Ejemplo n.º 1
0
func (lilo *basicLoginLogout) HandleLogout(request shared.IRequest) (shared.IResponse, error) {
	//request.Session.shared.IUser = nil
	log.Println("LOGOUT")
	request.ResetSession()
	request.Session().AddFlash("success", "Logged Out")
	return getRedirectResponse("/")
}
Ejemplo n.º 2
0
func (th *simpleTemplateHandler) Handle(request shared.IRequest) (shared.IResponse, error) {
	writer, err := th.manager.GetHTMLTemplateWriter(th.name, request.Session())
	if err != nil {
		return nil, err
	}
	writer.Data = th.data

	return writer, nil
}
Ejemplo n.º 3
0
func (h *RawFileHandler) Handle(req shared.IRequest) (shared.IResponse, error) {
	w, _ := req.GetRaw()
	file, err := os.Open(h.WebRoot + "/" + h.Filename)
	if err != nil {
		fmt.Fprintln(w, err.Error())
		w.WriteHeader(http.StatusInternalServerError)
		return nil, nil
	}
	defer file.Close()
	io.Copy(w, file)
	return nil, nil
}
Ejemplo n.º 4
0
func (wh *wrappedHandler) Handle(request shared.IRequest) (shared.IResponse, error) {

	requestData := wh.handler.RequestDataPlaceholder()
	_, r := request.GetRaw()

	// Decode request body JSON to object
	dec := json.NewDecoder(r.Body)
	err := dec.Decode(requestData)
	if err != nil {
		return nil, err
	}

	// Do the request
	return wh.handler.Handle(request, requestData)

}
Ejemplo n.º 5
0
func (ga *GoogleAuth) TryToAuthenticate(request shared.IRequest) (string, interface{}, error) {
	googleToken, ok := request.QueryString().String("code")
	if !ok {
		return "", nil, nil
	}
	log.Printf("Google Auth with Token %s\n", googleToken)

	token, err := ga.Exchange(googleToken)
	if err != nil {
		return "", nil, err
	}

	email, err := token.GooglePlusID()
	if err != nil {
		return "", nil, err
	}

	log.Printf("Google auth response: %s\n", email)

	return "google_id", email, nil
}
Ejemplo n.º 6
0
func (h *FileHandler) writeDatabaseEntry(request shared.IRequest, dbEntry map[string]interface{}, fileCollection string) error {

	qc := databath.GetMinimalQueryConditions(fileCollection, "form")

	q, err := databath.GetQuery(request.GetContext(), h.Model, qc, true)
	if err != nil {
		return err
	}
	sqlString, parameters, err := q.BuildInsert(dbEntry)
	if err != nil {
		return err
	}

	db, err := request.DB()
	if err != nil {
		return err
	}

	fmt.Println(sqlString)

	res, err := db.Exec(sqlString, parameters...)

	if err != nil {
		return err
	}

	pk, _ := res.LastInsertId()
	/*
		actionSummary := &shared_structs.ActionSummary{
			UserId:     request.Session().User().Id,
			Action:     "create",
			Collection: fileCollection,
			Pk:         uint64(pk),
			Fields:     dbEntry,
		}
	*/
	createObject := map[string]interface{}{
		"collection": fileCollection,
		"id":         uint64(pk),
		"object":     dbEntry,
	}

	request.Broadcast("create", createObject)

	return nil
}
Ejemplo n.º 7
0
func (h *FileHandler) Upload(request shared.IRequest) error {

	var functionName string
	var fileCollection string
	var collectionRef string
	var collectionId uint64

	err := request.URLMatch(&functionName, &fileCollection, &collectionRef, &collectionId)
	if err != nil {
		return err
	}

	_, r := request.GetRaw()
	if r.Method != "POST" && r.Method != "PUT" {
		request.WriteString("Must post a file (1)")
		return nil
	}

	mpr, err := r.MultipartReader()
	if err != nil {
		return err
	}

	var part *multipart.Part
	for {
		thisPart, err := mpr.NextPart()
		if err != nil {
			break
		}
		if thisPart.FormName() == "attachment" {
			part = thisPart
			break
		}
	}
	if part == nil {
		request.WriteString("Must post a file (2)")
		return nil
	}

	origName := part.FileName()

	randBytes := make([]byte, 22, 22)
	_, _ = rand.Reader.Read(randBytes)
	fileName := hex.EncodeToString(randBytes)

	bucket, err := h.getBucket()
	if err != nil {
		return err
	}

	upload, err := ioutil.ReadAll(part)
	if err != nil {
		return err
	}
	err = bucket.Put(h.Path+fileName, upload, "application/octet-stream", s3.Private)
	if err != nil {
		return err
	}
	log.Println("File Written")

