From 718740398fd8c3cf81d8412756b1db5ce7cef6aa Mon Sep 17 00:00:00 2001
From: Christian Krinitsin <mail@krinitsin.com>
Date: Fri, 25 Apr 2025 10:12:03 +0200
Subject: add a password confirm field

---
 authenticate/authenticate.go | 26 +++++++++++++++++---------
 templates/register.html      |  4 ++++
 2 files changed, 21 insertions(+), 9 deletions(-)

diff --git a/authenticate/authenticate.go b/authenticate/authenticate.go
index 7ca1472..e0f2ddd 100644
--- a/authenticate/authenticate.go
+++ b/authenticate/authenticate.go
@@ -20,13 +20,13 @@ func CheckAuth(c *gin.Context) {
 	token_session := session.Get("token")
 
 	if token_session == nil {
-		c.Redirect(http.StatusFound, models.BasePath() + "/login")
+		c.Redirect(http.StatusFound, models.BasePath()+"/login")
 		return
 	}
 
 	token_string, ok := token_session.(string)
 	if !ok {
-		c.Redirect(http.StatusFound, models.BasePath() + "/login")
+		c.Redirect(http.StatusFound, models.BasePath()+"/login")
 		return
 	}
 
@@ -38,19 +38,19 @@ func CheckAuth(c *gin.Context) {
 	})
 
 	if err != nil || !token.Valid {
-		c.Redirect(http.StatusFound, models.BasePath() + "/login")
+		c.Redirect(http.StatusFound, models.BasePath()+"/login")
 		c.Error(err)
 		return
 	}
 
 	claims, ok := token.Claims.(jwt.MapClaims)
 	if !ok {
-		c.Redirect(http.StatusFound, models.BasePath() + "/login")
+		c.Redirect(http.StatusFound, models.BasePath()+"/login")
 		return
 	}
 
 	if float64(time.Now().Unix()) > claims["exp"].(float64) {
-		c.Redirect(http.StatusFound, models.BasePath() + "/login")
+		c.Redirect(http.StatusFound, models.BasePath()+"/login")
 		return
 	}
 
@@ -61,7 +61,7 @@ func CheckAuth(c *gin.Context) {
 		First(&list).
 		Error
 	if err != nil {
-		c.Redirect(http.StatusFound, models.BasePath() + "/login")
+		c.Redirect(http.StatusFound, models.BasePath()+"/login")
 		return
 	}
 
@@ -136,7 +136,7 @@ func LoginPOST(c *gin.Context) {
 	session.Set("token", token)
 	session.Save()
 
-	c.Redirect(http.StatusFound, models.BasePath() + "/")
+	c.Redirect(http.StatusFound, models.BasePath()+"/")
 }
 
 func RegisterGET(c *gin.Context) {
@@ -152,6 +152,7 @@ func RegisterGET(c *gin.Context) {
 func RegisterPOST(c *gin.Context) {
 	username := strings.TrimSpace(c.PostForm("username"))
 	password := c.PostForm("password")
+	password_confirm := c.PostForm("password_confirm")
 	global_password := strings.TrimSpace(c.PostForm("global_password"))
 
 	if username == "" {
@@ -168,6 +169,13 @@ func RegisterPOST(c *gin.Context) {
 		return
 	}
 
+	if password != password_confirm {
+		c.HTML(http.StatusBadRequest, "register.html", gin.H{
+			"error": "The passwords do not match!",
+		})
+		return
+	}
+
 	if global_password != os.Getenv("GLOBAL_PASSWORD") {
 		c.HTML(http.StatusBadRequest, "register.html", gin.H{
 			"error": "Global Password is wrong",
@@ -222,12 +230,12 @@ func RegisterPOST(c *gin.Context) {
 		return
 	}
 
-	c.Redirect(http.StatusFound, models.BasePath() + "/login")
+	c.Redirect(http.StatusFound, models.BasePath()+"/login")
 }
 
 func Logout(c *gin.Context) {
 	session := sessions.Default(c)
 	session.Delete("token")
 	session.Save()
-	c.Redirect(http.StatusFound, models.BasePath() + "/login")
+	c.Redirect(http.StatusFound, models.BasePath()+"/login")
 }
diff --git a/templates/register.html b/templates/register.html
index f4b582c..4f9b950 100644
--- a/templates/register.html
+++ b/templates/register.html
@@ -155,6 +155,10 @@
                 Password:
                 <input type="password" id="newItem" name="password" tabindex="0"/>
             </div>
+            <div class="input-container">
+                Confirm Password:
+                <input type="password" id="newItem" name="password_confirm" tabindex="0"/>
+            </div>
             <div class="input-container">
                 Global Password:
                 <input type="password" id="newItem" name="global_password" tabindex="0"/>
-- 
cgit 1.4.1