Ejemplo n.º 1
0
// GetCookie retrieves and verifies the signed cookie value.
func GetCookie(r *http.Request, name string) string {
	cookie, err := r.Cookie(name)
	if err != nil {
		return ""
	}
	return authcookie.Login(cookie.Value, secret)
}
Ejemplo n.º 2
0
func TeamMemberAccept(w http.ResponseWriter, r *http.Request, u *User) error {
	// get the team name from the token
	token := r.FormValue("token")
	teamToken := authcookie.Login(token, secret)
	teamId, err := strconv.Atoi(teamToken)
	if err != nil || teamId == 0 {
		return ErrInvalidTeamName
	}

	// get the team from the database
	team, err := database.GetTeam(int64(teamId))
	if err != nil {
		return RenderError(w, err, http.StatusNotFound)
	}

	// add the user to the team.
	// by default the user has write access to the team, which means
	// they can add and manage new repositories.
	if err := database.SaveMember(u.ID, team.ID, RoleWrite); err != nil {
		return RenderError(w, err, http.StatusInternalServerError)
	}

	// send the user to the dashboard
	http.Redirect(w, r, "/dashboard/team/"+team.Slug, http.StatusSeeOther)
	return nil
}
Ejemplo n.º 3
0
func RegisterPost(w http.ResponseWriter, r *http.Request) error {
	// verify the token and extract the username
	token := r.FormValue("token")
	email := authcookie.Login(token, secret)
	if len(email) == 0 {
		return RenderTemplate(w, "register.html", &struct{ Error string }{"Your registration email is expired."})
	}

	// set the email and name
	user := NewUser(r.FormValue("name"), email)

	// set the new password
	password := r.FormValue("password")
	if err := user.SetPassword(password); err != nil {
		return RenderTemplate(w, "register.html", &struct{ Error string }{err.Error()})
	}

	// verify fields are correct
	if err := user.Validate(); err != nil {
		return RenderTemplate(w, "register.html", &struct{ Error string }{err.Error()})
	}

	// save to the database
	if err := database.SaveUser(user); err != nil {
		return err
	}

	// add the user to the session object
	SetCookie(w, r, "_sess", user.Email)

	// redirect the user to their dashboard
	http.Redirect(w, r, "/dashboard", http.StatusSeeOther)
	return nil
}
//判断cookie是否存在
func isCookieExist(w http.ResponseWriter, r *http.Request) bool {
	cookie, err := r.Cookie(COOKIENAME)
	if err == nil {
		var cookieValue = cookie.Value
		login := authcookie.Login(cookieValue, []byte(KEY))
		if login != "" {
			strBody, _ := setParams("/auth/login", 0, "ok", "")
			w.Write(strBody)
			return true
		}
	}
	return false
}
Ejemplo n.º 5
0
func Read(ws *websocket.Conn) {

	// get the name from the request
	hash := ws.Request().FormValue("token")

	// get the hash of the token
	name := authcookie.Login(hash, secret)

	// get the hub for the specified channel name
	mu.RLock()
	hub, ok := hubs[name]
	mu.RUnlock()

	// if hub not found, exit
	if !ok {
		ws.Close()
		return
	}

	// internal representation of a connection
	// maximum queue of 100000 messages
	conn := &connection{
		send: make(chan string, 100000),
		ws:   ws,
	}

	// register the connection with the hub
	hub.register <- conn

	defer func() {
		go func() {
			hub.unregister <- conn
		}()
		closed := <-hub.closed

		// this will remove the hub when the connection is
		// closed if the
		if hub.autoClose && closed {
			mu.Lock()
			delete(hubs, name)
			mu.Unlock()
		}
	}()

	go conn.writer()
	conn.reader()
}
Ejemplo n.º 6
0
// Wrap handler in complete context
func handleFunc(url string, handler func(*Context)) {
	url = path.Join("/", url)
	http.HandleFunc(
		url,
		func(w http.ResponseWriter, r *http.Request) {
			if r.URL.Path != url {
				http.NotFound(w, r)
				return
			}

			q := &Context{
				w:          w,
				r:          r,
				opt_db:     make([]string, 0),
				opt_dbmeta: make([]string, 0),
				prefixes:   make(map[string]bool),
				myprefixes: make(map[string]bool),
				protected:  make(map[string]bool),
				hasmeta:    make(map[string]bool),
				desc:       make(map[string]string),
				lines:      make(map[string]int),
				shared:     make(map[string]string),
				params:     make(map[string]string),
			}

			// Maak verbinding met database
			var err error
			q.db, err = dbopen()
			if err != nil {
				http.Error(w, err.Error(), http.StatusInternalServerError)
				logerr(err)
				return
			}
			defer q.db.Close()

