func (h *Handler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
r.ParseForm()
session := common.GetUserSession(r)
sortBy := r.Form.Get("sort")
id, _ := strconv.ParseInt(r.Form.Get("id"), 10, 64)
entries, err := vsafedb.Entries(h.Store, session.Key().Id, r.Form.Get("q"))
if err != nil {
http_util.ReportError(w, "Error reading database", err)
return
}
switch sortBy {
case "newest":
vsafedb.Reverse(entries)
default:
vsafedb.SortByTitle(entries)
}
http_util.WriteTemplate(
w,
kTemplate,
&view{
Values: http_util.Values{r.Form},
Name: session.User.Name,
Entries: entries,
Url: r.URL,
Id: id})
}
func (h *Handler) doGet(w http.ResponseWriter, r *http.Request, id int64) {
session := common.GetUserSession(r)
if isIdValid(id) {
var entryWithEtag vsafe.EntryWithEtag
err := vsafedb.EntryByIdWithEtag(
h.Store, nil, id, session.Key(), &entryWithEtag)
if err == vsafedb.ErrNoSuchId {
fmt.Fprintln(w, "No entry found.")
return
}
if err != nil {
http_util.ReportError(w, "Error reading database.", err)
return
}
http_util.WriteTemplate(
w,
kTemplate,
newView(
fromEntry(&entryWithEtag.Entry, entryWithEtag.Etag),
true,
session.Key().Id,
common.NewXsrfToken(r, kSingle),
nil))
} else {
initValues := make(url.Values)
initValues.Set("url", "http://")
// Because this page is always POST, the presence of etag signals that
// we are editing an entry, not fetching for the first time.
// The value of etag in this context does not matter since we are editing
// a new entry.
initValues.Set("etag", "new")
http_util.WriteTemplate(
w,
kTemplate,
newView(
initValues,
false,
session.Key().Id,
common.NewXsrfToken(r, kSingle),
nil))
}
}
func (h *Handler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
if r.Method == "GET" {
http_util.WriteTemplate(w, kTemplate, nil)
} else {
r.ParseForm()
userName := r.Form.Get("name")
password := r.Form.Get("password")
var user vsafe.User
err := h.Store.UserByName(nil, userName, &user)
if err == vsafedb.ErrNoSuchId {
http_util.WriteTemplate(w, kTemplate, "Login incorrect.")
return
}
if err != nil {
http_util.ReportError(w, "Database error", err)
return
}
key, err := user.VerifyPassword(password)
if err == vsafe.ErrWrongPassword {
http_util.WriteTemplate(w, kTemplate, "Login incorrect.")
return
}
if err != nil {
http_util.ReportError(w, "Error verifying password", err)
return
}
gs, err := common.NewGorillaSession(h.SessionStore, r)
if err != nil {
http_util.ReportError(w, "Error creating session", err)
return
}
session := common.CreateUserSession(gs)
session.SetUserId(user.Id)
session.SetKey(key)
session.ID = "" // For added security, force a new session ID
session.Save(r, w)
http_util.Redirect(w, r, r.Form.Get("prev"))
}
}
func (h *Handler) doPost(w http.ResponseWriter, r *http.Request, id int64) {
var err error
session := common.GetUserSession(r)
if !common.VerifyXsrfToken(r, kSingle) {
err = common.ErrXsrf
} else if http_util.HasParam(r.Form, "delete") {
if isIdValid(id) {
err = h.Store.RemoveEntry(nil, id, session.User.GetOwner())
}
} else if http_util.HasParam(r.Form, "cancel") {
// Do nothing
} else {
var mutation functional.Filterer
mutation, err = toEntry(r.Form)
if err == nil {
if isIdValid(id) {
tag, _ := strconv.ParseUint(r.Form.Get("etag"), 10, 64)
err = h.Doer.Do(func(t db.Transaction) error {
return vsafedb.UpdateEntryWithEtag(
h.Store, t, id, tag, session.Key(), mutation)
})
} else {
var newId int64
var entry vsafe.Entry
mutation.Filter(&entry)
newId, err = vsafedb.AddEntry(h.Store, nil, session.Key(), &entry)
if err == nil {
id = newId
}
}
}
}
if err == vsafedb.ErrConcurrentModification {
err = errors.New("Someone else updated this entry after you started. Click cancel and try again.")
}
if err != nil {
http_util.WriteTemplate(
w,
kTemplate,
newView(
r.Form,
isIdValid(id),
session.Key().Id,
common.NewXsrfToken(r, kSingle),
err))
} else {
goBack(w, r, id)
}
}
func (h *Handler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
session := common.GetUserSession(r)
if r.Method == "GET" {
http_util.WriteTemplate(
w,
kTemplate,
&view{
Name: session.User.Name,
Xsrf: common.NewXsrfToken(r, kChPasswd)})
} else {
r.ParseForm()
if !common.VerifyXsrfToken(r, kChPasswd) {
http_util.WriteTemplate(
w,
kTemplate,
&view{
Name: session.User.Name,
Xsrf: common.NewXsrfToken(r, kChPasswd),
Message: common.ErrXsrf.Error()})
return
}
old := r.Form.Get("old")
new := r.Form.Get("new")
verify := r.Form.Get("verify")
if new != verify {
http_util.WriteTemplate(
w,
kTemplate,
&view{
Name: session.User.Name,
Xsrf: common.NewXsrfToken(r, kChPasswd),
Message: "Password re-typed incorrectly."})
return
}
if len(new) < kMinPasswordLength {
http_util.WriteTemplate(
w,
kTemplate,
&view{
Name: session.User.Name,
Xsrf: common.NewXsrfToken(r, kChPasswd),
Message: fmt.Sprintf(
"Password must be at least %d characters.",
kMinPasswordLength)})
return
}
err := h.Doer.Do(func(t db.Transaction) error {
user, err := vsafedb.ChangePassword(
h.Store, t, session.User.Id, old, new)
if err != nil {
return err
}
session.User = user
return nil
})
if err == vsafe.ErrWrongPassword {
http_util.WriteTemplate(
w,
kTemplate,
&view{
Name: session.User.Name,
Xsrf: common.NewXsrfToken(r, kChPasswd),
Message: "Old password wrong."})
return
}
if err != nil {
http_util.ReportError(w, "Error updating database", err)
return
}
http_util.WriteTemplate(
w,
kTemplate,
&view{
Name: session.User.Name,
Message: "Password changed successfully.",
Xsrf: common.NewXsrfToken(r, kChPasswd),
Success: true})
}
}