func recovery(
c martini.Context,
req *http.Request,
ren render.Render,
dec formDecoder,
) {
defer func() {
if r := recover(); r != nil {
switch err := r.(type) {
case jsonError:
handleJsonError(err, ren)
case authError:
authenticate(err, dec, ren, req)
case userError:
ren.HTML(200, "error", m{
"Message": formatMessage(err.Error()),
})
case csql.Error:
ren.HTML(200, "error", m{
"Message": formatMessage(err.Error()),
})
default:
panic(r)
}
}
}()
c.Next()
}
func webAuth(
lg *log.Logger,
c martini.Context,
routes martini.Routes,
params martini.Params,
r *http.Request,
w http.ResponseWriter,
s *sessions.Session,
ren render.Render,
dec formDecoder,
mdec multiDecoder,
) {
userId := sessGet(s, sessionUserId)
if len(userId) == 0 {
panic(ae(""))
}
state := &web{
lg: lg, c: c, routes: routes, params: params,
r: r, w: w, s: s, ren: ren,
decode: dec, multiDecode: mdec,
user: findUserById(userId),
}
ren.Template().Funcs(template.FuncMap{
"url": state.url,
})
c.Map(state)
}
func mapCart(c martini.Context, res http.ResponseWriter, r *http.Request) error {
qs := r.URL.Query()
var shopId string
if qsId := qs.Get("shop"); qsId != "" {
shopId = qsId
} else if formId := r.FormValue("shop"); formId != "" {
shopId = formId
} else if headerId := r.Header.Get("shop"); headerId != "" {
shopId = headerId
}
if shopId == "" {
return fmt.Errorf("error: %s", "you must provide a shop identifier")
}
if !bson.IsObjectIdHex(shopId) {
return fmt.Errorf("error: %s", "invalid shop identifier")
}
shop := cart.Shop{
Id: bson.ObjectIdHex(shopId),
}
if shop.Id.Hex() == "" {
return fmt.Errorf("error: %s", "invalid shop identifier")
}
if err := shop.Get(); err != nil {
return err
}
if shop.Id.Hex() == "" {
return fmt.Errorf("error: %s", "invalid shop identifier")
}
c.Map(&shop)
return nil
}
func mapCartAccount(c martini.Context, res http.ResponseWriter, r *http.Request) error {
auth := r.Header.Get("Authorization")
token := strings.Replace(auth, "Bearer ", "", 1)
cust, err := cart.AuthenticateAccount(token)
if err != nil {
return err
}
shop := cart.Shop{
Id: cust.ShopId,
}
if shop.Id.Hex() == "" {
return fmt.Errorf("error: %s", "invalid shop identifier")
}
if err := shop.Get(); err != nil {
return err
}
if shop.Id.Hex() == "" {
return fmt.Errorf("error: %s", "invalid shop identifier")
}
c.Map(&shop)
c.Map(token)
return nil
}
// MapEncoder intercepts the request's URL, detects the requested format,
// and injects the correct encoder dependency for this request. It rewrites
// the URL to remove the format extension, so that routes can be defined
// without it.
func MapEncoder(c martini.Context, w http.ResponseWriter, r *http.Request) {
// Get the format extension
matches := rxExt.FindStringSubmatch(r.URL.Path)
ft := ".json"
if len(matches) > 1 {
// Rewrite the URL without the format extension
l := len(r.URL.Path) - len(matches[1])
if strings.HasSuffix(r.URL.Path, "/") {
l--
}
r.URL.Path = r.URL.Path[:l]
ft = matches[1]
}
log.Println(r.URL.Path)
// Inject the requested encoder
switch ft {
case ".xml":
//c.MapTo(&xmlEncoder{}, (*Encoder)(nil))
w.Header().Set("Content-Type", "application/xml")
case ".text":
//c.MapTo(&textEncoder{}, (*Encoder)(nil))
w.Header().Set("Content-Type", "text/plain; charset=utf-8")
default:
c.MapTo(&jsonEncoder{}, (*Encoder)(nil))
w.Header().Set("Content-Type", "application/json")
}
}
func RequestLocationProvider(gaeContext appengine.Context, mContext martini.Context, request *http.Request) {
locationCode := request.Header.Get("X-AppEngine-Country")
location := locationFromCode(locationCode)
gaeContext.Infof("Using location code: %v", location)
mContext.Map(location)
}
// AppengineContextProvider provides an injectable and namespaced
// instance of appengine.Context
func AppengineContextProvider(c martini.Context, req *http.Request) {
gae := appengine.NewContext(req)
namespace := appengine.ModuleName(gae)
context, err := appengine.Namespace(gae, namespace)
if err != nil {
panic(err)
}
c.Map(context)
}
//Simple auth handler based on a global key. This may have to be rewritten...
