Beispiel #1
0
func TestReadUser(t *testing.T) {
	readUser := new(data.User)

	testRead(t, "/users/"+user.Username, readUser)

	readUser.CreateTime = user.CreateTime

	structJSONCompare(t, user, readUser)
}
Beispiel #2
0
func scanUser(user *data.User, rows *sql.Rows) error {
	var createTimeString string

	err := rows.Scan(
		&user.Username,
		&user.Password,
		&user.Salt,
		&user.Role,
		&user.TrustLevel,
		&createTimeString,
	)

	if err != nil {
		return err
	}

	createTime, err := time.Parse("2006-01-02 15:04:05", createTimeString) // this assumes UTC as timezone

	if err != nil {
		log.Println("User scanner failed to parse time.")
		return err
	}

	user.CreateTime = createTime

	return nil
}
Beispiel #3
0
func TestSelectUser(t *testing.T) {
	selectedUser := new(data.User)
	selectedUser.Username = user.Username
	err := Select(selectedUser)

	if err != nil {
		t.Error(err)
	}

	t.Log(selectedUser.CreateTime.UTC())
	t.Log(user.CreateTime.UTC())

	selectedUser.CreateTime = user.CreateTime // Hack because MySQL will eat part of the timestamp and they won't match

	structJSONCompare(t, user, selectedUser)
}
Beispiel #4
0
// Generic Delete handler
func Delete(w http.ResponseWriter, r *http.Request) {
	user, permissions := auth.Challenge(w, r, true)
	if user == nil || permissions < 1 {
		http.Error(w, "Please Login", http.StatusUnauthorized)
		return
	}

	w.Header().Set("Access-Control-Allow-Origin", "*")
	w.Header().Set("Access-Control-Allow-Headers", "Origin, X-Requested-With, Content-Type, Accept")

	vars := mux.Vars(r)

	var (
		val interface{} // Generic container for the deleted object
		err error
	)

	// Build a URI like representation of the datatype
	types := []string{vars["datatype"]}

	if childtype, ok := vars["childtype"]; ok {
		types = append(types, childtype)
	}

	// Switch based on that URI like representation and instantiate something in the generic container. Also infer the identifier from the vars and perform validation.
	switch strings.Join(types, "/") {
	case "items":
		item := new(data.Item)
		item.ID, err = strconv.ParseInt(vars["key"], 10, 64)

		val = item
	case "items/comments":
		comment := new(data.ItemComment)
		comment.ID, err = strconv.ParseInt(vars["childkey"], 10, 64)

		val = comment
	case "users":
		if vars["key"] != user.Username {
			http.Error(w, "Please don't delete other users", http.StatusUnauthorized)
			return
		}

		user := new(data.User)
		user.Username = vars["key"]

		val = user
	case "roles":
		role := new(data.Role)
		role.Title = vars["key"]

		val = role
	case "taxonomy":
		term := new(data.Term)
		term.Term = vars["key"]

		val = term
	default:
		http.NotFound(w, r)
		return
	}

	if err != nil {
		log.Println(err)
		http.Error(w, "Malformed key in URI", http.StatusBadRequest)
		return
	}

	// Perform the delete
	err = storage.Delete(val)

	if err == storage.ErrZeroAffected {
		http.Error(w, "No matches for query", http.StatusNotFound)
		return
	} else if err != nil {
		log.Println(err)
		http.Error(w, "Delete Database error, likely due to malformed request", http.StatusInternalServerError)
		return
	}

	// Confirm the delete
	w.WriteHeader(http.StatusNoContent)
}
Beispiel #5
0
// Generic Read handler for reading single objects
func Read(w http.ResponseWriter, r *http.Request) {
	//No Auth for the moment

	w.Header().Set("Access-Control-Allow-Origin", "*")
	w.Header().Set("Access-Control-Allow-Headers", "Origin, X-Requested-With, Content-Type, Accept")

	vars := mux.Vars(r)

	var (
		val interface{} // Generic container for the read object
		err error
	)

	// Build a URI like representation of the datatype
	types := []string{vars["datatype"]}

	if childtype, ok := vars["childtype"]; ok {
		types = append(types, childtype)
	}

