Example #1
0
// POST users/create
func HandleCreate(context router.Context) error {

	// Authorise
	err := authorise.Path(context)
	if err != nil {
		return router.NotAuthorizedError(err)
	}

	// Setup context
	params, err := context.Params()
	if err != nil {
		return router.InternalError(err)
	}

	// We should check for duplicates in here
	id, err := users.Create(params.Map())
	if err != nil {
		return router.InternalError(err, "Error", "Sorry, an error occurred creating the user record.")
	} else {
		context.Logf("#info Created user id,%d", id)
	}

	// Redirect to the new user
	p, err := users.Find(id)
	if err != nil {
		return router.InternalError(err, "Error", "Sorry, an error occurred finding the new user record.")
	}

	return router.Redirect(context, p.URLIndex())
}
Example #2
0
// HandleUpdate handles POST or PUT /images/1/update
func HandleUpdate(context router.Context) error {

	// Find the image
	image, err := images.Find(context.ParamInt("id"))
	if err != nil {
		context.Logf("#error Error finding image %s", err)
		return router.NotFoundError(err)
	}

	// Authorise
	err = authorise.Resource(context, image)
	if err != nil {
		return router.NotAuthorizedError(err)
	}

	// Update the image
	params, err := context.Params()
	if err != nil {
		return router.InternalError(err)
	}

	err = image.Update(params.Map())
	if err != nil {
		return router.InternalError(err)
	}

	// We redirect back to source if redirect param is set
	return router.Redirect(context, image.URLUpdate())

}
Example #3
0
// HandleUpdate handles the POST of the form to update a page
func HandleUpdate(context router.Context) error {

	// Find the page
	page, err := pages.Find(context.ParamInt("id"))
	if err != nil {
		return router.NotFoundError(err)
	}

	// Authorise update page
	err = authorise.ResourceAndAuthenticity(context, page)
	if err != nil {
		return router.NotAuthorizedError(err)
	}

	// Update the page from params
	params, err := context.Params()
	if err != nil {
		return router.InternalError(err)
	}
	err = page.Update(params.Map())
	if err != nil {
		return router.InternalError(err)
	}

	// Redirect to page
	return router.Redirect(context, page.URLShow())
}
Example #4
0
// HandleUpdate handles the POST of the form to update a user
func HandleUpdate(context router.Context) error {

	// Find the user
	user, err := users.Find(context.ParamInt("id"))
	if err != nil {
		return router.NotFoundError(err)
	}

	// Authorise update user
	err = authorise.ResourceAndAuthenticity(context, user)
	if err != nil {
		return router.NotAuthorizedError(err)
	}

	// Get the params
	params, err := context.Params()
	if err != nil {
		return router.InternalError(err)
	}

	// Clean params further for customers, they may only update email, password, key
	allowedParams := params.Map()
	u := authorise.CurrentUser(context)
	if !u.Admin() {
		//	allowedParams = params.Clean(users.AllowedParamsCustomer())
	}

	err = user.Update(allowedParams)
	if err != nil {
		return router.InternalError(err)
	}

	// Redirect to user
	return router.Redirect(context, user.URLShow())
}
Example #5
0
// HandleUpdate responds to POST /comments/update
func HandleUpdate(context router.Context) error {

	// Find the comment
	comment, err := comments.Find(context.ParamInt("id"))
	if err != nil {
		return router.NotFoundError(err)
	}

	// Authorise update comment, check auth token
	err = authorise.ResourceAndAuthenticity(context, comment)
	if err != nil {
		return router.NotAuthorizedError(err)
	}

	// Update the comment from params
	params, err := context.Params()
	if err != nil {
		return router.InternalError(err)
	}

	// Clean params according to role
	accepted := comments.AllowedParams()
	if authorise.CurrentUser(context).Admin() {
		accepted = comments.AllowedParamsAdmin()
	}
	cleanedParams := params.Clean(accepted)

	err = comment.Update(cleanedParams)
	if err != nil {
		return router.InternalError(err)
	}

	// Redirect to comment
	return router.Redirect(context, comment.URLShow())
}
Example #6
0
// HandleUpdate or PUT /users/1/update
func HandleUpdate(context router.Context) error {

	// Find the user
	id := context.ParamInt("id")
	user, err := users.Find(id)
	if err != nil {
		context.Logf("#error Error finding user %s", err)
		return router.NotFoundError(err)
	}

