Beispiel #1
0
func WebThingProgram(w http.ResponseWriter, r *http.Request) {
	thing := context.Get(r, ContextKeyThing).(*Thing)
	account := context.Get(r, ContextKeyAccount).(*Account)

	if !thing.EditableById(account.Character) {
		http.Error(w, "No access to program", http.StatusForbidden)
		return
	}

	var newProgram *ThingProgram
	if r.Method == "POST" {
		program := r.PostFormValue("text")

		newProgram = NewProgram(program)
		if newProgram.Error == nil {
			thing.Program = newProgram
			World.SaveThing(thing)

			http.Redirect(w, r, fmt.Sprintf("%sprogram", thing.GetURL()), http.StatusSeeOther)
			return
		}
	}

	RenderTemplate(w, r, "thing/page/program.html", map[string]interface{}{
		"IncludeCodeMirror": true,
		"Title":             fmt.Sprintf("Edit program – %s", thing.Name),
		"Thing":             thing,
		"Program":           newProgram,
	})
}
Beispiel #2
0
// ServeHTTP will store the request details in the analytics store if necessary and proxy the request to it's
// final destination, this is invoked by the ProxyHandler or right at the start of a request chain if the URL
// Spec states the path is Ignored
func (s SuccessHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {

	// Make sure we get the correct target URL
	if s.Spec.APIDefinition.Proxy.StripListenPath {
		r.URL.Path = strings.Replace(r.URL.Path, s.Spec.Proxy.ListenPath, "", 1)
	}

	if config.EnableAnalytics {
		t := time.Now()

		// Track the key ID if it exists
		authHeaderValue := context.Get(r, AuthHeaderValue)
		keyName := ""
		if authHeaderValue != nil {
			keyName = authHeaderValue.(string)
		}

		// Track version data
		version := s.Spec.getVersionFromRequest(r)
		if version == "" {
			version = "Non Versioned"
		}

		// If OAuth, we need to grab it from the session, which may or may not exist
		OauthClientID := ""
		thisSessionState := context.Get(r, SessionData)

		if thisSessionState != nil {
			OauthClientID = thisSessionState.(SessionState).OauthClientID
		}

		thisRecord := AnalyticsRecord{
			r.Method,
			r.URL.Path,
			r.ContentLength,
			r.Header.Get("User-Agent"),
			t.Day(),
			t.Month(),
			t.Year(),
			t.Hour(),
			200,
			keyName,
			t,
			version,
			s.Spec.APIDefinition.Name,
			s.Spec.APIDefinition.APIID,
			s.Spec.APIDefinition.OrgID,
			OauthClientID}

		go analytics.RecordHit(thisRecord)
	}

	s.Proxy.ServeHTTP(w, r)

	if doMemoryProfile {
		pprof.WriteHeapProfile(profileFile)
	}

	context.Clear(r)
}
Beispiel #3
0
// HandleError is the actual error handler and will store the error details in analytics if analytics processing is enabled.
func (e ErrorHandler) HandleError(w http.ResponseWriter, r *http.Request, err string, errCode int) {
	if config.EnableAnalytics {
		t := time.Now()

		// Track the key ID if it exists
		authHeaderValue := context.Get(r, AuthHeaderValue)
		keyName := ""
		if authHeaderValue != nil {
			keyName = authHeaderValue.(string)
		}

		version := e.Spec.getVersionFromRequest(r)
		if version == "" {
			version = "Non Versioned"
		}

		if e.TykMiddleware.Spec.APIDefinition.Proxy.StripListenPath {
			r.URL.Path = strings.Replace(r.URL.Path, e.TykMiddleware.Spec.Proxy.ListenPath, "", 1)
		}

		OauthClientID := ""
		thisSessionState := context.Get(r, SessionData)

		if thisSessionState != nil {
			OauthClientID = thisSessionState.(SessionState).OauthClientID
		}

		thisRecord := AnalyticsRecord{
			r.Method,
			r.URL.Path,
			r.ContentLength,
			r.Header.Get("User-Agent"),
			t.Day(),
			t.Month(),
			t.Year(),
			t.Hour(),
			errCode,
			keyName,
			t,
			version,
			e.Spec.APIDefinition.Name,
			e.Spec.APIDefinition.APIID,
			e.Spec.APIDefinition.OrgID,
			OauthClientID}
		go analytics.RecordHit(thisRecord)
	}

	w.Header().Add("Content-Type", "application/json")
	w.Header().Add("X-Generator", "tyk.io")
	log.Debug("Returning error header")
	w.WriteHeader(errCode)
	thisError := APIError{fmt.Sprintf("%s", err)}
	templates.ExecuteTemplate(w, "error.json", &thisError)
	if doMemoryProfile {
		pprof.WriteHeapProfile(profileFile)
	}

