Beispiel #1
0
func BodyParser(app *forest.App) func(ctx *bear.Context) {
	return func(ctx *bear.Context) {
		destination, ok := ctx.Get(forest.Body).(Populater)
		if !ok {
			ctx.Set(forest.Error,
				fmt.Errorf("(*forest.App).BodyParser unitialized"))
			message := safeErrorMessage(app, ctx, app.Error("Parse"))
			app.Response(ctx, http.StatusInternalServerError,
				forest.Failure, message).Write(nil)
			return
		}
		if ctx.Request.Body == nil {
			ctx.Set(forest.SafeError,
				fmt.Errorf("%s: body is empty", app.Error("Parse")))
			message := safeErrorMessage(app, ctx, app.Error("Parse"))
			app.Response(ctx, http.StatusBadRequest,
				forest.Failure, message).Write(nil)
			return
		}
		if err := destination.Populate(ctx.Request.Body); err != nil {
			ctx.Set(forest.SafeError,
				fmt.Errorf("%s: %s", app.Error("Parse"), err))
			message := safeErrorMessage(app, ctx, app.Error("Parse"))
			app.Response(ctx, http.StatusBadRequest,
				forest.Failure, message).Write(nil)
			return
		}
		ctx.Next()
	}
}
Beispiel #2
0
func ErrorsUnauthorized(app *forest.App) func(ctx *bear.Context) {
	return func(ctx *bear.Context) {
		app.Response(
			ctx,
			http.StatusUnauthorized,
			forest.Failure,
			safeErrorMessage(app, ctx, app.Error("Unauthorized"))).Write(nil)
	}
}
Beispiel #3
0
func ErrorsServerError(app *forest.App) func(ctx *bear.Context) {
	return func(ctx *bear.Context) {
		app.Response(
			ctx,
			http.StatusInternalServerError,
			forest.Failure,
			safeErrorMessage(app, ctx, app.Error("Generic"))).Write(nil)
	}
}
Beispiel #4
0
func ErrorsBadRequest(app *forest.App) func(ctx *bear.Context) {
	return func(ctx *bear.Context) {
		app.Response(
			ctx,
			http.StatusBadRequest,
			forest.Failure,
			safeErrorMessage(app, ctx, app.Error("Generic"))).Write(nil)
	}
}
Beispiel #5
0
func Authenticate(app *forest.App) func(ctx *bear.Context) {
	return func(ctx *bear.Context) {
		userID, ok := ctx.Get(forest.SessionUserID).(string)
		if !ok || len(userID) == 0 {
			app.Response(ctx, http.StatusUnauthorized, forest.Failure,
				app.Error("Unauthorized")).Write(nil)
			return
		}
		ctx.Next()
	}
}
Beispiel #6
0
func SessionDel(app *forest.App, manager SessionManager) func(ctx *bear.Context) {
	return func(ctx *bear.Context) {
		sessionID, ok := ctx.Get(forest.SessionID).(string)
		if !ok {
			err := fmt.Errorf("SessionDel %s: %v",
				forest.SessionID, ctx.Get(forest.SessionID))
			ctx.Set(forest.Error, err)
			message := safeErrorMessage(app, ctx, app.Error("Generic"))
			app.Response(ctx, http.StatusInternalServerError,
				forest.Failure, message).Write(nil)
			return
		}
		userID, ok := ctx.Get(forest.SessionUserID).(string)
		if !ok {
			err := fmt.Errorf("SessionDel %s: %v",
				forest.SessionUserID, ctx.Get(forest.SessionUserID))
			ctx.Set(forest.Error, err)
			message := safeErrorMessage(app, ctx, app.Error("Generic"))
			app.Response(ctx, http.StatusInternalServerError,
				forest.Failure, message).Write(nil)
			return
		}
		if err := manager.Delete(sessionID, userID); err != nil {
			ctx.Set(forest.Error, err)
			message := safeErrorMessage(app, ctx, app.Error("Generic"))
			app.Response(ctx, http.StatusInternalServerError,
				forest.Failure, message).Write(nil)
			return
		}
		ctx.Next()
	}
}
Beispiel #7
0
func CSRF(app *forest.App) func(ctx *bear.Context) {
	type postBody struct {
		SessionID string `json:"sessionid"` // forest.SessionID == "sessionid"
	}
	return func(ctx *bear.Context) {
		if ctx.Request.Body == nil {
			app.Response(ctx, http.StatusBadRequest,
				forest.Failure, app.Error("CSRF")).Write(nil)
			return
		}
		pb := new(postBody)
		body, _ := ioutil.ReadAll(ctx.Request.Body)
		if body == nil || len(body) < 2 { // smallest JSON body is {}, 2 chars
			app.Response(
				ctx,
				http.StatusBadRequest,
				forest.Failure,
				app.Error("Parse")).Write(nil)
			return
		}
		// set ctx.Request.Body back to an untouched io.ReadCloser
		ctx.Request.Body = ioutil.NopCloser(bytes.NewBuffer(body))
		if err := json.Unmarshal(body, pb); err != nil {
			app.Response(
				ctx,
				http.StatusBadRequest,
				forest.Failure,
				app.Error("Parse")+": "+err.Error()).Write(nil)
			return
		}
		sessionID, ok := ctx.Get(forest.SessionID).(string)
		if !ok || sessionID != pb.SessionID {
			app.Response(
				ctx,
				http.StatusBadRequest,
				forest.Failure,
				app.Error("CSRF")).Write(nil)
			return
		}
		ctx.Next()
	}
}
Beispiel #8
0
func ErrorsNotFound(app *forest.App) func(ctx *bear.Context) {
	return func(ctx *bear.Context) {
		message := safeErrorMessage(app, ctx, app.Error("NotFound"))
		app.Response(ctx, http.StatusNotFound, forest.Failure, message).Write(nil)
	}
}