//TODO - redundant
func GetUsers(rw http.ResponseWriter, r *http.Request, enc encoding.Encoder, params martini.Params, dtx *apicontext.DataContext) string {
user, err := customer.GetCustomerUserFromKey(dtx.APIKey)
if err != nil {
apierror.GenerateError("Trouble getting customer user", err, rw, r)
return ""
}
if !user.Sudo {
err = errors.New("Unauthorized!")
apierror.GenerateError("Unauthorized!", err, rw, r, http.StatusUnauthorized)
return ""
}
cust, err := user.GetCustomer(dtx.APIKey)
if err != nil {
apierror.GenerateError("Trouble getting customer", err, rw, r)
return ""
}
if err = cust.GetUsers(dtx.APIKey); err != nil {
apierror.GenerateError("Trouble getting users", err, rw, r)
return ""
}
return encoding.Must(enc.Encode(cust.Users))
}
func GetLocations(rw http.ResponseWriter, r *http.Request, enc encoding.Encoder, params martini.Params, dtx *apicontext.DataContext) string {
cu, err := customer.GetCustomerUserFromKey(dtx.APIKey)
if err != nil {
err = errors.New("Unauthorized!")
apierror.GenerateError("Unauthorized!", err, rw, r, http.StatusUnauthorized)
return ""
}
c, err := cu.GetCustomer(dtx.APIKey)
if err != nil {
err = errors.New("Unauthorized!")
apierror.GenerateError("Unauthorized!", err, rw, r, http.StatusUnauthorized)
return ""
}
return encoding.Must(enc.Encode(c.Locations))
}
//Todo redundant
//Hacky like this to work with old forms of authentication
func GetUser(rw http.ResponseWriter, r *http.Request, enc encoding.Encoder) string {
qs, err := url.Parse(r.URL.String())
if err != nil {
apierror.GenerateError("err parsing url", err, rw, r)
return ""
}
key := qs.Query().Get("key")
if key == "" {
key = r.FormValue("key")
}
user, err := customer.GetCustomerUserFromKey(key)
if err != nil {
apierror.GenerateError("Trouble getting customer user", err, rw, r)
return ""
}
return encoding.Must(enc.Encode(user))
}
func GenerateApiKey(rw http.ResponseWriter, r *http.Request, params martini.Params, enc encoding.Encoder, dtx *apicontext.DataContext) string {
var err error
qs := r.URL.Query()
key := qs.Get("key")
if key == "" {
key = r.FormValue("key")
}
user, err := customer.GetCustomerUserFromKey(key)
if err != nil || user.Id == "" {
apierror.GenerateError("Trouble getting customer user using this api key", err, rw, r)
return ""
}
authed := false
if user.Sudo == false {
for _, k := range user.Keys {
if k.Type == customer.PRIVATE_KEY_TYPE && k.Key == key {
authed = true
break
}
}
} else {
authed = true
}
if !authed {
err = errors.New("You do not have sufficient permissions to perform this operation.")
apierror.GenerateError("Unauthorized", err, rw, r, http.StatusUnauthorized)
return ""
}
id := params["id"]
if r.FormValue("id") != "" {
id = r.FormValue("id")
}
generateType := params["type"]
if r.FormValue("type") != "" {
generateType = r.FormValue("type")
}
if id == "" {
err = errors.New("You must provide a reference to the user whose key should be generated.")
apierror.GenerateError("Invalid user reference", err, rw, r)
return ""
}
if generateType == "" {
err = errors.New("You must provide the type of key to be generated")
apierror.GenerateError("Invalid API key type", err, rw, r)
return ""
}
user.Id = id
if err = user.Get(key); err != nil {
apierror.GenerateError("Invalid user reference", err, rw, r)
return ""
}
generated, err := user.GenerateAPIKey(generateType, dtx.BrandArray)
if err != nil {
apierror.GenerateError("Failed to generate an API Key", err, rw, r)
return ""
}
return encoding.Must(enc.Encode(generated))
}
func processDataContext(r *http.Request, c martini.Context) (*apicontext.DataContext, error) {
qs := r.URL.Query()
apiKey := qs.Get("key")
brand := qs.Get("brandID")
website := qs.Get("websiteID")
//handles api key
if apiKey == "" {
apiKey = r.FormValue("key")
}
if apiKey == "" {
apiKey = r.Header.Get("key")
}
if apiKey == "" {
return nil, errors.New("No API Key Supplied.")
}
//gets customer user from api key
user, err := customer.GetCustomerUserFromKey(apiKey)
if err != nil || user.Id == "" {
return nil, errors.New("No User for this API Key.")
}
// go user.LogApiRequest(r)
//handles branding
var brandID int
if brand == "" {
brand = r.FormValue("brandID")
}
if brand == "" {
brand = r.Header.Get("brandID")
}
if id, err := strconv.Atoi(brand); err == nil {
brandID = id
}
//handles websiteID
var websiteID int
if website == "" {
website = r.FormValue("websiteID")
}
if website == "" {
website = r.Header.Get("websiteID")
}
if id, err := strconv.Atoi(website); err == nil {
websiteID = id
}
//load brands in dtx
//returns our data context...shared amongst controllers
// var dtx apicontext.DataContext
dtx := &apicontext.DataContext{
APIKey: apiKey,
BrandID: brandID,
WebsiteID: websiteID,
UserID: user.Id, //current authenticated user
CustomerID: user.CustomerID,
Globals: nil,
}
err = dtx.GetBrandsArrayAndString(apiKey, brandID)
if err != nil {
return nil, err
}
return dtx, nil
}