	// Clean up
	context.Clear(r)
}
func PostAccessTokens(w http.ResponseWriter, r *http.Request) {
	db := context.Get(r, "db").(*sqlx.DB)

	cookieStore := context.Get(r, "cookieStore").(*sessions.CookieStore)

	session, _ := cookieStore.Get(r, "resourcedmaster-session")

	currentUser := session.Values["user"].(*dal.UserRow)

	clusterID, err := getIdFromPath(w, r)
	if err != nil {
		libhttp.HandleErrorJson(w, err)
		return
	}

	level := r.FormValue("Level")

	_, err = dal.NewAccessToken(db).Create(nil, currentUser.ID, clusterID, level)
	if err != nil {
		libhttp.HandleErrorJson(w, err)
		return
	}

	http.Redirect(w, r, "/clusters", 301)
}
Beispiel #5
0
func PostClustersCurrent(w http.ResponseWriter, r *http.Request) {
	cookieStore := context.Get(r, "cookieStore").(*sessions.CookieStore)

	session, _ := cookieStore.Get(r, "resourcedmaster-session")

	redirectPath := "/"

	recentRequestPathInterface := session.Values["recentRequestPath"]
	if recentRequestPathInterface != nil {
		redirectPath = recentRequestPathInterface.(string)
	}

	clusterIDString := r.FormValue("ClusterID")
	clusterID, err := strconv.ParseInt(clusterIDString, 10, 64)
	if err != nil {
		http.Redirect(w, r, redirectPath, 301)
		return
	}

	clusterRows := context.Get(r, "clusters").([]*dal.ClusterRow)
	for _, clusterRow := range clusterRows {
		if clusterRow.ID == clusterID {
			session.Values["currentCluster"] = clusterRow

			err := session.Save(r, w)
			if err != nil {
				libhttp.HandleErrorJson(w, err)
				return
			}
			break
		}
	}

	http.Redirect(w, r, redirectPath, 301)
}
Beispiel #6
0
func PostApiHosts(w http.ResponseWriter, r *http.Request) {
	w.Header().Set("Content-Type", "application/json")

	db := context.Get(r, "db").(*sqlx.DB)

	accessTokenRow := context.Get(r, "accessTokenRow").(*dal.AccessTokenRow)

	dataJson, err := ioutil.ReadAll(r.Body)
	if err != nil {
		libhttp.HandleErrorJson(w, err)
		return
	}

	hostRow, err := dal.NewHost(db).CreateOrUpdate(nil, accessTokenRow, dataJson)
	if err != nil {
		libhttp.HandleErrorJson(w, err)
		return
	}

	hostRowJson, err := json.Marshal(hostRow)
	if err != nil {
		libhttp.HandleErrorJson(w, err)
		return
	}

	w.Write(hostRowJson)
}
Beispiel #7
0
// API_SMTP handles requests for the /api/smtp/ endpoint
func API_SMTP(w http.ResponseWriter, r *http.Request) {
	switch {
	case r.Method == "GET":
		ss, err := models.GetSMTPs(ctx.Get(r, "user_id").(int64))
		if err != nil {
			Logger.Println(err)
		}
		JSONResponse(w, ss, http.StatusOK)
	//POST: Create a new SMTP and return it as JSON
	case r.Method == "POST":
		s := models.SMTP{}
		// Put the request into a page
		err := json.NewDecoder(r.Body).Decode(&s)
		if err != nil {
			JSONResponse(w, models.Response{Success: false, Message: "Invalid request"}, http.StatusBadRequest)
			return
		}
		// Check to make sure the name is unique
		_, err = models.GetSMTPByName(s.Name, ctx.Get(r, "user_id").(int64))
		if err != gorm.ErrRecordNotFound {
			JSONResponse(w, models.Response{Success: false, Message: "SMTP name already in use"}, http.StatusConflict)
			Logger.Println(err)
			return
		}
		s.ModifiedDate = time.Now()
		s.UserId = ctx.Get(r, "user_id").(int64)
		err = models.PostSMTP(&s)
		if err != nil {
			JSONResponse(w, models.Response{Success: false, Message: err.Error()}, http.StatusInternalServerError)
			return
		}
		JSONResponse(w, s, http.StatusCreated)
	}
}
Beispiel #8
0
func (c *appContext) newReviewHandler(w http.ResponseWriter, r *http.Request) {

	user, err := userget(r)
	if err != nil {
		log.Println(err)
	}

	repo := ReviewRepo{c.db.C("reviews")}
	params := context.Get(r, "params").(httprouter.Params)
	skillslug := params.ByName("slug")
	body := context.Get(r, "body").(*ReviewResource)
	log.Println(skillslug)

	body.Data.SkillSlug = skillslug
	body.Data.Username = user.Username
	err = repo.Create(&body.Data)
	if err != nil {
		log.Println(err)
	}

