func RecordsQueryHandler(c echo.Context) error { session := session.NewSession(c) if !session.AuthFailed { endpoint := session.GetEndpoint() request := session.GetParam("request").(map[string]interface{}) bypass_plugin := false if session.User.SuperUser && request["where"].(map[string]interface{})["$bypass_plugin"] != nil { bypass_plugin = true delete(request["where"].(map[string]interface{}), "$bypass_plugin") } if !bypass_plugin && plugin.CheckPlugin("query", endpoint) { plugin.RunPlugin("query", endpoint, session) } else { records, count := endpoint.FindReadRecordsWhere(request["where"].(map[string]interface{}), session.User) session.SetRecordsAndCalculateCapabilitiesForUser(endpoint.Name, records, session.User) session.SetRecordCount(count) } } session.Write() return nil }
func RecordsDeleteHandler(c echo.Context) error { session := session.NewSession(c) if !session.AuthFailed { endpoint := session.GetEndpoint() request := session.GetParam("request").(map[string]interface{}) bypass_plugin := false if session.User.SuperUser && request["content"] != nil && request["content"].(map[string]interface{})["$bypass_plugin"] != nil { bypass_plugin = true delete(request["content"].(map[string]interface{}), "$bypass_plugin") } if !bypass_plugin && plugin.CheckPlugin("delete", endpoint) { plugin.RunPlugin("delete", endpoint, session) } else { id := bson.ObjectIdHex(session.GetParam("record_id").(string)) record := endpoint.FindDestroyRecordById(id, session.User) record.DeleteAndTrigger(endpoint.Name, !session.TriggerSession) } } session.Write() return nil }
func RecordsTriggerHandler(c echo.Context) error { session := session.NewSession(c) if !session.AuthFailed { endpoint := session.GetEndpoint() request := session.GetParam("request").(map[string]interface{}) bypass_plugin := false if session.User.SuperUser && request["content"] != nil && request["content"].(map[string]interface{})["$bypass_plugin"] != nil { bypass_plugin = true delete(request["content"].(map[string]interface{}), "$bypass_plugin") } if !bypass_plugin && plugin.CheckPlugin("trigger", endpoint) { plugin.RunPlugin("trigger", endpoint, session) } else { id := bson.ObjectIdHex(session.GetParam("record_id").(string)) record := endpoint.FindWriteRecordById(id, session.User) record.UpdateReferenceMaps() record.SaveAndTriggerCreate(endpoint.Name, false) go record.FindAndExecuteTriggerForEvent(endpoint.Name + ":update") } } session.Write() return nil }
func GroupJoinHandler(c echo.Context) error { session := session.NewSession(c) request := session.GetParam("request").(map[string]interface{}) password := "" if g, ok := request["group"]; ok { group := g.(map[string]interface{}) if group["password"] != nil { password = group["password"].(string) } } if session.User.Id != bson.ObjectId("") { id := bson.ObjectIdHex(session.GetParam("group_id").(string)) group, _ := session.GetApplication().FindGroupById(id) if group.CanJoin(session.User, password) { users := []model.User{session.User} group.AddUsers(users) group.Save() session.SetRecords("groups", []interface{}{group}) } } session.Write() return nil }
func RecordsUpdateHandler(c echo.Context) error { session := session.NewSession(c) if !session.AuthFailed { endpoint := session.GetEndpoint() request := session.GetParam("request").(map[string]interface{}) bypass_plugin := false if session.User.SuperUser && request["content"].(map[string]interface{})["$bypass_plugin"] != nil { bypass_plugin = true delete(request["content"].(map[string]interface{}), "$bypass_plugin") } if !bypass_plugin && plugin.CheckPlugin("update", endpoint) { plugin.RunPlugin("update", endpoint, session) } else { id := bson.ObjectIdHex(session.GetParam("record_id").(string)) record := endpoint.FindWriteRecordById(id, session.User) if request != nil && request["content"] != nil { request_content := request["content"].(map[string]interface{}) request_permissions := request["permissions"].(map[string]interface{}) var trigger = false if request_content["$trigger"] != nil { trigger = request_content["$trigger"].(bool) delete(request_content, "$trigger") } else { trigger = !session.TriggerSession } if session.User.SuperUser != true { if request_content["protected"] != nil { request_content["protected"] = record.Content["protected"] } } record.Content = request_content record.Permissions.UpdatePermissions(request_permissions) record.UpdateReferenceMaps() record.StripReferenceData() record.SaveAndTrigger(endpoint.Name, trigger) session.SetRecordsAndCalculateCapabilitiesForUser(session.GetEndpoint().Name, []model.Record{record}, session.User) } session.SetRecordsAndCalculateCapabilitiesForUser(session.GetEndpoint().Name, []model.Record{record}, session.User) } } session.Write() return nil }