func authHandler(r *http.Request, ctx martini.Context, ren render.Render) {
log.Println(r.Header)
if r.Header.Get("Authorization") != APIKey {
ren.Text(http.StatusUnauthorized, "Invalid authorization")
return
}
//Call the next handler
ctx.Next()
}
func Retrieve(c martini.Context, params martini.Params, r render.Render) {
id, _ := strconv.Atoi(params["id"])
post, err := retrieve(id)
if err != nil {
r.Error(404)
return
}
c.Map(post)
}
func Auth(session sessions.Session, c martini.Context, r render.Render) {
v := session.Get("userid")
fmt.Println(v)
if v == nil {
r.Redirect("/login")
} else {
c.Next()
}
}
func gitHubAuthMiddleware(req *http.Request, res http.ResponseWriter, r render.Render, c martini.Context) {
// Verify origin is GH
template := make(map[string]string)
template["contactUrl"] = os.Getenv("CONTACT_URL")
template["contactValue"] = os.Getenv("CONTACT_VALUE")
template["message"] = "There was an authenticating your account."
err := req.ParseForm()
if err != nil {
log.Println(err)
r.HTML(http.StatusBadRequest, "error", template)
return
}
if len(req.Form["code"]) != 1 {
r.HTML(http.StatusUnauthorized, "error", template)
return
}
// If legit, attempt to get token
payload := make(map[string]string)
payload["client_id"] = os.Getenv("GITHUB_CLIENT_ID")
payload["client_secret"] = os.Getenv("GITHUB_CLIENT_SECRET")
payload["code"] = req.Form["code"][0]
body, _ := json.Marshal(payload)
ghReq, _ := http.NewRequest("POST", "https://github.com/login/oauth/access_token", bytes.NewReader(body))
ghReq.Header.Add("Content-Type", acceptHeader)
ghReq.Header.Add("Accept", acceptHeader)
ghReq.Header.Add("User-Agent", userAgent)
ghRes, err := http.DefaultClient.Do(ghReq)
// check status code
if err != nil {
log.Println(err)
r.HTML(http.StatusServiceUnavailable, "error", template)
return
}
ghPayload, err := ioutil.ReadAll(ghRes.Body)
if err != nil {
log.Println(err)
r.HTML(http.StatusInternalServerError, "error", template)
return
}
var ghJSON map[string]interface{}
err = json.Unmarshal(ghPayload, &ghJSON)
if err != nil {
log.Println(err)
r.HTML(http.StatusInternalServerError, "error", template)
return
}
token, ok := ghJSON["access_token"].(string)
if !ok {
r.HTML(http.StatusOK, "error", template)
return
}
c.Map(token)
c.Next()
http.Redirect(res, req, "/award", http.StatusFound)
}
func Authenticate(w http.ResponseWriter, r *http.Request, c martini.Context, enc encoder.Encoder) {
db := GetDbSession()
token := r.Header.Get("X-API-TOKEN")
user := User{}
err := db.SelectOne(&user, "select * from users where token=?", token)
if err != nil {
http.Error(w, "Auth Error", http.StatusUnauthorized)
}
c.Map(user)
}
func logoutHandle(f *Config, c martini.Context, s sessions.Session, w http.ResponseWriter, r *http.Request) {
s.Delete(keyToken)
path := fmt.Sprintf("%s?client_id=%s&client_secret=%s", f.Endpoint.LogoutURL, f.ClientID, f.ClientSecret)
utils.HttpGetString(path)
// fmt.Println("oauth logout result:",string(str))
f.ClientID = ""
f.ClientSecret = ""
c.Invoke(Logout)
http.Redirect(w, r, "/", 302)
}
//The authorize middleware will search the session for a username
//if it doesnt find it, it will redirect to login
func authorize(w http.ResponseWriter, r *http.Request, session sessions.Session, c martini.Context) {
username := session.Get("username")
if username == nil {
http.Redirect(w, r, "/login", http.StatusFound)
}
//if we found the user, let's create a new user struct and map it into the request context
user := &User{}
user.Username = username.(string)
c.Map(user)
}
func (c *ConnectionLimit) Handler(ctx martini.Context, rw http.ResponseWriter) { // {{{
if atomic.AddInt32(&c.numConnections, 1) > c.limit {
http.Error(rw, "maximum connections exceeded", http.StatusServiceUnavailable)
atomic.AddInt32(&c.numConnections, -1)
return
}
ctx.Next()
atomic.AddInt32(&c.numConnections, -1)
} // }}}
func ExternalServiceAuthorizationProvider(ds *appx.Datastore, martiniContext martini.Context, account *models.Account) {
authorization := &models.ExternalServiceAuthorization{}
authorization.SetParentKey(account.Key())
if err := ds.Load(authorization); err != nil {
panic(err)
}
martiniContext.Map(authorization)
}
// ContentMiddleware is a Martini handler which specifies the proper
// serialization (XML/JSON) depending on the "Content-Type" header
// presented.
func ContentMiddleware(c martini.Context, w http.ResponseWriter, r *http.Request) {
switch r.Header.Get("Content-Type") {
case "application/xml":
c.MapTo(encoder.XmlEncoder{}, (*encoder.Encoder)(nil))
w.Header().Set("Content-Type", "application/xml; charset=utf-8")
default:
c.MapTo(encoder.JsonEncoder{}, (*encoder.Encoder)(nil))
w.Header().Set("Content-Type", "application/json; charset=utf-8")
}
}
/*
* Web functions
*/
func RequireLogin(rw http.ResponseWriter, req *http.Request, s sessions.Session,
db_ *mgo.Database, c martini.Context) {
user, err := db.GetUserById(bson.ObjectIdHex(s.Get("userId").(string)), db_)
if err != nil {
fmt.Println(err)
http.Redirect(rw, req, PAGE_LOGIN, http.StatusFound)
return
}
c.Map(user)
}
// Middleware ...