	c.newReviewFeed(&body.Data)
	w.Header().Set("Content-Type", "application/vnd.api+json")
	w.WriteHeader(http.StatusCreated)
	json.NewEncoder(w).Encode(body)
}
// New creates a new HttpHandler for the alice middleware package
func (k KeyExpired) New() func(http.Handler) http.Handler {
	aliceHandler := func(h http.Handler) http.Handler {
		thisHandler := func(w http.ResponseWriter, r *http.Request) {

			thisSessionState := context.Get(r, SessionData).(SessionState)
			authHeaderValue := context.Get(r, AuthHeaderValue).(string)
			keyExpired := authManager.IsKeyExpired(&thisSessionState)

			if keyExpired {
				log.WithFields(logrus.Fields{
					"path":   r.URL.Path,
					"origin": r.RemoteAddr,
					"key":    authHeaderValue,
				}).Info("Attempted access from expired key.")
				handler := ErrorHandler{k.TykMiddleware}
				handler.HandleError(w, r, "Key has expired, please renew", 403)
				return
			}

			// Request is valid, carry on
			h.ServeHTTP(w, r)
		}

		return http.HandlerFunc(thisHandler)
	}

	return aliceHandler
}
Beispiel #10
0
func RefreshToken(w http.ResponseWriter, r *http.Request) {
	userID := context.Get(r, "user_id").(uint64)
	token := context.Get(r, "user_token").(string)
	var reqBody authorizePutBody
	if appErr := decode(r, &reqBody); appErr != nil {
		reply.Err(w, appErr)
		return
	}
	userToken := model.UserToken{UserID: userID, Token: token, RefreshToken: reqBody.RefreshToken}
	if valid, err := userToken.RefreshTokenValid(); !valid || err != nil {
		if !valid {
			reply.Err(w, ae.TokenInvalid("", err, "refresh_token"))
		} else {
			reply.Err(w, ae.DB("", err))
		}
		return
	}
	if err := userToken.Delete(); err != nil {
		reply.Err(w, ae.DB("", err))
		return
	}
	newToken := model.UserToken{UserID: userID}
	if err := newToken.Add(); err != nil {
		reply.Err(w, ae.DB("", err))
		return
	}
	reply.OK(w, newToken)
}
Beispiel #11
0
func FilterIfOwnerRelations(r *http.Request, filter *usecases.Filter) *usecases.Filter {
	ownerRelationsCtx := context.Get(r, "ownerRelations")
	if ownerRelationsCtx != nil {
		currentSession := context.Get(r, "currentSession").(domain.Session)

		idKey := "accountId"

		if context.Get(r, "resource").(string) == "accounts" {
			idKey = "id"
		}

		if filter == nil {
			filter = &usecases.Filter{
				Where: map[string]interface{}{idKey: currentSession.AccountID},
			}
		} else {
			if filter.Where == nil {
				filter.Where = map[string]interface{}{idKey: currentSession.AccountID}
			} else {
				filter.Where[idKey] = currentSession.AccountID
			}
		}
	}

	return filter
}
Beispiel #12
0
// API_Groups returns details about the requested group. If the campaign is not
// valid, API_Groups returns null.
func API_Groups(w http.ResponseWriter, r *http.Request) {
	switch {
	case r.Method == "GET":
		gs, err := models.GetGroups(ctx.Get(r, "user_id").(int64))
		if err != nil {
			JSONResponse(w, models.Response{Success: false, Message: "No groups found"}, http.StatusNotFound)
			return
		}
		JSONResponse(w, gs, http.StatusOK)
	//POST: Create a new group and return it as JSON
	case r.Method == "POST":
		g := models.Group{}
		// Put the request into a group
		err := json.NewDecoder(r.Body).Decode(&g)
		if err != nil {
			JSONResponse(w, models.Response{Success: false, Message: "Invalid JSON structure"}, http.StatusBadRequest)
			return
		}
		_, err = models.GetGroupByName(g.Name, ctx.Get(r, "user_id").(int64))
		if err != gorm.RecordNotFound {
			JSONResponse(w, models.Response{Success: false, Message: "Group name already in use"}, http.StatusConflict)
			return
		}
		g.ModifiedDate = time.Now()
		g.UserId = ctx.Get(r, "user_id").(int64)
		err = models.PostGroup(&g)
		if err != nil {
			JSONResponse(w, models.Response{Success: false, Message: err.Error()}, http.StatusBadRequest)
			return
		}
		w.Header().Set("Location", "http://localhost:3333/api/groups/"+string(g.Id))
		JSONResponse(w, g, http.StatusCreated)
	}
}
Beispiel #13
0
func PostMetadata(w http.ResponseWriter, r *http.Request) {
	w.Header().Set("Content-Type", "text/html")

	cookieStore := context.Get(r, "cookieStore").(*sessions.CookieStore)

	session, _ := cookieStore.Get(r, "resourcedmaster-session")

	currentClusterInterface := session.Values["currentCluster"]
	if currentClusterInterface == nil {
		http.Redirect(w, r, "/", 301)
		return
	}
	currentCluster := currentClusterInterface.(*dal.ClusterRow)

	key := r.FormValue("Key")
	data := r.FormValue("Data")

	db := context.Get(r, "db").(*sqlx.DB)