func FilesCreateHandler(c echo.Context) error { session := session.NewSession(c) request := session.GetParam("request").(map[string]interface{}) file_params := request["file"].(map[string]interface{}) var size int64 url := "" if file_params["size"] != nil { size, _ = file_params["size"].(json.Number).Int64() } if file_params["url"] != nil { url = file_params["url"].(string) } if url != "" || size != 0 { if !session.AuthFailed { record_id := bson.ObjectIdHex(session.GetParam("record_id").(string)) endpoint := session.GetEndpoint() record := endpoint.FindWriteRecordById(record_id, session.User) if record.Id != bson.ObjectId("") { file := model.File{} file.ApplicationId = session.GetApplication().Id file.RecordId = record.Id file.EndpointId = endpoint.Id file.Name = file_params["name"].(string) if size != 0 { file.Size = size } else { file.URL = url } file.Save() if file_params["size"] != nil { file.GenerateRequest() } record.AddFile(file) session.SetRecords("files", []model.File{file}) } } } else { session.SetError(1400) } session.Write() return nil }
func UsersDeleteHandler(c echo.Context) error { session := session.NewSession(c) if !session.AuthFailed { user := session.User user.Delete() } session.Write() return nil }
func AdminListEndpointsHandler(c echo.Context) error { session := session.NewSession(c) if !session.AuthFailed && session.User.SuperUser == true { app := session.GetApplication() session.SetRecords("endpoints", app.AllEndpoints()) } session.Write() return nil }
func FilesGetHandler(c echo.Context) error { // Create the User Session session := session.NewSession(c) // Validate that the request signature is valid session.ValidateFileRequest() redirect := false if !session.AuthFailed { // Get the endpoint for that record endpoint := session.GetEndpoint() if plugin.CheckPlugin("get_file", endpoint) { plugin.RunPlugin("get_file", endpoint, session) } else { // Get the ID of the record that owns the file record_id := bson.ObjectIdHex(session.GetParam("record_id").(string)) // Get the record from the endpoint collection record := endpoint.FindReadRecordById(record_id, session.User) // Check if the record exists if record.Id != bson.ObjectId("") { // Get the ID of the file file_id := bson.ObjectIdHex(session.GetParam("file_id").(string)) // Get the file from the database file := record.FindFileById(file_id) // Validate that the file exists if file.Id != bson.ObjectId("") { // Redirect to the file path c.Redirect(301, file.DownloadURL()) redirect = true // Log the request session.LogRequest() } } if !redirect { session.Write() } } } return nil }
func GroupDestroyHandler(c echo.Context) error { session := session.NewSession(c) if !session.AuthFailed { id := bson.ObjectIdHex(session.GetParam("group_id").(string)) group, _ := session.GetApplication().FindGroupById(id) if group.CanModify(session.User) { group.Delete() } else { session.SetError(1002) } } else { session.SetError(1001) } session.Write() return nil }
func UsersUpdateHandler(c echo.Context) error { session := session.NewSession(c) request_params := session.GetParam("request").(map[string]interface{}) user_params := request_params["user"].(map[string]interface{}) user_id := session.GetParam("user_id").(string) user := session.GetApplication().FindUserById(bson.ObjectIdHex(user_id)) can_edit := session.User.SuperUser || session.User.Id == user.Id password := user_params["current_password"] valid := session.User.SuperUser || (password != nil && user.VerifyPassword(password.(string))) //fmt.Println(can_edit, user_id) if user.Id == bson.ObjectId("") || !can_edit { session.SetError(1101) } else if !valid { session.SetError(1106) } else { if user_params["name"] != nil { user.Name = user_params["name"].(string) } if user_params["email"] != nil { user.Email = user_params["email"].(string) } if user_params["password"] != nil { user.SetPassword(user_params["password"].(string)) } user.Save() session.SetRecords("users", []interface{}{user}) } session.Write() return nil }
func UsersGetHandler(c echo.Context) error { session := session.NewSession(c) user_id := session.GetParam("user_id").(string) user := session.GetApplication().FindUserById(bson.ObjectIdHex(user_id)) if !session.AuthFailed { // Only Send Private Profile if the user matches if session.User.Id == user.Id { user.SendPrivateProfile() } session.SetRecords("users", []interface{}{user}) } session.Write() return nil }
func GroupLeaveHandler(c echo.Context) error { session := session.NewSession(c) if session.User.Id != bson.ObjectId("") { id := bson.ObjectIdHex(session.GetParam("group_id").(string)) group, _ := session.GetApplication().FindGroupById(id) users := []model.User{session.User} group.RemoveUsers(users) group.Save() session.SetRecords("groups", []interface{}{group}) } session.Write() return nil }
func GroupUpdateHandler(c echo.Context) error { session := session.NewSession(c) if !session.AuthFailed { group_params := session.GetParam("request").(map[string]interface{}) id := bson.ObjectIdHex(session.GetParam("group_id").(string)) group, _ := session.GetApplication().FindGroupById(id) if group.CanModify(session.User) { group.Update(group_params) group.Save() } session.SetRecords("groups", []interface{}{group}) } session.Write() return nil }
