// POST users/create
func HandleCreate(context router.Context) error {
// Authorise
err := authorise.Path(context)
if err != nil {
return router.NotAuthorizedError(err)
}
// Setup context
params, err := context.Params()
if err != nil {
return router.InternalError(err)
}
// We should check for duplicates in here
id, err := users.Create(params.Map())
if err != nil {
return router.InternalError(err, "Error", "Sorry, an error occurred creating the user record.")
} else {
context.Logf("#info Created user id,%d", id)
}
// Redirect to the new user
p, err := users.Find(id)
if err != nil {
return router.InternalError(err, "Error", "Sorry, an error occurred finding the new user record.")
}
return router.Redirect(context, p.URLIndex())
}
// HandleUpdate handles POST or PUT /images/1/update
func HandleUpdate(context router.Context) error {
// Find the image
image, err := images.Find(context.ParamInt("id"))
if err != nil {
context.Logf("#error Error finding image %s", err)
return router.NotFoundError(err)
}
// Authorise
err = authorise.Resource(context, image)
if err != nil {
return router.NotAuthorizedError(err)
}
// Update the image
params, err := context.Params()
if err != nil {
return router.InternalError(err)
}
err = image.Update(params.Map())
if err != nil {
return router.InternalError(err)
}
// We redirect back to source if redirect param is set
return router.Redirect(context, image.URLUpdate())
}
// HandleUpdate handles the POST of the form to update a page
func HandleUpdate(context router.Context) error {
// Find the page
page, err := pages.Find(context.ParamInt("id"))
if err != nil {
return router.NotFoundError(err)
}
// Authorise update page
err = authorise.ResourceAndAuthenticity(context, page)
if err != nil {
return router.NotAuthorizedError(err)
}
// Update the page from params
params, err := context.Params()
if err != nil {
return router.InternalError(err)
}
err = page.Update(params.Map())
if err != nil {
return router.InternalError(err)
}
// Redirect to page
return router.Redirect(context, page.URLShow())
}
// HandleUpdate handles the POST of the form to update a user
func HandleUpdate(context router.Context) error {
// Find the user
user, err := users.Find(context.ParamInt("id"))
if err != nil {
return router.NotFoundError(err)
}
// Authorise update user
err = authorise.ResourceAndAuthenticity(context, user)
if err != nil {
return router.NotAuthorizedError(err)
}
// Get the params
params, err := context.Params()
if err != nil {
return router.InternalError(err)
}
// Clean params further for customers, they may only update email, password, key
allowedParams := params.Map()
u := authorise.CurrentUser(context)
if !u.Admin() {
// allowedParams = params.Clean(users.AllowedParamsCustomer())
}
err = user.Update(allowedParams)
if err != nil {
return router.InternalError(err)
}
// Redirect to user
return router.Redirect(context, user.URLShow())
}
// HandleUpdate responds to POST /comments/update
func HandleUpdate(context router.Context) error {
// Find the comment
comment, err := comments.Find(context.ParamInt("id"))
if err != nil {
return router.NotFoundError(err)
}
// Authorise update comment, check auth token
err = authorise.ResourceAndAuthenticity(context, comment)
if err != nil {
return router.NotAuthorizedError(err)
}
// Update the comment from params
params, err := context.Params()
if err != nil {
return router.InternalError(err)
}
// Clean params according to role
accepted := comments.AllowedParams()
if authorise.CurrentUser(context).Admin() {
accepted = comments.AllowedParamsAdmin()
}
cleanedParams := params.Clean(accepted)
err = comment.Update(cleanedParams)
if err != nil {
return router.InternalError(err)
}
// Redirect to comment
return router.Redirect(context, comment.URLShow())
}
// HandleUpdate or PUT /users/1/update
func HandleUpdate(context router.Context) error {
// Find the user
id := context.ParamInt("id")
user, err := users.Find(id)
if err != nil {
context.Logf("#error Error finding user %s", err)
return router.NotFoundError(err)
}
// Authorise
err = authorise.ResourceAndAuthenticity(context, user)
if err != nil {
return router.NotAuthorizedError(err)
}
// Get the params
