func userEventsGet(w http.ResponseWriter, r *http.Request) {
	user_id := mux.Vars(r)["id"]

	query, args, err := sq.Select("e.name", "e.start_time", "e.end_time", "e.active",
		"e.ongoing", "e.city", "e.latitude", "e.longitude",
		"ec.cat_cd", "ec.cat_val").
		From("user u").
		Join("user_events ue ON u.user_id = ue.user_id").
		Join("event e ON ue.event_id = e.event_id ").
		LeftJoin("event_category ec ON e.cat_cd = ec.cat_cd").
		Where(sq.Eq{"u.user_id": user_id}).
		ToSql()
	errors.CheckHttpErr(err != nil, "Internal Error", 500)

	events := make([]model.Event, 0)
	rows, err := db.DB.Queryx(query, args...)
	errors.CheckHttpErr(err != nil, "Internal Error", 500)
	for rows.Next() {
		var event model.Event
		err := rows.StructScan(&event)
		errors.CheckHttpErr(err != nil, "Internal Error", 500)
		events = append(events, event)
	}

	out, err := json.MarshalIndent(events, "", " ")
	errors.CheckHttpErr(err != nil, "Internal Error", 500)

	w.Write(out)
}
func organizationPut(w http.ResponseWriter, r *http.Request) {
	org_id := mux.Vars(r)["id"]
	err := r.ParseForm()
	errors.CheckHttpErr(err != nil, "Internal Error", 500)
	form := r.PostForm

	// TODO validation of form (send email for confirmation) (have whitelist of params to accept)
	// TODO confirm admin permissions

	name := form["name"][0]
	city := form["city"][0]
	latitude := form["latitude"][0]
	longitude := form["longitude"][0]

	query, args, err := sq.Update("organization").
		Set("name", name).
		Set("city", city).
		Set("latitude", latitude).
		Set("longitude", longitude).
		Where(sq.Eq{"org_id": org_id}).
		ToSql()
	errors.CheckHttpErr(err != nil, "Internal Error", 500)

	_, err = db.DB.Exec(query, args...)
	if mysqlError, ok := err.(*mysql.MySQLError); ok {
		errors.CheckHttpErr(mysqlError.Number == 1062, "Organization Already Exists", 409)
	}
	errors.CheckHttpErr(err != nil, "Internal Error", 500)

	w.Write([]byte("Organization updated.\n"))
}
func organizationPost(w http.ResponseWriter, r *http.Request) {
	err := r.ParseForm()
	errors.CheckHttpErr(err != nil, "Internal Error", 500)
	form := r.PostForm
	// TODO ensure all params are there
	// TODO confirm admin permissions

	name := form["name"][0]
	city := form["city"][0]
	latitude := form["latitude"][0]
	longitude := form["longitude"][0]

	orgStr := []string{name, city, latitude, longitude}
	orgVals := make([]interface{}, len(orgStr))
	for i, s := range orgStr {
		orgVals[i] = s
	}

	// TODO auto assign org_id
	orgQuery, orgArgs, err := sq.Insert("organization").
		Columns([]string{"name", "city", "latitude", "longitude"}...).
		Values(orgVals...).
		ToSql()
	errors.CheckHttpErr(err != nil, "Internal Error", 500)

	_, err = db.DB.Exec(orgQuery, orgArgs...)
	if mysqlError, ok := err.(*mysql.MySQLError); ok {
		errors.CheckHttpErr(mysqlError.Number == 1062, "Organization Already Exists", 409)
	}
	errors.CheckHttpErr(err != nil, "Internal Error", 500)

	w.Write([]byte("Organization created.\n"))
}
func logoutPost(w http.ResponseWriter, r *http.Request) {
	session, err := store.Store.Get(r, "servio")
	errors.CheckHttpErr(err != nil, "Internal Error", 500)

	if session.IsNew {
		w.Write([]byte("No session to log out of"))
	} else {
		err = store.Store.Delete(r, w, session)
		errors.CheckHttpErr(err != nil, "Unable to log out", 500)
		w.Write([]byte("Logout sucessful"))
	}