	// Authorise
	err = authorise.ResourceAndAuthenticity(context, user)
	if err != nil {
		return router.NotAuthorizedError(err)
	}

	// Get the params
	params, err := context.Params()
	if err != nil {
		return router.InternalError(err)
	}

	context.Logf("PARAMS RECD:%v", params)

	err = user.Update(params.Map())
	if err != nil {
		return router.InternalError(err)
	}

	// Redirect to user
	return router.Redirect(context, user.URLShow())
}
Example #7
0
// HandleUpdate handles POST or PUT /pages/1/update
func HandleUpdate(context router.Context) error {

	// Find the page
	page, err := pages.Find(context.ParamInt("id"))
	if err != nil {
		return router.NotFoundError(err)
	}

	// Authorise updating the page
	err = authorise.Resource(context, page)
	if err != nil {
		return router.NotAuthorizedError(err)
	}

	// Update the page from params
	params, err := context.Params()
	if err != nil {
		return router.InternalError(err)
	}
	err = page.Update(params.Map())
	if err != nil {
		return router.InternalError(err)
	}

	// We then find the page again, and retreive the new Url, in case it has changed during update
	page, err = pages.Find(context.ParamInt("id"))
	if err != nil {
		return router.NotFoundError(err)
	}

	// Redirect to page url
	return router.Redirect(context, page.Url)
}
Example #8
0
// HandleUpdate responds to POST /comments/update
func HandleUpdate(context router.Context) error {

	// Find the comment
	comment, err := comments.Find(context.ParamInt("id"))
	if err != nil {
		return router.NotFoundError(err)
	}

	// Authorise update comment, check auth token
	err = authorise.ResourceAndAuthenticity(context, comment)
	if err != nil {
		return router.NotAuthorizedError(err)
	}

	// Update the comment from params
	params, err := context.Params()
	if err != nil {
		return router.InternalError(err)
	}

	err = comment.Update(params.Map())
	if err != nil {
		return router.InternalError(err)
	}

	// Redirect to comment
	return router.Redirect(context, comment.URLShow())
}
Example #9
0
// HandleCreate handles the POST of the create form for pages
func HandleCreate(context router.Context) error {

	// Authorise
	err := authorise.ResourceAndAuthenticity(context, nil)
	if err != nil {
		return router.NotAuthorizedError(err)
	}

	// Setup context
	params, err := context.Params()
	if err != nil {
		return router.InternalError(err)
	}

	id, err := pages.Create(params.Map())
	if err != nil {
		return router.InternalError(err)
	}

	// Log creation
	context.Logf("#info Created page id,%d", id)

	// Redirect to the new page
	m, err := pages.Find(id)
	if err != nil {
		return router.InternalError(err)
	}

	return router.Redirect(context, m.URLIndex())
}
Example #10
0
// HandleUpdate handles the POST of the form to update a story
func HandleUpdate(context router.Context) error {

	// Find the story
	story, err := stories.Find(context.ParamInt("id"))
	if err != nil {
		return router.NotFoundError(err)
	}

	// Authorise update story
	err = authorise.ResourceAndAuthenticity(context, story)
	if err != nil {
		return router.NotAuthorizedError(err)
	}

	// Update the story from params
	params, err := context.Params()
	if err != nil {
		return router.InternalError(err)
	}
	err = story.Update(params.Map())
	if err != nil {
		return err // Create returns a router.Error
	}

	err = updateStoriesRank()
	if err != nil {
		return router.InternalError(err)
	}

	// Redirect to story
	return router.Redirect(context, story.URLShow())
}
Example #11
0
// HandleUpdate serves POST or PUT /tags/1/update
func HandleUpdate(context router.Context) error {

	// Find the tag
	tag, err := tags.Find(context.ParamInt("id"))
	if err != nil {
		return router.NotFoundError(err)
	}

	// Authorise
	err = authorise.Resource(context, tag)
	if err != nil {
		return router.NotAuthorizedError(err)
	}

	// Update the tag
	params, err := context.Params()
	if err != nil {
		return router.InternalError(err)
	}

	err = tag.Update(params.Map())
	if err != nil {
		return router.InternalError(err)
	}

	// Redirect to tag
	return router.Redirect(context, tag.URLShow())
}
Example #12
0
// HandleUpdateShow handles the POST of the form to update a file
func HandleUpdate(context router.Context) error {