	_, err := dal.NewMetadata(db).CreateOrUpdate(nil, currentCluster.ID, key, []byte(data))
	if err != nil {
		libhttp.HandleErrorJson(w, err)
		return
	}

	http.Redirect(w, r, "/metadata", 301)
}
Beispiel #14
0
// PostLogin performs login.
func PostLogin(w http.ResponseWriter, r *http.Request) {
	w.Header().Set("Content-Type", "text/html")

	db := context.Get(r, "db").(*sqlx.DB)
	cookieStore := context.Get(r, "cookieStore").(*sessions.CookieStore)

	email := r.FormValue("Email")
	password := r.FormValue("Password")

	u := models.NewUser(db)

	user, err := u.GetUserByEmailAndPassword(nil, email, password)
	if err != nil {
		libhttp.HandleErrorJson(w, err)
		return
	}

	session, _ := cookieStore.Get(r, "$GO_BOOTSTRAP_PROJECT_NAME-session")
	session.Values["user"] = user

	err = session.Save(r, w)
	if err != nil {
		libhttp.HandleErrorJson(w, err)
		return
	}

	http.Redirect(w, r, "/", 302)
}
Beispiel #15
0
// API_Campaigns returns a list of campaigns if requested via GET.
// If requested via POST, API_Campaigns creates a new campaign and returns a reference to it.
func API_Campaigns(w http.ResponseWriter, r *http.Request) {
	switch {
	case r.Method == "GET":
		cs, err := models.GetCampaigns(ctx.Get(r, "user_id").(int64))
		if err != nil {
			fmt.Println(err)
		}
		JSONResponse(w, cs, http.StatusOK)
	//POST: Create a new campaign and return it as JSON
	case r.Method == "POST":
		c := models.Campaign{}
		// Put the request into a campaign
		err := json.NewDecoder(r.Body).Decode(&c)
		if err != nil {
			JSONResponse(w, models.Response{Success: false, Message: "Invalid JSON structure"}, http.StatusBadRequest)
			return
		}
		err = models.PostCampaign(&c, ctx.Get(r, "user_id").(int64))
		if err != nil {
			JSONResponse(w, models.Response{Success: false, Message: err.Error()}, http.StatusBadRequest)
			return
		}
		Worker.Queue <- &c
		JSONResponse(w, c, http.StatusCreated)
	}
}
Beispiel #16
0
// API_Pages handles requests for the /api/pages/ endpoint
func API_Pages(w http.ResponseWriter, r *http.Request) {
	switch {
	case r.Method == "GET":
		ps, err := models.GetPages(ctx.Get(r, "user_id").(int64))
		if err != nil {
			fmt.Println(err)
		}
		JSONResponse(w, ps, http.StatusOK)
	//POST: Create a new page and return it as JSON
	case r.Method == "POST":
		p := models.Page{}
		// Put the request into a page
		err := json.NewDecoder(r.Body).Decode(&p)
		if err != nil {
			JSONResponse(w, models.Response{Success: false, Message: "Invalid request"}, http.StatusBadRequest)
			return
		}
		_, err = models.GetPageByName(p.Name, ctx.Get(r, "user_id").(int64))
		if err != gorm.RecordNotFound {
			JSONResponse(w, models.Response{Success: false, Message: "Page name already in use"}, http.StatusConflict)
			Logger.Println(err)
			return
		}
		p.ModifiedDate = time.Now()
		p.UserId = ctx.Get(r, "user_id").(int64)
		err = models.PostPage(&p)
		if err != nil {
			JSONResponse(w, models.Response{Success: false, Message: "Error inserting page"}, http.StatusInternalServerError)
			return
		}
		JSONResponse(w, p, http.StatusCreated)
	}
}
func DeleteSavedQueriesID(w http.ResponseWriter, r *http.Request) {
	savedQueryID, err := getIdFromPath(w, r)
	if err != nil {
		libhttp.HandleErrorJson(w, err)
		return
	}

	db := context.Get(r, "db").(*sqlx.DB)

	cookieStore := context.Get(r, "cookieStore").(*sessions.CookieStore)

	session, _ := cookieStore.Get(r, "resourcedmaster-session")

	currentUser := session.Values["user"].(*rm_dal.UserRow)

