ERP/internal/handlers/auth.go

package handlers

import (
	"html/template"
	"net/http"
	"path/filepath"

	"erp_system/internal/models"
)

func (h *Handler) LoginPage(w http.ResponseWriter, r *http.Request) {
	// If already logged in, redirect to dashboard
	session, _ := h.Store.Get(r, "erp-session")
	if session.Values["user_id"] != nil {
		http.Redirect(w, r, "/", http.StatusSeeOther)
		return
	}

	tmpl, err := template.ParseFiles(filepath.Join("templates", "login.html"))
	if err != nil {
		http.Error(w, err.Error(), http.StatusInternalServerError)
		return
	}
	tmpl.Execute(w, map[string]interface{}{"Error": ""})
}

func (h *Handler) LoginSubmit(w http.ResponseWriter, r *http.Request) {
	username := r.FormValue("username")
	password := r.FormValue("password")

	user, err := models.Authenticate(h.DB, username, password)
	if err != nil {
		tmpl, _ := template.ParseFiles(filepath.Join("templates", "login.html"))
		tmpl.Execute(w, map[string]interface{}{"Error": "Invalid username or password"})
		return
	}

	session, _ := h.Store.Get(r, "erp-session")
	session.Values["user_id"] = user.ID
	session.Values["username"] = user.Username
	session.Values["role"] = user.Role
	session.Save(r, w)

	// HTMX redirect
	if r.Header.Get("HX-Request") == "true" {
		w.Header().Set("HX-Redirect", "/")
		return
	}
	http.Redirect(w, r, "/", http.StatusSeeOther)
}

func (h *Handler) Logout(w http.ResponseWriter, r *http.Request) {
	session, _ := h.Store.Get(r, "erp-session")
	session.Values["user_id"] = nil
	session.Values["username"] = nil
	session.Values["role"] = nil
	session.Options.MaxAge = -1
	session.Save(r, w)

	if r.Header.Get("HX-Request") == "true" {
		w.Header().Set("HX-Redirect", "/login")
		return
	}
	http.Redirect(w, r, "/login", http.StatusSeeOther)
}
inital commit 2026-02-06 17:35:29 +01:00			`package handlers`

			`import (`
			`"html/template"`
			`"net/http"`
			`"path/filepath"`

			`"erp_system/internal/models"`
			`)`

			`func (h Handler) LoginPage(w http.ResponseWriter, r http.Request) {`
			`// If already logged in, redirect to dashboard`
			`session, _ := h.Store.Get(r, "erp-session")`
			`if session.Values["user_id"] != nil {`
			`http.Redirect(w, r, "/", http.StatusSeeOther)`
			`return`
			`}`

			`tmpl, err := template.ParseFiles(filepath.Join("templates", "login.html"))`
			`if err != nil {`
			`http.Error(w, err.Error(), http.StatusInternalServerError)`
			`return`
			`}`
			`tmpl.Execute(w, map[string]interface{}{"Error": ""})`
			`}`

			`func (h Handler) LoginSubmit(w http.ResponseWriter, r http.Request) {`
			`username := r.FormValue("username")`
			`password := r.FormValue("password")`

			`user, err := models.Authenticate(h.DB, username, password)`
			`if err != nil {`
			`tmpl, _ := template.ParseFiles(filepath.Join("templates", "login.html"))`
			`tmpl.Execute(w, map[string]interface{}{"Error": "Invalid username or password"})`
			`return`
			`}`

			`session, _ := h.Store.Get(r, "erp-session")`
			`session.Values["user_id"] = user.ID`
			`session.Values["username"] = user.Username`
adds 2026-02-08 14:20:18 +01:00			`session.Values["role"] = user.Role`
inital commit 2026-02-06 17:35:29 +01:00			`session.Save(r, w)`

			`// HTMX redirect`
			`if r.Header.Get("HX-Request") == "true" {`
			`w.Header().Set("HX-Redirect", "/")`
			`return`
			`}`
			`http.Redirect(w, r, "/", http.StatusSeeOther)`
			`}`

			`func (h Handler) Logout(w http.ResponseWriter, r http.Request) {`
			`session, _ := h.Store.Get(r, "erp-session")`
			`session.Values["user_id"] = nil`
			`session.Values["username"] = nil`
adds 2026-02-08 14:20:18 +01:00			`session.Values["role"] = nil`
inital commit 2026-02-06 17:35:29 +01:00			`session.Options.MaxAge = -1`
			`session.Save(r, w)`

			`if r.Header.Get("HX-Request") == "true" {`
			`w.Header().Set("HX-Redirect", "/login")`
			`return`
			`}`
			`http.Redirect(w, r, "/login", http.StatusSeeOther)`
			`}`