// AuthenticateHandler returns a web handler function that redirects to a
// session-specific authentication link.
func AuthenticateHandler(auth evesso.Authenticator, sess server.Sessionizer) web.HandlerFunc {
return func(c web.C, w http.ResponseWriter, r *http.Request) {
s := sess.GetSession(&c, w, r)
url := auth.URL(s.State)
http.Redirect(w, r, url, http.StatusFound)
}
}
// UnusedSalvage returns a web handler function that identifies a user's salvage
// drops that are unused by any blueprint they own.
func UnusedSalvage(localdb db.LocalDB, sde evego.Database, sess server.Sessionizer) web.HandlerFunc {
return func(c web.C, w http.ResponseWriter, r *http.Request) {
s := sess.GetSession(&c, w, r)
myUserID := s.User
charID, err := strconv.Atoi(c.URLParams["charID"])
if err != nil {
http.Error(w, `{"status": "Error", "error": "Invalid character ID supplied."}`,
http.StatusBadRequest)
return
}
salvage, err := localdb.UnusedSalvage(myUserID, charID)
if err != nil {
http.Error(w, `{"status": "Error", "error": "Unable to access database."}`,
http.StatusInternalServerError)
log.Printf("Error accessing database with user %v, character %v: %v", myUserID, charID, err)
return
}
stations := make(map[string]*evego.Station)
itemInfo := make(map[string]*evego.Item)
for i := range salvage {
item := &salvage[i]
if _, found := stations[strconv.Itoa(item.StationID)]; !found {
stn, err := localdb.StationForID(item.StationID)
if err == nil {
stations[strconv.Itoa(item.StationID)] = stn
} else {
// This should really not friggin' happen.
http.Error(w, `{"status": "Error", "error": "Unable to look up station/outpost."}`,
http.StatusInternalServerError)
log.Printf("Unable to look up station/outpost ID %v: %v", item.StationID, err)
return
}
}
typeIDStr := strconv.Itoa(item.TypeID)
if _, found := itemInfo[typeIDStr]; !found {
thisItem, err := sde.ItemForID(item.TypeID)
if err == nil {
itemInfo[typeIDStr] = thisItem
}
}
}
response := struct {
Items []evego.InventoryItem `json:"items"`
Stations map[string]*evego.Station `json:"stations"`
ItemInfo map[string]*evego.Item `json:"itemInfo"`
}{salvage, stations, itemInfo}
salvageJSON, err := json.Marshal(&response)
if err != nil {
http.Error(w, `{"status": "Error", "error": "Unable to marshal JSON."}`,
http.StatusInternalServerError)
log.Printf("Error marshalling JSON unused salvage with user %v, character %v: %v", myUserID, charID, err)
return
}
w.Write(salvageJSON)
return
}
}
// CRESTCallbackListener returns a web handler function that listens for a CREST
// SSO callback and accepts the results of authentication.
func CRESTCallbackListener(localdb db.LocalDB, auth evesso.Authenticator, sess server.Sessionizer) web.HandlerFunc {
return func(c web.C, w http.ResponseWriter, r *http.Request) {
// Verify state value.
s := sess.GetSession(&c, w, r)
passedState := r.FormValue("state")
if passedState != s.State {
// CSRF attempt or session expired; reject.
http.Error(w, "Returned state not valid for this user.", http.StatusBadRequest)
log.Printf("Got state %#v, expected state %#v", passedState, s.State)
w.Write([]byte(`{"status": "Error"}`))
return
}
// Extract code from query parameters.
code := r.FormValue("code")
// Exchange it for a token.
tok, err := auth.Exchange(code)
if err != nil {
http.Error(w, `{"status": "Error"}`, http.StatusInternalServerError)
log.Printf("Error exchanging token: %v", err)
return
}
// Get character information.
charInfo, err := auth.CharacterInfo(tok)
if err != nil {
http.Error(w, `{"status": "Error"}`, http.StatusInternalServerError)
log.Printf("Error getting character information: %v; token was %+v", err, tok)
return
}
// Update session in database.
err = localdb.AuthenticateSession(s.Cookie, tok, charInfo)
if err != nil {
http.Error(w, `{"status": "Error"}`, http.StatusInternalServerError)
log.Printf("Unable to update session post-auth: %v; info was %+v", err, charInfo)
return
}
w.Header().Set("Content-Type", "text/html; charset=utf-8")
w.WriteHeader(http.StatusOK)
w.Write([]byte(`
<html>
<head>
<title>Authenticated</title>
</head>
<body>
<p>OK.</p>
<script type="text/javascript">
window.onload = function() {
window.opener.hasAuthenticated();
window.close();
}
</script>
</body>
</html>
`))
}
}
// LogoutHandler returns a web handler function that deletes the user's
// sessions.