params, err := context.Params()
if err != nil {
return router.InternalError(err)
}
context.Logf("PARAMS RECD:%v", params)
err = user.Update(params.Map())
if err != nil {
return router.InternalError(err)
}
// Redirect to user
return router.Redirect(context, user.URLShow())
}
// HandleUpdate handles POST or PUT /pages/1/update
func HandleUpdate(context router.Context) error {
// Find the page
page, err := pages.Find(context.ParamInt("id"))
if err != nil {
return router.NotFoundError(err)
}
// Authorise updating the page
err = authorise.Resource(context, page)
if err != nil {
return router.NotAuthorizedError(err)
}
// Update the page from params
params, err := context.Params()
if err != nil {
return router.InternalError(err)
}
err = page.Update(params.Map())
if err != nil {
return router.InternalError(err)
}
// We then find the page again, and retreive the new Url, in case it has changed during update
page, err = pages.Find(context.ParamInt("id"))
if err != nil {
return router.NotFoundError(err)
}
// Redirect to page url
return router.Redirect(context, page.Url)
}
// HandleUpdate responds to POST /comments/update
func HandleUpdate(context router.Context) error {
// Find the comment
comment, err := comments.Find(context.ParamInt("id"))
if err != nil {
return router.NotFoundError(err)
}
// Authorise update comment, check auth token
err = authorise.ResourceAndAuthenticity(context, comment)
if err != nil {
return router.NotAuthorizedError(err)
}
// Update the comment from params
params, err := context.Params()
if err != nil {
return router.InternalError(err)
}
err = comment.Update(params.Map())
if err != nil {
return router.InternalError(err)
}
// Redirect to comment
return router.Redirect(context, comment.URLShow())
}
// HandleCreate handles the POST of the create form for pages
func HandleCreate(context router.Context) error {
// Authorise
err := authorise.ResourceAndAuthenticity(context, nil)
if err != nil {
return router.NotAuthorizedError(err)
}
// Setup context
params, err := context.Params()
if err != nil {
return router.InternalError(err)
}
id, err := pages.Create(params.Map())
if err != nil {
return router.InternalError(err)
}
// Log creation
context.Logf("#info Created page id,%d", id)
// Redirect to the new page
m, err := pages.Find(id)
if err != nil {
return router.InternalError(err)
}
return router.Redirect(context, m.URLIndex())
}
// HandleUpdate handles the POST of the form to update a story
func HandleUpdate(context router.Context) error {
// Find the story
story, err := stories.Find(context.ParamInt("id"))
if err != nil {
return router.NotFoundError(err)
}
// Authorise update story
err = authorise.ResourceAndAuthenticity(context, story)
if err != nil {
return router.NotAuthorizedError(err)
}
// Update the story from params
params, err := context.Params()
if err != nil {
return router.InternalError(err)
}
err = story.Update(params.Map())
if err != nil {
return err // Create returns a router.Error
}
err = updateStoriesRank()
if err != nil {
return router.InternalError(err)
}
// Redirect to story
return router.Redirect(context, story.URLShow())
}
// HandleUpdate serves POST or PUT /tags/1/update
func HandleUpdate(context router.Context) error {
// Find the tag
tag, err := tags.Find(context.ParamInt("id"))
if err != nil {
return router.NotFoundError(err)
}
// Authorise
err = authorise.Resource(context, tag)
if err != nil {
return router.NotAuthorizedError(err)
}
// Update the tag
params, err := context.Params()
if err != nil {
return router.InternalError(err)
}
err = tag.Update(params.Map())
if err != nil {
return router.InternalError(err)
}
// Redirect to tag
return router.Redirect(context, tag.URLShow())
}
// HandleUpdateShow handles the POST of the form to update a file
func HandleUpdate(context router.Context) error {
// Find the file
file, err := files.Find(context.ParamInt("id"))
if err != nil {
return router.NotFoundError(err)
}
// Authorise update file
err = authorise.Resource(context, file)
if err != nil {
return router.NotAuthorizedError(err)
}
// Update the file from params
params, err := context.Params()
if err != nil {
return router.InternalError(err)
}
// Find the to user, by querying users on username or email
