Beispiel #1
0
// POST /users/password/reset
func HandlePasswordResetSend(context router.Context) error {

	// Find the user by email (if not found let them know)
	// Find the user by hex token in the db
	email := context.Param("email")
	user, err := users.First(users.Where("email=?", email))
	if err != nil {
		return router.Redirect(context, "/users/password/reset?message=invalid_email")
	}

	// Generate a random token and url for the email
	token := auth.BytesToHex(auth.RandomToken())

	// Generate the url to use in our email
	base := fmt.Sprintf("%s://%s", context.Request().URL.Scheme, context.Request().URL.Host)
	url := fmt.Sprintf("%s/users/password?token=%s", base, token)

	context.Logf("#info sending reset email:%s url:%s", email, url)

	// Update the user record with with this token
	p := map[string]string{"reset_token": token}
	user.Update(p)

	// Send a password reset email out
	//mail.Send("mymail")

	// Tell the user what we have done
	return router.Redirect(context, "/users/password/sent")
}
Beispiel #2
0
// HandleUpdate handles POST or PUT /pages/1/update
func HandleUpdate(context router.Context) error {

	// Find the page
	page, err := pages.Find(context.ParamInt("id"))
	if err != nil {
		return router.NotFoundError(err)
	}

	// Authorise updating the page
	err = authorise.Resource(context, page)
	if err != nil {
		return router.NotAuthorizedError(err)
	}

	// Update the page from params
	params, err := context.Params()
	if err != nil {
		return router.InternalError(err)
	}
	err = page.Update(params.Map())
	if err != nil {
		return router.InternalError(err)
	}

	// We then find the page again, and retreive the new Url, in case it has changed during update
	page, err = pages.Find(context.ParamInt("id"))
	if err != nil {
		return router.NotFoundError(err)
	}

	// Redirect to page url
	return router.Redirect(context, page.Url)
}
Beispiel #3
0
// HandleCreate handles the POST of the create form for pages
func HandleCreate(context router.Context) error {

	// Authorise
	err := authorise.ResourceAndAuthenticity(context, nil)
	if err != nil {
		return router.NotAuthorizedError(err)
	}

	// Setup context
	params, err := context.Params()
	if err != nil {
		return router.InternalError(err)
	}

	id, err := pages.Create(params.Map())
	if err != nil {
		return router.InternalError(err)
	}

	// Log creation
	context.Logf("#info Created page id,%d", id)

	// Redirect to the new page
	m, err := pages.Find(id)
	if err != nil {
		return router.InternalError(err)
	}

	return router.Redirect(context, m.URLIndex())
}
Beispiel #4
0
// HandleUpdate responds to POST /comments/update
func HandleUpdate(context router.Context) error {

	// Find the comment
	comment, err := comments.Find(context.ParamInt("id"))
	if err != nil {
		return router.NotFoundError(err)
	}

	// Authorise update comment, check auth token
	err = authorise.ResourceAndAuthenticity(context, comment)
	if err != nil {
		return router.NotAuthorizedError(err)
	}

	// Update the comment from params
	params, err := context.Params()
	if err != nil {
		return router.InternalError(err)
	}

	err = comment.Update(params.Map())
	if err != nil {
		return router.InternalError(err)
	}

	// Redirect to comment
	return router.Redirect(context, comment.URLShow())
}
Beispiel #5
0
// POST users/create
func HandleCreate(context router.Context) error {

	// Authorise
	err := authorise.Path(context)
	if err != nil {
		return router.NotAuthorizedError(err)
	}

	// Setup context
	params, err := context.Params()
	if err != nil {
		return router.InternalError(err)
	}

	// We should check for duplicates in here
	id, err := users.Create(params.Map())
	if err != nil {
		return router.InternalError(err, "Error", "Sorry, an error occurred creating the user record.")
	} else {
		context.Logf("#info Created user id,%d", id)
	}

	// Redirect to the new user
	p, err := users.Find(id)
	if err != nil {
		return router.InternalError(err, "Error", "Sorry, an error occurred finding the new user record.")
	}

	return router.Redirect(context, p.URLIndex())
}
Beispiel #6
0
// HandleUpdate serves POST or PUT /tags/1/update
func HandleUpdate(context router.Context) error {