	sq := rm_dal.NewSavedQuery(db)

	savedQueryRow, err := sq.GetByID(nil, savedQueryID)

	if currentUser.ID != savedQueryRow.UserID {
		err := errors.New("Modifying other user's saved query is not allowed.")
		libhttp.HandleErrorJson(w, err)
		return
	}

	err = sq.DeleteByID(nil, savedQueryID)
	if err != nil {
		libhttp.HandleErrorJson(w, err)
		return
	}

	http.Redirect(w, r, "/", 301)
}
func PostSavedQueries(w http.ResponseWriter, r *http.Request) {
	db := context.Get(r, "db").(*sqlx.DB)

	cookieStore := context.Get(r, "cookieStore").(*sessions.CookieStore)

	session, _ := cookieStore.Get(r, "resourcedmaster-session")

	currentUser := session.Values["user"].(*rm_dal.UserRow)

	accessTokenRow, err := rm_dal.NewAccessToken(db).GetByUserID(nil, currentUser.ID)
	if err != nil {
		libhttp.HandleErrorJson(w, err)
		return
	}

	savedQuery := r.FormValue("SavedQuery")

	_, err = rm_dal.NewSavedQuery(db).CreateOrUpdate(nil, accessTokenRow, savedQuery)
	if err != nil {
		libhttp.HandleErrorJson(w, err)
		return
	}

	http.Redirect(w, r, "/?q="+savedQuery, 301)
}
Beispiel #19
0
func PostApiMetadataKey(w http.ResponseWriter, r *http.Request) {
	w.Header().Set("Content-Type", "application/json")

	db := context.Get(r, "db").(*sqlx.DB)

	accessTokenRow := context.Get(r, "accessTokenRow").(*dal.AccessTokenRow)

	dataJson, err := ioutil.ReadAll(r.Body)
	if err != nil {
		libhttp.HandleErrorJson(w, err)
		return
	}

	vars := mux.Vars(r)
	key := vars["key"]

	metadataRow, err := dal.NewMetadata(db).CreateOrUpdate(nil, accessTokenRow.ClusterID, key, dataJson)
	if err != nil {
		libhttp.HandleErrorJson(w, err)
		return
	}

	metadataRowJson, err := json.Marshal(metadataRow)
	if err != nil {
		libhttp.HandleErrorJson(w, err)
		return
	}

	w.Write(metadataRowJson)
}
// ProcessRequest will run any checks on the request on the way through the system, return an error to have the chain fail
func (k *KeyExpired) ProcessRequest(w http.ResponseWriter, r *http.Request, configuration interface{}) (error, int) {
	sess, ok := context.GetOk(r, SessionData)

	if !ok {
		return errors.New("Session state is missing or unset! Please make sure that auth headers are properly applied"), 403
	}

	thisSessionState := sess.(SessionState)

	if thisSessionState.IsInactive {
		authHeaderValue := context.Get(r, AuthHeaderValue).(string)
		log.WithFields(logrus.Fields{
			"path":   r.URL.Path,
			"origin": GetIPFromRequest(r),
			"key":    authHeaderValue,
		}).Info("Attempted access from inactive key.")

		// Fire a key expired event
		go k.TykMiddleware.FireEvent(EVENT_KeyExpired,
			EVENT_KeyExpiredMeta{
				EventMetaDefault: EventMetaDefault{Message: "Attempted access from inactive key.", OriginatingRequest: EncodeRequestToEvent(r)},
				Path:             r.URL.Path,
				Origin:           GetIPFromRequest(r),
				Key:              authHeaderValue,
			})

		// Report in health check
		ReportHealthCheckValue(k.Spec.Health, KeyFailure, "-1")

		return errors.New("Key is inactive, please renew"), 403
	}

	keyExpired := k.Spec.AuthManager.IsKeyExpired(&thisSessionState)

	if keyExpired {
		authHeaderValue := context.Get(r, AuthHeaderValue).(string)
		log.WithFields(logrus.Fields{
			"path":   r.URL.Path,
			"origin": GetIPFromRequest(r),
			"key":    authHeaderValue,
		}).Info("Attempted access from expired key.")

