func BodyParser(app *forest.App) func(ctx *bear.Context) {
return func(ctx *bear.Context) {
destination, ok := ctx.Get(forest.Body).(Populater)
if !ok {
ctx.Set(forest.Error,
fmt.Errorf("(*forest.App).BodyParser unitialized"))
message := safeErrorMessage(app, ctx, app.Error("Parse"))
app.Response(ctx, http.StatusInternalServerError,
forest.Failure, message).Write(nil)
return
}
if ctx.Request.Body == nil {
ctx.Set(forest.SafeError,
fmt.Errorf("%s: body is empty", app.Error("Parse")))
message := safeErrorMessage(app, ctx, app.Error("Parse"))
app.Response(ctx, http.StatusBadRequest,
forest.Failure, message).Write(nil)
return
}
if err := destination.Populate(ctx.Request.Body); err != nil {
ctx.Set(forest.SafeError,
fmt.Errorf("%s: %s", app.Error("Parse"), err))
message := safeErrorMessage(app, ctx, app.Error("Parse"))
app.Response(ctx, http.StatusBadRequest,
forest.Failure, message).Write(nil)
return
}
ctx.Next()
}
}
func ErrorsUnauthorized(app *forest.App) func(ctx *bear.Context) {
return func(ctx *bear.Context) {
app.Response(
ctx,
http.StatusUnauthorized,
forest.Failure,
safeErrorMessage(app, ctx, app.Error("Unauthorized"))).Write(nil)
}
}
func ErrorsServerError(app *forest.App) func(ctx *bear.Context) {
return func(ctx *bear.Context) {
app.Response(
ctx,
http.StatusInternalServerError,
forest.Failure,
safeErrorMessage(app, ctx, app.Error("Generic"))).Write(nil)
}
}
func ErrorsBadRequest(app *forest.App) func(ctx *bear.Context) {
return func(ctx *bear.Context) {
app.Response(
ctx,
http.StatusBadRequest,
forest.Failure,
safeErrorMessage(app, ctx, app.Error("Generic"))).Write(nil)
}
}
func Authenticate(app *forest.App) func(ctx *bear.Context) {
return func(ctx *bear.Context) {
userID, ok := ctx.Get(forest.SessionUserID).(string)
if !ok || len(userID) == 0 {
app.Response(ctx, http.StatusUnauthorized, forest.Failure,
app.Error("Unauthorized")).Write(nil)
return
}
ctx.Next()
}
}
func SessionDel(app *forest.App, manager SessionManager) func(ctx *bear.Context) {
return func(ctx *bear.Context) {
sessionID, ok := ctx.Get(forest.SessionID).(string)
if !ok {
err := fmt.Errorf("SessionDel %s: %v",
forest.SessionID, ctx.Get(forest.SessionID))
ctx.Set(forest.Error, err)
message := safeErrorMessage(app, ctx, app.Error("Generic"))
app.Response(ctx, http.StatusInternalServerError,
forest.Failure, message).Write(nil)
return
}
userID, ok := ctx.Get(forest.SessionUserID).(string)
if !ok {
err := fmt.Errorf("SessionDel %s: %v",
forest.SessionUserID, ctx.Get(forest.SessionUserID))
ctx.Set(forest.Error, err)
message := safeErrorMessage(app, ctx, app.Error("Generic"))
app.Response(ctx, http.StatusInternalServerError,
forest.Failure, message).Write(nil)
return
}
if err := manager.Delete(sessionID, userID); err != nil {
ctx.Set(forest.Error, err)
message := safeErrorMessage(app, ctx, app.Error("Generic"))
app.Response(ctx, http.StatusInternalServerError,
forest.Failure, message).Write(nil)
return
}
ctx.Next()
}
}
func CSRF(app *forest.App) func(ctx *bear.Context) {
type postBody struct {
SessionID string `json:"sessionid"` // forest.SessionID == "sessionid"
}
return func(ctx *bear.Context) {
if ctx.Request.Body == nil {
app.Response(ctx, http.StatusBadRequest,
forest.Failure, app.Error("CSRF")).Write(nil)
return
}
pb := new(postBody)
body, _ := ioutil.ReadAll(ctx.Request.Body)
if body == nil || len(body) < 2 { // smallest JSON body is {}, 2 chars
app.Response(
ctx,
http.StatusBadRequest,
forest.Failure,
app.Error("Parse")).Write(nil)
return
}
// set ctx.Request.Body back to an untouched io.ReadCloser
ctx.Request.Body = ioutil.NopCloser(bytes.NewBuffer(body))
if err := json.Unmarshal(body, pb); err != nil {
app.Response(
ctx,
http.StatusBadRequest,
forest.Failure,
app.Error("Parse")+": "+err.Error()).Write(nil)
return
}
sessionID, ok := ctx.Get(forest.SessionID).(string)
if !ok || sessionID != pb.SessionID {
app.Response(
ctx,
http.StatusBadRequest,
forest.Failure,
app.Error("CSRF")).Write(nil)
return
}
ctx.Next()
}
}
func ErrorsNotFound(app *forest.App) func(ctx *bear.Context) {
return func(ctx *bear.Context) {
message := safeErrorMessage(app, ctx, app.Error("NotFound"))
app.Response(ctx, http.StatusNotFound, forest.Failure, message).Write(nil)
}
}