Exemple #1
0
func getDevices(w http.ResponseWriter, r *twocloud.RequestBundle) {
	username := r.Request.URL.Query().Get(":username")
	user := r.AuthUser
	if strings.ToLower(username) != strings.ToLower(r.AuthUser.Username) {
		if !r.AuthUser.IsAdmin {
			Respond(w, r, http.StatusUnauthorized, "You don't have access to that user's devices.", []interface{}{})
			return
		}
		id, err := r.GetUserID(username)
		if err != nil {
			r.Log.Error(err.Error())
			Respond(w, r, http.StatusInternalServerError, "Internal server error", []interface{}{})
			return
		}
		user, err = r.GetUser(id)
		if err != nil {
			r.Log.Error(err.Error())
			Respond(w, r, http.StatusInternalServerError, "Internal server error", []interface{}{})
			return
		}
	}
	devices, err := r.GetDevicesByUser(user)
	if err != nil {
		r.Log.Error(err.Error())
		Respond(w, r, http.StatusInternalServerError, "Internal server error", []interface{}{})
		return
	}
	Respond(w, r, http.StatusOK, "Successfully retrieved a list of devices", []interface{}{devices})
	return
}
Exemple #2
0
func resetSecret(w http.ResponseWriter, r *twocloud.RequestBundle) {
	user := r.AuthUser
	username := r.Request.URL.Query().Get(":username")
	if strings.ToLower(username) != strings.ToLower(r.AuthUser.Username) {
		if !r.AuthUser.IsAdmin {
			Respond(w, r, http.StatusForbidden, "You don't have access to that user's account.", []interface{}{})
			return
		}
		id, err := r.GetUserID(username)
		if err != nil {
			r.Log.Error(err.Error())
			Respond(w, r, http.StatusInternalServerError, "Internal server error.", []interface{}{})
			return
		}
		user, err = r.GetUser(id)
		if err != nil {
			r.Log.Error(err.Error())
			Respond(w, r, http.StatusInternalServerError, "Internal server error.", []interface{}{})
			return
		}
	}
	resp, err := r.ResetSecret(user)
	if err != nil {
		r.Log.Error(err.Error())
		Respond(w, r, http.StatusInternalServerError, "Internal server error.", []interface{}{})
		return
	}
	Respond(w, r, http.StatusOK, "Successfully reset secret", []interface{}{resp})
	return
}
Exemple #3
0
func newDevice(w http.ResponseWriter, r *twocloud.RequestBundle) {
	username := r.Request.URL.Query().Get(":username")
	user := r.AuthUser
	if strings.ToLower(username) != strings.ToLower(r.AuthUser.Username) {
		if !r.AuthUser.IsAdmin {
			Respond(w, r, http.StatusUnauthorized, "You don't have access to that user's devices.", []interface{}{})
			return
		}
		id, err := r.GetUserID(username)
		if err != nil {
			r.Log.Error(err.Error())
			Respond(w, r, http.StatusInternalServerError, "Internal server error", []interface{}{})
			return
		}
		user, err = r.GetUser(id)
		if err != nil {
			r.Log.Error(err.Error())
			Respond(w, r, http.StatusInternalServerError, "Internal server error", []interface{}{})
			return
		}
	}
	var req twocloud.Device
	body, err := ioutil.ReadAll(r.Request.Body)
	if err != nil {
		r.Log.Error(err.Error())
		Respond(w, r, http.StatusInternalServerError, "Internal server error.", []interface{}{})
		return
	}
	err = json.Unmarshal(body, &req)
	if err != nil {
		r.Log.Error(err.Error())
		Respond(w, r, http.StatusBadRequest, "Error decoding request.", []interface{}{})
		return
	}
	if req.Name == "" {
		Respond(w, r, http.StatusBadRequest, "Name must be specified.", []interface{}{})
		return
	}
	req.ClientType = strings.ToLower(req.ClientType)
	if !req.ValidClientType() {
		Respond(w, r, http.StatusBadRequest, "Invalid client type.", []interface{}{})
		return
	}
	gcm_key := ""
	if req.Pushers != nil && req.Pushers.GCM != nil {
		gcm_key = req.Pushers.GCM.Key
	}
	device, err := r.AddDevice(req.Name, req.ClientType, r.Request.RemoteAddr, gcm_key, user)
	if err != nil {
		Respond(w, r, http.StatusInternalServerError, "Internal server error.", []interface{}{})
		return
	}
	Respond(w, r, http.StatusCreated, "Successfully created a device", []interface{}{device})
	return
}
Exemple #4
0
func deleteLink(w http.ResponseWriter, r *twocloud.RequestBundle) {
	username := r.Request.URL.Query().Get(":username")
	user := r.AuthUser
	if strings.ToLower(username) != strings.ToLower(r.AuthUser.Username) {
		if !r.AuthUser.IsAdmin {