		// Fire a key expired event
		go k.TykMiddleware.FireEvent(EVENT_KeyExpired,
			EVENT_KeyExpiredMeta{
				EventMetaDefault: EventMetaDefault{Message: "Attempted access from expired key."},
				Path:             r.URL.Path,
				Origin:           GetIPFromRequest(r),
				Key:              authHeaderValue,
			})

		// Report in health check
		ReportHealthCheckValue(k.Spec.Health, KeyFailure, "-1")

		return errors.New("Key has expired, please renew"), 403
	}

	return nil, 200
}
Beispiel #21
0
//DefaultData returns common to all pages template data
func DefaultData(r *http.Request) map[string]interface{} {
	return map[string]interface{}{
		"ActiveUser":     context.Get(r, "user"),           //signed in models.User
		"Active":         "",                               //active uri shortening for menu item highlight
		"Title":          "",                               //page title:w
		"SignupEnabled":  context.Get(r, "signup_enabled"), //signup route is enabled (otherwise everyone can signup ;)
		csrf.TemplateTag: csrf.TemplateField(r),
	}
}
// SetClusters sets clusters data in context based on logged in user ID.
func SetClusters(next http.Handler) http.Handler {
	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
		cookieStore := context.Get(r, "cookieStore").(*sessions.CookieStore)
		session, _ := cookieStore.Get(r, "resourcedmaster-session")
		userRowInterface := session.Values["user"]

		if userRowInterface == nil {
			http.Redirect(w, r, "/login", 301)
			return
		}

		userRow := userRowInterface.(*dal.UserRow)

		db := context.Get(r, "db").(*sqlx.DB)

		clusterRows, err := dal.NewCluster(db).AllClustersByUserID(nil, userRow.ID)
		if err != nil {
			libhttp.HandleErrorJson(w, err)
			return
		}

		context.Set(r, "clusters", clusterRows)

		// Set currentCluster if not previously set.
		if len(clusterRows) > 0 {
			currentClusterInterface := session.Values["currentCluster"]
			if currentClusterInterface == nil {
				session.Values["currentCluster"] = clusterRows[0]

				err := session.Save(r, w)
				if err != nil {
					libhttp.HandleErrorJson(w, err)
					return
				}
			}
		}

		// Set currentClusterJson
		currentClusterInterface := session.Values["currentCluster"]
		if currentClusterInterface != nil {
			currentClusterRow := currentClusterInterface.(*dal.ClusterRow)

			currentClusterJson, err := json.Marshal(currentClusterRow)
			if err != nil {
				libhttp.HandleErrorJson(w, err)
				return
			}
			context.Set(r, "currentClusterJson", currentClusterJson)

		} else {
			context.Set(r, "currentClusterJson", []byte("{}"))
		}

		next.ServeHTTP(w, r)
	})
}
Beispiel #23
0
func ApiWSAccessToken(w http.ResponseWriter, r *http.Request) {
	accessToken := mux.Vars(r)["id"]

	db := context.Get(r, "db").(*sqlx.DB)

	// Check if access token exists
	accessTokenRow, err := dal.NewAccessToken(db).GetByAccessToken(nil, accessToken)
	if err != nil {
		http.Error(w, err.Error(), http.StatusInternalServerError)
		return
	}
	if accessTokenRow == nil {
		err = errors.New("Unrecognized access token")
		http.Error(w, err.Error(), http.StatusInternalServerError)
		return
	}

	// Upgrade connection to full duplex TCP connection
	conn, err := upgrader.Upgrade(w, r, nil)
	if err != nil {
		http.Error(w, err.Error(), http.StatusInternalServerError)
		return
	}

	wsTraffickers := context.Get(r, "wsTraffickers").(*wstrafficker.WSTraffickers)

	wsTrafficker, err := wsTraffickers.SaveConnection(accessToken, conn)
	if err != nil {
		http.Error(w, err.Error(), http.StatusInternalServerError)
		return
	}

	ticker := time.NewTicker(pingPeriod)
	defer func() {
		ticker.Stop()
		conn.Close()
	}()

	for {
		select {
		case message, ok := <-wsTrafficker.Chans.Send:
			if !ok {
				wsTrafficker.Write(websocket.CloseMessage, []byte{})
				wsTraffickers.DeleteConnection(accessToken, wsTrafficker.Hostname)
				return
			}
			if err := wsTrafficker.Write(websocket.TextMessage, message); err != nil {
				return
			}
		case <-ticker.C:
			if err := wsTrafficker.Write(websocket.PingMessage, []byte{}); err != nil {
				return
			}
		}
	}
}
Beispiel #24
0
func WebThingAccess(w http.ResponseWriter, r *http.Request) {
	account := context.Get(r, ContextKeyAccount).(*Account)
	thing := context.Get(r, ContextKeyThing).(*Thing)

	// Only the owner can edit the access lists.
	if !thing.OwnedById(account.Character) {
		http.Error(w, "No access to access lists", http.StatusForbidden)
		return
	}

	if r.Method == "POST" {
		changed := false

		if adminsText := r.PostFormValue("admins"); adminsText != "" {
			var adminIds []ThingId
			err := json.Unmarshal([]byte(adminsText), &adminIds)
			if err != nil {
				// TODO: set a flash
				http.Redirect(w, r, fmt.Sprintf("%saccess", thing.GetURL()), http.StatusSeeOther)
				return
			}

			thing.AdminList = adminIds
			changed = true
		}

		// TODO: handle allows

		if deniedText := r.PostFormValue("denied"); deniedText != "" {
			var deniedIds []ThingId
			err := json.Unmarshal([]byte(deniedText), &deniedIds)
			if err != nil {
				// TODO: set a flash
				http.Redirect(w, r, fmt.Sprintf("%saccess", thing.GetURL()), http.StatusSeeOther)
				return
			}

			thing.DenyList = deniedIds
			changed = true
		}

		if changed {
			World.SaveThing(thing)
		}

		http.Redirect(w, r, fmt.Sprintf("%saccess", thing.GetURL()), http.StatusSeeOther)
		return
	}

