func CreateUserHandler(w http.ResponseWriter, r *http.Request) {
fields := createUserForm{}
if formutils.ParseSend(w, r, &fields) {
return
}
hash, err := cryptoutils.Hash(fields.Password, conf.PasswordLevel)
if err != nil {
log.Println(err)
w.WriteHeader(http.StatusInternalServerError)
return
}
user := model.User{
ID: bson.NewObjectId(),
Name: fields.Name,
Email: strings.TrimSpace(fields.Email),
PasswordHash: hash,
CreatedAt: time.Now(),
}
if err := ctx.M(r).DB("").C("users").Insert(&user); err != nil {
if mgo.IsDup(err) {
eres.New(w).AddField("email", "already exists").Send()
return
}
log.Println(err)
w.WriteHeader(http.StatusInternalServerError)
return
}
token := model.NewToken(user.ID, false)
if err := ctx.M(r).DB("").C("tokens").Insert(&token); err != nil {
log.Println(err)
w.WriteHeader(http.StatusInternalServerError)
return
}
rp := userResponse{
User: user,
AccessToken: token.Token,
}
httpres.Json(w, http.StatusCreated, rp)
}
func SetUser(h http.Handler) http.Handler {
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
token := r.Header.Get("X-Auth-Token")
if token == "" {
ctx.SetCurrentUser(r, nil)
} else {
user, found, err := model.FindUserByToken(token, ctx.M(r))
if err != nil {
log.Println(err)
w.WriteHeader(http.StatusInternalServerError)
return
}
if found {
ctx.SetCurrentUser(r, &user)
} else {
ctx.SetCurrentUser(r, nil)
}
}
h.ServeHTTP(w, r)
})
}
func DeleteAllTokensHandler(w http.ResponseWriter, r *http.Request) {
user := ctx.CurrentUser(r)
if _, err := ctx.M(r).DB("").C("tokens").RemoveAll(bson.M{
"user_id": user.ID,
}); err != nil && err != mgo.ErrNotFound {
log.Println(err)
w.WriteHeader(http.StatusBadRequest)
return
}
w.WriteHeader(http.StatusNoContent)
}
func CreateTokenHandler(w http.ResponseWriter, r *http.Request) {
fields := createTokenForm{}
if formutils.ParseSend(w, r, &fields) {
return
}
var user model.User
if err := ctx.M(r).DB("").C("users").Find(bson.M{
"email": strings.TrimSpace(fields.Email),
}).One(&user); err != nil {
if err == mgo.ErrNotFound {
eres.New(w).SetMessage("bad credentials").Send()
return
}
log.Println(err)
w.WriteHeader(http.StatusBadRequest)
return
}
if err := bcrypt.CompareHashAndPassword([]byte(user.PasswordHash), []byte(fields.Password)); err != nil {
eres.New(w).SetMessage("bad credentials").Send()
return
}
token := model.NewToken(user.ID, fields.Forever)
if err := ctx.M(r).DB("").C("tokens").Insert(&token); err != nil {
log.Println(err)
w.WriteHeader(http.StatusInternalServerError)
return
}
httpres.Json(w, http.StatusCreated, tokenResponse{token.Token})
}
func ListUsersHandler(w http.ResponseWriter, r *http.Request) {
fields := listUsersForm{}
if formutils.ParseSend(w, r, &fields) {
return
}
m := bson.M{}
if fields.Name != "" {
//todo: do full text search instead
m["name"] = bson.RegEx{fields.Name, "i"}
}
q := ctx.M(r).DB("").C("users").Find(m)
totalCount, err := q.Count()
if err != nil {
log.Println(err)
w.WriteHeader(http.StatusInternalServerError)
return
}
p := paging.Paging{
Page: fields.Page,
Limit: fields.Limit,
Count: totalCount,
}.Calc()
users := []model.User{}
if err = q.
Limit(p.Limit).
Skip(p.Offset).
Sort("-created_at").
All(&users); err != nil {
log.Println(err)
w.WriteHeader(http.StatusInternalServerError)
return
}
rp := usersResponse{
Users: users,
CurrentPage: p.Page,
TotalPagesCount: p.TotalPages,
}
httpres.Json(w, http.StatusOK, rp)
}
func GetUserHandler(w http.ResponseWriter, r *http.Request) {
id, err := bsonutils.ObjectId(mux.Vars(r)["id"])
if err != nil {
w.WriteHeader(http.StatusNotFound)
return
}
var user model.User
if err := ctx.M(r).DB("").C("users").FindId(id).One(&user); err != nil {
if err == mgo.ErrNotFound {
w.WriteHeader(http.StatusNotFound)
return
}
log.Println(err)
w.WriteHeader(http.StatusInternalServerError)
return
}
httpres.Json(w, http.StatusOK, userResponse{User: user})
}