	dbEntry := map[string]interface{}{
		collectionRef: collectionId,
		"file":        fileName,
		"filename":    origName,
	}

	err = h.writeDatabaseEntry(request, dbEntry, fileCollection)
	if err != nil {
		return err
	}

	request.WriteString(`
		<script type='text/javascript'>
		window.top.file_done()
		</script>
		Uploaded Successfully.
	`)
	return nil
}
Ejemplo n.º 8
0
func (lilo *basicLoginLogout) HandleLogin(request shared.IRequest) (shared.IResponse, error) {
	username := request.PostValueString("username")
	password := request.PostValueString("password")
	lilo.doLogin(request, false, lilo.ColUsername, username, password)
	return nil, nil
}
Ejemplo n.º 9
0
func (lilo *basicLoginLogout) HandleSetPassword(r shared.IRequest) (shared.IResponse, error) {
	doErr := func(err error) (shared.IResponse, error) {
		log.Println(err)
		r.Session().AddFlash("error", "Something went wrong...")
		return getRedirectResponse("/set_password")

	}
	currentPassword := r.PostValueString("current_password")
	newPassword1 := r.PostValueString("new_password_1")
	newPassword2 := r.PostValueString("new_password_2")

	if newPassword1 != newPassword2 {
		r.Session().AddFlash("error", "Passwords didn't match")
		return getRedirectResponse("/set_password")
	}

	if len(currentPassword) < 1 {
		// Is user exempt?
		//if !r.Session().shared.IUser().SetOnNextLogin {
		//	r.Session.AddFlash("error", "Incorrect current password")
		//	r.Redirect("/set_password")
		//	return
		//}
	} else {
		//Check Current Password
		matches, err := r.Session().User().CheckPassword(currentPassword)
		if err != nil {
			return doErr(err)
		}
		if !matches {
			r.Session().AddFlash("error", "Incorrect current password")
			return getRedirectResponse("/set_password")
		}
	}

	/// Is it secure enough?
	// TODO:... something useful.
	if len(newPassword1) < 5 {
		r.Session().AddFlash("error", "Password must be at least 5 characters long")

		return getRedirectResponse("/set_password")
	}

	hashed := HashPassword(newPassword1)

	db := lilo.db
	_, err := db.Exec(`UPDATE `+lilo.usersTable+` SET `+lilo.ColPassword+` = ?, `+lilo.ColSetOnNextLogin+` = 0 WHERE `+lilo.ColId+` = ?`, hashed, r.Session().UserID())
	if err != nil {
		return doErr(err)
	}
	return getRedirectResponse("/app.html")

}
Ejemplo n.º 10
0
func (lilo *basicLoginLogout) doLogin(request shared.IRequest, noPassword bool, usernameCol string, username interface{}, password string) {

	doError := func(verboseMessage string, err error) {
		log.Printf("Issue loggin in (not error): %s, U:%s", verboseMessage, username)

		if err != nil {
			log.Printf("Error loading user '%s' from database: %s\n", username, err.Error())
		}
		if noPassword {
			request.Session().AddFlash("error", verboseMessage)
		} else {
			request.Session().AddFlash("error", "The presented credentials were not matched. Please try again.")
		}
		request.Redirect("/login")
	}

	db := lilo.db

	rows, err := db.Query(`SELECT `+lilo.userColString()+` FROM `+lilo.usersTable+` WHERE `+usernameCol+` = ?`, username)
	if err != nil {
		panic(err)
		log.Fatal(err)
		return
	}

	defer rows.Close()

	canHaz := rows.Next()
	if !canHaz {
		if noPassword {
			doError(fmt.Sprintf("Could not find %s", username), nil)
		} else {
			doError("", nil)
		}
		return
	}

	user, err := lilo.LoadUser(rows)
	if err != nil {
		doError("Invalid user identifier", err)
		return
	}

	if !noPassword {
		log.Printf("Check Password")
		res, err := user.CheckPassword(password)
		if err != nil {
			doError("", err)
			return
		}
		if !res {
			doError("", err)
			return
		}
	}

	target := "/app.html"
	//if request.Session.LoginTarget != nil {
	//		target = *request.Session.LoginTarget
	//	}

	request.ResetSession()

	request.Session().SetUser(user)
	if user.SetOnNextLogin() {
		request.Redirect("/set_password")
	} else {
		request.Redirect(target)
	}

	log.Printf("Done Check Password")
}