	RenderTemplate(w, r, "thing/page/access.html", map[string]interface{}{
		"Title": fmt.Sprintf("Edit access lists – %s", thing.Name),
		"Thing": thing,
	})
}
// ProcessRequest will run any checks on the request on the way through the system, return an error to have the chain fail
func (k *KeyExpired) ProcessRequest(w http.ResponseWriter, r *http.Request, configuration interface{}) (error, int) {
	thisSessionState := context.Get(r, SessionData).(SessionState)
	authHeaderValue := context.Get(r, AuthHeaderValue).(string)

	if thisSessionState.IsInactive {
		log.WithFields(logrus.Fields{
			"path":   r.URL.Path,
			"origin": r.RemoteAddr,
			"key":    authHeaderValue,
		}).Info("Attempted access from inactive key.")

		// Fire a key expired event
		authHeaderValue := context.Get(r, AuthHeaderValue)
		go k.TykMiddleware.FireEvent(EVENT_KeyExpired,
			EVENT_KeyExpiredMeta{
				EventMetaDefault: EventMetaDefault{Message: "Attempted access from inactive key.", OriginatingRequest: EncodeRequestToEvent(r)},
				Path:             r.URL.Path,
				Origin:           r.RemoteAddr,
				Key:              authHeaderValue.(string),
			})

		// Report in health check
		ReportHealthCheckValue(k.Spec.Health, KeyFailure, "1")

		return errors.New("Key is inactive, please renew"), 403
	}

	keyExpired := k.Spec.AuthManager.IsKeyExpired(&thisSessionState)

	if keyExpired {
		log.WithFields(logrus.Fields{
			"path":   r.URL.Path,
			"origin": r.RemoteAddr,
			"key":    authHeaderValue,
		}).Info("Attempted access from expired key.")

		// Fire a key expired event
		authHeaderValue := context.Get(r, AuthHeaderValue)
		go k.TykMiddleware.FireEvent(EVENT_KeyExpired,
			EVENT_KeyExpiredMeta{
				EventMetaDefault: EventMetaDefault{Message: "Attempted access from expired key."},
				Path:             r.URL.Path,
				Origin:           r.RemoteAddr,
				Key:              authHeaderValue.(string),
			})

		// Report in health check
		ReportHealthCheckValue(k.Spec.Health, KeyFailure, "1")

		return errors.New("Key has expired, please renew"), 403
	}

	return nil, 200
}
// ProcessRequest will run any checks on the request on the way through the system, return an error to have the chain fail
func (m *GranularAccessMiddleware) ProcessRequest(w http.ResponseWriter, r *http.Request, configuration interface{}) (error, int) {
	thisSessionState := context.Get(r, SessionData).(SessionState)
	authHeaderValue := context.Get(r, AuthHeaderValue).(string)

	sessionVersionData, foundAPI := thisSessionState.AccessRights[m.Spec.APIID]

	if foundAPI == false {
		log.Debug("Version not found")
		return nil, 200
	}

	if sessionVersionData.AllowedURLs == nil {
		log.Debug("No allowed URLS")
		return nil, 200
	}

	if len(sessionVersionData.AllowedURLs) == 0 {
		log.Debug("No allowed URLS")
		return nil, 200
	}

	for _, accessSpec := range sessionVersionData.AllowedURLs {
		log.Debug("Checking: ", r.URL.Path)
		log.Debug("Against: ", accessSpec.URL)
		asRegex, regexpErr := regexp.Compile(accessSpec.URL)

		if regexpErr != nil {
			log.Error("Regex error: ", regexpErr)
			return nil, 200
		}

		match := asRegex.MatchString(r.URL.Path)
		if match {
			log.Debug("Match!")
			for _, method := range accessSpec.Methods {
				if method == r.Method {
					return nil, 200
				}
			}
		}
	}

	// No paths matched, disallow
	log.WithFields(logrus.Fields{
		"path":      r.URL.Path,
		"origin":    GetIPFromRequest(r),
		"key":       authHeaderValue,
		"api_found": false,
	}).Info("Attempted access to unauthorised endpoint (Granular).")

