1 files changed, 75 insertions, 0 deletions

diff --git a/src/server/handlers/signup.go b/src/server/handlers/signup.go
new file mode 100644
index 0000000..e92b869
--- /dev/null
+++ b/src/server/handlers/signup.go
@@ -0,0 +1,75 @@
+package handlers
+
+import (
+	"encoding/json"
+	"net/http"
+
+	"server/database"
+	"server/helper"
+)
+
+type signupRequest struct {
+	Email    string
+	Password string
+}
+
+func Signup(writer http.ResponseWriter, request *http.Request) {
+	if request.Method != "POST" {
+		helper.WriteErrorJson("expected POST method", writer, http.StatusBadRequest)
+		return
+	}
+
+	var signup_request signupRequest
+	err := json.NewDecoder(request.Body).Decode(&signup_request)
+	if err != nil {
+		helper.WriteErrorJson(err.Error(), writer, http.StatusBadRequest)
+		return
+	}
+
+	if len(signup_request.Email) < 3 || len(signup_request.Email) > 254 {
+		helper.WriteErrorJson("invalid email address", writer, http.StatusBadRequest)
+		return
+	}
+	if len(signup_request.Password) < 8 {
+		helper.WriteErrorJson("password too short", writer, http.StatusBadRequest)
+		return
+	}
+	if len(signup_request.Password) > 64 {
+		helper.WriteErrorJson("password too long", writer, http.StatusBadRequest)
+		return
+	}
+
+	user, err := database.MaybeGetUser(signup_request.Email)
+	if err != nil {
+		helper.WriteInternalErrorJson(err, writer)
+		return
+	}
+	if user != nil {
+		helper.WriteErrorJson("a user with that email already exists", writer, http.StatusForbidden)
+		return
+	}
+
+	salt, err := helper.GenerateSalt()
+	if err != nil {
+		helper.WriteInternalErrorJson(err, writer)
+		return
+	}
+
+	hash, err := helper.GenerateHash(signup_request.Password, salt)
+	if err != nil {
+		helper.WriteInternalErrorJson(err, writer)
+		return
+	}
+
+	uid, err := database.WriteNewUser(signup_request.Email, hash, salt)
+	if err != nil {
+		helper.WriteInternalErrorJson(err, writer)
+		return
+	}
+
+	err = helper.IssueToken(uid, writer)
+	if err != nil {
+		helper.WriteInternalErrorJson(err, writer)
+		return
+	}
+}