	// Find the file
	file, err := files.Find(context.ParamInt("id"))
	if err != nil {
		return router.NotFoundError(err)
	}

	// Authorise update file
	err = authorise.Resource(context, file)
	if err != nil {
		return router.NotAuthorizedError(err)
	}

	// Update the file from params
	params, err := context.Params()
	if err != nil {
		return router.InternalError(err)
	}

	// Find the to user, by querying users on username or email
	// Set the user id if found, else return 404 error, user not found

	// TODO: Make *sure* this only accepts the params we want
	err = file.Update(params.Map())
	if err != nil {
		return router.InternalError(err)
	}

	// Redirect to file
	return router.Redirect(context, file.URLShow())
}
Example #13
0
// HandleUpdate handles the POST of the form to update a post
func HandleUpdate(context router.Context) error {

	// Find the post
	post, err := posts.Find(context.ParamInt("id"))
	if err != nil {
		return router.NotFoundError(err)
	}

	// Authorise update post
	err = authorise.Resource(context, post)
	if err != nil {
		return router.NotAuthorizedError(err)
	}

	// Update the post from params
	params, err := context.Params()
	if err != nil {
		return router.InternalError(err)
	}
	err = post.Update(params.Map())
	if err != nil {
		return router.InternalError(err)
	}

	// Redirect to post
	return router.Redirect(context, post.URLShow())
}
Example #14
0
// POST pages/create
func HandleCreate(context router.Context) error {
	// Authorise
	err := authorise.Path(context)
	if err != nil {
		return router.NotAuthorizedError(err)
	}

	// Setup context
	params, err := context.Params()
	if err != nil {
		return router.InternalError(err)
	}

	id, err := pages.Create(params.Map())

	if err != nil {
		context.Logf("#info Failed to create page %v", params)
		return router.InternalError(err)
	}

	// Log creation
	context.Logf("#info Created page id,%d", id)

	// Redirect to the new page
	p, err := pages.Find(id)
	if err != nil {
		context.Logf("#error Error creating page,%s", err)
	}

	return router.Redirect(context, p.URLIndex())
}
Example #15
0
// HandleUpdate or PUT /users/1/update
func HandleUpdate(context router.Context) error {

	// Find the user
	id := context.ParamInt("id")
	user, err := users.Find(id)
	if err != nil {
		context.Logf("#error Error finding user %s", err)
		return router.NotFoundError(err)
	}

	// Authorise
	err = authorise.Resource(context, user)
	if err != nil {
		return router.NotAuthorizedError(err)
	}

	// We expect only one image, what about replacing the existing when updating?
	// At present we just create a new image
	files, err := context.ParamFiles("image")
	if err != nil {
		return router.InternalError(err)
	}

	// Get the params
	params, err := context.Params()
	if err != nil {
		return router.InternalError(err)
	}

	var imageID int64

	if len(files) > 0 {
		fileHandle := files[0]

		// Create an image (saving the image representation on disk)
		imageParams := map[string]string{"name": user.Name, "status": "100"}
		imageID, err = images.Create(imageParams, fileHandle)
		if err != nil {
			return router.InternalError(err)
		}

		params.Set("image_id", fmt.Sprintf("%d", imageID))
		delete(params, "image")
	}

	err = user.Update(params.Map())
	if err != nil {
		return router.InternalError(err)
	}

	// Redirect to user
	return router.Redirect(context, user.URLShow())
}
Example #16
0
// HandleCreate handles the POST of the create form for users
func HandleCreate(context router.Context) error {

	// Authorise
	err := authorise.Resource(context, nil)
	if err != nil {
		return router.NotAuthorizedError(err)
	}

	// Setup context
	params, err := context.Params()
	if err != nil {
		return router.InternalError(err)
	}

	// Default to customer role etc - admins will have to promote afterwards
	params.Set("role", fmt.Sprintf("%d", users.RoleCustomer))
	params.Set("status", fmt.Sprintf("%d", status.Published))

	id, err := users.Create(params.Map())
	if err != nil {
		return err
	}

	// Log creation
	context.Logf("#info Created user id,%d", id)

	// Redirect to the new user
	user, err := users.Find(id)
	if err != nil {
		return router.InternalError(err)
	}

