Beispiel #1
0
func (ps *PageServer) Save(c http.ResponseWriter, r *http.Request) {
	oldname := r.FormValue("oldname")
	name := r.FormValue("name")

	if !perms.ToEditPage(r, path.Join(ps.Prefix, name)) {
		template.Error403(c, r, name)
		return
	}

	if !perms.ToEditPage(r, path.Join(ps.Prefix, oldname)) {
		template.Error403(c, r, oldname)
		return
	}

	content := r.FormValue("content")
	title := r.FormValue("title")

	err := ps.Manager.Save(name, title, []byte(content))
	if err != nil {
		template.Error500(c, r, err)
		return
	}

	if oldname != name && oldname != "" {
		err := ps.Manager.Delete(oldname)
		if err != nil {
			template.Error500(c, r, err)
			return
		}
	}

	http.Redirect(c, r, path.Join(ps.Prefix, name), 301)
}
Beispiel #2
0
// For login authentication from picasa.
// TODO: Add error handling.
func AuthHandler(c http.ResponseWriter, r *http.Request) {
	// Get the token supplied in the URL.
	picasaLen := len("token=")
	url, _ := url.QueryUnescape(r.URL.RawQuery)
	token := url[picasaLen:]
	log.Println(token, r.URL.RawQuery)

	// Try to upgrade the token to a multi-use one. See
	// http://code.google.com/apis/accounts/docs/AuthSub.html
	req := picasa.NewRequest("https://www.google.com/accounts/accounts/AuthSubSessionToken", token, "GET")
	resp, e := picasa.Send(req)

	// Get the upgraded token value
	body, e := ioutil.ReadAll(resp.Body)
	if e != nil {
		fmt.Println(e)
	}
	resp.Body.Close()
	if len(body) <= picasaLen {
		log.Println("Invalid or missing token! Response received was:", body)
		template.Error500(c, r, nil)
	}
	upgradedToken := body[picasaLen:]
	log.Println("Upgraded Token: ", string(upgradedToken))

	// Finally, save the upgraded token in the server-side session.
	u, _ := user.Get(r)
	u.Set("picasa-authsub-token", string(upgradedToken))
	http.Redirect(c, r, "/photos/upload", http.StatusFound)
}
Beispiel #3
0
func WhoamiHandler(c http.ResponseWriter, r *http.Request) {
	id, err := session.Get(r, "openid-email")
	if err != nil {
		template.Error500(c, r, err)
		return
	}
	fmt.Fprintln(c, "Authenticated as:", id)
}
Beispiel #4
0
func (ps *PageServer) List(c http.ResponseWriter, r *http.Request) {
	plist, err := ps.Manager.List()
	if err != nil {
		template.Error500(c, r, err)
		return
	}

	template.Render(c, r, ps.PageAlias, "main", plist)
	return
}
Beispiel #5
0
func AuthHandler(c http.ResponseWriter, r *http.Request) {
	grant, _, err := openid.VerifyValues(r.URL.Query())
	if err != nil {
		emsg := fmt.Sprintln("Error in openid auth handler:", err)
		fmt.Println(emsg)
		fmt.Fprintln(c, emsg)
		return
	}
	if !grant {
		fmt.Println("Permission denied!")
		fmt.Fprintln(c, "Access denied by user or internal error.")
		return
	}
	fmt.Println("Permission granted!")

	wantedValues := []string{"value.email", "value.first", "value.last", "value.country", "value.lang"}
	qvalues := r.URL.Query()
	for _, wantedValue := range wantedValues {
		value, _ := url.QueryUnescape(qvalues.Get("openid.ext1." + wantedValue))
		err := session.Set(c, r, "openid-"+wantedValue[len("value."):], value)
		if err != nil {
			template.Error500(c, r, err)
			return
		}
	}
	id, _ := url.QueryUnescape(qvalues.Get("openid.ext1.value.email"))
	err = session.Set(c, r, "openid-email", id)
	if err != nil {
		template.Error500(c, r, err)
		return
	}

	continueURL, err := session.Get(r, "openid-continue-url")
	if err != nil || continueURL == "" {
		continueURL = "/"
	}
	fmt.Println(c, r, continueURL)
	http.Redirect(c, r, continueURL, 307)
	fmt.Fprintln(c, "Authenticated as", id)
	return
}
Beispiel #6
0
func (ps *PageServer) Edit(c http.ResponseWriter, r *http.Request) {
	if len(r.URL.Path) < len(ps.Prefix)+len("/edit") {
		template.Error404(c, r, nil)
		return
	}

	name := r.URL.Path[len(ps.Prefix) : len(r.URL.Path)-len("/edit")]

	page, err := ps.Manager.Load(name)
	if err != nil {
		template.Error500(c, r, err)
		return
	}

	template.Render(c, r, "Editing "+page.Title, "edit", page)
}