}
func usersGet(w http.ResponseWriter, r *http.Request) {
	var users []model.User

	query, _, err := sq.Select("user_id", "name", "email").
		From("user").
		ToSql()
	errors.CheckHttpErr(err != nil, "Internal Error", 500)

	err = db.DB.Select(&users, query)
	errors.CheckHttpErr(err != nil && err != sql.ErrNoRows, "Internal Error", 500)

	out, err := json.MarshalIndent(users, "", " ")
	errors.CheckHttpErr(err != nil, "Internal Error", 500)

	w.Write(out)
}
func organizationsGet(w http.ResponseWriter, r *http.Request) {
	query, _, err := sq.Select("org_id", "name",
		"city", "latitude", "longitude").
		From("organization").
		ToSql()

	errors.CheckHttpErr(err != nil, "Internal Error", 500)

	var orgs []model.Organization
	err = db.DB.Select(&orgs, query)
	errors.CheckHttpErr(err != nil && err != sql.ErrNoRows, "Internal Error", 500)

	out, err := json.MarshalIndent(orgs, "", " ")
	errors.CheckHttpErr(err != nil, "Internal Error", 500)

	w.Write(out)
}
func organizationDelete(w http.ResponseWriter, r *http.Request) {
	org_id := mux.Vars(r)["id"]

	query, args, err := sq.Delete("organization").
		Where(sq.Eq{"org_id": org_id}).
		ToSql()
	errors.CheckHttpErr(err != nil, "Internal Error", 500)

	result, err := db.DB.Exec(query, args...)
	errors.CheckHttpErr(err != nil, "Internal Error", 500)

	affected, err := result.RowsAffected()
	errors.CheckHttpErr(affected == 0, "Organization not found.", 404)
	errors.CheckHttpErr(err != nil, "Internal Error", 500)

	w.Write([]byte("Organization deleted.\n"))
}
Example #8
0
func userDelete(w http.ResponseWriter, r *http.Request) {
	user_id := mux.Vars(r)["id"]

	query, args, err := sq.Delete("user").
		Where(sq.Eq{"user_id": user_id}).
		ToSql()

	errors.CheckHttpErr(err != nil, "Internal Error", 500)

	result, err := db.DB.Exec(query, args...)
	// TODO do better error handling
	errors.CheckHttpErr(err != nil, "Internal Error", 500)

	affected, err := result.RowsAffected()
	errors.CheckHttpErr(affected == 0, "User not found.", 404)
	errors.CheckHttpErr(err != nil, "Internal Error", 500)

	w.Write([]byte("User deleted.\n"))
}
Example #9
0
func userGet(w http.ResponseWriter, r *http.Request) {
	user_id := mux.Vars(r)["id"]

	query, args, err := sq.Select("user_id", "name", "email").
		From("user").
		Where(sq.Eq{"user_id": user_id}).
		ToSql()

	errors.CheckHttpErr(err != nil, "Internal Error", 500)

	var user model.User
	err = db.DB.Get(&user, query, args...)
	errors.CheckHttpErr(err == sql.ErrNoRows, "User not found.", 404)
	errors.CheckHttpErr(err != nil, "Internal Error", 500)

	out, err := json.MarshalIndent(user, "", " ")
	errors.CheckHttpErr(err != nil, "Internal Error", 500)

	w.Write(out)
}
func organizationGet(w http.ResponseWriter, r *http.Request) {
	org_id := mux.Vars(r)["id"]

	query, args, err := sq.Select("org_id", "name", "city", "latitude", "longitude").
		From("organization").
		Where(sq.Eq{"org_id": org_id}).
		ToSql()

	errors.CheckHttpErr(err != nil, "Internal Error", 500)

	var org model.Organization
	err = db.DB.Get(&org, query, args...)
	errors.CheckHttpErr(err == sql.ErrNoRows, "User not found.", 404)
	errors.CheckHttpErr(err != nil, "Internal Error", 500)

	out, err := json.MarshalIndent(org, "", " ")
	errors.CheckHttpErr(err != nil, "Internal Error", 500)

	w.Write(out)
}
Example #11
0
func UsersHandler(w http.ResponseWriter, r *http.Request) {
	defer errors.RecoverHttpErr(w)

	err := store.CheckAuth(r)
	errors.CheckHttpErr(err != nil, "Unauthorized", 401)

	switch r.Method {
	case "GET":
		usersGet(w, r)
	default:
		http.Error(w, "Bad Request", 400)
	}
}
Example #12
0
func userPost(w http.ResponseWriter, r *http.Request) {
	err := r.ParseForm()
	errors.CheckHttpErr(err != nil, "Internal Error", 500)
	// TODO generate ids manually instead of sql auto_increment
	// TODO role assigned by server, not request
	form := r.PostForm
	// TODO ensure all params are there
	// TODO validation of email, password, role
	// TODO confirm admin permissions
	// TODO better error handling

	hashedPassword, err := bcrypt.GenerateFromPassword([]byte(form["password"][0]), bcrypt.DefaultCost)
	errors.CheckHttpErr(err != nil, "Internal Error", 500)

	name := form["name"][0]
	email := form["email"][0]
	password := string(hashedPassword)

	usrStr := []string{name, email, password}
	usrVals := make([]interface{}, len(usrStr))
	for i, s := range usrStr {
		usrVals[i] = s
	}

	query, args, err := sq.Insert("user").
		Columns([]string{"name", "email", "password"}...).
		Values(usrVals...).
		ToSql()
	errors.CheckHttpErr(err != nil, "Internal Error", 500)

