func userEventsGet(w http.ResponseWriter, r *http.Request) {
user_id := mux.Vars(r)["id"]
query, args, err := sq.Select("e.name", "e.start_time", "e.end_time", "e.active",
"e.ongoing", "e.city", "e.latitude", "e.longitude",
"ec.cat_cd", "ec.cat_val").
From("user u").
Join("user_events ue ON u.user_id = ue.user_id").
Join("event e ON ue.event_id = e.event_id ").
LeftJoin("event_category ec ON e.cat_cd = ec.cat_cd").
Where(sq.Eq{"u.user_id": user_id}).
ToSql()
errors.CheckHttpErr(err != nil, "Internal Error", 500)
events := make([]model.Event, 0)
rows, err := db.DB.Queryx(query, args...)
errors.CheckHttpErr(err != nil, "Internal Error", 500)
for rows.Next() {
var event model.Event
err := rows.StructScan(&event)
errors.CheckHttpErr(err != nil, "Internal Error", 500)
events = append(events, event)
}
out, err := json.MarshalIndent(events, "", " ")
errors.CheckHttpErr(err != nil, "Internal Error", 500)
w.Write(out)
}
func organizationPut(w http.ResponseWriter, r *http.Request) {
org_id := mux.Vars(r)["id"]
err := r.ParseForm()
errors.CheckHttpErr(err != nil, "Internal Error", 500)
form := r.PostForm
// TODO validation of form (send email for confirmation) (have whitelist of params to accept)
// TODO confirm admin permissions
name := form["name"][0]
city := form["city"][0]
latitude := form["latitude"][0]
longitude := form["longitude"][0]
query, args, err := sq.Update("organization").
Set("name", name).
Set("city", city).
Set("latitude", latitude).
Set("longitude", longitude).
Where(sq.Eq{"org_id": org_id}).
ToSql()
errors.CheckHttpErr(err != nil, "Internal Error", 500)
_, err = db.DB.Exec(query, args...)
if mysqlError, ok := err.(*mysql.MySQLError); ok {
errors.CheckHttpErr(mysqlError.Number == 1062, "Organization Already Exists", 409)
}
errors.CheckHttpErr(err != nil, "Internal Error", 500)
w.Write([]byte("Organization updated.\n"))
}
func organizationPost(w http.ResponseWriter, r *http.Request) {
err := r.ParseForm()
errors.CheckHttpErr(err != nil, "Internal Error", 500)
form := r.PostForm
// TODO ensure all params are there
// TODO confirm admin permissions
name := form["name"][0]
city := form["city"][0]
latitude := form["latitude"][0]
longitude := form["longitude"][0]
orgStr := []string{name, city, latitude, longitude}
orgVals := make([]interface{}, len(orgStr))
for i, s := range orgStr {
orgVals[i] = s
}
// TODO auto assign org_id
orgQuery, orgArgs, err := sq.Insert("organization").
Columns([]string{"name", "city", "latitude", "longitude"}...).
Values(orgVals...).
ToSql()
errors.CheckHttpErr(err != nil, "Internal Error", 500)
_, err = db.DB.Exec(orgQuery, orgArgs...)
if mysqlError, ok := err.(*mysql.MySQLError); ok {
errors.CheckHttpErr(mysqlError.Number == 1062, "Organization Already Exists", 409)
}
errors.CheckHttpErr(err != nil, "Internal Error", 500)
w.Write([]byte("Organization created.\n"))
}
func logoutPost(w http.ResponseWriter, r *http.Request) {
session, err := store.Store.Get(r, "servio")
errors.CheckHttpErr(err != nil, "Internal Error", 500)
if session.IsNew {
w.Write([]byte("No session to log out of"))
} else {
err = store.Store.Delete(r, w, session)
errors.CheckHttpErr(err != nil, "Unable to log out", 500)
w.Write([]byte("Logout sucessful"))
}
}
func usersGet(w http.ResponseWriter, r *http.Request) {
var users []model.User
query, _, err := sq.Select("user_id", "name", "email").
From("user").
