Web2OAC/src/main/java/org/openautonomousconnection/oac2web/frontend/register.java

package org.openautonomousconnection.oac2web.frontend;

import org.openautonomousconnection.oac2web.utils.Oac2WebApp;
import org.openautonomousconnection.oac2web.utils.Sha256;
import org.openautonomousconnection.protocol.packets.v1_0_0.beta.web.WebResponsePacket;
import org.openautonomousconnection.protocol.side.web.ProtocolWebServer;
import org.openautonomousconnection.protocol.side.web.managers.SessionManager;
import org.openautonomousconnection.protocol.versions.v1_0_0.beta.WebRequestMethod;
import org.openautonomousconnection.webserver.api.Route;
import org.openautonomousconnection.webserver.api.WebPage;
import org.openautonomousconnection.webserver.api.WebPageContext;
import org.openautonomousconnection.webserver.utils.Html;
import org.openautonomousconnection.webserver.utils.RequestParams;

import java.util.HashMap;
import java.util.Map;

/**
 * Registration page.
 *
 * POST headers expected:
 * - username
 * - password
 *
 * Stores:
 * - users.username = sha256(username) as HEX (64 chars)
 * - users.password = PBKDF2$sha256$...
 */
@Route(path = "/ins/register")
public final class register implements WebPage {

    @Override
    public WebResponsePacket handle(WebPageContext ctx) throws Exception {
        if (ctx.request.getMethod() != WebRequestMethod.POST) {
            return renderForm(null);
        }

        RequestParams p = new RequestParams(ctx.request);

        String username = p.get("username");
        String password = p.get("password");

        if (username == null || username.isBlank() || password == null || password.isBlank()) {
            return renderForm("Missing username/password (send via headers).");
        }

        Oac2WebApp app = Oac2WebApp.get();

        String usernameHashHex = Sha256.hex(username.trim());
        String passwordEnc = app.passwordHasher().hash(password);

        try {
            int userId = app.dao().createUser(usernameHashHex, passwordEnc);

            String ip = (ctx.client.getConnection().getTcpSocket() != null && ctx.client.getConnection().getTcpSocket().getInetAddress() != null)
                    ? ctx.client.getConnection().getTcpSocket().getInetAddress().getHostAddress()
                    : "";

            String ua = ctx.request.getHeaders() != null ? ctx.request.getHeaders().getOrDefault("user-agent", "") : "";

            String session = SessionManager.create(String.valueOf(userId), ip, ua, (ProtocolWebServer) ctx.client.getServer());

            Map<String, String> headers = new HashMap<>();
            headers.put("session", session);
            headers.put("location", "/ins/dashboard");

            return new WebResponsePacket(302, "text/plain", headers, new byte[0]);

        } catch (Exception e) {
            return renderForm("Register failed: " + e.getMessage());
        }
    }

    private WebResponsePacket renderForm(String err) {
        String body = """
                <div class="card">
                  <h2>Register</h2>
                  %s
                  <p class="muted">Send a POST request with headers <code>username</code> and <code>password</code>.</p>
                  <div class="row">
                    <div class="col"><a href="/ins/login">Login</a></div>
                    <div class="col"><a href="/ins/index.html">Home</a></div>
                  </div>
                </div>
                """.formatted(err == null ? "" : "<p class='err'>" + Html.esc(err) + "</p>");

        String html = Html.page("Register", body);
        return new WebResponsePacket(200, "text/html", new HashMap<>(), Html.utf8(html));
    }
}