Checking authentication on the backend

2024-08-19 21:39:36 +02:00 · 2024-08-19 21:39:36 +02:00 · 7ef68d030b
commit 7ef68d030b
parent a9ab175407
5 changed files with 38 additions and 2 deletions
--- a/2
+++ b/2
@ -1,5 +1,5 @@
 STRIPE_SECRET=$(shell sed '2q;d' cred.txt)
-STRIPE_KEY=$(shell sed '2q;d' cred.txt)
+STRIPE_KEY=$(shell sed '1q;d' cred.txt)
 GOSTRIPE_PORT=4000
 API_PORT=4001
 DSN=vinchent:secret@tcp(localhost:3306)/widgets?parseTime=true&tls=false
--- a/cmd/api/handlers-api.go
+++ b/cmd/api/handlers-api.go
@ -297,3 +297,7 @@ func (app *application) CreateAuthToken(w http.ResponseWriter, r *http.Request)

 	_ = app.writeJSON(w, http.StatusOK, payload)
 }
+
+func (app *application) CheckAuthentication(w http.ResponseWriter, r *http.Request) {
+	app.invalidCredentials(w)
+}
--- a/cmd/api/routes-api.go
+++ b/cmd/api/routes-api.go
@ -23,6 +23,7 @@ func (app *application) routes() http.Handler {
 	mux.Post("/api/create-customer-and-subscribe-to-plan", app.CreateCustomerAndSubscribeToPlan)

 	mux.Post("/api/authenticate", app.CreateAuthToken)
+	mux.Post("/api/is-authenticated", app.CheckAuthentication)

 	return mux
 }
--- a/cmd/web/templates/terminal.page.gohtml
+++ b/cmd/web/templates/terminal.page.gohtml
@ -76,8 +76,10 @@ Virtual Terminal
 {{ define "js" }}
 <script src="https://js.stripe.com/v3/"></script>
 <script type="module">
-    import {stripeInit} from "/static/js/common.js";
+    import {stripeInit, checkAuth} from "/static/js/common.js";
    import {val} from "/static/js/stripe.js"
+
+    checkAuth({{.API}});
    stripeInit('{{.StripePubKey}}');
    document.getElementById("charge_amount").addEventListener("change", (evt) => {
        if (evt.target.value !== "") {
--- a/static/js/common.js
+++ b/static/js/common.js
@ -62,3 +62,32 @@ export function stripeInit(pubKey) {
        });
    })();
 }
+
+export function checkAuth(api) {
+    if (localStorage.getItem("token") === null) {
+        location.href = "/login";
+        return
+    } else {
+        let token = localStorage.getItem("token")
+        const myHeaders = new Headers();
+        myHeaders.append("Content-Type", "application/json");
+        myHeaders.append("Authorization", "Bearer " + token);
+
+        const requestOptions = {
+            method: "POST",
+            Headers: myHeaders,
+        }
+
+        fetch(api + "/api/is-authenticated", requestOptions)
+        .then(response => response.json())
+            .then(function(data) {
+                if (data.error === true) {
+                    console.log("not logged in");
+                    location.href = "/login"
+                } else {
+                    console.log("Logged in");
+                }
+            })
+    }
+}
+