// Set the user id if found, else return 404 error, user not found
// TODO: Make *sure* this only accepts the params we want
err = file.Update(params.Map())
if err != nil {
return router.InternalError(err)
}
// Redirect to file
return router.Redirect(context, file.URLShow())
}
// HandleUpdate handles the POST of the form to update a post
func HandleUpdate(context router.Context) error {
// Find the post
post, err := posts.Find(context.ParamInt("id"))
if err != nil {
return router.NotFoundError(err)
}
// Authorise update post
err = authorise.Resource(context, post)
if err != nil {
return router.NotAuthorizedError(err)
}
// Update the post from params
params, err := context.Params()
if err != nil {
return router.InternalError(err)
}
err = post.Update(params.Map())
if err != nil {
return router.InternalError(err)
}
// Redirect to post
return router.Redirect(context, post.URLShow())
}
// POST pages/create
func HandleCreate(context router.Context) error {
// Authorise
err := authorise.Path(context)
if err != nil {
return router.NotAuthorizedError(err)
}
// Setup context
params, err := context.Params()
if err != nil {
return router.InternalError(err)
}
id, err := pages.Create(params.Map())
if err != nil {
context.Logf("#info Failed to create page %v", params)
return router.InternalError(err)
}
// Log creation
context.Logf("#info Created page id,%d", id)
// Redirect to the new page
p, err := pages.Find(id)
if err != nil {
context.Logf("#error Error creating page,%s", err)
}
return router.Redirect(context, p.URLIndex())
}
// HandleUpdate or PUT /users/1/update
func HandleUpdate(context router.Context) error {
// Find the user
id := context.ParamInt("id")
user, err := users.Find(id)
if err != nil {
context.Logf("#error Error finding user %s", err)
return router.NotFoundError(err)
}
// Authorise
err = authorise.Resource(context, user)
if err != nil {
return router.NotAuthorizedError(err)
}
// We expect only one image, what about replacing the existing when updating?
// At present we just create a new image
files, err := context.ParamFiles("image")
if err != nil {
return router.InternalError(err)
}
// Get the params
params, err := context.Params()
if err != nil {
return router.InternalError(err)
}
var imageID int64
if len(files) > 0 {
fileHandle := files[0]
// Create an image (saving the image representation on disk)
imageParams := map[string]string{"name": user.Name, "status": "100"}
imageID, err = images.Create(imageParams, fileHandle)
if err != nil {
return router.InternalError(err)
}
params.Set("image_id", fmt.Sprintf("%d", imageID))
delete(params, "image")
}
err = user.Update(params.Map())
if err != nil {
return router.InternalError(err)
}
// Redirect to user
return router.Redirect(context, user.URLShow())
}
// HandleCreate handles the POST of the create form for users
func HandleCreate(context router.Context) error {
// Authorise
err := authorise.Resource(context, nil)
if err != nil {
return router.NotAuthorizedError(err)
}
// Setup context
params, err := context.Params()
if err != nil {
return router.InternalError(err)
}
// Default to customer role etc - admins will have to promote afterwards
params.Set("role", fmt.Sprintf("%d", users.RoleCustomer))
params.Set("status", fmt.Sprintf("%d", status.Published))
id, err := users.Create(params.Map())
if err != nil {
return err
}
// Log creation
context.Logf("#info Created user id,%d", id)
// Redirect to the new user
user, err := users.Find(id)
if err != nil {
return router.InternalError(err)
}
// Save the details in a secure cookie
session, err := auth.Session(context, context.Request())
if err != nil {
return router.InternalError(err)
}
context.Logf("#info CREATE for user: %d", user.Id)
session.Set(auth.SessionUserKey, fmt.Sprintf("%d", user.Id))
session.Save(context)
// Send them to their user profile page
return router.Redirect(context, user.URLShow())
}
// HandleCreate responds to POST images/create
func HandleCreate(context router.Context) error {
// Authorise
err := authorise.Path(context)
if err != nil {
return router.NotAuthorizedError(err)
}
// We expect only one image, what about replacing the existing when updating?
