could not retrieve difficulty level", http.StatusInternalServerError)
+			return
+		}
+
+		TeamTemplateData := TeamTemplateS{
+			TeamName:   teamName,
+			Difficulty: difficultyLevel,
+			LastCipher: lastCipher,
+			Penalties:  penalty,
+		}
+
+		err = TeamTemplate.Execute(w, TeamTemplateData)
+		if err != nil {
+			http.Error(w, "Could not render template", http.StatusInternalServerError)
 			return
 		}
-		fmt.Fprintf(w, "Team Name: %s, City: %s, Last Cipher: %s, Penalty: %s", teamName, city, last_cipher, penalty)
 	}
 }
 
@@ -319,10 +341,15 @@ func main() {
 	defer db.Close()
 	db.SetMaxOpenConns(1)
 
+	// klice app
 	http.HandleFunc("/login", loginHandler)
 	http.HandleFunc("/logout", logoutHandler)
 	http.HandleFunc("/team", teamInfoHandler)
 	http.HandleFunc("/qr/", qrHandler)
+	// admin app
+	http.HandleFunc("/admin/login", adminLoginHandler)
+	http.HandleFunc("/admin/logout", adminLogoutHandler)
+	http.HandleFunc("/admin/", adminHandler)
 
 	fmt.Println("Server started at :8080")
 	http.ListenAndServe(":8080", nil)

templates.go

@@ -15,4 +15,12 @@ type CipherTemplateS struct {
 	Wrong       bool
 }
 
+type TeamTemplateS struct {
+	TeamName   string
+	Difficulty string
+	LastCipher int
+	Penalties  int
+}
+
 var CipherTemplate = template.Must(template.ParseFiles("templates/assignment.html"))
+var TeamTemplate = template.Must(template.ParseFiles("templates/team.html"))

templates/adminLogin.html

@@ -0,0 +1,18 @@
+<!DOCTYPE html>
+<html lang="cs">
+
+<head>
+    <meta charset="UTF-8">
+    <title>Admin Login</title>
+</head>
+
+<body>
+    <h1>Admin Login</h1>
+    <form method="post">
+        Uživatelské jméno: <input type="text" name="username"><br>
+        Heslo: <input type="password" name="password"><br>
+        <input type="submit" value="Přihlásit se">
+    </form>
+</body>
+
+</html>

templates/assignment.html

@@ -2,6 +2,7 @@
 <html lang="cs">
 
 <head>
+    <meta charset="UTF-8">
     <title>Zadání šifry {{.Order}}</title>
 </head>
 

templates/team.html

@@ -0,0 +1,20 @@
+<!DOCTYPE html>
+<html lang="cs">
+
+<head>
+    <meta charset="UTF-8">
+    <title>Tým: {{.TeamName}}</title>
+</head>
+
+<body>
+    <h1>Tým: {{.TeamName}}</h1>
+    Obtížnost: {{.Difficulty}}<br>
+    Poslední šifra : {{.LastCipher}}<br>
+    Penalizace: {{.Penalties}}<br>
+    <hr>
+    <form action="/logout" method="get">
+        <input type="submit" value="Odhlásit">
+    </form>
+</body>
+
+</html>