	// Save the details in a secure cookie
	session, err := auth.Session(context, context.Request())
	if err != nil {
		return router.InternalError(err)
	}

	context.Logf("#info CREATE for user: %d", user.Id)
	session.Set(auth.SessionUserKey, fmt.Sprintf("%d", user.Id))
	session.Save(context)

	// Send them to their user profile page
	return router.Redirect(context, user.URLShow())
}
Example #17
0
// HandleCreate responds to POST images/create
func HandleCreate(context router.Context) error {

	// Authorise
	err := authorise.Path(context)
	if err != nil {
		return router.NotAuthorizedError(err)
	}

	// We expect only one image, what about replacing the existing when updating?
	// At present we just create a new image
	files, err := context.ParamFiles("image")
	if err != nil {
		return router.InternalError(err)
	}

	if len(files) == 0 {
		return router.NotFoundError(nil)
	}

	// Get the params
	params, err := context.Params()
	if err != nil {
		return router.InternalError(err)
	}

	id, err := images.Create(params.Map(), files[0])
	if err != nil {
		context.Logf("#error Error creating image,%s", err)
		return router.InternalError(err)
	}

	// Log creation
	context.Logf("#info Created image id,%d", id)

	// Redirect to the new image
	m, err := images.Find(id)
	if err != nil {
		context.Logf("#error Error creating image,%s", err)
	}

	return router.Redirect(context, m.URLShow())
}
Example #18
0
// HandleLogin handles a post to /users/login
func HandleLogin(context router.Context) error {

	// Check we're not already logged in, if so redirect

	// Get the user details from the database
	params, err := context.Params()
	if err != nil {
		return router.NotFoundError(err)
	}

	// Need something neater than this - how best to do it?
	q := users.Where("email=?", params.Get("email"))
	user, err := users.First(q)
	if err != nil {
		context.Logf("#error Login failed for user no such user : %s %s", params.Get("email"), err)
		return router.Redirect(context, "/users/login?error=failed_email")

	}

	err = auth.CheckPassword(params.Get("password"), user.EncryptedPassword)

	if err != nil {
		context.Logf("#error Login failed for user : %s %s", params.Get("email"), err)
		return router.Redirect(context, "/users/login?error=failed_password")
	}

	// Now save the user details in a secure cookie, so that we remember the next request
	session, err := auth.Session(context, context.Request())
	if err != nil {
		context.Logf("#error problem retrieving session")

	}
	context.Logf("#info Login success for user: %d %s", user.Id, user.Email)
	session.Set(auth.SessionUserKey, fmt.Sprintf("%d", user.Id))
	session.Save(context)

	// Redirect to whatever page the user tried to visit before (if any)
	// For now send them to root
	return router.Redirect(context, "/")

}
Example #19
0
// HandleLogin handles a post to /users/login
func HandleLogin(context router.Context) error {

	// Check we're not already logged in, if so redirect

	// Get the user details from the database
	params, err := context.Params()
	if err != nil {
		return router.NotFoundError(err)
	}

	// Find the user with this email
	q := users.Where("email=?", params.Get("email"))
	user, err := users.First(q)
	if err != nil {
		q = users.Where("name=?", params.Get("email")) // NB use of email field
		user, err = users.First(q)
	}

	if err != nil {
		context.Logf("#error Login failed for user no such user : %s %s", params.Get("email"), err)
		return router.Redirect(context, "/users/login?error=failed_email")
	}

	err = auth.CheckPassword(params.Get("password"), user.EncryptedPassword)

	if err != nil {
		context.Logf("#error Login failed for user : %s %s", params.Get("email"), err)
		return router.Redirect(context, "/users/login?error=failed_password")
	}

	// Save the fact user is logged in to session cookie
	err = loginUser(context, user)
	if err != nil {
		return router.InternalError(err)
	}

	// Redirect to whatever page the user tried to visit before (if any)
	// For now send them to root
	return router.Redirect(context, "/")

}
Example #20
0
// HandleCreate responds to POST tags/create
func HandleCreate(context router.Context) error {

	// Authorise
	err := authorise.Path(context)
	if err != nil {
		return router.NotAuthorizedError(err)
	}

	// Setup context
	params, err := context.Params()
	if err != nil {
		return router.InternalError(err)
	}

	id, err := tags.Create(params.Map())
	if err != nil {
		context.Logf("#info Failed to create tag %v", params)
		return router.InternalError(err)
	}

