// API function to get user settings
func getApiUserHandler(w http.ResponseWriter, r *http.Request, params map[string]string) {
userName := authentication.GetUserName(r)
if userName != "" {
userId, err := getUserId(userName)
if err != nil {
http.Error(w, err.Error(), http.StatusInternalServerError)
return
}
id := params["id"]
userIdToGet, err := strconv.ParseInt(id, 10, 64)
if err != nil || userIdToGet < 1 {
http.Error(w, err.Error(), http.StatusInternalServerError)
return
} else if userIdToGet != userId { // Make sure the authenticated user is only accessing his/her own data. TODO: Make sure the user is admin when multiple users have been introduced
http.Error(w, "You don't have permission to access this data.", http.StatusForbidden)
return
}
user, err := database.RetrieveUser(userIdToGet)
if err != nil {
http.Error(w, err.Error(), http.StatusInternalServerError)
return
}
userRole, err := getUserRole(userName)
if err != nil {
http.Error(w, err.Error(), http.StatusInternalServerError)
return
}
user.Role = userRole
userJson := userToJson(user)
json, err := json.Marshal(userJson)
if err != nil {
http.Error(w, err.Error(), http.StatusInternalServerError)
return
}
w.Header().Set("Content-Type", "application/json")
w.Write(json)
return
} else {
http.Error(w, "Not logged in!", http.StatusInternalServerError)
return
}
}
// API function to patch user settings
func patchApiUserHandler(w http.ResponseWriter, r *http.Request, _ map[string]string) {
userName := authentication.GetUserName(r)
if userName != "" {
userId, err := getUserId(userName)
if err != nil {
http.Error(w, err.Error(), http.StatusInternalServerError)
return
}
decoder := json.NewDecoder(r.Body)
var json JsonUser
err = decoder.Decode(&json)
if err != nil {
http.Error(w, err.Error(), http.StatusInternalServerError)
return
}
// Make sure user id is over 0
if json.Id < 1 {
http.Error(w, "Wrong user id.", http.StatusInternalServerError)
return
} else if userId != json.Id { // Make sure the authenticated user is only changing his/her own data. TODO: Make sure the user is admin when multiple users have been introduced
http.Error(w, "You don't have permission to change this data.", http.StatusInternalServerError)
return
}
// Get old user data to compare
tempUser, err := database.RetrieveUser(json.Id)
if err != nil {
http.Error(w, err.Error(), http.StatusInternalServerError)
return
}
// Make sure user email is provided
if json.Email == "" {
json.Email = string(tempUser.Email)
}
// Make sure user name is provided
if json.Name == "" {
json.Name = string(tempUser.Name)
}
// Make sure user slug is provided
if json.Slug == "" {
json.Slug = tempUser.Slug
}
// Check if new name is already taken
if json.Name != string(tempUser.Name) {
_, err = database.RetrieveUserByName([]byte(json.Name))
if err == nil {
// The new user name is already taken. Assign the old name.
// TODO: Return error that will be displayed in the admin interface.
json.Name = string(tempUser.Name)
}
}
// Check if new slug is already taken
if json.Slug != tempUser.Slug {
_, err = database.RetrieveUserBySlug(json.Slug)
if err == nil {
// The new user slug is already taken. Assign the old slug.
// TODO: Return error that will be displayed in the admin interface.
json.Slug = tempUser.Slug
}
}
user := structure.User{Id: json.Id, Name: []byte(json.Name), Slug: json.Slug, Email: []byte(json.Email), Image: []byte(json.Image), Cover: []byte(json.Cover), Bio: []byte(json.Bio), Website: []byte(json.Website), Location: []byte(json.Location)}
err = methods.UpdateUser(&user, userId)
if err != nil {
http.Error(w, err.Error(), http.StatusInternalServerError)
return
}
if json.Password != "" && (json.Password == json.PasswordRepeated) { // Update password if a new one was submitted
encryptedPassword, err := authentication.EncryptPassword(json.Password)
if err != nil {
http.Error(w, err.Error(), http.StatusInternalServerError)
return
}
err = database.UpdateUserPassword(user.Id, encryptedPassword, time.Now(), json.Id)
if err != nil {
http.Error(w, err.Error(), http.StatusInternalServerError)
return
}
}
// Check if the user name was changed. If so, update the session cookie to the new user name.
if json.Name != string(tempUser.Name) {
logInUser(json.Name, w)
}
w.WriteHeader(http.StatusOK)
w.Write([]byte("User settings updated!"))
return
} else {
http.Error(w, "Not logged in!", http.StatusInternalServerError)
return
}
}
// API function to add and remove post authors
func putApiPostAuthorsHandler(w http.ResponseWriter,
r *http.Request,
params map[string]string) {
userName := authentication.GetUserName(r)
if userName != "" {
userId, err := getUserId(userName)
if err != nil {
http.Error(w, err.Error(), http.StatusInternalServerError)
return
}
userRole, err := getUserRole(userName)
if err != nil {
http.Error(w, err.Error(), http.StatusInternalServerError)
return
}
post_id := params["id"]
postId, err := strconv.ParseInt(post_id, 10, 64)
if err != nil || postId < 1 {
http.Error(w, err.Error(), http.StatusInternalServerError)
return
}
// Check the post for existence (there's no foreign key constraint)
post, err := database.RetrievePostById(postId)
if err != nil {
http.Error(w, err.Error(), http.StatusInternalServerError)
return
}
// Allow this action only to the main author
if post.Author.Id != userId && userRole != 4 {
http.Error(w, "Not your post", http.StatusInternalServerError)
return
}
decoder := json.NewDecoder(r.Body)
var json JsonChangePostAuthors
err = decoder.Decode(&json)
if err != nil {
http.Error(w, err.Error(), http.StatusInternalServerError)
return
}
delete_author_ids := json.Delete
add_author_ids := json.Add
var existing_authors []structure.User
existing_authors, err = database.RetrieveAuthors(postId)
if err != nil {
http.Error(w, err.Error(), http.StatusInternalServerError)
return
}
// Delete users
for _, author_id := range delete_author_ids {
err = database.DeletePostAuthor(postId, author_id)
// Don't even check for errors
}
// Filter out ones who is already listed as author
for _, author_id := range add_author_ids {
author_exists := false
for _, author := range existing_authors {
if author.Id == author_id {
author_exists = true
break
}
}
if !author_exists {
_, err = database.RetrieveUser(author_id)
if err == nil { // Verify that this user exists in DB
// and save him
_ = database.InsertPostAuthor(int(postId), author_id)
}
}
}
w.WriteHeader(http.StatusOK)
w.Write([]byte("Authors added!"))
return
} else {
http.Error(w, "Not logged in!", http.StatusInternalServerError)
return
}
}