	// Find the tag
	tag, err := tags.Find(context.ParamInt("id"))
	if err != nil {
		return router.NotFoundError(err)
	}

	// Authorise
	err = authorise.Resource(context, tag)
	if err != nil {
		return router.NotAuthorizedError(err)
	}

	// Update the tag
	params, err := context.Params()
	if err != nil {
		return router.InternalError(err)
	}

	err = tag.Update(params.Map())
	if err != nil {
		return router.InternalError(err)
	}

	// Redirect to tag
	return router.Redirect(context, tag.URLShow())
}
Beispiel #7
0
// HandleUpdateShow handles the POST of the form to update a file
func HandleUpdate(context router.Context) error {

	// Find the file
	file, err := files.Find(context.ParamInt("id"))
	if err != nil {
		return router.NotFoundError(err)
	}

	// Authorise update file
	err = authorise.Resource(context, file)
	if err != nil {
		return router.NotAuthorizedError(err)
	}

	// Update the file from params
	params, err := context.Params()
	if err != nil {
		return router.InternalError(err)
	}

	// Find the to user, by querying users on username or email
	// Set the user id if found, else return 404 error, user not found

	// TODO: Make *sure* this only accepts the params we want
	err = file.Update(params.Map())
	if err != nil {
		return router.InternalError(err)
	}

	// Redirect to file
	return router.Redirect(context, file.URLShow())
}
Beispiel #8
0
// HandleUpdate handles the POST of the form to update a post
func HandleUpdate(context router.Context) error {

	// Find the post
	post, err := posts.Find(context.ParamInt("id"))
	if err != nil {
		return router.NotFoundError(err)
	}

	// Authorise update post
	err = authorise.Resource(context, post)
	if err != nil {
		return router.NotAuthorizedError(err)
	}

	// Update the post from params
	params, err := context.Params()
	if err != nil {
		return router.InternalError(err)
	}
	err = post.Update(params.Map())
	if err != nil {
		return router.InternalError(err)
	}

	// Redirect to post
	return router.Redirect(context, post.URLShow())
}
Beispiel #9
0
// POST pages/create
func HandleCreate(context router.Context) error {
	// Authorise
	err := authorise.Path(context)
	if err != nil {
		return router.NotAuthorizedError(err)
	}

	// Setup context
	params, err := context.Params()
	if err != nil {
		return router.InternalError(err)
	}

	id, err := pages.Create(params.Map())

	if err != nil {
		context.Logf("#info Failed to create page %v", params)
		return router.InternalError(err)
	}

	// Log creation
	context.Logf("#info Created page id,%d", id)

	// Redirect to the new page
	p, err := pages.Find(id)
	if err != nil {
		context.Logf("#error Error creating page,%s", err)
	}

	return router.Redirect(context, p.URLIndex())
}
Beispiel #10
0
// HandleShow displays a single story
func HandleShow(context router.Context) error {

	// Find the story
	story, err := stories.Find(context.ParamInt("id"))
	if err != nil {
		return router.InternalError(err)
	}

	// Redirect requests to the canonical url
	if context.Path() != story.URLShow() {
		return router.Redirect(context, story.URLShow())
	}

	// Find the comments for this story
	// Fetch the comments
	q := comments.Where("story_id=?", story.Id).Order(comments.RankOrder)
	rootComments, err := comments.FindAll(q)
	if err != nil {
		return router.InternalError(err)
	}

	// Render the template
	view := view.New(context)
	view.AddKey("story", story)
	view.AddKey("meta_title", story.Name)
	view.AddKey("meta_desc", story.Summary)
	view.AddKey("meta_keywords", story.Name)
	view.AddKey("comments", rootComments)

	return view.Render()
}
Beispiel #11
0
// HandleShowPath serves requests to a custom page url
func HandleShowPath(context router.Context) error {

	// Setup context for template
	path := context.Path()

