func extractKeyIDAndLoadKeyFromDB(token *jwt.Token) (interface{}, error) {
// Check whether the right signing algorithm was used.
if _, ok := token.Method.(*jwt.SigningMethodRSA); !ok {
return nil, fmt.Errorf("Unexpected signing method: %v", token.Header["alg"])
}
// Get the user ID
userID := (token.Header["user"].(float64))
user, err := models.FindUserByID(int(userID))
if err != nil {
return nil, err
}
privateKey, err := StringToPrivateKey(user.PrivateKey)
return privateKey.Public(), err
}
// ValidateJWTToken validates a JWT token and returns the user from the DB
func ValidateJWTToken(input string) (*models.User, error) {
if redis.TokenIsInBlacklist(input) {
return nil, errors.New("Token is in blacklist.")
}
token, err := jwt.Parse(input, extractKeyIDAndLoadKeyFromDB)
if err != nil || !token.Valid {
return nil, err
}
if token.Claims["user"] != token.Header["user"] {
return nil, errors.New("The token has been tampered with...inside.")
}
userID := (token.Claims["user"].(float64))
user, err := models.FindUserByID(int(userID))
return &user, err
}
// GetFencesHandler GET /fences
func GetFencesHandler(w http.ResponseWriter, r *http.Request) {
lat, err1 := strconv.ParseFloat(r.URL.Query().Get("latitude"), 64)
lon, err2 := strconv.ParseFloat(r.URL.Query().Get("longitude"), 64)
radius, err3 := strconv.ParseInt(r.URL.Query().Get("radius"), 10, 64)
userID, err4 := strconv.ParseInt(r.URL.Query().Get("user"), 10, 8)
excludeOwn, _ := strconv.ParseBool(r.URL.Query().Get("excludeOwn"))
if err1 == nil && err2 == nil && err3 == nil {
user, err := auth.ValidateSession(r)
var result []models.Fence
if err == nil && excludeOwn {
result, err = search.FindGeoFencesExceptByUser(lat, lon, radius, user.ID)
} else {
result, err = search.FindGeoFences(lat, lon, radius)
}
if err != nil {
InternalServerError(err, w)
return
}
fences := make([]fenceResponse, len(result))
for i := range result {
f := result[i]
fences[i].ID = f.ID
fences[i].Lat = f.Lat
fences[i].Lon = f.Lon
fences[i].Name = f.Name
fences[i].Radius = f.Radius
fences[i].Owner = f.UserID
fences[i].DiesAt = util.Timestamp(f.DiesAt)
fences[i].RentMultiplier = f.RentMultiplier
fences[i].OwnerName = f.User.Name
if user != nil && f.UserID == user.ID {
fences[i].Cost = f.Cost
fences[i].TotalEarnings = f.TotalEarnings
fences[i].TotalVisitors = f.TotalVisitors
}
}
bytes, err := json.Marshal(&fences)
if err != nil {
InternalServerError(err, w)
return
}
if user != nil {
user.LastKnownGeoHash = geomodel.GeoCell(lat, lon, models.LastKnownGeoHashResolution)
err = user.Save()
if err != nil {
InternalServerError(err, w)
return
}
}
w.Write(bytes)
return
}
if err4 == nil {
user, _ := auth.ValidateSession(r)
fenceUser, errA := models.FindUserByID(int(userID))
if errA != nil {
InternalServerError(errA, w)
return
}
result, errA := fenceUser.GetFences()
if errA != nil {
InternalServerError(errA, w)
return
}
fences := make([]fenceResponse, len(result))
for i := range result {
f := result[i]
fences[i].ID = f.ID
fences[i].Lat = f.Lat
fences[i].Lon = f.Lon
fences[i].Name = f.Name
fences[i].Radius = f.Radius
fences[i].Owner = f.UserID
fences[i].DiesAt = util.Timestamp(f.DiesAt)
fences[i].RentMultiplier = f.RentMultiplier
fences[i].OwnerName = fenceUser.Name
if user != nil && f.UserID == user.ID {
fences[i].Cost = f.Cost
fences[i].TotalEarnings = f.TotalEarnings
fences[i].TotalVisitors = f.TotalVisitors
}
}
bytes, err := json.Marshal(&fences)
if err != nil {
InternalServerError(err, w)
return
}
w.Write(bytes)
return
}
err := err1
if err == nil {
err = err2
}
if err == nil {
err = err3
}
if err == nil {
err = err4
}
if err == nil {
err = errors.New("Please specify valid query options.")
}
InternalServerError(err, w)
}