func Middleware(ctx martini.Context, r *http.Request, w http.ResponseWriter) {
sessionID := ensureCookie(r, w)
session := sessionStore.Get(sessionID)
ctx.Map(session)
ctx.Next()
sessionStore.Set(session)
}
func filter(req *http.Request, c martini.Context) {
req.ParseForm()
m := make(FilterInfo)
for k, v := range req.Form {
if strings.HasPrefix(k, "f_") {
field := strings.Split(k, "f_")[1]
m[field] = v[0]
}
}
c.Map(m)
}
func RequireLogin(rw http.ResponseWriter, req *http.Request,
s sessions.Session, db *sql.DB, c martini.Context) {
user := &User{}
err := db.QueryRow("select name, email from users where id=?", s.Get("userId")).Scan(&user.Name, &user.Email)
if err != nil {
http.Redirect(rw, req, "/login", http.StatusFound)
return
}
c.Map(user)
}
func RequireLogin(ren render.Render, req *http.Request, s sessions.Session, dbmap *gorp.DbMap, c martini.Context) {
var usr User
err := dbmap.SelectOne(&usr, "SELECT * from users WHERE id = $1", s.Get("userId"))
if err != nil {
ren.JSON(http.StatusForbidden, nil)
return
}
c.Map(usr)
}
func AppengineContextProvider(c martini.Context, request *http.Request) {
gae := appengine.NewContext(request)
namespace := appengine.ModuleName(gae)
context, err := appengine.Namespace(gae, namespace)
if err != nil {
panic(fmt.Sprintf("Could not create GAE context: %v", err))
}
c.MapTo(context, (*appengine.Context)(nil))
}
// get device identifier
func CheckDeviceIdentifier(context martini.Context, params martini.Params, req *http.Request, r render.Render) {
identifier := params["identifier"]
device := &models.Device{}
err := server.RPCCallByName("registry", "Registry.FindDeviceByIdentifier", identifier, device)
if err != nil {
r.JSON(http.StatusOK, renderError(ErrDeviceNotFound, err))
return
}
context.Map(device)
}
func mapArgs(c martini.Context, params martini.Params, r *http.Request,
w http.ResponseWriter) {
if err := r.ParseForm(); err != nil {
w.WriteHeader(http.StatusBadRequest)
fmt.Fprintln(w, "bad request:", err)
return
}
var ctx core.CommandContext
ctx.Cmd = params["cmd"]
ctx.Args = core.ArgMap(r.Form)
c.Map(&ctx)
}
func callNormalizeBinding(val reflect.Value, context martini.Context) (interface{}, error) {
obj := val.Interface()
if m := val.MethodByName("NormalizeBinding"); m.IsValid() {
results, err := context.Invoke(m.Interface())
if err != nil {
return nil, err
}
if len(results) > 0 {
obj = results[0].Interface()
}
}
return obj, nil
}
func Register(db *gorm.DB, c martini.Context, body *user.Account, rw http.ResponseWriter) {
if db == nil {
panic("db is not exist")
}
account := Account{DB: db}
res := account.Register(body)
if res.Status == http.StatusOK {
c.Map(res.Body)
c.Next()
}
Response(res, rw)
}
func jsonResp(c martini.Context) {
defer func() {
if r := recover(); r != nil {
if err, ok := r.(error); ok {
if _, ok := err.(jsonError); ok {
panic(r)
} else {
panic(jsonError{err})
}
}
}
}()
c.Next()
}
func RequireLogin(s sessions.Session, db *sql.DB, c martini.Context, ren render.Render, returnUrl string) {
user := &User{}
err := db.QueryRow("select name, email from appuser where id=$1", s.Get("userId")).Scan(&user.Name, &user.Email)
s.Set("returnUrl", returnUrl)
if err != nil {
ren.Redirect("/login")
return
}
//map user to the context
c.Map(user)
}
func MapEncoder(c martini.Context, w http.ResponseWriter, r *http.Request) {
accept := r.Header.Get("Accept")
if accept == "*/*" {
accept = r.Header.Get("Content-Type")
}
matches := rxAccept.FindStringSubmatch(accept)
dt := "json"
if len(matches) == 1 {
dt = matches[0]
}
switch dt {
case "xml":
c.MapTo(XmlEncoder{}, (*Encoder)(nil))
w.Header().Set("Content-Type", "application/xml")
case "plain":
c.MapTo(TextEncoder{}, (*Encoder)(nil))
w.Header().Set("Content-Type", "text/plain")
case "html":
c.MapTo(TextEncoder{}, (*Encoder)(nil))
w.Header().Set("Content-Type", "text/html")
default:
c.MapTo(JsonEncoder{}, (*Encoder)(nil))
w.Header().Set("Content-Type", "application/json")
}
}