diff --git a/internal/features/auth/handler.go b/internal/features/auth/handler.go index 9d20f28..6766f1f 100644 --- a/internal/features/auth/handler.go +++ b/internal/features/auth/handler.go @@ -1,7 +1,6 @@ package auth import ( - "errors" "net/http" "mal/internal/templates" @@ -66,35 +65,3 @@ func (h *Handler) HandleLogout(w http.ResponseWriter, r *http.Request) { func (h *Handler) HandleLoginPage(w http.ResponseWriter, r *http.Request) { templates.Login(rateLimitErrorFromQuery(r), "").Render(r.Context(), w) } - -func (h *Handler) HandleRecoverPage(w http.ResponseWriter, r *http.Request) { - templates.Recover(rateLimitErrorFromQuery(r), "", "").Render(r.Context(), w) -} - -func (h *Handler) HandleRecover(w http.ResponseWriter, r *http.Request) { - if err := r.ParseForm(); err != nil { - templates.Recover("Something went wrong. Please try again.", "", "").Render(r.Context(), w) - return - } - - username := r.FormValue("username") - recoveryKey := r.FormValue("recovery_key") - newPassword := r.FormValue("new_password") - - if username == "" || recoveryKey == "" || newPassword == "" { - templates.Recover("Unable to recover account with those details.", username, recoveryKey).Render(r.Context(), w) - return - } - - newRecoveryKey, err := h.authService.RecoverAccount(r.Context(), username, recoveryKey, newPassword) - if err != nil { - if errors.Is(err, ErrInvalidRecoveryKey) || errors.Is(err, ErrInvalidPassword) { - templates.Recover("Unable to recover account with those details.", username, recoveryKey).Render(r.Context(), w) - return - } - templates.Recover("Something went wrong. Please try again.", username, recoveryKey).Render(r.Context(), w) - return - } - - templates.RecoveryComplete(newRecoveryKey).Render(r.Context(), w) -} diff --git a/internal/server/routes.go b/internal/server/routes.go index 2775750..9fb60d8 100644 --- a/internal/server/routes.go +++ b/internal/server/routes.go @@ -68,13 +68,6 @@ func NewRouter(cfg Config) http.Handler { middleware.RateLimitAuth(middleware.VerifyOrigin(http.HandlerFunc(authHandler.HandleLogin))).ServeHTTP(w, r) } }) - mux.HandleFunc("/recover", func(w http.ResponseWriter, r *http.Request) { - if r.Method == http.MethodGet { - authHandler.HandleRecoverPage(w, r) - } else { - middleware.RateLimitAuth(middleware.VerifyOrigin(http.HandlerFunc(authHandler.HandleRecover))).ServeHTTP(w, r) - } - }) mux.HandleFunc("/logout", func(w http.ResponseWriter, r *http.Request) { middleware.VerifyOrigin(http.HandlerFunc(authHandler.HandleLogout)).ServeHTTP(w, r) }) diff --git a/internal/shared/middleware/auth.go b/internal/shared/middleware/auth.go index 0fc6f6f..056b28d 100644 --- a/internal/shared/middleware/auth.go +++ b/internal/shared/middleware/auth.go @@ -60,7 +60,7 @@ func RequireAuth(next http.Handler) http.Handler { func RequireGlobalAuth(next http.Handler) http.Handler { return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { // Allow unauthenticated access to auth pages, search, and static files - if r.URL.Path == "/login" || r.URL.Path == "/recover" || + if r.URL.Path == "/login" || strings.HasPrefix(r.URL.Path, "/static/") || strings.HasPrefix(r.URL.Path, "/dist/") || r.URL.Path == "/search" || r.URL.Path == "/api/search" || r.URL.Path == "/api/search-quick" || r.URL.Path == "/" { diff --git a/internal/templates/auth.templ b/internal/templates/auth.templ index 377da15..2344b7b 100644 --- a/internal/templates/auth.templ +++ b/internal/templates/auth.templ @@ -20,62 +20,6 @@ templ Login(formError string, username string) {
{ formError }
} -- Lost access? Recover account -
- - - } -} - - -templ Recover(formError string, username string, recoveryKey string) { - @Layout("Recover account", false) { -Enter your username, recovery key, and a new password.
- -- Remembered your password? Sign in -
-Your password was reset and your recovery key was rotated.
-{ newRecoveryKey }
- -Replace your old recovery key with this one.
-- Go to login -