	// Log creation
	context.Logf("#info Created tag id,%d", id)

	// Redirect to the new tag
	tag, err := tags.Find(id)
	if err != nil {
		context.Logf("#error Error creating tag,%s", err)
	}

	// Always regenerate dotted ids - we fetch all tags first to avoid db calls
	q := tags.Query().Select("select id,parent_id from tags").Order("id asc")
	tagsList, err := tags.FindAll(q)
	if err == nil {
		dottedParams := map[string]string{}
		dottedParams["dotted_ids"] = tag.CalculateDottedIds(tagsList)
		tags.Query().Where("id=?", tag.Id).Update(dottedParams)
	}

	return router.Redirect(context, tag.URLIndex())
}
Example #21
0
// HandleUpdate handles the POST of the form to update a story
func HandleUpdate(context router.Context) error {

	// Find the story
	story, err := stories.Find(context.ParamInt("id"))
	if err != nil {
		return router.NotFoundError(err)
	}

	// Authorise update story
	err = authorise.ResourceAndAuthenticity(context, story)
	if err != nil {
		return router.NotAuthorizedError(err)
	}

	// Update the story from params
	params, err := context.Params()
	if err != nil {
		return router.InternalError(err)
	}

	// Clean params according to role
	accepted := stories.AllowedParams()
	if authorise.CurrentUser(context).Admin() {
		accepted = stories.AllowedParamsAdmin()
	}
	cleanedParams := params.Clean(accepted)

	err = story.Update(cleanedParams)
	if err != nil {
		return err // Create returns a router.Error
	}

	err = updateStoriesRank()
	if err != nil {
		return router.InternalError(err)
	}

	// Redirect to story
	return router.Redirect(context, story.URLShow())
}
Example #22
0
// HandleUpdate or PUT /users/1/update
func HandleUpdate(context router.Context) error {

	// Find the user
	id := context.ParamInt("id")
	user, err := users.Find(id)
	if err != nil {
		context.Logf("#error Error finding user %s", err)
		return router.NotFoundError(err)
	}

	// Authorise
	err = authorise.ResourceAndAuthenticity(context, user)
	if err != nil {
		return router.NotAuthorizedError(err)
	}

	// Get the params
	params, err := context.Params()
	if err != nil {
		return router.InternalError(err)
	}

	// Clean params according to role
	accepted := users.AllowedParams()
	if authorise.CurrentUser(context).Admin() {
		accepted = users.AllowedParamsAdmin()
	}
	allowedParams := params.Clean(accepted)
	err = user.Update(allowedParams)
	if err != nil {
		return router.InternalError(err)
	}

	// Redirect to user
	return router.Redirect(context, user.URLShow())
}
Example #23
0
// HandleLogin handles a post to /users/login
func HandleLogin(context router.Context) error {

	params, err := context.Params()
	if err != nil {
		return router.NotFoundError(err)
	}

	// Check users against their username - we could also check against the email later?
	name := params.Get("name")
	q := users.Where("name=?", name)
	user, err := users.FindFirst(q)
	if err != nil {
		context.Logf("#error Login failed for user : %s %s", name, err)
		return router.Redirect(context, "/users/login?error=failed_name")
	}

	err = auth.CheckPassword(params.Get("password"), user.Password)
	if err != nil {
		context.Logf("#error Login failed for user : %s %s", name, err)
		return router.Redirect(context, "/users/login?error=failed_password")
	}

	// Save the details in a secure cookie
	session, err := auth.Session(context, context.Request())
	if err != nil {
		return router.InternalError(err)
	}

	context.Logf("#info LOGIN for user: %d", user.Id)
	session.Set(auth.SessionUserKey, fmt.Sprintf("%d", user.Id))
	session.Save(context)

	// Send them to their user profile page
	return router.Redirect(context, user.URLShow())

}
Example #24
0
// HandleCreate handles the POST of the create form for stories
func HandleCreate(context router.Context) error {

	// Check csrf token
	err := authorise.AuthenticityToken(context)
	if err != nil {
		return router.NotAuthorizedError(err)
	}

	// Check permissions - if not logged in and above 1 points, redirect to error
	if !authorise.CurrentUser(context).CanSubmit() {
		return router.NotAuthorizedError(nil, "Sorry", "You need to be registered and have more than 1 points to submit stories.")
	}