	// If no pages or users exist, redirect to set up page
	if missingUsersAndPages() {
		return router.Redirect(context, "/fragmenta/setup")
	}

	q := pages.Query().Where("url=?", path).Limit(1)
	pages, err := pages.FindAll(q)
	if err != nil || len(pages) == 0 {
		return router.NotFoundError(err)
	}

	// Get the first of pages to render
	page := pages[0]

	// For show path of pages, we authorise showing the page FOR ALL users if it is published
	if !page.IsPublished() {
		// Authorise
		err = authorise.Resource(context, page)
		if err != nil {
			return router.NotAuthorizedError(err)
		}
	}

	return renderPage(context, page)
}
Beispiel #12
0
// HandleUpdate handles the POST of the form to update a page
func HandleUpdate(context router.Context) error {

	// Find the page
	page, err := pages.Find(context.ParamInt("id"))
	if err != nil {
		return router.NotFoundError(err)
	}

	// Authorise update page
	err = authorise.ResourceAndAuthenticity(context, page)
	if err != nil {
		return router.NotAuthorizedError(err)
	}

	// Update the page from params
	params, err := context.Params()
	if err != nil {
		return router.InternalError(err)
	}
	err = page.Update(params.Map())
	if err != nil {
		return router.InternalError(err)
	}

	// Redirect to page
	return router.Redirect(context, page.URLShow())
}
Beispiel #13
0
// HandleUpdate handles the POST of the form to update a user
func HandleUpdate(context router.Context) error {

	// Find the user
	user, err := users.Find(context.ParamInt("id"))
	if err != nil {
		return router.NotFoundError(err)
	}

	// Authorise update user
	err = authorise.ResourceAndAuthenticity(context, user)
	if err != nil {
		return router.NotAuthorizedError(err)
	}

	// Get the params
	params, err := context.Params()
	if err != nil {
		return router.InternalError(err)
	}

	// Clean params further for customers, they may only update email, password, key
	allowedParams := params.Map()
	u := authorise.CurrentUser(context)
	if !u.Admin() {
		//	allowedParams = params.Clean(users.AllowedParamsCustomer())
	}

	err = user.Update(allowedParams)
	if err != nil {
		return router.InternalError(err)
	}

	// Redirect to user
	return router.Redirect(context, user.URLShow())
}
Beispiel #14
0
// HandleUpdate handles the POST of the form to update a story
func HandleUpdate(context router.Context) error {

	// Find the story
	story, err := stories.Find(context.ParamInt("id"))
	if err != nil {
		return router.NotFoundError(err)
	}

	// Authorise update story
	err = authorise.ResourceAndAuthenticity(context, story)
	if err != nil {
		return router.NotAuthorizedError(err)
	}

	// Update the story from params
	params, err := context.Params()
	if err != nil {
		return router.InternalError(err)
	}
	err = story.Update(params.Map())
	if err != nil {
		return err // Create returns a router.Error
	}

	err = updateStoriesRank()
	if err != nil {
		return router.InternalError(err)
	}

	// Redirect to story
	return router.Redirect(context, story.URLShow())
}
Beispiel #15
0
// HandleUpdate responds to POST /comments/update
func HandleUpdate(context router.Context) error {

	// Find the comment
	comment, err := comments.Find(context.ParamInt("id"))
	if err != nil {
		return router.NotFoundError(err)
	}

	// Authorise update comment, check auth token
	err = authorise.ResourceAndAuthenticity(context, comment)
	if err != nil {
		return router.NotAuthorizedError(err)
	}

	// Update the comment from params
	params, err := context.Params()
	if err != nil {
		return router.InternalError(err)
	}

	// Clean params according to role
	accepted := comments.AllowedParams()
	if authorise.CurrentUser(context).Admin() {
		accepted = comments.AllowedParamsAdmin()
	}
	cleanedParams := params.Clean(accepted)

	err = comment.Update(cleanedParams)
	if err != nil {
		return router.InternalError(err)
	}

	// Redirect to comment
	return router.Redirect(context, comment.URLShow())
}
Beispiel #16
0
// HandleUpdate or PUT /users/1/update
func HandleUpdate(context router.Context) error {

