// HandleShow serve a get request at /users/1 func HandleShow(context router.Context) error { // No auth - this is public // Find the user user, err := users.Find(context.ParamInt("id")) if err != nil { context.Logf("#error parsing user id: %s", err) return router.NotFoundError(err) } // Get the user comments q := comments.Where("user_id=?", user.Id).Limit(10).Order("created_at desc") userComments, err := comments.FindAll(q) if err != nil { return router.InternalError(err) } // Get the user stories q = stories.Where("user_id=?", user.Id).Limit(50).Order("created_at desc") userStories, err := stories.FindAll(q) if err != nil { return router.InternalError(err) } // Render the Template view := view.New(context) view.AddKey("user", user) view.AddKey("comments", userComments) view.AddKey("stories", userStories) view.AddKey("meta_title", user.Name) view.AddKey("meta_desc", user.Name) return view.Render() }
// HandleCreate handles the POST of the create form for stories func HandleCreate(context router.Context) error { // Check csrf token err := authorise.AuthenticityToken(context) if err != nil { return router.NotAuthorizedError(err) } // Check permissions - if not logged in and above 1 points, redirect to error if !authorise.CurrentUser(context).CanSubmit() { return router.NotAuthorizedError(nil, "Sorry", "You need to be registered and have more than 1 points to submit stories.") } // Get user details user := authorise.CurrentUser(context) ip := getUserIP(context) // Check that no story with this url already exists q := stories.Where("url=?", context.Param("url")) duplicates, err := stories.FindAll(q) if err != nil { return router.InternalError(err) } if len(duplicates) > 0 { dupe := duplicates[0] // Add a point to dupe addStoryVote(dupe, user, ip, 1) return router.Redirect(context, dupe.URLShow()) } // Setup context params, err := context.Params() if err != nil { return router.InternalError(err) } // Set a few params params.SetInt("points", 1) params.SetInt("user_id", user.Id) params.Set("user_name", user.Name) id, err := stories.Create(params.Map()) if err != nil { return err // Create returns a router.Error } // Log creation context.Logf("#info Created story id,%d", id) // Redirect to the new story story, err := stories.Find(id) if err != nil { return router.InternalError(err) } // We need to add a vote to the story here too by adding a join to the new id err = recordStoryVote(story, user, ip, +1) if err != nil { return err } // Re-rank stories err = updateStoriesRank() if err != nil { return err } return router.Redirect(context, story.URLIndex()) }
// HandleCreate handles the POST of the create form for stories func HandleCreate(context router.Context) error { // Check csrf token err := authorise.AuthenticityToken(context) if err != nil { return router.NotAuthorizedError(err) } // Check permissions - if not logged in and above 1 points, redirect to error if !authorise.CurrentUser(context).CanSubmit() { return router.NotAuthorizedError(nil, "Sorry", "You need to be registered and have more than 1 points to submit stories.") } // Get params params, err := context.Params() if err != nil { return router.InternalError(err) } // Get user details user := authorise.CurrentUser(context) ip := getUserIP(context) url := params.Get("url") // Strip trailing slashes on url before comparisons // we could possibly also strip url fragments if strings.HasSuffix(url, "/") { url = strings.Trim(url, "/") params.Set("url", url) } // Check that no story with this url already exists q := stories.Where("url=?", url) duplicates, err := stories.FindAll(q) if err != nil { return router.InternalError(err) } if len(duplicates) > 0 { dupe := duplicates[0] // Add a point to dupe and return addStoryVote(dupe, user, ip, 1) return router.Redirect(context, dupe.URLShow()) } // Clean params according to role accepted := stories.AllowedParams() if authorise.CurrentUser(context).Admin() { accepted = stories.AllowedParamsAdmin() } cleanedParams := params.Clean(accepted) // Set a few params cleanedParams["points"] = "1" cleanedParams["user_id"] = fmt.Sprintf("%d", user.Id) cleanedParams["user_name"] = user.Name id, err := stories.Create(cleanedParams) if err != nil { return err // Create returns a router.Error } // Log creation context.Logf("#info Created story id,%d", id) // Redirect to the new story story, err := stories.Find(id) if err != nil { return router.InternalError(err) } // We need to add a vote to the story here too by adding a join to the new id err = recordStoryVote(story, user, ip, +1) if err != nil { return err } // Re-rank stories err = updateStoriesRank() if err != nil { return err } return router.Redirect(context, story.URLIndex()) }
// HandleCreate handles the POST of the create form for stories func HandleCreate(context router.Context) error { // Check csrf token err := authorise.AuthenticityToken(context) if err != nil { return router.NotAuthorizedError(err) } // Check permissions - if not logged in and above 1 points, redirect to error if !authorise.CurrentUser(context).CanSubmit() { return router.NotAuthorizedError(nil, "Sorry", "You need to be registered and have more than 1 points to submit stories.") } // Get params params, err := context.Params() if err != nil { return router.InternalError(err) } // Get user details user := authorise.CurrentUser(context) ip := getUserIP(context) // Process urls url := params.Get("url") // Strip trailing slashes on url before comparisons if strings.HasSuffix(url, "/") { url = strings.Trim(url, "/") } // Strip ?utm_source etc - remove all after ?utm_source if strings.Contains(url, "?utm_") { url = strings.Split(url, "?utm_")[0] } // Strip url fragments (For example trailing # on medium urls) if strings.Contains(url, "#") { url = strings.Split(url, "#")[0] } // Rewrite mobile youtube links if strings.HasPrefix(url, "https://m.youtube.com") { url = strings.Replace(url, "https://m.youtube.com", "https://www.youtube.com", 1) } params.Set("url", url) // Check that no story with this url already exists q := stories.Where("url=?", url) duplicates, err := stories.FindAll(q) if err != nil { return router.InternalError(err) } if len(duplicates) > 0 { story := duplicates[0] // Check we have no votes already from this user, if we do fail if storyHasUserVote(story, user) { return router.NotAuthorizedError(err, "Vote Failed", "Sorry you are not allowed to vote twice, nice try!") } // Add a point to dupe and return addStoryVote(story, user, ip, 1) return router.Redirect(context, story.URLShow()) } // Clean params according to role accepted := stories.AllowedParams() if authorise.CurrentUser(context).Admin() { accepted = stories.AllowedParamsAdmin() } cleanedParams := params.Clean(accepted) // Set a few params cleanedParams["points"] = "1" cleanedParams["user_id"] = fmt.Sprintf("%d", user.Id) cleanedParams["user_name"] = user.Name id, err := stories.Create(cleanedParams) if err != nil { return err // Create returns a router.Error } // Log creation context.Logf("#info Created story id,%d", id) // Redirect to the new story story, err := stories.Find(id) if err != nil { return router.InternalError(err) } // We need to add a vote to the story here too by adding a join to the new id err = recordStoryVote(story, user, ip, +1) if err != nil { return err } // Re-rank stories err = updateStoriesRank() if err != nil { return err } return router.Redirect(context, story.URLIndex()) }