	// Switch based on that URI like representation and instantiate something in the generic container. Also infer the identifier from the vars and perform validation.
	switch strings.Join(types, "/") {
	case "items":
		item := new(data.Item)
		item.ID, err = strconv.ParseInt(vars["key"], 10, 64)

		val = item
	case "items/comments":
		comment := new(data.ItemComment)
		comment.ID, err = strconv.ParseInt(vars["childkey"], 10, 64)

		val = comment

	case "users":
		user := new(data.User)
		user.Username = vars["key"]

		val = user
	case "users/direction":
		direction := new(data.UserDirection)
		direction.Username = vars["key"]

		val = direction
	case "roles":
		role := new(data.Role)
		role.Title = vars["key"]

		val = role
	case "taxonomy":
		term := new(data.Term)
		term.Term = vars["key"]

		val = term
	case "taxonomy/ranking":
		ranking := new(data.TermRanking)
		ranking.Term = vars["key"]

		val = ranking
	default:
		http.NotFound(w, r)
		return
	}

	if err != nil {
		log.Println(err)
		http.Error(w, "Malformed key in URI", http.StatusBadRequest)
		return
	}

	// Perform the Select
	err = storage.Select(val)

	if err == storage.ErrZeroAffected {
		http.Error(w, "No matches for query", http.StatusNotFound)
		return
	} else if err != nil {
		log.Println(err)
		http.Error(w, "Select Database error, likely due to malformed request", http.StatusInternalServerError)
		return
	}

	// Important. Let's never send salt/hash out.
	switch v := val.(type) {
	case *data.User:
		v.Salt = ""
		v.Password = ""
	}

	w.Header().Set("Content-Type", "application/json") // Header are important when GZIP is enabled

	// Return the object we've selected from the database.
	encoder := json.NewEncoder(w)
	err = encoder.Encode(val)

	if err != nil {
		log.Println(err)
	}
}
Beispiel #6
0
// Handle requests containing JSON with user credentials. If the credentials are valid the response will set a session cookie effectively logging in the user.
//
// Expected JSON format:
// 	{"Username":"******", "Password":"******"}
//
// Invalid credentials will result in a 401 StatusUnauthorized response. Malformed JSON will result in a 400 StatusBadRequest or possibly 500 StatusInternalServerError.
func AuthHandlerFunc(w http.ResponseWriter, r *http.Request) {
	// Parse the JSON into a user object
	loginInfo := new(data.User)

	decoder := json.NewDecoder(r.Body)
	err := decoder.Decode(&loginInfo)

	if err != nil {
		log.Println("JSON problem")
		log.Println(err)
		http.Error(w, "Malformed json.", http.StatusBadRequest)
		return
	}

	// Try and load the actual user
	user := new(data.User)
	user.Username = loginInfo.Username

	err = storage.Select(user)

	if err == storage.ErrZeroAffected {
		log.Println("No such user: "******"Invalid credentials.", http.StatusUnauthorized)
		return
	} else if err != nil {
		log.Println(err)
		http.Error(w, "Database error, likely due to malformed request.", http.StatusInternalServerError)
		return
	}

	// Validate
	if !user.Auth(loginInfo.Password) {
		log.Println("Wrong Password for: ", user.Username)
		http.Error(w, "Invalid credentials.", http.StatusUnauthorized)
		return
	}

	// Get role permissions
	role := new(data.Role)
	role.Title = user.Role

	err = storage.Select(role)

	if err != nil {
		log.Println("Issues loading role during auth", err)
		role.Permissions = 0 // Default to no permissions
	}

	// Build a cookie session
	session, _ := store.Get(r, "rter-credentials")

	session.Values["username"] = user.Username
	session.Values["role"] = user.Role
	session.Values["permissions"] = role.Permissions

	err = session.Save(r, w)

	if err != nil {
		log.Println(err)
	}
}
Beispiel #7
0
// Handle a POST request with an image, phone_id, lat, lng and heading. Return a target heading from the web UI
func MultiUploadHandler(rterDir string, uploadPath string, w http.ResponseWriter, r *http.Request) {
	imageFile, header, err := r.FormFile("image")
	if err != nil {
		return
	}

	user := new(data.User)
	user.Username = r.FormValue("phone_id")

	err = storage.Select(user)

	if err == storage.ErrZeroAffected {
		user.Role = "public"
		storage.Insert(user)
		// log.Println("upload failed, phone_id invalid:", user.Username)
		// http.Error(w, "Invalid credentials.", http.StatusUnauthorized)
		// return
	} else if err != nil {
		log.Println(err)
		http.Error(w, "Database error, likely due to malformed request.", http.StatusInternalServerError)
		return
	}