	// Find the user
	id := context.ParamInt("id")
	user, err := users.Find(id)
	if err != nil {
		context.Logf("#error Error finding user %s", err)
		return router.NotFoundError(err)
	}

	// Authorise
	err = authorise.ResourceAndAuthenticity(context, user)
	if err != nil {
		return router.NotAuthorizedError(err)
	}

	// Get the params
	params, err := context.Params()
	if err != nil {
		return router.InternalError(err)
	}

	context.Logf("PARAMS RECD:%v", params)

	err = user.Update(params.Map())
	if err != nil {
		return router.InternalError(err)
	}

	// Redirect to user
	return router.Redirect(context, user.URLShow())
}
Beispiel #17
0
// HandleHome serves a get request at /
func HandleHome(context router.Context) error {
	// Setup context for template
	view := view.New(context)

	// Authorise
	err := authorise.Path(context)
	if err != nil {
		return router.NotAuthorizedError(err)
	}

	// If nothing exists, redirect to set up page
	if missingUsersAndPages() {
		return router.Redirect(context, "/fragmenta/setup")
	}

	page, err := pages.Find(1)
	if err != nil {
		return router.InternalError(err)
	}

	view.AddKey("page", page)
	view.AddKey("meta_title", page.Name)
	view.AddKey("meta_desc", page.Summary)
	view.AddKey("meta_keywords", page.Keywords)

	return view.Render()

}
Beispiel #18
0
// HandleUpdate handles POST or PUT /images/1/update
func HandleUpdate(context router.Context) error {

	// Find the image
	image, err := images.Find(context.ParamInt("id"))
	if err != nil {
		context.Logf("#error Error finding image %s", err)
		return router.NotFoundError(err)
	}

	// Authorise
	err = authorise.Resource(context, image)
	if err != nil {
		return router.NotAuthorizedError(err)
	}

	// Update the image
	params, err := context.Params()
	if err != nil {
		return router.InternalError(err)
	}

	err = image.Update(params.Map())
	if err != nil {
		return router.InternalError(err)
	}

	// We redirect back to source if redirect param is set
	return router.Redirect(context, image.URLUpdate())

}
Beispiel #19
0
// HandleLogout logs the current user out
func HandleLogout(context router.Context) error {

	// Clear the current session cookie
	auth.ClearSession(context)

	// Redirect to home
	return router.Redirect(context, "/")
}
Beispiel #20
0
// HandleLogin handles a post to /users/login
func HandleLogin(context router.Context) error {

	// Check we're not already logged in, if so redirect

	// Get the user details from the database
	params, err := context.Params()
	if err != nil {
		return router.NotFoundError(err)
	}

	// Find the user with this email
	q := users.Where("email=?", params.Get("email"))
	user, err := users.First(q)
	if err != nil {
		q = users.Where("name=?", params.Get("email")) // NB use of email field
		user, err = users.First(q)
	}

	if err != nil {
		context.Logf("#error Login failed for user no such user : %s %s", params.Get("email"), err)
		return router.Redirect(context, "/users/login?error=failed_email")
	}

	err = auth.CheckPassword(params.Get("password"), user.EncryptedPassword)

	if err != nil {
		context.Logf("#error Login failed for user : %s %s", params.Get("email"), err)
		return router.Redirect(context, "/users/login?error=failed_password")
	}

	// Save the fact user is logged in to session cookie
	err = loginUser(context, user)
	if err != nil {
		return router.InternalError(err)
	}

	// Redirect to whatever page the user tried to visit before (if any)
	// For now send them to root
	return router.Redirect(context, "/")

}
Beispiel #21
0
// HandleLogin handles a post to /users/login
func HandleLogin(context router.Context) error {

	// Check we're not already logged in, if so redirect

	// Get the user details from the database
	params, err := context.Params()
	if err != nil {
		return router.NotFoundError(err)
	}

	// Need something neater than this - how best to do it?
	q := users.Where("email=?", params.Get("email"))
	user, err := users.First(q)
	if err != nil {
		context.Logf("#error Login failed for user no such user : %s %s", params.Get("email"), err)
		return router.Redirect(context, "/users/login?error=failed_email")