func LogoutHandler(localdb db.LocalDB, auth evesso.Authenticator, sess server.Sessionizer) web.HandlerFunc {
successMsg := []byte("{ \"success\": true }")
return func(c web.C, w http.ResponseWriter, r *http.Request) {
s := sess.GetSession(&c, w, r)
err := localdb.LogoutSession(s.Cookie)
if err != nil {
http.Error(w, "Unable to find session", http.StatusTeapot)
log.Printf("Error logging out: %v", err)
return
}
// Serve some JSON that confirms success.
w.Write(successMsg)
}
}
// StandingsHandler returns a web handler function that provides information on
// the user's toons' effective standings.
func StandingsHandler(localdb db.LocalDB, sess server.Sessionizer) web.HandlerFunc {
standingsFunc := func(c web.C, w http.ResponseWriter, r *http.Request) {
s := sess.GetSession(&c, w, r)
userID := s.User
charID, _ := strconv.Atoi(c.URLParams["charID"])
npcCorpID, _ := strconv.Atoi(c.URLParams["npcCorpID"])
corpStanding, facStanding, err := localdb.CharacterStandings(userID, charID, npcCorpID)
if err != nil {
errorStr := "Unable to get character standings."
if err == sql.ErrNoRows {
errorStr = "Invalid corporation ID passed."
}
http.Error(w, fmt.Sprintf(`{"status": "Error", "error": "%v"}`, errorStr),
http.StatusInternalServerError)
return
}
connections, err := localdb.CharacterSkill(userID, charID, connectionsSkillID)
if err != nil {
http.Error(w, `{"status": "Error", "error": "Ouch"}`,
http.StatusInternalServerError)
return
}
diplomacy, err := localdb.CharacterSkill(userID, charID, diplomacySkillID)
if err != nil {
http.Error(w, `{"status": "Error", "error": "Ouch"}`,
http.StatusInternalServerError)
return
}
effectiveStanding := character.EffectiveStanding(corpStanding, facStanding, connections, diplomacy)
statusMsg := struct {
Status string `json:"status"`
EffectiveStanding float64 `json:"standing"`
}{
"OK",
effectiveStanding,
}
statusJSON, _ := json.Marshal(&statusMsg)
w.Write(statusJSON)
return
}
return standingsFunc
}
// SessionInfo returns a web handler function that returns information about the
// current session.
func SessionInfo(auth evesso.Authenticator, sess server.Sessionizer, localdb db.LocalDB) web.HandlerFunc {
return func(c web.C, w http.ResponseWriter, r *http.Request) {
curSession := sess.GetSession(&c, w, r)
returnInfo := sessionInfo{
Authenticated: curSession.User != 0,
OAuthURL: auth.URL(curSession.State),
}
if curSession.Token != nil {
returnInfo.OAuthExpiry = curSession.Token.Expiry
}
if curSession.User != 0 {
// We're authenticated - also pass in the API keys registered to this
// user.
keys, err := localdb.APIKeys(curSession.User)
if err != nil {
log.Fatalf("Error - unable to retrieve API keys from database.")
}
returnInfo.APIKeys = keys
}
returnJSON, _ := json.Marshal(&returnInfo)
w.Write(returnJSON)
}
}
// BlueprintsHandlers returns web handler functions that provide information on
// a toon's bluerpints.
func BlueprintsHandlers(localdb db.LocalDB, sde evego.Database, sess server.Sessionizer) (refresh, get web.HandlerFunc) {
refresh = func(c web.C, w http.ResponseWriter, r *http.Request) {
s := sess.GetSession(&c, w, r)
myUserID := s.User
charID, _ := strconv.Atoi(c.URLParams["charID"])
apiKeys, err := localdb.APIKeys(myUserID)
if err != nil {
http.Error(w, `{"status": "Error", "error": "Ouch"}`,
http.StatusInternalServerError)
return
}
// Find the key for this character.
var myKey *db.XMLAPIKey
for _, key := range apiKeys {
for _, toon := range key.Characters {
if toon.ID == charID {
myKey = &key
break
}
}
}
if myKey == nil {
if err != nil {
http.Error(w, `{"status": "Error", "error": "Invalid character supplied."}`,
http.StatusUnauthorized)
return
}
}
err = localdb.GetAssetsBlueprints(*myKey, charID)
if err != nil {
http.Error(w, `{"status": "Error", "error": "Ouch"}`,
http.StatusInternalServerError)
return
}
return
}
get = func(c web.C, w http.ResponseWriter, r *http.Request) {
s := sess.GetSession(&c, w, r)
myUserID := s.User
charID, err := strconv.Atoi(c.URLParams["charID"])
if err != nil {
http.Error(w, `{"status": "Error", "error": "Invalid character ID supplied."}`,
http.StatusBadRequest)
return
}
blueprints, err := localdb.CharacterBlueprints(myUserID, charID)
if err != nil {
http.Error(w, `{"status": "Error", "error": "Unable to access database."}`,
http.StatusInternalServerError)
log.Printf("Error accessing database with user %v, character %v: %v", myUserID, charID, err)
return
}
stations := make(map[string]*evego.Station)
for i := range blueprints {
bp := &blueprints[i]
if _, found := stations[strconv.Itoa(bp.StationID)]; !found {
stn, err := localdb.StationForID(bp.StationID)
if err == nil {
stations[strconv.Itoa(bp.StationID)] = stn
}
}
}
response := struct {
Blueprints []evego.BlueprintItem `json:"blueprints"`
Stations map[string]*evego.Station `json:"stations"`
}{blueprints, stations}
blueprintsJSON, err := json.Marshal(&response)
if err != nil {
http.Error(w, `{"status": "Error", "error": "Unable to marshal JSON."}`,
http.StatusInternalServerError)
log.Printf("Error marshalling JSON blueprints with user %v, character %v: %v", myUserID, charID, err)
return
}
w.Write(blueprintsJSON)
return
}
return
}
// XMLAPIKeysHandlers returns web handler functions that provide information on
// the user's API keys that have been registered with this application.
