func authenticate(r *http.Request) (http.Header, error) {
token := r.Header.Get(ChuteToken)
if token == "" {
return nil, tigertonic.Unauthorized{errors.New("please log in")}
}
auth := new(profile.Auth)
auth.Token = &token
err := auth.Get()
if err != nil {
return nil, tigertonic.Unauthorized{errors.New("please log in")}
}
c := tigertonic.Context(r).(*Context)
c.Auth = auth
c.Profile = new(profile.Profile)
err = c.Profile.Get(auth)
if err != nil {
return nil, tigertonic.Unauthorized{errors.New("please log in")}
}
return nil, nil
}
func updateAuth(u *url.URL, h http.Header, r *AuthChange, c *Context) (int, http.Header, Response, error) {
a := new(profile.Auth)
if r.Id != nil {
a.Id = *r.Id
} else {
a.Hash = []byte(*r.Hash)
a.Username = r.Username
}
err := a.Get()
if err != nil {
return error400("couldn't find that auth", err.Error())
}
if a.Profile != c.Profile.Id {
return error400("unauthorized access")
}
if r.Hash != nil {
a.InHash = []byte(*r.Hash)
}
a.Username = r.Username
a.Name = r.Name
a.Authorized = r.Authorized
err = a.Save()
if err != nil {
return error500("db failure: p544", err.Error())
}
return getAuths(u, h, nil, c)
}