// At present we just create a new image
files, err := context.ParamFiles("image")
if err != nil {
return router.InternalError(err)
}
if len(files) == 0 {
return router.NotFoundError(nil)
}
// Get the params
params, err := context.Params()
if err != nil {
return router.InternalError(err)
}
id, err := images.Create(params.Map(), files[0])
if err != nil {
context.Logf("#error Error creating image,%s", err)
return router.InternalError(err)
}
// Log creation
context.Logf("#info Created image id,%d", id)
// Redirect to the new image
m, err := images.Find(id)
if err != nil {
context.Logf("#error Error creating image,%s", err)
}
return router.Redirect(context, m.URLShow())
}
// HandleLogin handles a post to /users/login
func HandleLogin(context router.Context) error {
// Check we're not already logged in, if so redirect
// Get the user details from the database
params, err := context.Params()
if err != nil {
return router.NotFoundError(err)
}
// Need something neater than this - how best to do it?
q := users.Where("email=?", params.Get("email"))
user, err := users.First(q)
if err != nil {
context.Logf("#error Login failed for user no such user : %s %s", params.Get("email"), err)
return router.Redirect(context, "/users/login?error=failed_email")
}
err = auth.CheckPassword(params.Get("password"), user.EncryptedPassword)
if err != nil {
context.Logf("#error Login failed for user : %s %s", params.Get("email"), err)
return router.Redirect(context, "/users/login?error=failed_password")
}
// Now save the user details in a secure cookie, so that we remember the next request
session, err := auth.Session(context, context.Request())
if err != nil {
context.Logf("#error problem retrieving session")
}
context.Logf("#info Login success for user: %d %s", user.Id, user.Email)
session.Set(auth.SessionUserKey, fmt.Sprintf("%d", user.Id))
session.Save(context)
// Redirect to whatever page the user tried to visit before (if any)
// For now send them to root
return router.Redirect(context, "/")
}
// HandleLogin handles a post to /users/login
func HandleLogin(context router.Context) error {
// Check we're not already logged in, if so redirect
// Get the user details from the database
params, err := context.Params()
if err != nil {
return router.NotFoundError(err)
}
// Find the user with this email
q := users.Where("email=?", params.Get("email"))
user, err := users.First(q)
if err != nil {
q = users.Where("name=?", params.Get("email")) // NB use of email field
user, err = users.First(q)
}
if err != nil {
context.Logf("#error Login failed for user no such user : %s %s", params.Get("email"), err)
return router.Redirect(context, "/users/login?error=failed_email")
}
err = auth.CheckPassword(params.Get("password"), user.EncryptedPassword)
if err != nil {
context.Logf("#error Login failed for user : %s %s", params.Get("email"), err)
return router.Redirect(context, "/users/login?error=failed_password")
}
// Save the fact user is logged in to session cookie
err = loginUser(context, user)
if err != nil {
return router.InternalError(err)
}
// Redirect to whatever page the user tried to visit before (if any)
// For now send them to root
return router.Redirect(context, "/")
}
// HandleCreate responds to POST tags/create
func HandleCreate(context router.Context) error {
// Authorise
err := authorise.Path(context)
if err != nil {
return router.NotAuthorizedError(err)
}
// Setup context
params, err := context.Params()
if err != nil {
return router.InternalError(err)
}
id, err := tags.Create(params.Map())
if err != nil {
context.Logf("#info Failed to create tag %v", params)
return router.InternalError(err)
}
// Log creation
context.Logf("#info Created tag id,%d", id)
// Redirect to the new tag
tag, err := tags.Find(id)
if err != nil {