	os.Mkdir(filepath.Join(uploadPath, user.Username), os.ModeDir|0775)

	matchingItems := make([]*data.Item, 0)
	err = storage.SelectWhere(&matchingItems, "WHERE Type=\"streaming-video-v0\" AND Author=?", user.Username)

	exists := true

	if err == storage.ErrZeroAffected {
		exists = false
	} else if err != nil {
		log.Println(err)
		http.Error(w, "Database error, likely due to malformed request.", http.StatusInternalServerError)
		return
	}

	var item *data.Item

	if exists {
		item = matchingItems[0]
	} else {
		item = new(data.Item)
	}

	item.Author = user.Username

	item.Type = "streaming-video-v0"
	item.Live = true
	item.HasGeo = true
	item.HasHeading = true

	item.Lat, err = strconv.ParseFloat(r.FormValue("lat"), 64)
	if err != nil {
		item.HasGeo = false
	}

	item.Lng, err = strconv.ParseFloat(r.FormValue("lng"), 64)
	if err != nil {
		item.HasGeo = false
	}

	item.Heading, err = strconv.ParseFloat(r.FormValue("heading"), 64)
	if err != nil {
		item.HasHeading = false
	}

	item.StartTime = time.Now()
	item.StopTime = item.StartTime
	path := uploadPath

	if strings.HasSuffix(header.Filename, ".png") {
		path = filepath.Join(path, fmt.Sprintf("%v/%v.png", user.Username, item.StopTime.UnixNano()))
	} else if strings.HasSuffix(header.Filename, ".jpg") || strings.HasSuffix(header.Filename, "jpeg") {
		path = filepath.Join(path, fmt.Sprintf("%v/%v.jpg", user.Username, item.StopTime.UnixNano()))
	}

	outputFile, err := os.OpenFile(path, os.O_WRONLY|os.O_CREATE, 0664)

	if err != nil {
		log.Println(err)
		http.Error(w, "Error, likely due to malformed request.", http.StatusInternalServerError)
	}
	defer outputFile.Close()

	io.Copy(outputFile, imageFile)

	path = path[len(rterDir):]

	item.ContentURI = path
	item.ThumbnailURI = path

	if exists {
		storage.Update(item)
	} else {
		storage.Insert(item)
	}

	userDirection := new(data.UserDirection)
	userDirection.Username = user.Username

	err = storage.Select(userDirection)

	if err != nil {
		log.Println(err)
		http.Error(w, "Database error, likely due to malformed request.", http.StatusInternalServerError)
		return
	}

	w.Write([]byte(strconv.FormatFloat(userDirection.Heading, 'f', 6, 64)))
}
Beispiel #8
0
func scanUser(user *data.User, rows *sql.Rows) error {
	var createTimeString string
	var updateTimeString string
	var statusTimeString string

	err := rows.Scan(
		&user.Username,
		&user.Password,
		&user.Salt,
		&user.Role,
		&user.TrustLevel,
		&createTimeString,
		&user.Heading,
		&user.Lat,
		&user.Lng,
		&updateTimeString,
		&user.Status,
		&statusTimeString,
	)

	if err != nil {
		return err
	}

	// TODO: this is a hacky fix for null times
	if createTimeString == "0000-00-00 00:00:00" {
		createTimeString = "0001-01-01 00:00:00"
	}
	createTime, err := time.Parse("2006-01-02 15:04:05", createTimeString) // this assumes UTC as timezone

	if err != nil {
		log.Println("User scanner failed to parse create time.")
		return err
	}

	user.CreateTime = createTime

	// TODO: this is a hacky fix for null times
	if updateTimeString == "0000-00-00 00:00:00" {
		updateTimeString = "0001-01-01 00:00:00"
	}
	updateTime, err := time.Parse("2006-01-02 15:04:05", updateTimeString) // this assumes UTC as timezone

	if err != nil {
		log.Println("User scanner failed to parse update time.")
		return err
	}

	user.UpdateTime = updateTime

	// TODO: this is a hacky fix for null times
	if statusTimeString == "0000-00-00 00:00:00" {
		statusTimeString = "0001-01-01 00:00:00"
	}
	statusTime, err := time.Parse("2006-01-02 15:04:05", statusTimeString) // this assumes UTC as timezone

	if err != nil {
		log.Println("User scanner failed to parse time.")
		return err
	}

	user.StatusTime = statusTime

	return nil
}