Beispiel #1
0
// errHandler renders an error using error templates if available
func errHandler(context router.Context, e error) {

	// Cast the error to a status error if it is one, if not wrap it in a Status 500 error
	err := router.ToStatusError(e)

	view := view.New(context)

	view.AddKey("title", err.Title)
	view.AddKey("message", err.Message)

	if !context.Production() {
		view.AddKey("status", err.Status)
		view.AddKey("file", err.FileLine())
		view.AddKey("error", err.Err)
	}

	// Set the status correctly for errors
	context.Writer().WriteHeader(err.Status)

	// Use our error template
	view.Template("app/views/error.html.got")

	context.Logf("#error %s\n", err)
	view.Render()
}
Beispiel #2
0
// AuthenticityTokenFilter sets the authenticity token on the context and on the cookie
func AuthenticityTokenFilter(c router.Context) error {
	token, err := auth.AuthenticityToken(c.Writer(), c.Request())
	if err != nil {
		return err
	}
	c.Set(auth.SessionTokenKey, token)
	return nil
}
// CreateAuthenticityToken returns an auth.AuthenticityToken and writes a secret to check it to the cookie
func CreateAuthenticityToken(context router.Context) string {
	token, err := auth.AuthenticityToken(context.Writer(), context.Request())
	if err != nil {
		context.Logf("#warn invalid authenticity token at %v", context)
		return "" // empty strings are invalid as tokens
	}

	return token
}
Beispiel #4
0
// HandleShowKey displays a single user's key
func HandleShowKey(context router.Context) error {

	// Find the user
	user, err := users.FindName(context.Param("name"))
	if err != nil {
		return router.InternalError(err)
	}

	// Render the key directly to the httpwriter as text
	context.Writer().Header().Set("Content-Type", "text/plain; charset=utf-8")
	_, err = io.WriteString(context.Writer(), user.Key)
	return err
}
Beispiel #5
0
// AuthenticityToken checks the token in the current request
func AuthenticityToken(context router.Context) error {
	token := context.Param(auth.SessionTokenKey)
	err := auth.CheckAuthenticityToken(token, context.Request())
	if err != nil {
		// If the check fails, log out the user and completely clear the session
		context.Logf("#warn invalid authenticity token at %v", context)
		session, err := auth.SessionGet(context.Request())
		if err != nil {
			return err
		}
		session.Clear(context.Writer())
	}

	return err
}
Beispiel #6
0
// CurrentUser returns the saved user (or an empty anon user) for the current session cookie
// Strictly speaking this should be authenticate.User
func CurrentUser(context router.Context) *users.User {

	// First check if the user has already been set on context, if so return it
	if context.Get("current_user") != nil {
		return context.Get("current_user").(*users.User)
	}

	// Start with an anon user by default (role 0, id 0)
	user := &users.User{}

	// Build the session from the secure cookie, or create a new one
	session, err := auth.Session(context.Writer(), context.Request())
	if err != nil {
		context.Logf("#error problem retrieving session")
		return user
	}

	// Fetch the current user record if we have one recorded in the session
	var id int64
	ids := session.Get(auth.SessionUserKey)
	if len(ids) > 0 {
		id, err = strconv.ParseInt(ids, 10, 64)
		if err != nil {
			context.Logf("#error Error decoding session user key:%s\n", err)
			return user
		}
	}

	if id != 0 {
		u, err := users.Find(id)
		if err != nil {
			context.Logf("#info User not found from session id:%d\n", id)
			return user
		}
		user = u
	}

	return user
}