1 files changed, 55 insertions, 0 deletions

diff --git a/src/server/handlers/login.go b/src/server/handlers/login.go
new file mode 100644
index 0000000..745e64a
--- /dev/null
+++ b/src/server/handlers/login.go
@@ -0,0 +1,55 @@
+package handlers
+
+import (
+	"encoding/json"
+	"net/http"
+
+	"server/database"
+	"server/helper"
+)
+
+type loginRequest struct {
+	Email    string
+	Password string
+}
+
+func Login(writer http.ResponseWriter, request *http.Request) {
+	if request.Method != "POST" {
+		helper.WriteErrorJson("expected POST method", writer, http.StatusBadRequest)
+		return
+	}
+
+	var login_request loginRequest
+	err := json.NewDecoder(request.Body).Decode(&login_request)
+	if err != nil {
+		helper.WriteErrorJson(err.Error(), writer, http.StatusBadRequest)
+		return
+	}
+
+	user, err := database.MaybeGetUser(login_request.Email)
+	if err != nil {
+		helper.WriteInternalErrorJson(err, writer)
+		return
+	}
+	if user == nil {
+		helper.WriteErrorJson("incorrect email or password", writer, http.StatusForbidden)
+		return
+	}
+
+	hash, err := helper.GenerateHash(login_request.Password, user.Password_salt)
+	if err != nil {
+		helper.WriteInternalErrorJson(err, writer)
+		return
+	}
+	if hash != user.Password_hash {
+		helper.WriteErrorJson("incorrect email or password", writer, http.StatusForbidden)
+		return
+	}
+
+	// Login is successful, issue a valid jwt.
+	err = helper.IssueToken(user.Uid, writer)
+	if err != nil {
+		helper.WriteInternalErrorJson(err, writer)
+		return
+	}
+}