context.Logf("#error Error creating tag,%s", err)
}
// Always regenerate dotted ids - we fetch all tags first to avoid db calls
q := tags.Query().Select("select id,parent_id from tags").Order("id asc")
tagsList, err := tags.FindAll(q)
if err == nil {
dottedParams := map[string]string{}
dottedParams["dotted_ids"] = tag.CalculateDottedIds(tagsList)
tags.Query().Where("id=?", tag.Id).Update(dottedParams)
}
return router.Redirect(context, tag.URLIndex())
}
// HandleUpdate handles the POST of the form to update a story
func HandleUpdate(context router.Context) error {
// Find the story
story, err := stories.Find(context.ParamInt("id"))
if err != nil {
return router.NotFoundError(err)
}
// Authorise update story
err = authorise.ResourceAndAuthenticity(context, story)
if err != nil {
return router.NotAuthorizedError(err)
}
// Update the story from params
params, err := context.Params()
if err != nil {
return router.InternalError(err)
}
// Clean params according to role
accepted := stories.AllowedParams()
if authorise.CurrentUser(context).Admin() {
accepted = stories.AllowedParamsAdmin()
}
cleanedParams := params.Clean(accepted)
err = story.Update(cleanedParams)
if err != nil {
return err // Create returns a router.Error
}
err = updateStoriesRank()
if err != nil {
return router.InternalError(err)
}
// Redirect to story
return router.Redirect(context, story.URLShow())
}
// HandleUpdate or PUT /users/1/update
func HandleUpdate(context router.Context) error {
// Find the user
id := context.ParamInt("id")
user, err := users.Find(id)
if err != nil {
context.Logf("#error Error finding user %s", err)
return router.NotFoundError(err)
}
// Authorise
err = authorise.ResourceAndAuthenticity(context, user)
if err != nil {
return router.NotAuthorizedError(err)
}
// Get the params
params, err := context.Params()
if err != nil {
return router.InternalError(err)
}
// Clean params according to role
accepted := users.AllowedParams()
if authorise.CurrentUser(context).Admin() {
accepted = users.AllowedParamsAdmin()
}
allowedParams := params.Clean(accepted)
err = user.Update(allowedParams)
if err != nil {
return router.InternalError(err)
}
// Redirect to user
return router.Redirect(context, user.URLShow())
}
// HandleLogin handles a post to /users/login
func HandleLogin(context router.Context) error {
params, err := context.Params()
if err != nil {
return router.NotFoundError(err)
}
// Check users against their username - we could also check against the email later?
name := params.Get("name")
q := users.Where("name=?", name)
user, err := users.FindFirst(q)
if err != nil {
context.Logf("#error Login failed for user : %s %s", name, err)
return router.Redirect(context, "/users/login?error=failed_name")
}
err = auth.CheckPassword(params.Get("password"), user.Password)
if err != nil {
context.Logf("#error Login failed for user : %s %s", name, err)
return router.Redirect(context, "/users/login?error=failed_password")
}
// Save the details in a secure cookie
session, err := auth.Session(context, context.Request())
if err != nil {
return router.InternalError(err)
}
context.Logf("#info LOGIN for user: %d", user.Id)
session.Set(auth.SessionUserKey, fmt.Sprintf("%d", user.Id))
session.Save(context)
// Send them to their user profile page
return router.Redirect(context, user.URLShow())
}
// HandleCreate handles the POST of the create form for stories
func HandleCreate(context router.Context) error {
// Check csrf token
err := authorise.AuthenticityToken(context)
if err != nil {
return router.NotAuthorizedError(err)
}
// Check permissions - if not logged in and above 1 points, redirect to error
if !authorise.CurrentUser(context).CanSubmit() {
return router.NotAuthorizedError(nil, "Sorry", "You need to be registered and have more than 1 points to submit stories.")
