Beispiel #1
0
func RecordsQueryHandler(c echo.Context) error {
	session := session.NewSession(c)

	if !session.AuthFailed {
		endpoint := session.GetEndpoint()
		request := session.GetParam("request").(map[string]interface{})

		bypass_plugin := false

		if session.User.SuperUser && request["where"].(map[string]interface{})["$bypass_plugin"] != nil {
			bypass_plugin = true
			delete(request["where"].(map[string]interface{}), "$bypass_plugin")
		}

		if !bypass_plugin && plugin.CheckPlugin("query", endpoint) {
			plugin.RunPlugin("query", endpoint, session)
		} else {
			records, count := endpoint.FindReadRecordsWhere(request["where"].(map[string]interface{}), session.User)
			session.SetRecordsAndCalculateCapabilitiesForUser(endpoint.Name, records, session.User)
			session.SetRecordCount(count)
		}
	}
	session.Write()

	return nil
}
Beispiel #2
0
func RecordsDeleteHandler(c echo.Context) error {
	session := session.NewSession(c)

	if !session.AuthFailed {
		endpoint := session.GetEndpoint()
		request := session.GetParam("request").(map[string]interface{})

		bypass_plugin := false

		if session.User.SuperUser && request["content"] != nil && request["content"].(map[string]interface{})["$bypass_plugin"] != nil {
			bypass_plugin = true
			delete(request["content"].(map[string]interface{}), "$bypass_plugin")
		}

		if !bypass_plugin && plugin.CheckPlugin("delete", endpoint) {
			plugin.RunPlugin("delete", endpoint, session)
		} else {
			id := bson.ObjectIdHex(session.GetParam("record_id").(string))
			record := endpoint.FindDestroyRecordById(id, session.User)
			record.DeleteAndTrigger(endpoint.Name, !session.TriggerSession)
		}
	}

	session.Write()

	return nil
}
Beispiel #3
0
func RecordsTriggerHandler(c echo.Context) error {
	session := session.NewSession(c)

	if !session.AuthFailed {
		endpoint := session.GetEndpoint()
		request := session.GetParam("request").(map[string]interface{})

		bypass_plugin := false

		if session.User.SuperUser && request["content"] != nil && request["content"].(map[string]interface{})["$bypass_plugin"] != nil {
			bypass_plugin = true
			delete(request["content"].(map[string]interface{}), "$bypass_plugin")
		}

		if !bypass_plugin && plugin.CheckPlugin("trigger", endpoint) {
			plugin.RunPlugin("trigger", endpoint, session)
		} else {
			id := bson.ObjectIdHex(session.GetParam("record_id").(string))
			record := endpoint.FindWriteRecordById(id, session.User)
			record.UpdateReferenceMaps()
			record.SaveAndTriggerCreate(endpoint.Name, false)

			go record.FindAndExecuteTriggerForEvent(endpoint.Name + ":update")
		}
	}

	session.Write()

	return nil
}
Beispiel #4
0
func GroupJoinHandler(c echo.Context) error {
	session := session.NewSession(c)

	request := session.GetParam("request").(map[string]interface{})
	password := ""

	if g, ok := request["group"]; ok {
		group := g.(map[string]interface{})

		if group["password"] != nil {
			password = group["password"].(string)
		}
	}

	if session.User.Id != bson.ObjectId("") {
		id := bson.ObjectIdHex(session.GetParam("group_id").(string))
		group, _ := session.GetApplication().FindGroupById(id)

		if group.CanJoin(session.User, password) {
			users := []model.User{session.User}

			group.AddUsers(users)

			group.Save()

			session.SetRecords("groups", []interface{}{group})
		}
	}

	session.Write()

	return nil
}
Beispiel #5
0
func RecordsUpdateHandler(c echo.Context) error {
	session := session.NewSession(c)

	if !session.AuthFailed {
		endpoint := session.GetEndpoint()
		request := session.GetParam("request").(map[string]interface{})

		bypass_plugin := false

		if session.User.SuperUser && request["content"].(map[string]interface{})["$bypass_plugin"] != nil {
			bypass_plugin = true
			delete(request["content"].(map[string]interface{}), "$bypass_plugin")
		}

		if !bypass_plugin && plugin.CheckPlugin("update", endpoint) {
			plugin.RunPlugin("update", endpoint, session)
		} else {
			id := bson.ObjectIdHex(session.GetParam("record_id").(string))
			record := endpoint.FindWriteRecordById(id, session.User)

			if request != nil && request["content"] != nil {
				request_content := request["content"].(map[string]interface{})
				request_permissions := request["permissions"].(map[string]interface{})

				var trigger = false

				if request_content["$trigger"] != nil {
					trigger = request_content["$trigger"].(bool)
					delete(request_content, "$trigger")
				} else {
					trigger = !session.TriggerSession
				}

