Example #1
0
func userInfoHandler(w http.ResponseWriter, r *http.Request) {
	if r.Method == "POST" {
		f, err := requestedUserAuthenticated(r)
		if err != nil {
			pErr("%v\n", err)
			http.Error(w, "forbidden", http.StatusForbidden)
			return
		}

		err = data.Unmarshal(r.Body, &f.Profile)
		if err != nil {
			http.Error(w, "error serializing", http.StatusBadRequest)
			return
		}

		err = f.Put()
		if err != nil {
			http.Error(w, "error saving user file", http.StatusInternalServerError)
			return
		}
	}

	f, err := requestedUser(r)
	if err != nil {
		pOut("%v\n", err)
		http.Error(w, "user not found", http.StatusNotFound)
		return
	}

	httpWriteMarshal(w, f.Profile)
}
Example #2
0
func userAddHandler(w http.ResponseWriter, r *http.Request) {
	m := &data.NewUserMsg{}
	err := data.Unmarshal(r.Body, m)
	if err != nil {
		http.Error(w, "error serializing", http.StatusInternalServerError)
		return
	}

	if len(m.Pass) < data.PasswordMinLength {
		http.Error(w, "invalid password", http.StatusBadRequest)
		return
	}

	if !data.EmailRegexp.MatchString(m.Email) {
		http.Error(w, "invalid email", http.StatusBadRequest)
		return
	}

	// not authenticated User. ignore current auth token.
	f, err := requestedUser(r)
	if err == nil {
		pOut("%v\n", err)
		pOut("attempt to re-register user: %s?\n", f.User())
		http.Error(w, "user exists", http.StatusForbidden)
		return
	}

	// ok, store user.
	f.Pass = password.Hash(string(m.Pass))
	f.Profile.Email = m.Email
	f.DateRegistered = time.Now().UTC().String()

	// pOut("Pass1: %s\n", m.Pass)
	// pOut("Pass2: %s\n", f.Pass)

	err = f.Put()
	if err != nil {
		pErr("%v\n", err)
		http.Error(w, "error writing user file", http.StatusInternalServerError)
		return
	}

	// send verification email here...
}
Example #3
0
func userAuthHandler(w http.ResponseWriter, r *http.Request) {

	ph := ""
	err := data.Unmarshal(r.Body, &ph)
	if err != nil {
		http.Error(w, "error serializing", http.StatusInternalServerError)
		return
	}

	// not authenticated User. ignore current auth token.
	f, err := requestedUser(r)
	if err != nil {
		pErr("%v\n", err)
		http.Error(w, "not found", http.StatusNotFound)
		return
	}

	if !password.Check(ph, f.Pass) {
		pErr("failed attempt to auth as %s\n", f.User())
		http.Error(w, "user or password incorrect", http.StatusForbidden)
		return
	}

	// Generate new token, if there is none.
	if len(f.AuthToken) == 0 {
		f.AuthToken, err = f.GenerateToken()
		if err != nil {
			pErr("Error generating token. %v\n", err)
			http.Error(w, "500 server error", http.StatusInternalServerError)
			return
		}
	}

	err = f.Put()
	if err != nil {
		pErr("Error writing user file. %v\n", err)
		http.Error(w, "500 server error", http.StatusInternalServerError)
		return
	}

	// ok, return token
	// (worry later about needing multiple tokens, etc.)
	fmt.Fprintf(w, "%s", f.AuthToken)
}
Example #4
0
func userPassHandler(w http.ResponseWriter, r *http.Request) {
	phs := &data.NewPassMsg{}
	err := data.Unmarshal(r.Body, phs)
	if err != nil {
		http.Error(w, "error serializing", http.StatusInternalServerError)
		return
	}

	// not authenticated User. ignore current auth token.
	f, err := requestedUser(r)
	if err != nil {
		pErr("%v\n", err)
		http.Error(w, "user not found", http.StatusNotFound)
		return
	}

	// pOut("Current: %s\n", phs.Current)
	// pOut("New: %s\n", phs.New)

	if !password.Check(phs.Current, f.Pass) {
		pErr("failed attempt to change password for %s\n", f.User())
		http.Error(w, "user or password incorrect", http.StatusForbidden)
		return
	}

	// ok, store new pass.
	f.Pass = password.Hash(phs.New)

	// clear AuthToken so every client needs to re-auth
	f.AuthToken = ""

	err = f.Put()
	if err != nil {
		pOut("%v\n", err)
		http.Error(w, "error writing user file", http.StatusInternalServerError)
		return
	}

	// send notification email here...
}
Example #5
0
func (d *Datastore) Get(key ds.Key) (value Model, err error) {
	// setup return type based on key type
	value = d.config.Constructor(key)

	// get data from leveldb
	val, err := d.db.Get(key)
	if err != nil {
		return nil, err
	}

	buf, ok := val.([]byte)
	if !ok {
		return nil, ds.ErrInvalidType
	}

	// unmarshal it into the model
	r := bytes.NewReader(buf)
	err = data.Unmarshal(r, value)
	if err != nil {
		return nil, err
	}

	return value, nil
}