func loginHandler(db db.DbManager, jar *sessions.CookieStore) http.Handler { return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { if r.Method == "POST" { session, _ := jar.Get(r, "carton-session") if _, ok := session.Values["user"]; ok { http.Error(w, "already signed in", http.StatusBadRequest) return } decoder := json.NewDecoder(r.Body) var user User err := decoder.Decode(&user) if err != nil { http.Error(w, "error decoding json", http.StatusBadRequest) return } if user.Username == "" || user.Password == "" { http.Error(w, "bad arguments", http.StatusBadRequest) return } dbHash := db.GetPwdHash(user.Username) if dbHash == nil { http.Error( w, "user password combo doesn't exist", http.StatusBadRequest, ) return } err = bcrypt.CompareHashAndPassword(dbHash, []byte(user.Password)) if err != nil { http.Error( w, "user password combo doesn't exist", http.StatusBadRequest, ) return } session.Values["user"] = user.Username session.Save(r, w) // Sets return code to 200 fmt.Fprintln(w, "login succeeded") } else { return404(w) } }) }