}
// Get params
params, err := context.Params()
if err != nil {
return router.InternalError(err)
}
// Get user details
user := authorise.CurrentUser(context)
ip := getUserIP(context)
url := params.Get("url")
// Strip trailing slashes on url before comparisons
// we could possibly also strip url fragments
if strings.HasSuffix(url, "/") {
url = strings.Trim(url, "/")
params.Set("url", url)
}
// Check that no story with this url already exists
q := stories.Where("url=?", url)
duplicates, err := stories.FindAll(q)
if err != nil {
return router.InternalError(err)
}
if len(duplicates) > 0 {
dupe := duplicates[0]
// Add a point to dupe and return
addStoryVote(dupe, user, ip, 1)
return router.Redirect(context, dupe.URLShow())
}
// Clean params according to role
accepted := stories.AllowedParams()
if authorise.CurrentUser(context).Admin() {
accepted = stories.AllowedParamsAdmin()
}
cleanedParams := params.Clean(accepted)
// Set a few params
cleanedParams["points"] = "1"
cleanedParams["user_id"] = fmt.Sprintf("%d", user.Id)
cleanedParams["user_name"] = user.Name
id, err := stories.Create(cleanedParams)
if err != nil {
return err // Create returns a router.Error
}
// Log creation
context.Logf("#info Created story id,%d", id)
// Redirect to the new story
story, err := stories.Find(id)
if err != nil {
return router.InternalError(err)
}
// We need to add a vote to the story here too by adding a join to the new id
err = recordStoryVote(story, user, ip, +1)
if err != nil {
return err
}
// Re-rank stories
err = updateStoriesRank()
if err != nil {
return err
}
return router.Redirect(context, story.URLIndex())
}
// HandleCreate handles the POST of the create form for comments
func HandleCreate(context router.Context) error {
// Authorise csrf token
err := authorise.AuthenticityToken(context)
if err != nil {
return router.NotAuthorizedError(err)
}
// Check permissions - if not logged in and above 0 points, redirect
if !authorise.CurrentUser(context).CanComment() {
return router.NotAuthorizedError(nil, "Sorry", "You need to be registered and have more than 0 points to comment.")
}
// Setup context
params, err := context.Params()
if err != nil {
return router.InternalError(err)
}
// Find parent story - this must exist
story, err := stories.Find(params.GetInt("story_id"))
if err != nil {
return router.NotFoundError(err)
}
params.SetInt("story_id", story.Id)
params.Set("story_name", story.Name)
// Set a few params
user := authorise.CurrentUser(context)
params.SetInt("user_id", user.Id)
params.Set("user_name", user.Name)
params.SetInt("points", 1)
// Find the parent and set dotted id
// these are of the form xx.xx. with a trailing dot
// this saves us from saving twice on create
parentID := context.ParamInt("parent_id")
if parentID > 0 {
parent, err := comments.Find(parentID)
if err != nil {
return router.NotFoundError(err)
}
context.Logf("PARENT:%d - %s", parent.Id, parent.DottedIds)
params.Set("dotted_ids", fmt.Sprintf(parent.DottedIds+"."))
}
id, err := comments.Create(params.Map())
if err != nil {
return router.InternalError(err)
}
// Log creation
context.Logf("#info Created comment id,%d", id)
// Update the story comment Count
storyParams := map[string]string{"comment_count": fmt.Sprintf("%d", story.CommentCount+1)}
err = story.Update(storyParams)
if err != nil {
return router.InternalError(err, "Error", "Could not update story.")
}
// Redirect to the new comment
m, err := comments.Find(id)
if err != nil {
return router.InternalError(err)
}
// Re-rank comments on this story
err = updateCommentsRank(m.StoryId)
if err != nil {
return err
}
return router.Redirect(context, m.URLStory())
}
// HandleCreate handles POST users/create
func HandleCreate(context router.Context) error {
// Check csrf token
err := authorise.AuthenticityToken(context)
if err != nil {
return router.NotAuthorizedError(err)
}
// Setup context
params, err := context.Params()
if err != nil {
return router.InternalError(err)
}
// Check for email duplicates
email := params.Get("email")
if len(email) > 0 {
if len(email) < 3 || !strings.Contains(email, "@") {
return router.InternalError(err, "Invalid email", "Please just miss out the email field, or use a valid email.")
