//Handle the root request
func handleRootRequest(rw http.ResponseWriter, rq *http.Request) {
//Detect if the user is authenticated with Siil
authenticated := false
token := ""
if tokenCookie, err := rq.Cookie("token"); err == nil {
token = tokenCookie.Value
if sess, err := session.GetSession(token); err == nil {
authenticated = sess.SiteId == site.SIIL_SITE_ID
}
}
if authenticated {
owner, err := getOwnerFromSession(rq)
if err != nil {
log.Println(err)
http.Redirect(rw, rq, "/signin/"+site.SIIL_SITE_ID, http.StatusFound)
return
}
usr, err := user.FindById(int(owner))
if err != nil {
log.Println(err)
http.Error(rw, "Invalid user", http.StatusInternalServerError)
return
}
var sections string = ""
sites, err := site.GetUsersSites(owner)
if err != nil {
log.Println(err)
return
} else {
for _, s := range sites {
titleArea := surroundWithRow(title(s.Name) + button(s.ClientId))
descriptionListArea := surroundWithRow(surroundWithColumn(getDescriptionList(&s), "twelve"))
sections += surroundWithSection(titleArea + descriptionListArea)
}
}
response, err := templates["index.hbs"].Exec(map[string]interface{}{
"Sections": sections,
"authed": authenticated,
"first_name": usr.FirstName,
"last_name": usr.LastName,
"site_id": site.SIIL_SITE_ID,
"token": token,
})
if err != nil {
http.Error(rw, "Something broke", http.StatusInternalServerError)
} else {
rw.Write([]byte(response))
}
} else {
if t, err := templates["index.hbs"].Exec(map[string]interface{}{"authed": authenticated, "site_id": site.SIIL_SITE_ID, "token": token}); err != nil {
http.Error(rw, "Something broke", http.StatusInternalServerError)
} else {
rw.Write([]byte(t))
}
}
}
//Provide JSON encoded information about the user related to this session
func handleAPISessionRequest(rw http.ResponseWriter, rq *http.Request) {
if rq.Method != "GET" {
http.Error(rw, "Method not allowed", http.StatusMethodNotAllowed)
} else {
if token, clientId := rq.FormValue("token"), rq.FormValue("client_id"); len(token) != session.TOKEN_LENGTH || len(clientId) != site.CLIENT_ID_LENGTH {
http.Error(rw, "Invalid request", http.StatusBadRequest)
} else {
if sess, err := session.GetSession(token); err != nil {
log.Println(err)
http.Error(rw, "Not found", http.StatusNotFound)
} else {
//Check the client id's
if sess.SiteId != clientId {
http.Error(rw, "Unauthorized", http.StatusUnauthorized)
return
}
s := site.Entity{ClientId: sess.SiteId}
if err := s.Load(); err != nil {
log.Println(err)
http.Error(rw, "Not found", http.StatusNotFound)
return
}
//Lets check the X-Authorization header
if sig := rq.Header.Get("X-Authorization"); len(sig) == 0 {
http.Error(rw, "Unauthorized (Missing signature in X-Authorization)", http.StatusUnauthorized)
} else {
sigHMAC, err := base64.StdEncoding.DecodeString(sig)
if err != nil {
log.Println(err)
http.Error(rw, "Invalid signature provided", http.StatusUnauthorized)
return
}
ourMAC := hmac.New(sha512.New, []byte(s.PrivateKey))
ourMAC.Write([]byte(fmt.Sprintf("%s\t%s", clientId, token)))
if !hmac.Equal(sigHMAC, ourMAC.Sum(nil)) {
http.Error(rw, "Invalid signature provided", http.StatusUnauthorized)
} else {
if usr, err := user.FindById(sess.UserId); err != nil {
log.Println(err)
http.Error(rw, "Not found", http.StatusNotFound)
} else {
response := apiResponse{
Token: token,
ExpiresAt: sess.ExpiresAt.Format(time.RFC3339),
CreatedAt: sess.CreatedAt.Format(time.RFC3339),
User: usr,
Site: clientId,
}
//Generate verification HMAC
verHMAC := hmac.New(sha512.New, []byte(s.PrivateKey))
if m, err := json.Marshal(response); err != nil {
log.Println(err)
http.Error(rw, "Failed to sign response", http.StatusInternalServerError)
} else {
verHMAC.Write(m)
}
response.Verification = base64.StdEncoding.EncodeToString(verHMAC.Sum(nil))
enc := json.NewEncoder(rw)
rw.Header().Set("Content-Type", "application/json")
if err := enc.Encode(response); err != nil {
log.Println(err)
http.Error(rw, "Failed to compose response", http.StatusInternalServerError)
}
}
}
}
}
}
}
}