	// Get params
	params, err := context.Params()
	if err != nil {
		return router.InternalError(err)
	}

	// Get user details
	user := authorise.CurrentUser(context)
	ip := getUserIP(context)
	url := params.Get("url")

	// Strip trailing slashes on url before comparisons
	// we could possibly also strip url fragments
	if strings.HasSuffix(url, "/") {
		url = strings.Trim(url, "/")
		params.Set("url", url)
	}

	// Check that no story with this url already exists
	q := stories.Where("url=?", url)
	duplicates, err := stories.FindAll(q)
	if err != nil {
		return router.InternalError(err)
	}

	if len(duplicates) > 0 {
		dupe := duplicates[0]
		// Add a point to dupe and return
		addStoryVote(dupe, user, ip, 1)
		return router.Redirect(context, dupe.URLShow())
	}
	// Clean params according to role
	accepted := stories.AllowedParams()
	if authorise.CurrentUser(context).Admin() {
		accepted = stories.AllowedParamsAdmin()
	}
	cleanedParams := params.Clean(accepted)

	// Set a few params
	cleanedParams["points"] = "1"
	cleanedParams["user_id"] = fmt.Sprintf("%d", user.Id)
	cleanedParams["user_name"] = user.Name

	id, err := stories.Create(cleanedParams)
	if err != nil {
		return err // Create returns a router.Error
	}

	// Log creation
	context.Logf("#info Created story id,%d", id)

	// Redirect to the new story
	story, err := stories.Find(id)
	if err != nil {
		return router.InternalError(err)
	}

	// We need to add a vote to the story here too by adding a join to the new id
	err = recordStoryVote(story, user, ip, +1)
	if err != nil {
		return err
	}

	// Re-rank stories
	err = updateStoriesRank()
	if err != nil {
		return err
	}

	return router.Redirect(context, story.URLIndex())
}
Example #25
0
// HandleCreate handles the POST of the create form for comments
func HandleCreate(context router.Context) error {

	// Authorise csrf token
	err := authorise.AuthenticityToken(context)
	if err != nil {
		return router.NotAuthorizedError(err)
	}

	// Check permissions - if not logged in and above 0 points, redirect
	if !authorise.CurrentUser(context).CanComment() {
		return router.NotAuthorizedError(nil, "Sorry", "You need to be registered and have more than 0 points to comment.")
	}

	// Setup context
	params, err := context.Params()
	if err != nil {
		return router.InternalError(err)
	}

	// Find parent story - this must exist
	story, err := stories.Find(params.GetInt("story_id"))
	if err != nil {
		return router.NotFoundError(err)
	}

	params.SetInt("story_id", story.Id)
	params.Set("story_name", story.Name)

	// Set a few params
	user := authorise.CurrentUser(context)
	params.SetInt("user_id", user.Id)
	params.Set("user_name", user.Name)
	params.SetInt("points", 1)

	// Find the parent and set dotted id
	// these are of the form xx.xx. with a trailing dot
	// this saves us from saving twice on create
	parentID := context.ParamInt("parent_id")
	if parentID > 0 {
		parent, err := comments.Find(parentID)
		if err != nil {
			return router.NotFoundError(err)
		}
		context.Logf("PARENT:%d - %s", parent.Id, parent.DottedIds)
		params.Set("dotted_ids", fmt.Sprintf(parent.DottedIds+"."))
	}

	id, err := comments.Create(params.Map())
	if err != nil {
		return router.InternalError(err)
	}

	// Log creation
	context.Logf("#info Created comment id,%d", id)

	// Update the story comment Count

	storyParams := map[string]string{"comment_count": fmt.Sprintf("%d", story.CommentCount+1)}
	err = story.Update(storyParams)
	if err != nil {
		return router.InternalError(err, "Error", "Could not update story.")
	}

	// Redirect to the new comment
	m, err := comments.Find(id)
	if err != nil {
		return router.InternalError(err)
	}

	// Re-rank comments on this story
	err = updateCommentsRank(m.StoryId)
	if err != nil {
		return err
	}

	return router.Redirect(context, m.URLStory())
}
Example #26
0
// HandleCreate handles POST users/create
func HandleCreate(context router.Context) error {

	// Check csrf token
	err := authorise.AuthenticityToken(context)
	if err != nil {
		return router.NotAuthorizedError(err)
	}