	return errors.New("Access to this resource has been disallowed"), 403

}
Beispiel #27
0
// RequireLogin is a simple middleware which checks to see if the user is currently logged in.
// If not, the function returns a 302 redirect to the login page.
func RequireLogin(handler http.Handler) http.HandlerFunc {
	return func(w http.ResponseWriter, r *http.Request) {
		user := ctx.Get(r, "user")
		role := ctx.Get(r, "role")
		if user != nil {
			log.Println("userId:", user, " userRole:", role)
			handler.ServeHTTP(w, r)
		} else {
			w.WriteHeader(http.StatusForbidden)
		}
	}
}
Beispiel #28
0
func WebThingTable(w http.ResponseWriter, r *http.Request) {
	thing := context.Get(r, ContextKeyThing).(*Thing)
	account := context.Get(r, ContextKeyAccount).(*Account)

	if !thing.EditableById(account.Character) {
		http.Error(w, "No access to table data", http.StatusForbidden)
		return
	}

	if r.Method == "POST" {
		updateText := r.PostFormValue("updated_data")
		var updates map[string]interface{}
		err := json.Unmarshal([]byte(updateText), &updates)
		if err != nil {
			// aw carp
			// TODO: set a flash?
			http.Redirect(w, r, fmt.Sprintf("%stable", thing.GetURL()), http.StatusSeeOther)
			return
		}

		deleteText := r.PostFormValue("deleted_data")
		var deletes map[string]interface{}
		err = json.Unmarshal([]byte(deleteText), &deletes)
		if err != nil {
			// aw carp
			// TODO: set a flash?
			http.Redirect(w, r, fmt.Sprintf("%stable", thing.GetURL()), http.StatusSeeOther)
			return
		}

		thing.Table = mergeMapInto(updates, thing.Table)
		thing.Table = deleteMapFrom(deletes, thing.Table)
		World.SaveThing(thing)

		http.Redirect(w, r, fmt.Sprintf("%stable", thing.GetURL()), http.StatusSeeOther)
		return
	}

	RenderTemplate(w, r, "thing/page/table.html", map[string]interface{}{
		"Title": fmt.Sprintf("Edit all data – %s", thing.Name),
		"Thing": thing,
		"json": func(v interface{}) interface{} {
			output, err := json.MarshalIndent(v, "", "    ")
			if err != nil {
				escapedError := template.JSEscapeString(err.Error())
				message := fmt.Sprintf("/* error encoding JSON: %s */ {}", escapedError)
				return template.JS(message)
			}
			return template.JS(output)
		},
	})
}
Beispiel #29
0
func WebThingEdit(w http.ResponseWriter, r *http.Request) {
	thing := context.Get(r, ContextKeyThing).(*Thing)
	account := context.Get(r, ContextKeyAccount).(*Account)

	if !thing.EditableById(account.Character) {
		RenderTemplate(w, r, "thing/thing-no-edit.html", map[string]interface{}{
			"Title": thing.Name,
			"Thing": thing,
		})
		return
	}

	if r.Method == "POST" {
		// TODO: player names should be unique?
		// TODO: account loginnames should match their player names?
		thing.Name = r.PostFormValue("name")

		// TODO: validate??
		thing.Table["description"] = r.PostFormValue("description")
		if thing.Type == PlayerThing {
			thing.Table["glance"] = r.PostFormValue("glance")
			thing.Table["pronouns"] = r.PostFormValue("pronouns")
		}

		parentIdStr := r.PostFormValue("parent")
		parentId64, err := strconv.ParseInt(parentIdStr, 10, 64)
		if err != nil {
			// TODO: set a flash? cause an error? eh
		} else {
			parentId := ThingId(parentId64)
			newParent := World.ThingForId(parentId)
			// TODO: does the viewer control newParent sufficiently to move the thing there?
			if newParent == nil {
				// TODO: set a flash? cause an error? eh
			} else {
				thing.Parent = parentId
			}
		}

		World.SaveThing(thing)

		http.Redirect(w, r, thing.GetURL(), http.StatusSeeOther)
		return
	}

	typeName := thing.Type.String()
	templateName := fmt.Sprintf("thing/type/%s.html", typeName)
	RenderTemplate(w, r, templateName, map[string]interface{}{
		"Title": thing.Name,
		"Thing": thing,
	})
}
Beispiel #30
0
func (c *appContext) updatetaskHandler(w http.ResponseWriter, r *http.Request) {
	params := context.Get(r, "params").(httprouter.Params)
	body := context.Get(r, "body").(*tasksModel.TaskResource)
	body.Data.Id = bson.ObjectIdHex(params.ByName("id"))
	repo := tasksModel.TaskRepo{c.db.C("tasks")}
	err := repo.Update(&body.Data)
	if err != nil {
		panic(err)
	}

	w.WriteHeader(204)
	w.Write([]byte("\n"))
}