func GroupCreateHandler(c echo.Context) error { session := session.NewSession(c) if !session.AuthFailed { request := session.GetParam("request").(map[string]interface{}) group_params := request["group"].(map[string]interface{}) group := model.Group{} group.ApplicationId = bson.ObjectIdHex(session.GetParam("application_id").(string)) group.Save() group.Update(group_params) group.Save() session.SetRecords("groups", []interface{}{group}) } session.Write() return nil }
func UsersCreateHandler(c echo.Context) error { session := session.NewSession(c) request_params := session.GetParam("request").(map[string]interface{}) user_params := request_params["user"].(map[string]interface{}) user := model.User{} user.ApplicationId = bson.ObjectIdHex(session.GetParam("application_id").(string)) email := strings.ToLower(user_params["email"].(string)) if user_params["name"] != nil && user_params["email"] != nil && user_params["facebook_id"] == nil { user.Name = user_params["name"].(string) user.Email = email user.SetPassword(user_params["password"].(string)) } else { user.Name = user_params["name"].(string) user.Email = email user.FacebookId = user_params["facebook_id"].(string) if user_params["password"] != nil { user.SetPassword(user_params["password"].(string)) } } err := user.Save() if err { logger.Error("1105" + user.Id.Hex()) session.SetError(1105) } else { user.NewSession() logger.Error("Registered User: "******"users", []interface{}{user}) } session.Write() return nil }
func UsersAuthenticateHandler(c echo.Context) error { session := session.NewSession(c) request_params := session.GetParam("request").(map[string]interface{}) user_params := request_params["user"].(map[string]interface{}) valid := false user := model.User{} if user_params["email"] != nil && user_params["password"] != nil { email := user_params["email"].(string) password := user_params["password"].(string) user = session.GetApplication().FindUserByEmail(email) valid = user.VerifyPassword(password) } else if user_params["facebook_id"] != nil && user_params["facebook_token"] != nil { facebook_id := user_params["facebook_id"].(string) facebook_token := user_params["facebook_token"].(string) user = session.GetApplication().FindUserByFacebookId(facebook_id) valid = user.VerifyFacebookToken(facebook_token) } else if user_params["transfer_id"] != nil && user_params["transfer_token"] != nil { user_id := user_params["transfer_id"].(string) transfer_token := user_params["transfer_token"].(string) user = session.GetApplication().FindUserByTransferId(user_id) valid = user.VerifyTransferToken(transfer_token) } if !valid || user.Id == bson.ObjectId("") { session.SetError(1101) } else { user.NewSession() session.SetRecords("users", []interface{}{user}) } session.Write() return nil }
func FilesDeleteHandler(c echo.Context) error { session := session.NewSession(c) if !session.AuthFailed { record_id := bson.ObjectIdHex(session.GetParam("record_id").(string)) endpoint := session.GetEndpoint() record := endpoint.FindReadRecordById(record_id, session.User) if record.Id != bson.ObjectId("") { file_id := bson.ObjectIdHex(session.GetParam("file_id").(string)) file := record.FindFileById(file_id) if file.Id != bson.ObjectId("") { file.Delete() record.RemoveFile(file) } } } session.Write() return nil }
func RecordsCreateHandler(c echo.Context) error { session := session.NewSession(c) if !session.AuthFailed { endpoint := session.GetEndpoint() request := session.GetParam("request").(map[string]interface{}) bypass_plugin := false if session.User.SuperUser && request["content"].(map[string]interface{})["$bypass_plugin"] != nil { bypass_plugin = true delete(request["content"].(map[string]interface{}), "$bypass_plugin") } if !bypass_plugin && plugin.CheckPlugin("create", endpoint) { plugin.RunPlugin("create", endpoint, session) } else { if endpoint.CanCreate(session.User) { record := endpoint.NewRecord() if session.User.Id != bson.ObjectId("") { record.CreatedBy = session.User.Id } if request != nil && request["content"] != nil { var trigger = false if request["content"].(map[string]interface{})["$trigger"] != nil { trigger = request["content"].(map[string]interface{})["$trigger"].(bool) delete(request["content"].(map[string]interface{}), "$trigger") } else { trigger = !session.TriggerSession } if request["content"].(map[string]interface{})["$created_by"] != nil && session.User.SuperUser == true { record.CreatedBy = bson.ObjectIdHex(request["content"].(map[string]interface{})["$created_by"].(string)) delete(request["content"].(map[string]interface{}), "$created_by") } request_content := request["content"].(map[string]interface{}) request_permissions := request["permissions"].(map[string]interface{}) record.Content = request_content record.Permissions.UpdatePermissions(request_permissions) record.SaveAndTrigger("", false) record.UpdateReferenceMaps() record.SaveAndTriggerCreate(endpoint.Name, trigger) session.SetRecordsAndCalculateCapabilitiesForUser(session.GetEndpoint().Name, []model.Record{record}, session.User) } } } } session.Write() return nil }