	// Setup context
	params, err := context.Params()
	if err != nil {
		return router.InternalError(err)
	}

	// Check for email duplicates
	email := params.Get("email")
	if len(email) > 0 {

		if len(email) < 3 || !strings.Contains(email, "@") {
			return router.InternalError(err, "Invalid email", "Please just miss out the email field, or use a valid email.")
		}

		count, err := users.Query().Where("email=?", email).Count()
		if err != nil {
			return router.InternalError(err)
		}
		if count > 0 {
			return router.NotAuthorizedError(err, "User already exists", "Sorry, a user already exists with that email.")
		}
	}

	// Check for invalid or duplicate names
	name := params.Get("name")
	if len(name) < 2 {
		return router.InternalError(err, "Name too short", "Please choose a username longer than 2 characters")
	}

	count, err := users.Query().Where("name=?", name).Count()
	if err != nil {
		return router.InternalError(err)
	}
	if count > 0 {
		return router.NotAuthorizedError(err, "User already exists", "Sorry, a user already exists with that name, please choose another.")
	}

	// Set some defaults for the new user
	params.SetInt("status", status.Published)
	params.SetInt("role", users.RoleReader)
	params.SetInt("points", 1)

	// Now try to create the user
	id, err := users.Create(params.Map())
	if err != nil {
		return router.InternalError(err, "Error", "Sorry, an error occurred creating the user record.")
	}

	context.Logf("#info Created user id,%d", id)

	// Find the user again so we can save login
	user, err := users.Find(id)
	if err != nil {
		context.Logf("#error parsing user id: %s", err)
		return router.NotFoundError(err)
	}

	// Save the fact user is logged in to session cookie
	err = loginUser(context, user)
	if err != nil {
		return router.InternalError(err)
	}

	// Redirect to root
	return router.Redirect(context, "/?message=welcome")
}
Example #27
0
// HandleCreate handles the POST of the create form for stories
func HandleCreate(context router.Context) error {

	// Check csrf token
	err := authorise.AuthenticityToken(context)
	if err != nil {
		return router.NotAuthorizedError(err)
	}

	// Check permissions - if not logged in and above 1 points, redirect to error
	if !authorise.CurrentUser(context).CanSubmit() {
		return router.NotAuthorizedError(nil, "Sorry", "You need to be registered and have more than 1 points to submit stories.")
	}

	// Get params
	params, err := context.Params()
	if err != nil {
		return router.InternalError(err)
	}

	// Get user details
	user := authorise.CurrentUser(context)
	ip := getUserIP(context)

	// Process urls
	url := params.Get("url")

	// Strip trailing slashes on url before comparisons
	if strings.HasSuffix(url, "/") {
		url = strings.Trim(url, "/")
	}

	// Strip ?utm_source etc - remove all after ?utm_source
	if strings.Contains(url, "?utm_") {
		url = strings.Split(url, "?utm_")[0]
	}

	// Strip url fragments (For example trailing # on medium urls)
	if strings.Contains(url, "#") {
		url = strings.Split(url, "#")[0]
	}

	// Rewrite mobile youtube links
	if strings.HasPrefix(url, "https://m.youtube.com") {
		url = strings.Replace(url, "https://m.youtube.com", "https://www.youtube.com", 1)
	}

	params.Set("url", url)

	// Check that no story with this url already exists
	q := stories.Where("url=?", url)
	duplicates, err := stories.FindAll(q)
	if err != nil {
		return router.InternalError(err)
	}

	if len(duplicates) > 0 {
		story := duplicates[0]

		// Check we have no votes already from this user, if we do fail
		if storyHasUserVote(story, user) {
			return router.NotAuthorizedError(err, "Vote Failed", "Sorry you are not allowed to vote twice, nice try!")