}
count, err := users.Query().Where("email=?", email).Count()
if err != nil {
return router.InternalError(err)
}
if count > 0 {
return router.NotAuthorizedError(err, "User already exists", "Sorry, a user already exists with that email.")
}
}
// Check for invalid or duplicate names
name := params.Get("name")
if len(name) < 2 {
return router.InternalError(err, "Name too short", "Please choose a username longer than 2 characters")
}
count, err := users.Query().Where("name=?", name).Count()
if err != nil {
return router.InternalError(err)
}
if count > 0 {
return router.NotAuthorizedError(err, "User already exists", "Sorry, a user already exists with that name, please choose another.")
}
// Set some defaults for the new user
params.SetInt("status", status.Published)
params.SetInt("role", users.RoleReader)
params.SetInt("points", 1)
// Now try to create the user
id, err := users.Create(params.Map())
if err != nil {
return router.InternalError(err, "Error", "Sorry, an error occurred creating the user record.")
}
context.Logf("#info Created user id,%d", id)
// Find the user again so we can save login
user, err := users.Find(id)
if err != nil {
context.Logf("#error parsing user id: %s", err)
return router.NotFoundError(err)
}
// Save the fact user is logged in to session cookie
err = loginUser(context, user)
if err != nil {
return router.InternalError(err)
}
// Redirect to root
return router.Redirect(context, "/?message=welcome")
}
// HandleCreate handles the POST of the create form for stories
func HandleCreate(context router.Context) error {
// Check csrf token
err := authorise.AuthenticityToken(context)
if err != nil {
return router.NotAuthorizedError(err)
}
// Check permissions - if not logged in and above 1 points, redirect to error
if !authorise.CurrentUser(context).CanSubmit() {
return router.NotAuthorizedError(nil, "Sorry", "You need to be registered and have more than 1 points to submit stories.")
}
// Get params
params, err := context.Params()
if err != nil {
return router.InternalError(err)
}
// Get user details
user := authorise.CurrentUser(context)
ip := getUserIP(context)
// Process urls
url := params.Get("url")
// Strip trailing slashes on url before comparisons
if strings.HasSuffix(url, "/") {
url = strings.Trim(url, "/")
}
// Strip ?utm_source etc - remove all after ?utm_source
if strings.Contains(url, "?utm_") {
url = strings.Split(url, "?utm_")[0]
}
// Strip url fragments (For example trailing # on medium urls)
if strings.Contains(url, "#") {
url = strings.Split(url, "#")[0]
}
// Rewrite mobile youtube links
if strings.HasPrefix(url, "https://m.youtube.com") {
url = strings.Replace(url, "https://m.youtube.com", "https://www.youtube.com", 1)
}
params.Set("url", url)
// Check that no story with this url already exists
q := stories.Where("url=?", url)
duplicates, err := stories.FindAll(q)
if err != nil {
return router.InternalError(err)
}
if len(duplicates) > 0 {
story := duplicates[0]
// Check we have no votes already from this user, if we do fail
if storyHasUserVote(story, user) {
return router.NotAuthorizedError(err, "Vote Failed", "Sorry you are not allowed to vote twice, nice try!")
