Ejemplo n.º 1
0
func (app *App) handleAllUserModels(w http.ResponseWriter, r *http.Request) {
	switch r.Method {
	case "GET":
		_, ok := app.getUser(r)
		if !ok {
			http.Error(w, "Unauthorized", http.StatusUnauthorized)
			return
		}
		// TODO
		// if u.Admin == false {
		// 	http.Error(w, "Unauthorized", http.StatusUnauthorized)
		// 	return
		// }

		tx, err := app.db.Begin()
		if err != nil {
			app.dbError(w, r, err)
			return
		}
		defer tx.Rollback()

		allUsers, err := db.AllUsers(tx)
		if err != nil {
			http.Error(w, err.Error(), http.StatusInternalServerError)
			return
		}
		allModels := []db.Model{}

		for _, user := range allUsers {

			models, err := db.UserModels(tx, user.Name)
			for i, _ := range models {
				models[i].Owner = user.Name
			}

			if err != nil {
				http.Error(w, err.Error(), http.StatusInternalServerError)
				return
			}

			allModels = append(allModels, models...)
		}

		if err != nil {
			app.dbError(w, r, err)
			return
		}
		app.writeJson(w, allModels)
	default:
		http.Error(w, "I only respond to GETs", http.StatusNotImplemented)
	}
}
Ejemplo n.º 2
0
func (app *App) handleUsersData(w http.ResponseWriter, r *http.Request) {
	// it's already implied that this user is an admin, we can skip auth
	switch r.Method {
	case "GET":
		tx, err := app.db.Begin()
		if err != nil {
			app.dbError(w, r, err)
			return
		}
		defer tx.Rollback()

		users, err := db.AllUsers(tx)
		if err != nil {
			app.dbError(w, r, err)
			return
		}

		// ViewUser is a type which is okay to display in the view.
		// It omits fields like "password" (because we would NEVER display
		// something like that).
		type ViewUser struct {
			Name     string
			Email    string
			Admin    bool
			Apikey   string
			ROApikey string
		}
		viewUsers := make([]ViewUser, len(users))
		for i, user := range users {
			viewUsers[i] = ViewUser{
				user.Name, user.Email, user.Admin,
				user.Apikey, user.ReadOnlyApikey,
			}
		}
		app.writeJson(w, viewUsers)
	default:
		http.Error(w, "I only respond to GETs", http.StatusNotImplemented)
	}
}
Ejemplo n.º 3
0
func (app *App) handleModelSharedUsers(w http.ResponseWriter, r *http.Request) {
	switch r.Method {
	case "GET":

		reqUser, ok := app.getUser(r)
		if !ok {
			http.Error(w, "Unauthorized", http.StatusUnauthorized)
			return
		}

		if app.sharingDisabled {
			// If sharing is disabled return an empty list
			w.Write([]byte(`[]`))
			return
		}

		modelname := mux.Vars(r)["name"]

		tx, err := app.db.Begin()
		if err != nil {
			app.dbError(w, r, err)
			return
		}
		defer tx.Rollback()

		users, err := db.ModelSharedUsers(tx, reqUser.Name, modelname)
		if err != nil {
			http.Error(w, err.Error(), http.StatusInternalServerError)
			return
		}

		isShared := func(userId int64) bool {
			for _, user := range users {
				if user.Id == userId {
					return true
				}
			}
			return false
		}

		allUsers, err := db.AllUsers(tx)
		if err != nil {
			http.Error(w, err.Error(), http.StatusInternalServerError)
			return
		}
		shared := []sharedUser{}

		for _, user := range allUsers {
			if user.Id == reqUser.Id {
				continue
			}

			shared = append(shared, sharedUser{
				Id:     user.Id,
				Name:   user.Name,
				Shared: isShared(user.Id),
			})
		}

		app.writeJson(w, shared)
	default:
		http.Error(w, "I only respond to GETs", http.StatusNotImplemented)
	}
}
Ejemplo n.º 4
0
func (app *App) handleRegister(w http.ResponseWriter, r *http.Request) {
	// Register is only displayed if there are no users on the system.
	// It is only for the inital login.
	tx, err := app.db.Begin()
	if err != nil {
		app.dbError(w, r, err)
		return
	}
	defer tx.Rollback()

	users, err := db.AllUsers(tx)
	if err != nil {
		app.dbError(w, r, err)
		return
	}
	if len(users) != 0 {
		if r.Method == "GET" {
			http.Redirect(w, r, "/", http.StatusTemporaryRedirect)
		} else {
			http.Error(w, "Unauthorized", http.StatusUnauthorized)
		}
		return
	}

	if r.Method == "GET" {
		app.serveFile("register.html").ServeHTTP(w, r)
		return
	} else if r.Method != "POST" {
		http.Error(w, "I only respond to GET and POSTs", http.StatusNotImplemented)
		return
	}

	username := r.PostFormValue("username")
	pass := r.PostFormValue("password")
	email := r.PostFormValue("email")

	if username == "" {
		http.Error(w, "No username provided", http.StatusBadRequest)
		return
	}

	if pass == "" {
		http.Error(w, "Empty password provided", http.StatusBadRequest)
		return
	}
	hashedPass := phash.Gen(pass)

	user, err := db.NewUser(tx, username, hashedPass, email, true)
	if err != nil {
		http.Error(w, "Could not save user to database: "+err.Error(),
			http.StatusInternalServerError)
		return
	}
	if err := tx.Commit(); err != nil {
		app.dbError(w, r, err)
		return
	}

	u := &User{Id: user.Id, Name: user.Name}
	if err := app.setUser(r, w, u); err != nil {
		http.Error(w, "Failed to set session cookie: "+err.Error(),
			http.StatusInternalServerError)
		return
	}
	w.WriteHeader(http.StatusOK)
}