func (ps *PageServer) Save(c http.ResponseWriter, r *http.Request) {
oldname := r.FormValue("oldname")
name := r.FormValue("name")
if !perms.ToEditPage(r, path.Join(ps.Prefix, name)) {
template.Error403(c, r, name)
return
}
if !perms.ToEditPage(r, path.Join(ps.Prefix, oldname)) {
template.Error403(c, r, oldname)
return
}
content := r.FormValue("content")
title := r.FormValue("title")
err := ps.Manager.Save(name, title, []byte(content))
if err != nil {
template.Error500(c, r, err)
return
}
if oldname != name && oldname != "" {
err := ps.Manager.Delete(oldname)
if err != nil {
template.Error500(c, r, err)
return
}
}
http.Redirect(c, r, path.Join(ps.Prefix, name), 301)
}
// For login authentication from picasa.
// TODO: Add error handling.
func AuthHandler(c http.ResponseWriter, r *http.Request) {
// Get the token supplied in the URL.
picasaLen := len("token=")
url, _ := url.QueryUnescape(r.URL.RawQuery)
token := url[picasaLen:]
log.Println(token, r.URL.RawQuery)
// Try to upgrade the token to a multi-use one. See
// http://code.google.com/apis/accounts/docs/AuthSub.html
req := picasa.NewRequest("https://www.google.com/accounts/accounts/AuthSubSessionToken", token, "GET")
resp, e := picasa.Send(req)
// Get the upgraded token value
body, e := ioutil.ReadAll(resp.Body)
if e != nil {
fmt.Println(e)
}
resp.Body.Close()
if len(body) <= picasaLen {
log.Println("Invalid or missing token! Response received was:", body)
template.Error500(c, r, nil)
}
upgradedToken := body[picasaLen:]
log.Println("Upgraded Token: ", string(upgradedToken))
// Finally, save the upgraded token in the server-side session.
u, _ := user.Get(r)
u.Set("picasa-authsub-token", string(upgradedToken))
http.Redirect(c, r, "/photos/upload", http.StatusFound)
}
func WhoamiHandler(c http.ResponseWriter, r *http.Request) {
id, err := session.Get(r, "openid-email")
if err != nil {
template.Error500(c, r, err)
return
}
fmt.Fprintln(c, "Authenticated as:", id)
}
func (ps *PageServer) List(c http.ResponseWriter, r *http.Request) {
plist, err := ps.Manager.List()
if err != nil {
template.Error500(c, r, err)
return
}
template.Render(c, r, ps.PageAlias, "main", plist)
return
}
func AuthHandler(c http.ResponseWriter, r *http.Request) {
grant, _, err := openid.VerifyValues(r.URL.Query())
if err != nil {
emsg := fmt.Sprintln("Error in openid auth handler:", err)
fmt.Println(emsg)
fmt.Fprintln(c, emsg)
return
}
if !grant {
fmt.Println("Permission denied!")
fmt.Fprintln(c, "Access denied by user or internal error.")
return
}
fmt.Println("Permission granted!")
wantedValues := []string{"value.email", "value.first", "value.last", "value.country", "value.lang"}
qvalues := r.URL.Query()
for _, wantedValue := range wantedValues {
value, _ := url.QueryUnescape(qvalues.Get("openid.ext1." + wantedValue))
err := session.Set(c, r, "openid-"+wantedValue[len("value."):], value)
if err != nil {
template.Error500(c, r, err)
return
}
}
id, _ := url.QueryUnescape(qvalues.Get("openid.ext1.value.email"))
err = session.Set(c, r, "openid-email", id)
if err != nil {
template.Error500(c, r, err)
return
}
continueURL, err := session.Get(r, "openid-continue-url")
if err != nil || continueURL == "" {
continueURL = "/"
}
fmt.Println(c, r, continueURL)
http.Redirect(c, r, continueURL, 307)
fmt.Fprintln(c, "Authenticated as", id)
return
}
func (ps *PageServer) Edit(c http.ResponseWriter, r *http.Request) {
if len(r.URL.Path) < len(ps.Prefix)+len("/edit") {
template.Error404(c, r, nil)
return
}
name := r.URL.Path[len(ps.Prefix) : len(r.URL.Path)-len("/edit")]
page, err := ps.Manager.Load(name)
if err != nil {
template.Error500(c, r, err)
return
}
template.Render(c, r, "Editing "+page.Title, "edit", page)
}