	_, err = db.DB.Exec(query, args...)
	if mysqlError, ok := err.(*mysql.MySQLError); ok {
		errors.CheckHttpErr(mysqlError.Number == 1062, "User Already Exists", 409)
	}
	errors.CheckHttpErr(err != nil, "Internal Error", 500)

	w.Write([]byte("User created.\n"))
}
func OrganizationHandler(w http.ResponseWriter, r *http.Request) {
	defer errors.RecoverHttpErr(w)

	err := store.CheckAuth(r)
	errors.CheckHttpErr(err != nil, "Unauthorized", 401)

	switch r.Method {
	case "GET":
		organizationGet(w, r)
	case "POST":
		organizationPost(w, r)
	case "PUT":
		organizationPut(w, r)
	case "DELETE":
		organizationDelete(w, r)
	default:
		http.Error(w, "Bad Request", 400)
	}
}
Example #14
0
func userPut(w http.ResponseWriter, r *http.Request) {
	user_id := mux.Vars(r)["id"]
	err := r.ParseForm()
	errors.CheckHttpErr(err != nil, "Internal Error", 500)
	form := r.PostForm

	errors.CheckHttpErr(len(form) == 0, "Bad Request. Body must not be empty.", 400)

	// TODO validation of form (send email for confirmation) (have whitelist of params to accept)
	// TODO confirm admin permissions
	// TODO better error handling

	hashedPassword, err := bcrypt.GenerateFromPassword([]byte(form["password"][0]), bcrypt.DefaultCost)
	errors.CheckHttpErr(err != nil, "Internal Error", 500)

	name := form["name"][0]
	email := form["email"][0]
	password := string(hashedPassword)

	query, args, err := sq.Update("user").
		Set("name", name).
		Set("email", email).
		Set("password", password).
		Where(sq.Eq{"user_id": user_id}).
		ToSql()
	errors.CheckHttpErr(err != nil, "Internal Error", 500)

	result, err := db.DB.Exec(query, args...)
	// TODO update session ?
	if mysqlError, ok := err.(*mysql.MySQLError); ok {
		errors.CheckHttpErr(mysqlError.Number == 1062, "Email Already Exists", 409)
	}
	errors.CheckHttpErr(err != nil, "Internal Error", 500)

	affected, err := result.RowsAffected()
	errors.CheckHttpErr(affected == 0, "Request failed. User may not exist, or request had no updates.", 404)
	errors.CheckHttpErr(err != nil, "Internal Error", 500)

	w.Write([]byte("User updated.\n"))
}
Example #15
0
func loginPost(w http.ResponseWriter, r *http.Request) {
	err := r.ParseForm()
	errors.CheckHttpErr(err != nil, "Internal Error", 500)
	form := r.PostForm

	// TODO validate!!
	email := form["email"][0]
	formPassword := form["password"][0]

	query, args, err := sq.Select("user_id", "password").
		From("user").
		Where(sq.Eq{"email": email}).
		ToSql()
	errors.CheckHttpErr(err != nil, "Internal Error", 500)

	var user model.User

	err = db.DB.Get(&user, query, args...)
	errors.CheckHttpErr(err == sql.ErrNoRows, "User not found.", 404)
	errors.CheckHttpErr(err != nil, "Internal Error", 500)

	err = bcrypt.CompareHashAndPassword([]byte(user.Password), []byte(formPassword))

	if err == nil {
		session, err := store.Store.Get(r, store.SessionName)
		errors.CheckHttpErr(err != nil, "Internal Error", 500)

		if session.IsNew {
			session.Values["id"] = user.Id
			err = session.Save(r, w)
			errors.CheckHttpErr(err != nil, "Internal Error", 500)
			w.Write([]byte("login sucessful"))
		} else {
			w.Write([]byte("already logged in"))
		}
	} else {
		w.Write([]byte("login failed"))
	}
}