			Respond(w, r, http.StatusUnauthorized, "You don't have access to that user's links.", []interface{}{})
			return
		}
		id, err := r.GetUserID(username)
		if err != nil {
			r.Log.Error(err.Error())
			Respond(w, r, http.StatusInternalServerError, "Internal server error", []interface{}{})
			return
		}
		user, err = r.GetUser(id)
		if err != nil {
			r.Log.Error(err.Error())
			Respond(w, r, http.StatusInternalServerError, "Internal server error", []interface{}{})
			return
		}
	}
	deviceID, err := strconv.ParseUint(r.Request.URL.Query().Get(":device"), 10, 64)
	if err != nil {
		r.Log.Error(err.Error())
		Respond(w, r, http.StatusBadRequest, "Invalid device ID", []interface{}{})
		return
	}
	device, err := r.GetDevice(deviceID)
	if err != nil {
		r.Log.Error(err.Error())
		Respond(w, r, http.StatusInternalServerError, "Internal server error", []interface{}{})
		return
	}
	if device.UserID != user.ID {
		Respond(w, r, http.StatusBadRequest, "That device ID does not belong to that user.", []interface{}{})
		return
	}
	linkID, err := strconv.ParseUint(r.Request.URL.Query().Get(":link"), 10, 64)
	if err != nil {
		Respond(w, r, http.StatusBadRequest, "Invalid link ID", []interface{}{})
		return
	}
	link, err := r.GetLink(linkID)
	if err != nil {
		Respond(w, r, http.StatusInternalServerError, "Internal server error", []interface{}{})
		return
	}
	err = r.DeleteLink(link)
	if err != nil {
		Respond(w, r, http.StatusInternalServerError, "Internal server error", []interface{}{})
		return
	}
	Respond(w, r, http.StatusOK, "Successfully deleted the link", []interface{}{link})
	return
}
Exemple #5
0
func deleteNotification(w http.ResponseWriter, r *twocloud.RequestBundle) {
	username := r.Request.URL.Query().Get(":username")
	user := r.AuthUser
	if strings.ToLower(username) != strings.ToLower(r.AuthUser.Username) {
		if !r.AuthUser.IsAdmin {
			Respond(w, r, http.StatusUnauthorized, "You don't have access to that user's notifications.", []interface{}{})
			return
		}
		id, err := r.GetUserID(username)
		if err != nil {
			r.Log.Error(err.Error())
			Respond(w, r, http.StatusInternalServerError, "Internal server error", []interface{}{})
			return
		}
		user, err = r.GetUser(id)
		if err != nil {
			r.Log.Error(err.Error())
			Respond(w, r, http.StatusInternalServerError, "Internal server error", []interface{}{})
			return
		}
	}
	notificationID, err := strconv.ParseUint(r.Request.URL.Query().Get(":notification"), 10, 64)
	if err != nil {
		Respond(w, r, http.StatusBadRequest, "Invalid notification ID", []interface{}{})
		return
	}
	notification, err := r.GetNotification(notificationID)
	if err != nil {
		Respond(w, r, http.StatusInternalServerError, "Internal server error", []interface{}{})
		return
	}
	if notification.DestinationType == "user" && notification.Destination != user.ID {
		Respond(w, r, http.StatusBadRequest, "That notification doesn't belong to that user.", []interface{}{})
		return
	} else if notification.DestinationType == "device" {
		device, err := r.GetDevice(notification.Destination)
		if err != nil {
			Respond(w, r, http.StatusInternalServerError, "Internal server error", []interface{}{})
			return
		}
		if device.UserID != user.ID {
			Respond(w, r, http.StatusBadRequest, "That notification does not belong to that user.", []interface{}{})
			return
		}
	}
	err = r.DeleteNotification(notification)
	if err != nil {
		Respond(w, r, http.StatusInternalServerError, "Internal server error", []interface{}{})
		return
	}
	Respond(w, r, http.StatusOK, "Successfully deleted the notification", []interface{}{notification})
	return
}
Exemple #6
0
func verifyEmail(w http.ResponseWriter, r *twocloud.RequestBundle) {
	var req verifyEmailRequest
	user := r.AuthUser
	username := r.Request.URL.Query().Get(":username")
	if strings.ToLower(username) != strings.ToLower(r.AuthUser.Username) {
		if !r.AuthUser.IsAdmin {
			Respond(w, r, http.StatusForbidden, "You don't have access to that user's account.", []interface{}{})
			return
		}
		id, err := r.GetUserID(username)
		if err != nil {
			r.Log.Error(err.Error())
			Respond(w, r, http.StatusInternalServerError, "Internal server error.", []interface{}{})
			return
		}
		user, err = r.GetUser(id)