	}

	err = auth.CheckPassword(params.Get("password"), user.EncryptedPassword)

	if err != nil {
		context.Logf("#error Login failed for user : %s %s", params.Get("email"), err)
		return router.Redirect(context, "/users/login?error=failed_password")
	}

	// Now save the user details in a secure cookie, so that we remember the next request
	session, err := auth.Session(context, context.Request())
	if err != nil {
		context.Logf("#error problem retrieving session")

	}
	context.Logf("#info Login success for user: %d %s", user.Id, user.Email)
	session.Set(auth.SessionUserKey, fmt.Sprintf("%d", user.Id))
	session.Save(context)

	// Redirect to whatever page the user tried to visit before (if any)
	// For now send them to root
	return router.Redirect(context, "/")

}
Beispiel #22
0
// HandleUpdate or PUT /users/1/update
func HandleUpdate(context router.Context) error {

	// Find the user
	id := context.ParamInt("id")
	user, err := users.Find(id)
	if err != nil {
		context.Logf("#error Error finding user %s", err)
		return router.NotFoundError(err)
	}

	// Authorise
	err = authorise.Resource(context, user)
	if err != nil {
		return router.NotAuthorizedError(err)
	}

	// We expect only one image, what about replacing the existing when updating?
	// At present we just create a new image
	files, err := context.ParamFiles("image")
	if err != nil {
		return router.InternalError(err)
	}

	// Get the params
	params, err := context.Params()
	if err != nil {
		return router.InternalError(err)
	}

	var imageID int64

	if len(files) > 0 {
		fileHandle := files[0]

		// Create an image (saving the image representation on disk)
		imageParams := map[string]string{"name": user.Name, "status": "100"}
		imageID, err = images.Create(imageParams, fileHandle)
		if err != nil {
			return router.InternalError(err)
		}

		params.Set("image_id", fmt.Sprintf("%d", imageID))
		delete(params, "image")
	}

	err = user.Update(params.Map())
	if err != nil {
		return router.InternalError(err)
	}

	// Redirect to user
	return router.Redirect(context, user.URLShow())
}
Beispiel #23
0
// HandleLoginShow handles GET /users/login
func HandleLoginShow(context router.Context) error {

	// Check we have no current user
	u := authorise.CurrentUser(context)
	if !u.Anon() {
		return router.Redirect(context, fmt.Sprintf("/users/%d", u.Id))
	}

	// Render the template
	view := view.New(context)
	view.AddKey("error", context.Param("error"))
	return view.Render()
}
Beispiel #24
0
// HandleLogin handles a post to /users/login
func HandleLogin(context router.Context) error {

	params, err := context.Params()
	if err != nil {
		return router.NotFoundError(err)
	}

	// Check users against their username - we could also check against the email later?
	name := params.Get("name")
	q := users.Where("name=?", name)
	user, err := users.FindFirst(q)
	if err != nil {
		context.Logf("#error Login failed for user : %s %s", name, err)
		return router.Redirect(context, "/users/login?error=failed_name")
	}

	err = auth.CheckPassword(params.Get("password"), user.Password)
	if err != nil {
		context.Logf("#error Login failed for user : %s %s", name, err)
		return router.Redirect(context, "/users/login?error=failed_password")
	}

	// Save the details in a secure cookie
	session, err := auth.Session(context, context.Request())
	if err != nil {
		return router.InternalError(err)
	}

	context.Logf("#info LOGIN for user: %d", user.Id)
	session.Set(auth.SessionUserKey, fmt.Sprintf("%d", user.Id))
	session.Save(context)

	// Send them to their user profile page
	return router.Redirect(context, user.URLShow())

}
Beispiel #25
0
// HandleCreateShow serves the create form via GET for stories
func HandleCreateShow(context router.Context) error {

	// Authorise
	err := authorise.Path(context)
	if err != nil {
		// When not allowed to post stories, redirect to register screen
		router.Redirect(context, "/users/create")
	}