				if session.User.SuperUser != true {
					if request_content["protected"] != nil {
						request_content["protected"] = record.Content["protected"]
					}
				}

				record.Content = request_content
				record.Permissions.UpdatePermissions(request_permissions)

				record.UpdateReferenceMaps()
				record.StripReferenceData()
				record.SaveAndTrigger(endpoint.Name, trigger)

				session.SetRecordsAndCalculateCapabilitiesForUser(session.GetEndpoint().Name, []model.Record{record}, session.User)
			}

			session.SetRecordsAndCalculateCapabilitiesForUser(session.GetEndpoint().Name, []model.Record{record}, session.User)
		}
	}

	session.Write()

	return nil
}
Beispiel #6
0
func FilesCreateHandler(c echo.Context) error {
	session := session.NewSession(c)

	request := session.GetParam("request").(map[string]interface{})
	file_params := request["file"].(map[string]interface{})

	var size int64
	url := ""

	if file_params["size"] != nil {
		size, _ = file_params["size"].(json.Number).Int64()
	}

	if file_params["url"] != nil {
		url = file_params["url"].(string)
	}

	if url != "" || size != 0 {
		if !session.AuthFailed {

			record_id := bson.ObjectIdHex(session.GetParam("record_id").(string))
			endpoint := session.GetEndpoint()

			record := endpoint.FindWriteRecordById(record_id, session.User)

			if record.Id != bson.ObjectId("") {
				file := model.File{}
				file.ApplicationId = session.GetApplication().Id
				file.RecordId = record.Id
				file.EndpointId = endpoint.Id
				file.Name = file_params["name"].(string)

				if size != 0 {
					file.Size = size
				} else {
					file.URL = url
				}

				file.Save()

				if file_params["size"] != nil {
					file.GenerateRequest()
				}

				record.AddFile(file)

				session.SetRecords("files", []model.File{file})
			}
		}
	} else {
		session.SetError(1400)
	}

	session.Write()

	return nil
}
Beispiel #7
0
func UsersDeleteHandler(c echo.Context) error {
	session := session.NewSession(c)

	if !session.AuthFailed {
		user := session.User
		user.Delete()
	}

	session.Write()

	return nil
}
Beispiel #8
0
func AdminListEndpointsHandler(c echo.Context) error {
	session := session.NewSession(c)

	if !session.AuthFailed && session.User.SuperUser == true {
		app := session.GetApplication()
		session.SetRecords("endpoints", app.AllEndpoints())
	}

	session.Write()

	return nil
}
Beispiel #9
0
func FilesGetHandler(c echo.Context) error {

	// Create the User Session
	session := session.NewSession(c)

	// Validate that the request signature is valid
	session.ValidateFileRequest()

	redirect := false

	if !session.AuthFailed {
		// Get the endpoint for that record
		endpoint := session.GetEndpoint()

		if plugin.CheckPlugin("get_file", endpoint) {
			plugin.RunPlugin("get_file", endpoint, session)
		} else {
			// Get the ID of the record that owns the file
			record_id := bson.ObjectIdHex(session.GetParam("record_id").(string))

			// Get the record from the endpoint collection
			record := endpoint.FindReadRecordById(record_id, session.User)

			// Check if the record exists
			if record.Id != bson.ObjectId("") {

				// Get the ID of the file
				file_id := bson.ObjectIdHex(session.GetParam("file_id").(string))

				// Get the file from the database
				file := record.FindFileById(file_id)

				// Validate that the file exists
				if file.Id != bson.ObjectId("") {

					// Redirect to the file path
					c.Redirect(301, file.DownloadURL())
					redirect = true

					// Log the request
					session.LogRequest()
				}
			}

			if !redirect {
				session.Write()
			}
		}
	}

	return nil
}
Beispiel #10
0
func RecordsBulkQueryHandler(c echo.Context) error {
	s := session.NewSession(c)

	if !s.AuthFailed {

		request := s.GetParam("request").(map[string]interface{})
		requests := request["requests"].([]interface{})

		c := make(chan bool, len(requests))

		for _, request := range requests {
			go func(request interface{}, session *session.Session) {
				endpoint := session.GetApplication().FindEndpointByName(request.(map[string]interface{})["endpoint"].(string))
				guid := request.(map[string]interface{})["guid"].(string)

				t := time.Now()

				if plugin.CheckPlugin("query", endpoint) {
					s := session.CopySessionForBulkRequest(guid)
					plugin.RunPlugin("query", endpoint, s)
					session.CopyResponseFromSessionForBulkRequest(s, guid, endpoint.Name)
				} else {
					r := request.(map[string]interface{})["request"].(map[string]interface{})
					records, count := endpoint.FindReadRecordsWhere(r["where"].(map[string]interface{}), session.User)
					session.SetRecordsAndCalculateCapabilitiesForUserForGuid(endpoint.Name, records, session.User, guid)
					session.SetRecordCountForGuid(count, guid)
				}