		if err != nil {
			r.Log.Error(err.Error())
			Respond(w, r, http.StatusInternalServerError, "Internal server error.", []interface{}{})
			return
		}
	}
	body, err := ioutil.ReadAll(r.Request.Body)
	if err != nil {
		r.Log.Error(err.Error())
		Respond(w, r, http.StatusInternalServerError, "Internal server error.", []interface{}{})
		return
	}
	err = json.Unmarshal(body, &req)
	if err != nil {
		r.Log.Error(err.Error())
		Respond(w, r, http.StatusBadRequest, "Error decoding request.", []interface{}{})
		return
	}
	if req.Code == "" {
		Respond(w, r, http.StatusBadRequest, "Code must be set.", []interface{}{})
		return
	}
	err = r.VerifyEmail(user, req.Code)
	if err == twocloud.InvalidConfirmationCodeError {
		Respond(w, r, http.StatusBadRequest, "Invalid confirmation code.", []interface{}{})
		return
	} else if err != nil {
		r.Log.Error(err.Error())
		Respond(w, r, http.StatusInternalServerError, "Internal server error.", []interface{}{})
		return
	}
	user.EmailUnconfirmed = false
	Respond(w, r, http.StatusOK, "Successfully verified email address", []interface{}{user})
	return
}
Exemple #7
0
func getUser(w http.ResponseWriter, r *twocloud.RequestBundle) {
	username := r.Request.URL.Query().Get(":username")
	includeSub := r.Request.URL.Query().Get("include_subscription") == "1"
	if username == "" {
		Respond(w, r, http.StatusNotFound, "User not found.", []interface{}{})
		return
	}
	if strings.ToLower(username) == strings.ToLower(r.AuthUser.Username) {
		user := r.AuthUser
		user.Subscription = nil
		elems := []interface{}{user}
		if includeSub {
			elems = append(elems, r.AuthUser.Subscription)
		}
		setLastModified(w, user.LastActive)
		Respond(w, r, http.StatusOK, "Successfully retrieved user information", elems)
		return
	}
	if !r.AuthUser.IsAdmin {
		Respond(w, r, http.StatusForbidden, "You don't have access to that user's account.", []interface{}{})
		return
	}
	id, err := r.GetUserID(username)
	if err != nil {
		r.Log.Error(err.Error())
		Respond(w, r, http.StatusInternalServerError, "Internal server error.", []interface{}{})
		return
	}
	user, err := r.GetUser(id)
	if err != nil {
		r.Log.Error(err.Error())
		Respond(w, r, http.StatusInternalServerError, "Internal server error.", []interface{}{})
		return
	}
	sub := user.Subscription
	user.Subscription = nil
	elems := []interface{}{user}
	if includeSub {
		elems = append(elems, sub)
	}
	setLastModified(w, user.LastActive)
	Respond(w, r, http.StatusOK, "Successfully retrieved user information", []interface{}{user})
	return
}
Exemple #8
0
func getDevice(w http.ResponseWriter, r *twocloud.RequestBundle) {
	username := r.Request.URL.Query().Get(":username")
	user := r.AuthUser
	if strings.ToLower(username) != strings.ToLower(r.AuthUser.Username) {
		if !r.AuthUser.IsAdmin {
			Respond(w, r, http.StatusUnauthorized, "You don't have access to that user's devices.", []interface{}{})
			return
		}
		id, err := r.GetUserID(username)
		if err != nil {
			r.Log.Error(err.Error())
			Respond(w, r, http.StatusInternalServerError, "Internal server error", []interface{}{})
			return
		}
		user, err = r.GetUser(id)
		if err != nil {
			r.Log.Error(err.Error())
			Respond(w, r, http.StatusInternalServerError, "Internal server error", []interface{}{})
			return
		}
	}
	id, err := strconv.ParseUint(r.Request.URL.Query().Get(":device"), 10, 64)
	if err != nil {
		r.Log.Error(err.Error())
		Respond(w, r, http.StatusInternalServerError, "Internal server error", []interface{}{})
		return
	}
	device, err := r.GetDevice(id)
	if err != nil {
		r.Log.Error(err.Error())
		Respond(w, r, http.StatusInternalServerError, "Internal server error", []interface{}{})
		return
	}
	if device.UserID != user.ID {
		Respond(w, r, http.StatusBadRequest, "That device ID does not belong to that user.", []interface{}{})
		return
	}
	Respond(w, r, http.StatusOK, "Successfully retrieved device information", []interface{}{device})
	return
}
Exemple #9
0
func updateDevice(w http.ResponseWriter, r *twocloud.RequestBundle) {
	username := r.Request.URL.Query().Get(":username")
	deviceId := r.Request.URL.Query().Get(":device")
	user := r.AuthUser