		}

		// Add a point to dupe and return
		addStoryVote(story, user, ip, 1)
		return router.Redirect(context, story.URLShow())
	}
	// Clean params according to role
	accepted := stories.AllowedParams()
	if authorise.CurrentUser(context).Admin() {
		accepted = stories.AllowedParamsAdmin()
	}
	cleanedParams := params.Clean(accepted)

	// Set a few params
	cleanedParams["points"] = "1"
	cleanedParams["user_id"] = fmt.Sprintf("%d", user.Id)
	cleanedParams["user_name"] = user.Name

	id, err := stories.Create(cleanedParams)
	if err != nil {
		return err // Create returns a router.Error
	}

	// Log creation
	context.Logf("#info Created story id,%d", id)

	// Redirect to the new story
	story, err := stories.Find(id)
	if err != nil {
		return router.InternalError(err)
	}

	// We need to add a vote to the story here too by adding a join to the new id
	err = recordStoryVote(story, user, ip, +1)
	if err != nil {
		return err
	}

	// Re-rank stories
	err = updateStoriesRank()
	if err != nil {
		return err
	}

	return router.Redirect(context, story.URLIndex())
}
Example #28
0
// HandleCreate handles the POST of the create form for files
func HandleCreate(context router.Context) error {

	// Do not perform auth on posts - we could check a shared secret here or similar but that is not secure
	// better to require siging of posts by users with their own key to confirm identity if we wanted to check submissions.

	// Parse multipart first - must fix this to do it automatically
	fileParams, err := context.ParamFiles("file")
	if err != nil || len(fileParams) < 1 {
		return router.InternalError(err, "Invalid file", "Sorry, the file upload failed.")
	}
	fh := fileParams[0]

	context.Logf("#info FILE RECD:%v", fh.Filename)

	// Now extract other params
	params, err := context.Params()
	if err != nil {
		return router.InternalError(err)
	}

	// First find the username, if we have no user, reject post
	//context.Logf("PARAMS:%v", params)
	// PARAMS:map[sender:[Kenny Grant] recipient:[testtest]]
	// Check for user with name recipient

	// Find the user
	user, err := users.FindName(context.Param("recipient"))
	if err != nil || user == nil {
		return router.NotFoundError(err, "User not found", "Sorry this user doesn't exist")
	}

	// link with the named recipient user
	params.SetInt("user_id", user.Id)

	context.Logf("PARAMS:%v", params)

	// Ideally perform some identity check on the sender here, and set sender id if we have a user?
	// Perhaps require sending pgp sig of data?

	// We only consider the first file
	id, err := files.Create(params.Map(), fh)
	if err != nil {
		return router.InternalError(err)
	}

	// Log creation
	context.Logf("#info Created file id,%d", id)

	/*
		_, err := files.Find(id)
		if err != nil {
			return router.InternalError(err)
		}
	*/

	// Render a 200 response
	view := view.New(context)
	view.Layout("files/views/create.json.got")
	return view.Render()
	//	return router.Redirect(context, m.URLIndex())
}
Example #29
0
// HandleCreate handles the POST of the create form for stories
func HandleCreate(context router.Context) error {

	// Check csrf token
	err := authorise.AuthenticityToken(context)
	if err != nil {
		return router.NotAuthorizedError(err)
	}

	// Check permissions - if not logged in and above 1 points, redirect to error
	if !authorise.CurrentUser(context).CanSubmit() {
		return router.NotAuthorizedError(nil, "Sorry", "You need to be registered and have more than 1 points to submit stories.")
	}

	// Get user details
	user := authorise.CurrentUser(context)
	ip := getUserIP(context)

	// Check that no story with this url already exists
	q := stories.Where("url=?", context.Param("url"))
	duplicates, err := stories.FindAll(q)
	if err != nil {
		return router.InternalError(err)
	}

	if len(duplicates) > 0 {
		dupe := duplicates[0]
		// Add a point to dupe
		addStoryVote(dupe, user, ip, 1)

		return router.Redirect(context, dupe.URLShow())
	}

	// Setup context
	params, err := context.Params()
	if err != nil {
		return router.InternalError(err)
	}

	// Set a few params
	params.SetInt("points", 1)
	params.SetInt("user_id", user.Id)
	params.Set("user_name", user.Name)

	id, err := stories.Create(params.Map())
	if err != nil {
		return err // Create returns a router.Error
	}

	// Log creation
	context.Logf("#info Created story id,%d", id)

	// Redirect to the new story
	story, err := stories.Find(id)
	if err != nil {
		return router.InternalError(err)
	}

	// We need to add a vote to the story here too by adding a join to the new id
	err = recordStoryVote(story, user, ip, +1)
	if err != nil {
		return err
	}

	// Re-rank stories
	err = updateStoriesRank()
	if err != nil {
		return err
	}

	return router.Redirect(context, story.URLIndex())
}