// API function to get user settings func getApiUserHandler(w http.ResponseWriter, r *http.Request, params map[string]string) { userName := authentication.GetUserName(r) if userName != "" { userId, err := getUserId(userName) if err != nil { http.Error(w, err.Error(), http.StatusInternalServerError) return } id := params["id"] userIdToGet, err := strconv.ParseInt(id, 10, 64) if err != nil || userIdToGet < 1 { http.Error(w, err.Error(), http.StatusInternalServerError) return } else if userIdToGet != userId { // Make sure the authenticated user is only accessing his/her own data. TODO: Make sure the user is admin when multiple users have been introduced http.Error(w, "You don't have permission to access this data.", http.StatusForbidden) return } user, err := database.RetrieveUser(userIdToGet) if err != nil { http.Error(w, err.Error(), http.StatusInternalServerError) return } userRole, err := getUserRole(userName) if err != nil { http.Error(w, err.Error(), http.StatusInternalServerError) return } user.Role = userRole userJson := userToJson(user) json, err := json.Marshal(userJson) if err != nil { http.Error(w, err.Error(), http.StatusInternalServerError) return } w.Header().Set("Content-Type", "application/json") w.Write(json) return } else { http.Error(w, "Not logged in!", http.StatusInternalServerError) return } }
// API function to patch user settings func patchApiUserHandler(w http.ResponseWriter, r *http.Request, _ map[string]string) { userName := authentication.GetUserName(r) if userName != "" { userId, err := getUserId(userName) if err != nil { http.Error(w, err.Error(), http.StatusInternalServerError) return } decoder := json.NewDecoder(r.Body) var json JsonUser err = decoder.Decode(&json) if err != nil { http.Error(w, err.Error(), http.StatusInternalServerError) return } // Make sure user id is over 0 if json.Id < 1 { http.Error(w, "Wrong user id.", http.StatusInternalServerError) return } else if userId != json.Id { // Make sure the authenticated user is only changing his/her own data. TODO: Make sure the user is admin when multiple users have been introduced http.Error(w, "You don't have permission to change this data.", http.StatusInternalServerError) return } // Get old user data to compare tempUser, err := database.RetrieveUser(json.Id) if err != nil { http.Error(w, err.Error(), http.StatusInternalServerError) return } // Make sure user email is provided if json.Email == "" { json.Email = string(tempUser.Email) } // Make sure user name is provided if json.Name == "" { json.Name = string(tempUser.Name) } // Make sure user slug is provided if json.Slug == "" { json.Slug = tempUser.Slug } // Check if new name is already taken if json.Name != string(tempUser.Name) { _, err = database.RetrieveUserByName([]byte(json.Name)) if err == nil { // The new user name is already taken. Assign the old name. // TODO: Return error that will be displayed in the admin interface. json.Name = string(tempUser.Name) } } // Check if new slug is already taken if json.Slug != tempUser.Slug { _, err = database.RetrieveUserBySlug(json.Slug) if err == nil { // The new user slug is already taken. Assign the old slug. // TODO: Return error that will be displayed in the admin interface. json.Slug = tempUser.Slug } } user := structure.User{Id: json.Id, Name: []byte(json.Name), Slug: json.Slug, Email: []byte(json.Email), Image: []byte(json.Image), Cover: []byte(json.Cover), Bio: []byte(json.Bio), Website: []byte(json.Website), Location: []byte(json.Location)} err = methods.UpdateUser(&user, userId) if err != nil { http.Error(w, err.Error(), http.StatusInternalServerError) return } if json.Password != "" && (json.Password == json.PasswordRepeated) { // Update password if a new one was submitted encryptedPassword, err := authentication.EncryptPassword(json.Password) if err != nil { http.Error(w, err.Error(), http.StatusInternalServerError) return } err = database.UpdateUserPassword(user.Id, encryptedPassword, time.Now(), json.Id) if err != nil { http.Error(w, err.Error(), http.StatusInternalServerError) return } } // Check if the user name was changed. If so, update the session cookie to the new user name. if json.Name != string(tempUser.Name) { logInUser(json.Name, w) } w.WriteHeader(http.StatusOK) w.Write([]byte("User settings updated!")) return } else { http.Error(w, "Not logged in!", http.StatusInternalServerError) return } }
// API function to add and remove post authors func putApiPostAuthorsHandler(w http.ResponseWriter, r *http.Request, params map[string]string) { userName := authentication.GetUserName(r) if userName != "" { userId, err := getUserId(userName) if err != nil { http.Error(w, err.Error(), http.StatusInternalServerError) return } userRole, err := getUserRole(userName) if err != nil { http.Error(w, err.Error(), http.StatusInternalServerError) return } post_id := params["id"] postId, err := strconv.ParseInt(post_id, 10, 64) if err != nil || postId < 1 { http.Error(w, err.Error(), http.StatusInternalServerError) return } // Check the post for existence (there's no foreign key constraint) post, err := database.RetrievePostById(postId) if err != nil { http.Error(w, err.Error(), http.StatusInternalServerError) return } // Allow this action only to the main author if post.Author.Id != userId && userRole != 4 { http.Error(w, "Not your post", http.StatusInternalServerError) return } decoder := json.NewDecoder(r.Body) var json JsonChangePostAuthors err = decoder.Decode(&json) if err != nil { http.Error(w, err.Error(), http.StatusInternalServerError) return } delete_author_ids := json.Delete add_author_ids := json.Add var existing_authors []structure.User existing_authors, err = database.RetrieveAuthors(postId) if err != nil { http.Error(w, err.Error(), http.StatusInternalServerError) return } // Delete users for _, author_id := range delete_author_ids { err = database.DeletePostAuthor(postId, author_id) // Don't even check for errors } // Filter out ones who is already listed as author for _, author_id := range add_author_ids { author_exists := false for _, author := range existing_authors { if author.Id == author_id { author_exists = true break } } if !author_exists { _, err = database.RetrieveUser(author_id) if err == nil { // Verify that this user exists in DB // and save him _ = database.InsertPostAuthor(int(postId), author_id) } } } w.WriteHeader(http.StatusOK) w.Write([]byte("Authors added!")) return } else { http.Error(w, "Not logged in!", http.StatusInternalServerError) return } }