download routes is ok

internal/controllers/files.go

@@ -34,14 +34,25 @@ type FilesViewData struct {
 	Files []database.File
 }
 
+func DownloadFile(w http.ResponseWriter, r *http.Request) {
+    filePath := filepath.Join("./uploaded_files", filepath.Base(r.URL.Path))
+    w.Header().Set("Content-Disposition", "attachment; filename="+filepath.Base(filePath))
+    http.ServeFile(w, r, filePath)
+}
+
+
 func Files(w http.ResponseWriter, r *http.Request) {
 	var (
 		err error
 		db *gorm.DB
 		files []database.File
 		data FilesViewData
+		filesDir string = "./uploaded_files"
+		fs http.Handler = http.FileServer(http.Dir(filesDir))
 	)
 
+	http.Handle("/files/", http.StripPrefix("/files", fs))
+
 	db, err = database.ConnectToDB()
 	if err != nil {
 		fmt.Println("[!] Error connecting to database")
@@ -63,6 +74,7 @@ func Files(w http.ResponseWriter, r *http.Request) {
 		http.Error(w, "<h1>Internal Server Error</h1>", http.StatusInternalServerError)
 		return
 	}
+
 }
 
 

internal/controllers/user.go

@@ -35,19 +35,20 @@ func Login(w http.ResponseWriter, r *http.Request) {
 	err = database.IsValidUser(db, username, password)
 	if err != nil {
 		fmt.Println("Error validating user")
-		http.Error(w, "<h1>Failed to authenticate</h1>", http.StatusUnauthorized)
+		w.WriteHeader(http.StatusForbidden)
+		w.Header().Set("Content-Type", "text/html")
+		fmt.Fprintf(w, "<h1>Failed to authenticate</h1>")
 		return
 	}
 
 	var expiration time.Time = time.Now().Add(24*time.Hour)
 	var signedToken string = auth.CreateToken(username, expiration)
 
 	http.SetCookie(w, &http.Cookie {
-		Name: "auth",
+		Name: "Authentication",
 		Value: signedToken,
 		Path: "/",
 		HttpOnly: true,
-		Secure: true,
 		Expires: expiration,
 	})
 
@@ -56,11 +57,10 @@ func Login(w http.ResponseWriter, r *http.Request) {
 
 func Logout(w http.ResponseWriter, r *http.Request) {
 	http.SetCookie(w, &http.Cookie{
-		Name: "auth",
+		Name: "Authentication",
 		Value: "",
 		Path: "/",
 		HttpOnly: true,
-		Secure: true,
 		Expires: time.Unix(0, 0),
 	})
 

internal/database/user.go

@@ -35,7 +35,7 @@ func IsValidUser(db *gorm.DB, username, password string) error {
 	var passwordHashed string = HashPassword(password)
 
 	var result = db.Where("Username = ?", username).First(&user)
-	if result.Error != nil {
+	if  result.Error == gorm.ErrRecordNotFound {
 		RegisterUser(db, username, password) // if user doesnt exists, it is created :)
 		return nil
 	}

internal/middleware/auth.go

@@ -19,7 +19,7 @@ func WithAuth(next http.Handler) http.Handler {
 			err error
 		)
 
-		cookie, err = r.Cookie("auth")
+		cookie, err = r.Cookie("Authentication")
 		if err != nil || cookie.Value == "" {
 			http.Redirect(w, r, "/", http.StatusSeeOther)
 			return

internal/router/router.go

@@ -14,6 +14,7 @@ func GetRouter() *http.ServeMux {
 	Router.HandleFunc("/", controllers.Index)
 	Router.Handle("/upload", middleware.WithAuth(http.HandlerFunc(controllers.Upload)))
 	Router.Handle("/files", middleware.WithAuth(http.HandlerFunc(controllers.Files)))
+	Router.Handle("/files/", middleware.WithAuth(http.HandlerFunc(controllers.DownloadFile)))
 	Router.Handle("/login", http.HandlerFunc(controllers.Login))
 	Router.Handle("/logout", middleware.WithAuth(http.HandlerFunc(controllers.Logout)))
 

internal/views/files.tmpl

@@ -36,7 +36,7 @@
                             <td>{{ .Author.Username }}</td>
                             <td>{{ .CreatedAt | formatDate }}</td>
                             <td>
-                                <a class="btn btn-primary btn-sm" href="/files/{{ .ID }}" download>
+                                <a class="btn btn-primary btn-sm" href="/files/{{ .Name }}" download>
                                     Download
                                 </a>
                             </td>