	// Render the template
	view := view.New(context)
	story := stories.New()
	view.AddKey("story", story)
	view.AddKey("meta_title", "Go Hacker News Submit")

	return view.Render()
}
Beispiel #26
0
// HandleCreate handles the POST of the create form for users
func HandleCreate(context router.Context) error {

	// Authorise
	err := authorise.Resource(context, nil)
	if err != nil {
		return router.NotAuthorizedError(err)
	}

	// Setup context
	params, err := context.Params()
	if err != nil {
		return router.InternalError(err)
	}

	// Default to customer role etc - admins will have to promote afterwards
	params.Set("role", fmt.Sprintf("%d", users.RoleCustomer))
	params.Set("status", fmt.Sprintf("%d", status.Published))

	id, err := users.Create(params.Map())
	if err != nil {
		return err
	}

	// Log creation
	context.Logf("#info Created user id,%d", id)

	// Redirect to the new user
	user, err := users.Find(id)
	if err != nil {
		return router.InternalError(err)
	}

	// Save the details in a secure cookie
	session, err := auth.Session(context, context.Request())
	if err != nil {
		return router.InternalError(err)
	}

	context.Logf("#info CREATE for user: %d", user.Id)
	session.Set(auth.SessionUserKey, fmt.Sprintf("%d", user.Id))
	session.Save(context)

	// Send them to their user profile page
	return router.Redirect(context, user.URLShow())
}
Beispiel #27
0
// HandleCreate responds to POST images/create
func HandleCreate(context router.Context) error {

	// Authorise
	err := authorise.Path(context)
	if err != nil {
		return router.NotAuthorizedError(err)
	}

	// We expect only one image, what about replacing the existing when updating?
	// At present we just create a new image
	files, err := context.ParamFiles("image")
	if err != nil {
		return router.InternalError(err)
	}

	if len(files) == 0 {
		return router.NotFoundError(nil)
	}

	// Get the params
	params, err := context.Params()
	if err != nil {
		return router.InternalError(err)
	}

	id, err := images.Create(params.Map(), files[0])
	if err != nil {
		context.Logf("#error Error creating image,%s", err)
		return router.InternalError(err)
	}

	// Log creation
	context.Logf("#info Created image id,%d", id)

	// Redirect to the new image
	m, err := images.Find(id)
	if err != nil {
		context.Logf("#error Error creating image,%s", err)
	}

	return router.Redirect(context, m.URLShow())
}
Beispiel #28
0
// HandleDestroy handles a DESTROY request for files
func HandleDestroy(context router.Context) error {

	// Find the file
	file, err := files.Find(context.ParamInt("id"))
	if err != nil {
		return router.NotFoundError(err)
	}

	// Authorise destroy file
	err = authorise.ResourceAndAuthenticity(context, file)
	if err != nil {
		return router.NotAuthorizedError(err)
	}

	// Destroy the file
	file.Destroy()

	// Redirect to files root
	return router.Redirect(context, "/files")
}
Beispiel #29
0
// HandleLoginShow shows the page at /users/login
func HandleLoginShow(context router.Context) error {
	// Setup context for template
	view := view.New(context)

	// Check we're not already logged in, if so redirect with a message
	// we could alternatively display an error here?
	if !authorise.CurrentUser(context).Anon() {
		return router.Redirect(context, "/?warn=already_logged_in")
	}

	switch context.Param("error") {
	case "failed_email":
		view.AddKey("warning", "Sorry, we couldn't find a user with that email.")
	case "failed_password":
		view.AddKey("warning", "Sorry, the password was incorrect, please try again.")
	}

	// Serve
	return view.Render()
}
Beispiel #30
0
// HandleDestroy responds to POST /tags/1/destroy
func HandleDestroy(context router.Context) error {

	// Set the tag on the context for checking
	tag, err := tags.Find(context.ParamInt("id"))
	if err != nil {
		return router.NotFoundError(err)
	}

	// Authorise
	err = authorise.Resource(context, tag)
	if err != nil {
		return router.NotAuthorizedError(err)
	}

	// Destroy the tag
	tag.Destroy()

	// Redirect to tags root
	return router.Redirect(context, tag.URLIndex())
}