				logger.Log("Bulk Loaded:", "/"+endpoint.ApplicationId.Hex()+"/"+endpoint.Name+"/query", time.Now().Sub(t).String(), session.User.Id.Hex())
				c <- true
			}(request, &s)
		}

		i := 0

		for {
			<-c
			i++
			if i >= len(requests) {
				break
			}
		}
	}

	s.Write()

	return nil
}
Beispiel #11
0
func GroupDestroyHandler(c echo.Context) error {
	session := session.NewSession(c)
	if !session.AuthFailed {
		id := bson.ObjectIdHex(session.GetParam("group_id").(string))
		group, _ := session.GetApplication().FindGroupById(id)

		if group.CanModify(session.User) {
			group.Delete()
		} else {
			session.SetError(1002)
		}
	} else {
		session.SetError(1001)
	}
	session.Write()

	return nil
}
Beispiel #12
0
func UsersUpdateHandler(c echo.Context) error {
	session := session.NewSession(c)

	request_params := session.GetParam("request").(map[string]interface{})

	user_params := request_params["user"].(map[string]interface{})

	user_id := session.GetParam("user_id").(string)
	user := session.GetApplication().FindUserById(bson.ObjectIdHex(user_id))

	can_edit := session.User.SuperUser || session.User.Id == user.Id

	password := user_params["current_password"]
	valid := session.User.SuperUser || (password != nil && user.VerifyPassword(password.(string)))

	//fmt.Println(can_edit, user_id)

	if user.Id == bson.ObjectId("") || !can_edit {
		session.SetError(1101)
	} else if !valid {
		session.SetError(1106)
	} else {
		if user_params["name"] != nil {
			user.Name = user_params["name"].(string)
		}

		if user_params["email"] != nil {
			user.Email = user_params["email"].(string)
		}

		if user_params["password"] != nil {
			user.SetPassword(user_params["password"].(string))
		}

		user.Save()

		session.SetRecords("users", []interface{}{user})
	}
	session.Write()

	return nil
}
Beispiel #13
0
func UsersGetHandler(c echo.Context) error {
	session := session.NewSession(c)

	user_id := session.GetParam("user_id").(string)
	user := session.GetApplication().FindUserById(bson.ObjectIdHex(user_id))

	if !session.AuthFailed {

		// Only Send Private Profile if the user matches
		if session.User.Id == user.Id {
			user.SendPrivateProfile()
		}

		session.SetRecords("users", []interface{}{user})
	}

	session.Write()

	return nil
}
Beispiel #14
0
func GroupLeaveHandler(c echo.Context) error {
	session := session.NewSession(c)

	if session.User.Id != bson.ObjectId("") {
		id := bson.ObjectIdHex(session.GetParam("group_id").(string))
		group, _ := session.GetApplication().FindGroupById(id)

		users := []model.User{session.User}

		group.RemoveUsers(users)

		group.Save()

		session.SetRecords("groups", []interface{}{group})
	}

	session.Write()

	return nil
}
Beispiel #15
0
func GroupUpdateHandler(c echo.Context) error {
	session := session.NewSession(c)

	if !session.AuthFailed {
		group_params := session.GetParam("request").(map[string]interface{})
		id := bson.ObjectIdHex(session.GetParam("group_id").(string))

		group, _ := session.GetApplication().FindGroupById(id)

		if group.CanModify(session.User) {
			group.Update(group_params)
			group.Save()
		}

		session.SetRecords("groups", []interface{}{group})
	}

	session.Write()

	return nil
}
Beispiel #16
0
func GroupCreateHandler(c echo.Context) error {
	session := session.NewSession(c)

	if !session.AuthFailed {
		request := session.GetParam("request").(map[string]interface{})
		group_params := request["group"].(map[string]interface{})

		group := model.Group{}
		group.ApplicationId = bson.ObjectIdHex(session.GetParam("application_id").(string))
		group.Save()

		group.Update(group_params)
		group.Save()

		session.SetRecords("groups", []interface{}{group})
	}

	session.Write()

	return nil
}
Beispiel #17
0
func UsersCreateHandler(c echo.Context) error {
	session := session.NewSession(c)

	request_params := session.GetParam("request").(map[string]interface{})
	user_params := request_params["user"].(map[string]interface{})

	user := model.User{}
	user.ApplicationId = bson.ObjectIdHex(session.GetParam("application_id").(string))

	email := strings.ToLower(user_params["email"].(string))

	if user_params["name"] != nil && user_params["email"] != nil && user_params["facebook_id"] == nil {
		user.Name = user_params["name"].(string)
		user.Email = email
		user.SetPassword(user_params["password"].(string))
	} else {
		user.Name = user_params["name"].(string)
		user.Email = email
		user.FacebookId = user_params["facebook_id"].(string)

		if user_params["password"] != nil {
			user.SetPassword(user_params["password"].(string))
		}