ToSql()
errors.CheckHttpErr(err != nil, "Internal Error", 500)
err = db.DB.Select(&users, query)
errors.CheckHttpErr(err != nil && err != sql.ErrNoRows, "Internal Error", 500)
out, err := json.MarshalIndent(users, "", " ")
errors.CheckHttpErr(err != nil, "Internal Error", 500)
w.Write(out)
}
func organizationsGet(w http.ResponseWriter, r *http.Request) {
query, _, err := sq.Select("org_id", "name",
"city", "latitude", "longitude").
From("organization").
ToSql()
errors.CheckHttpErr(err != nil, "Internal Error", 500)
var orgs []model.Organization
err = db.DB.Select(&orgs, query)
errors.CheckHttpErr(err != nil && err != sql.ErrNoRows, "Internal Error", 500)
out, err := json.MarshalIndent(orgs, "", " ")
errors.CheckHttpErr(err != nil, "Internal Error", 500)
w.Write(out)
}
func organizationDelete(w http.ResponseWriter, r *http.Request) {
org_id := mux.Vars(r)["id"]
query, args, err := sq.Delete("organization").
Where(sq.Eq{"org_id": org_id}).
ToSql()
errors.CheckHttpErr(err != nil, "Internal Error", 500)
result, err := db.DB.Exec(query, args...)
errors.CheckHttpErr(err != nil, "Internal Error", 500)
affected, err := result.RowsAffected()
errors.CheckHttpErr(affected == 0, "Organization not found.", 404)
errors.CheckHttpErr(err != nil, "Internal Error", 500)
w.Write([]byte("Organization deleted.\n"))
}
func userDelete(w http.ResponseWriter, r *http.Request) {
user_id := mux.Vars(r)["id"]
query, args, err := sq.Delete("user").
Where(sq.Eq{"user_id": user_id}).
ToSql()
errors.CheckHttpErr(err != nil, "Internal Error", 500)
result, err := db.DB.Exec(query, args...)
// TODO do better error handling
errors.CheckHttpErr(err != nil, "Internal Error", 500)
affected, err := result.RowsAffected()
errors.CheckHttpErr(affected == 0, "User not found.", 404)
errors.CheckHttpErr(err != nil, "Internal Error", 500)
w.Write([]byte("User deleted.\n"))
}
func userGet(w http.ResponseWriter, r *http.Request) {
user_id := mux.Vars(r)["id"]
query, args, err := sq.Select("user_id", "name", "email").
From("user").
Where(sq.Eq{"user_id": user_id}).
ToSql()
errors.CheckHttpErr(err != nil, "Internal Error", 500)
var user model.User
err = db.DB.Get(&user, query, args...)
errors.CheckHttpErr(err == sql.ErrNoRows, "User not found.", 404)
errors.CheckHttpErr(err != nil, "Internal Error", 500)
out, err := json.MarshalIndent(user, "", " ")
errors.CheckHttpErr(err != nil, "Internal Error", 500)
w.Write(out)
}
func organizationGet(w http.ResponseWriter, r *http.Request) {
org_id := mux.Vars(r)["id"]
query, args, err := sq.Select("org_id", "name", "city", "latitude", "longitude").
From("organization").
Where(sq.Eq{"org_id": org_id}).
ToSql()
errors.CheckHttpErr(err != nil, "Internal Error", 500)
var org model.Organization
err = db.DB.Get(&org, query, args...)
errors.CheckHttpErr(err == sql.ErrNoRows, "User not found.", 404)
errors.CheckHttpErr(err != nil, "Internal Error", 500)
out, err := json.MarshalIndent(org, "", " ")
errors.CheckHttpErr(err != nil, "Internal Error", 500)
w.Write(out)
}
func UsersHandler(w http.ResponseWriter, r *http.Request) {
defer errors.RecoverHttpErr(w)
err := store.CheckAuth(r)
errors.CheckHttpErr(err != nil, "Unauthorized", 401)
switch r.Method {
case "GET":
usersGet(w, r)
default:
http.Error(w, "Bad Request", 400)
}
}
func userPost(w http.ResponseWriter, r *http.Request) {
err := r.ParseForm()
errors.CheckHttpErr(err != nil, "Internal Error", 500)
// TODO generate ids manually instead of sql auto_increment
// TODO role assigned by server, not request
form := r.PostForm
// TODO ensure all params are there
// TODO validation of email, password, role
// TODO confirm admin permissions
// TODO better error handling
hashedPassword, err := bcrypt.GenerateFromPassword([]byte(form["password"][0]), bcrypt.DefaultCost)
errors.CheckHttpErr(err != nil, "Internal Error", 500)
name := form["name"][0]
email := form["email"][0]
password := string(hashedPassword)
usrStr := []string{name, email, password}
usrVals := make([]interface{}, len(usrStr))
for i, s := range usrStr {
usrVals[i] = s
}
query, args, err := sq.Insert("user").