}
// Add a point to dupe and return
addStoryVote(story, user, ip, 1)
return router.Redirect(context, story.URLShow())
}
// Clean params according to role
accepted := stories.AllowedParams()
if authorise.CurrentUser(context).Admin() {
accepted = stories.AllowedParamsAdmin()
}
cleanedParams := params.Clean(accepted)
// Set a few params
cleanedParams["points"] = "1"
cleanedParams["user_id"] = fmt.Sprintf("%d", user.Id)
cleanedParams["user_name"] = user.Name
id, err := stories.Create(cleanedParams)
if err != nil {
return err // Create returns a router.Error
}
// Log creation
context.Logf("#info Created story id,%d", id)
// Redirect to the new story
story, err := stories.Find(id)
if err != nil {
return router.InternalError(err)
}
// We need to add a vote to the story here too by adding a join to the new id
err = recordStoryVote(story, user, ip, +1)
if err != nil {
return err
}
// Re-rank stories
err = updateStoriesRank()
if err != nil {
return err
}
return router.Redirect(context, story.URLIndex())
}
// HandleCreate handles the POST of the create form for files
func HandleCreate(context router.Context) error {
// Do not perform auth on posts - we could check a shared secret here or similar but that is not secure
// better to require siging of posts by users with their own key to confirm identity if we wanted to check submissions.
// Parse multipart first - must fix this to do it automatically
fileParams, err := context.ParamFiles("file")
if err != nil || len(fileParams) < 1 {
return router.InternalError(err, "Invalid file", "Sorry, the file upload failed.")
}
fh := fileParams[0]
context.Logf("#info FILE RECD:%v", fh.Filename)
// Now extract other params
params, err := context.Params()
if err != nil {
return router.InternalError(err)
}
// First find the username, if we have no user, reject post
//context.Logf("PARAMS:%v", params)
// PARAMS:map[sender:[Kenny Grant] recipient:[testtest]]
// Check for user with name recipient
// Find the user
user, err := users.FindName(context.Param("recipient"))
if err != nil || user == nil {
return router.NotFoundError(err, "User not found", "Sorry this user doesn't exist")
}
// link with the named recipient user
params.SetInt("user_id", user.Id)
context.Logf("PARAMS:%v", params)
// Ideally perform some identity check on the sender here, and set sender id if we have a user?
// Perhaps require sending pgp sig of data?
// We only consider the first file
id, err := files.Create(params.Map(), fh)
if err != nil {
return router.InternalError(err)
}
// Log creation
context.Logf("#info Created file id,%d", id)
/*
_, err := files.Find(id)
if err != nil {
return router.InternalError(err)
}
*/
// Render a 200 response
view := view.New(context)
view.Layout("files/views/create.json.got")
return view.Render()
// return router.Redirect(context, m.URLIndex())
}
// HandleCreate handles the POST of the create form for stories
func HandleCreate(context router.Context) error {
// Check csrf token
err := authorise.AuthenticityToken(context)
if err != nil {
return router.NotAuthorizedError(err)
}
// Check permissions - if not logged in and above 1 points, redirect to error
if !authorise.CurrentUser(context).CanSubmit() {
return router.NotAuthorizedError(nil, "Sorry", "You need to be registered and have more than 1 points to submit stories.")
}
// Get user details
user := authorise.CurrentUser(context)
ip := getUserIP(context)
// Check that no story with this url already exists
q := stories.Where("url=?", context.Param("url"))
duplicates, err := stories.FindAll(q)
if err != nil {
return router.InternalError(err)
}
if len(duplicates) > 0 {
dupe := duplicates[0]
// Add a point to dupe
addStoryVote(dupe, user, ip, 1)
return router.Redirect(context, dupe.URLShow())
}
// Setup context
params, err := context.Params()
if err != nil {
return router.InternalError(err)
}
// Set a few params
params.SetInt("points", 1)
params.SetInt("user_id", user.Id)
params.Set("user_name", user.Name)
id, err := stories.Create(params.Map())
if err != nil {
return err // Create returns a router.Error
}
// Log creation
context.Logf("#info Created story id,%d", id)
// Redirect to the new story
story, err := stories.Find(id)
if err != nil {
return router.InternalError(err)
}
// We need to add a vote to the story here too by adding a join to the new id
err = recordStoryVote(story, user, ip, +1)
if err != nil {
return err
}
// Re-rank stories
err = updateStoriesRank()
if err != nil {
return err
}
return router.Redirect(context, story.URLIndex())
}