func XMLAPIKeysHandlers(localdb db.LocalDB, sess server.Sessionizer) (list, delete, add, refresh web.HandlerFunc) {
// charRefresh refreshes the characters associated with an API key and returns
// the current list of characters via the passed responseWriter.
charRefresh := func(s *db.Session, key *db.XMLAPIKey, w http.ResponseWriter) {
toons, err := localdb.GetAPICharacters(s.User, *key)
if err != nil {
http.Error(w, `{"status": "Error", "error": "Database connection error (add characters)"}`,
http.StatusInternalServerError)
return
}
for _, toon := range toons {
// Update skills for this character.
err = localdb.GetAPISkills(*key, toon.ID)
if err != nil {
http.Error(w, `{"status": "Error", "error": "Database connection error (add skills)"}`,
http.StatusInternalServerError)
return
}
// Update standings.
err = localdb.GetAPIStandings(*key, toon.ID)
if err != nil {
http.Error(w, `{"status": "Error", "error": "Database connection error (add standings)"}`,
http.StatusInternalServerError)
return
}
// Update assets and blueprints.
err = localdb.GetAssetsBlueprints(*key, toon.ID)
if err != nil {
http.Error(w, `{"status": "Error", "error": "Database connection error (add assets)"}`,
http.StatusInternalServerError)
log.Printf("Got error in GetAssets: %v", err)
return
}
}
response := struct {
Status string `json:"status"`
Characters []evego.Character `json:"characters"`
}{
Status: "OK",
Characters: toons,
}
responseJSON, err := json.Marshal(response)
w.Write(responseJSON)
return
}
list = func(c web.C, w http.ResponseWriter, r *http.Request) {
s := sess.GetSession(&c, w, r)
userKeys, err := localdb.APIKeys(s.User)
if err != nil {
http.Error(w, err.Error(), http.StatusInternalServerError)
w.Write([]byte(`{"status": "Error"}`))
return
}
userKeysJSON, err := json.Marshal(userKeys)
if err != nil {
http.Error(w, err.Error(), http.StatusInternalServerError)
w.Write([]byte(`{"status": "Error"}`))
return
}
w.Write(userKeysJSON)
}
delete = func(c web.C, w http.ResponseWriter, r *http.Request) {
if r.Method != "POST" {
http.Error(w, "This function must be called with the POST method",
http.StatusMethodNotAllowed)
w.Write([]byte(`{"status": "Error"}`))
return
}
s := sess.GetSession(&c, w, r)
keyID, _ := strconv.Atoi(c.URLParams["keyid"])
err := localdb.DeleteAPIKey(s.User, keyID)
if err != nil {
http.Error(w, "Database connection error", http.StatusInternalServerError)
w.Write([]byte(`{"status": "Error"}`))
return
}
w.Write([]byte(`{"status": "OK"}`))
return
}
add = func(c web.C, w http.ResponseWriter, r *http.Request) {
if r.Method != "POST" {
http.Error(w, "This function must be called with the POST method",
http.StatusMethodNotAllowed)
w.Write([]byte(`{"status": "Error"}`))
return
}
s := sess.GetSession(&c, w, r)
key, err := unmarshalKey(r, w)
if err != nil {
return
}
// Ensure that this key is added under the session's user's account.
key.User = s.User
err = localdb.AddAPIKey(*key)
if err != nil {
http.Error(w, "Database connection error (add key)", http.StatusInternalServerError)
w.Write([]byte(`{"status": "Error"}`))
return
}
charRefresh(s, key, w)
return
}
refresh = func(c web.C, w http.ResponseWriter, r *http.Request) {
if r.Method != "POST" {
http.Error(w, "This function must be called with the POST method",
http.StatusMethodNotAllowed)
w.Write([]byte(`{"status": "Error"}`))
return
}
s := sess.GetSession(&c, w, r)
key, err := unmarshalKey(r, w)
if err != nil {
return
}
// Ensure that this key is added under the session's user's account.
key.User = s.User
charRefresh(s, key, w)
return
}
return
}