Columns([]string{"name", "email", "password"}...).
Values(usrVals...).
ToSql()
errors.CheckHttpErr(err != nil, "Internal Error", 500)
_, err = db.DB.Exec(query, args...)
if mysqlError, ok := err.(*mysql.MySQLError); ok {
errors.CheckHttpErr(mysqlError.Number == 1062, "User Already Exists", 409)
}
errors.CheckHttpErr(err != nil, "Internal Error", 500)
w.Write([]byte("User created.\n"))
}
func OrganizationHandler(w http.ResponseWriter, r *http.Request) {
defer errors.RecoverHttpErr(w)
err := store.CheckAuth(r)
errors.CheckHttpErr(err != nil, "Unauthorized", 401)
switch r.Method {
case "GET":
organizationGet(w, r)
case "POST":
organizationPost(w, r)
case "PUT":
organizationPut(w, r)
case "DELETE":
organizationDelete(w, r)
default:
http.Error(w, "Bad Request", 400)
}
}
func userPut(w http.ResponseWriter, r *http.Request) {
user_id := mux.Vars(r)["id"]
err := r.ParseForm()
errors.CheckHttpErr(err != nil, "Internal Error", 500)
form := r.PostForm
errors.CheckHttpErr(len(form) == 0, "Bad Request. Body must not be empty.", 400)
// TODO validation of form (send email for confirmation) (have whitelist of params to accept)
// TODO confirm admin permissions
// TODO better error handling
hashedPassword, err := bcrypt.GenerateFromPassword([]byte(form["password"][0]), bcrypt.DefaultCost)
errors.CheckHttpErr(err != nil, "Internal Error", 500)
name := form["name"][0]
email := form["email"][0]
password := string(hashedPassword)
query, args, err := sq.Update("user").
Set("name", name).
Set("email", email).
Set("password", password).
Where(sq.Eq{"user_id": user_id}).
ToSql()
errors.CheckHttpErr(err != nil, "Internal Error", 500)
result, err := db.DB.Exec(query, args...)
// TODO update session ?
if mysqlError, ok := err.(*mysql.MySQLError); ok {
errors.CheckHttpErr(mysqlError.Number == 1062, "Email Already Exists", 409)
}
errors.CheckHttpErr(err != nil, "Internal Error", 500)
affected, err := result.RowsAffected()
errors.CheckHttpErr(affected == 0, "Request failed. User may not exist, or request had no updates.", 404)
errors.CheckHttpErr(err != nil, "Internal Error", 500)
w.Write([]byte("User updated.\n"))
}
func loginPost(w http.ResponseWriter, r *http.Request) {
err := r.ParseForm()
errors.CheckHttpErr(err != nil, "Internal Error", 500)
form := r.PostForm
// TODO validate!!
email := form["email"][0]
formPassword := form["password"][0]
query, args, err := sq.Select("user_id", "password").
From("user").
Where(sq.Eq{"email": email}).
ToSql()
errors.CheckHttpErr(err != nil, "Internal Error", 500)
var user model.User
err = db.DB.Get(&user, query, args...)
errors.CheckHttpErr(err == sql.ErrNoRows, "User not found.", 404)
errors.CheckHttpErr(err != nil, "Internal Error", 500)
err = bcrypt.CompareHashAndPassword([]byte(user.Password), []byte(formPassword))
if err == nil {
session, err := store.Store.Get(r, store.SessionName)
errors.CheckHttpErr(err != nil, "Internal Error", 500)
if session.IsNew {
session.Values["id"] = user.Id
err = session.Save(r, w)
errors.CheckHttpErr(err != nil, "Internal Error", 500)
w.Write([]byte("login sucessful"))
} else {
w.Write([]byte("already logged in"))
}
} else {
w.Write([]byte("login failed"))
}
}