	}

	err := user.Save()

	if err {
		logger.Error("1105" + user.Id.Hex())
		session.SetError(1105)
	} else {
		user.NewSession()
		logger.Error("Registered User: "******"users", []interface{}{user})
	}
	session.Write()

	return nil
}
Beispiel #18
0
func UsersAuthenticateHandler(c echo.Context) error {
	session := session.NewSession(c)

	request_params := session.GetParam("request").(map[string]interface{})
	user_params := request_params["user"].(map[string]interface{})

	valid := false
	user := model.User{}

	if user_params["email"] != nil && user_params["password"] != nil {
		email := user_params["email"].(string)
		password := user_params["password"].(string)

		user = session.GetApplication().FindUserByEmail(email)
		valid = user.VerifyPassword(password)
	} else if user_params["facebook_id"] != nil && user_params["facebook_token"] != nil {
		facebook_id := user_params["facebook_id"].(string)
		facebook_token := user_params["facebook_token"].(string)

		user = session.GetApplication().FindUserByFacebookId(facebook_id)
		valid = user.VerifyFacebookToken(facebook_token)
	} else if user_params["transfer_id"] != nil && user_params["transfer_token"] != nil {
		user_id := user_params["transfer_id"].(string)
		transfer_token := user_params["transfer_token"].(string)

		user = session.GetApplication().FindUserByTransferId(user_id)

		valid = user.VerifyTransferToken(transfer_token)
	}

	if !valid || user.Id == bson.ObjectId("") {
		session.SetError(1101)
	} else {
		user.NewSession()
		session.SetRecords("users", []interface{}{user})
	}
	session.Write()

	return nil
}
Beispiel #19
0
func FilesDeleteHandler(c echo.Context) error {
	session := session.NewSession(c)

	if !session.AuthFailed {
		record_id := bson.ObjectIdHex(session.GetParam("record_id").(string))
		endpoint := session.GetEndpoint()

		record := endpoint.FindReadRecordById(record_id, session.User)
		if record.Id != bson.ObjectId("") {
			file_id := bson.ObjectIdHex(session.GetParam("file_id").(string))

			file := record.FindFileById(file_id)
			if file.Id != bson.ObjectId("") {
				file.Delete()
				record.RemoveFile(file)
			}
		}
	}

	session.Write()

	return nil
}
Beispiel #20
0
func RecordsCreateHandler(c echo.Context) error {
	session := session.NewSession(c)

	if !session.AuthFailed {
		endpoint := session.GetEndpoint()
		request := session.GetParam("request").(map[string]interface{})

		bypass_plugin := false

		if session.User.SuperUser && request["content"].(map[string]interface{})["$bypass_plugin"] != nil {
			bypass_plugin = true
			delete(request["content"].(map[string]interface{}), "$bypass_plugin")
		}

		if !bypass_plugin && plugin.CheckPlugin("create", endpoint) {
			plugin.RunPlugin("create", endpoint, session)
		} else {
			if endpoint.CanCreate(session.User) {
				record := endpoint.NewRecord()

				if session.User.Id != bson.ObjectId("") {
					record.CreatedBy = session.User.Id
				}

				if request != nil && request["content"] != nil {

					var trigger = false

					if request["content"].(map[string]interface{})["$trigger"] != nil {
						trigger = request["content"].(map[string]interface{})["$trigger"].(bool)
						delete(request["content"].(map[string]interface{}), "$trigger")
					} else {
						trigger = !session.TriggerSession
					}

					if request["content"].(map[string]interface{})["$created_by"] != nil &&
						session.User.SuperUser == true {
						record.CreatedBy = bson.ObjectIdHex(request["content"].(map[string]interface{})["$created_by"].(string))
						delete(request["content"].(map[string]interface{}), "$created_by")
					}

					request_content := request["content"].(map[string]interface{})
					request_permissions := request["permissions"].(map[string]interface{})

					record.Content = request_content
					record.Permissions.UpdatePermissions(request_permissions)

					record.SaveAndTrigger("", false)
					record.UpdateReferenceMaps()
					record.SaveAndTriggerCreate(endpoint.Name, trigger)

					session.SetRecordsAndCalculateCapabilitiesForUser(session.GetEndpoint().Name, []model.Record{record}, session.User)
				}
			}
		}
	}

	session.Write()

	return nil
}