			// Is de gebruiker ingelogd?
			if auth, err := r.Cookie("paqu-auth"); err == nil {
				s := strings.SplitN(authcookie.Login(auth.Value, []byte(getRemote(q)+Cfg.Secret)), "|", 2)
				if len(s) == 2 {
					q.user = s[1]
					q.sec = s[0]
				}
			}
			if q.user != "" {
				rows, err := q.db.Query(fmt.Sprintf(
					"SELECT SQL_CACHE `quotum` FROM `%s_users` WHERE `mail` = %q AND `sec` = %q", Cfg.Prefix, q.user, q.sec))
				if err != nil {
					http.Error(w, err.Error(), http.StatusInternalServerError)
					logerr(err)
					return
				}
				if !rows.Next() {
					q.user = ""
				} else {
					err := rows.Scan(&q.quotum)
					rows.Close()
					if err != nil {
						http.Error(w, err.Error(), http.StatusInternalServerError)
						logerr(err)
						return
					}
					q.auth = true
					_, err = q.db.Exec(fmt.Sprintf("UPDATE `%s_users` SET `active` = NOW() WHERE `mail` = %q", Cfg.Prefix, q.user))
					if err != nil {
						http.Error(w, err.Error(), http.StatusInternalServerError)
						logerr(err)
						return
					}
				}
			}

			// Laad lijsten van corpora

			q.ignore = make(map[string]bool)
			if q.auth {
				rows, err := q.db.Query(fmt.Sprintf("SELECT `prefix` FROM `%s_ignore` WHERE `user` = %q", Cfg.Prefix, q.user))
				if err != nil {
					http.Error(q.w, err.Error(), http.StatusInternalServerError)
					logerr(err)
					return
				}
				for rows.Next() {
					var s string
					err := rows.Scan(&s)
					if err != nil {
						http.Error(q.w, err.Error(), http.StatusInternalServerError)
						logerr(err)
						return
					}
					q.ignore[s] = true
				}
			}

			s := "\"Z\""
			where := ""
			o := "2"
			if q.auth {
				s = fmt.Sprintf("IF(`i`.`owner` = \"none\", \"A\", IF(`i`.`owner` = %q, \"B\", \"C\"))", q.user)
				where = fmt.Sprintf(" OR `c`.`user` = %q", q.user)
				o = "7, 2"
			}
			rows, err := q.db.Query(fmt.Sprintf(
				"SELECT SQL_CACHE `i`.`id`, `i`.`description`, `i`.`nline`, `i`.`owner`, `i`.`shared`, `i`.`params`,  "+s+", `i`.`protected`, `i`.`hasmeta` "+
					"FROM `%s_info` `i`, `%s_corpora` `c` "+
					"WHERE `c`.`enabled` = 1 AND "+
					"`i`.`status` = \"FINISHED\" AND `i`.`id` = `c`.`prefix` AND ( `c`.`user` = \"all\"%s ) "+
					"ORDER BY "+o,
				Cfg.Prefix,
				Cfg.Prefix,
				where))
			if err != nil {
				http.Error(w, err.Error(), http.StatusInternalServerError)
				logerr(err)
				return
			}
			var id, desc, owner, shared, params, group string
			var zinnen, protected, hasmeta int
			for rows.Next() {
				err := rows.Scan(&id, &desc, &zinnen, &owner, &shared, &params, &group, &protected, &hasmeta)
				if err != nil {
					http.Error(w, err.Error(), http.StatusInternalServerError)
					logerr(err)
					return
				}
				if group == "C" {
					if !q.ignore[id] {
						q.opt_db = append(q.opt_db, fmt.Sprintf("C%s %s \u2014 %s \u2014 %s zinnen", id, desc, displayEmail(owner), iformat(zinnen)))
						q.prefixes[id] = true
						if hasmeta > 0 {
							q.opt_dbmeta = append(q.opt_dbmeta, fmt.Sprintf("C%s %s \u2014 %s \u2014 %s zinnen",
								id, desc, displayEmail(owner), iformat(zinnen)))
						}
					}
				} else if q.auth || owner == "none" {
					q.opt_db = append(q.opt_db, fmt.Sprintf("%s%s %s \u2014 %s zinnen", group, id, desc, iformat(zinnen)))
					q.prefixes[id] = true
					if hasmeta > 0 {
						q.opt_dbmeta = append(q.opt_dbmeta, fmt.Sprintf("%s%s %s \u2014 %s zinnen", group, id, desc, iformat(zinnen)))
					}
				}
				q.desc[id] = desc
				q.lines[id] = zinnen
				q.shared[id] = shared
				q.params[id] = params
				q.protected[id] = protected > 0
				if hasmeta > 0 {
					q.hasmeta[id] = true
				}
				if q.auth && owner == q.user {
					q.myprefixes[id] = true
				}
			}

			// Verwerk input
			switch r.Method {
			case "GET":
				err = r.ParseForm()
				if err != nil {
					http.Error(w, err.Error(), http.StatusInternalServerError)
					logerr(err)
					return
				}
			case "POST":
				if url != "/corsave" {
					reader, err := r.MultipartReader()
					if err != nil {
						http.Error(w, err.Error(), http.StatusInternalServerError)
						logerr(err)
						return
					}
					q.form, err = reader.ReadForm(10 * 1024 * 1024)
					if err != nil {
						http.Error(w, err.Error(), http.StatusInternalServerError)
						logerr(err)
						return
					}
				}
			default:
				http.Error(w, "Methode "+r.Method+" is niet toegestaan", http.StatusMethodNotAllowed)
				return
			}

			// Update login-cookies
			setcookie(q)

			handler(q)
		})
}