	if strings.ToLower(username) != strings.ToLower(r.AuthUser.Username) {
		if !r.AuthUser.IsAdmin {
			Respond(w, r, http.StatusUnauthorized, "You don't have access to that user's devices.", []interface{}{})
			return
		}
		id, err := r.GetUserID(username)
		if err != nil {
			r.Log.Error(err.Error())
			Respond(w, r, http.StatusInternalServerError, "Internal server error", []interface{}{})
			return
		}
		user, err = r.GetUser(id)
		if err != nil {
			r.Log.Error(err.Error())
			Respond(w, r, http.StatusInternalServerError, "Internal server error", []interface{}{})
			return
		}
	}
	devID, err := strconv.ParseUint(deviceId, 10, 64)
	if err != nil {
		Respond(w, r, http.StatusBadRequest, "Invalid device ID", []interface{}{})
		return
	}
	device := r.Device
	if device.ID != devID {
		device, err = r.GetDevice(devID)
		if err != nil {
			r.Log.Error(err.Error())
			Respond(w, r, http.StatusInternalServerError, "Internal server error", []interface{}{})
			return
		}
	}
	if device.UserID != user.ID {
		Respond(w, r, http.StatusBadRequest, "The specified device does not belong to the specified user", []interface{}{})
		return
	}
	var req twocloud.Device
	body, err := ioutil.ReadAll(r.Request.Body)
	if err != nil {
		r.Log.Error(err.Error())
		Respond(w, r, http.StatusInternalServerError, "Internal server error.", []interface{}{})
		return
	}
	err = json.Unmarshal(body, &req)
	if err != nil {
		r.Log.Error(err.Error())
		Respond(w, r, http.StatusBadRequest, "Error decoding request.", []interface{}{})
		return
	}
	req.ClientType = strings.ToLower(req.ClientType)
	gcm_key := ""
	if req.Pushers != nil && req.Pushers.GCM != nil {
		gcm_key = req.Pushers.GCM.Key
	}
	device, err = r.UpdateDevice(device, req.Name, req.ClientType, gcm_key)
	if err != nil {
		Respond(w, r, http.StatusInternalServerError, "Internal server error.", []interface{}{})
		return
	}
	Respond(w, r, http.StatusCreated, "Successfully updated the device", []interface{}{device})
	return
}
Exemple #10
0
func updateLink(w http.ResponseWriter, r *twocloud.RequestBundle) {
	username := r.Request.URL.Query().Get(":username")
	user := r.AuthUser
	if strings.ToLower(username) != strings.ToLower(r.AuthUser.Username) {
		if !r.AuthUser.IsAdmin {
			Respond(w, r, http.StatusUnauthorized, "You don't have access to that user's links.", []interface{}{})
			return
		}
		id, err := r.GetUserID(username)
		if err != nil {
			r.Log.Error(err.Error())
			Respond(w, r, http.StatusInternalServerError, "Internal server error", []interface{}{})
			return
		}
		user, err = r.GetUser(id)
		if err != nil {
			r.Log.Error(err.Error())
			Respond(w, r, http.StatusInternalServerError, "Internal server error", []interface{}{})
			return
		}
	}
	deviceID, err := strconv.ParseUint(r.Request.URL.Query().Get(":device"), 10, 64)
	if err != nil {
		r.Log.Error(err.Error())
		Respond(w, r, http.StatusBadRequest, "Invalid device ID", []interface{}{})
		return
	}
	device, err := r.GetDevice(deviceID)
	if err != nil {
		r.Log.Error(err.Error())
		Respond(w, r, http.StatusInternalServerError, "Internal server error", []interface{}{})
		return
	}
	if device.UserID != user.ID {
		Respond(w, r, http.StatusBadRequest, "That device ID does not belong to that user.", []interface{}{})
		return
	}
	linkID, err := strconv.ParseUint(r.Request.URL.Query().Get(":link"), 10, 64)
	if err != nil {
		Respond(w, r, http.StatusBadRequest, "Invalid link ID", []interface{}{})
		return
	}
	link, err := r.GetLink(linkID)
	if err != nil {
		Respond(w, r, http.StatusInternalServerError, "Internal server error", []interface{}{})
		return
	}
	var req twocloud.Link
	body, err := ioutil.ReadAll(r.Request.Body)
	if err != nil {
		r.Log.Error(err.Error())
		Respond(w, r, http.StatusInternalServerError, "Internal server error.", []interface{}{})
		return
	}
	err = json.Unmarshal(body, &req)
	if err != nil {
		r.Log.Error(err.Error())
		Respond(w, r, http.StatusBadRequest, "Error decoding request.", []interface{}{})
		return
	}
	if req.URL != nil {
		Respond(w, r, http.StatusBadRequest, "URL cannot be modified.", []interface{}{})
		return
	}
	unread := link.Unread
	comment := link.Comment
	if device.ID == link.Sender.ID {
		comment = req.Comment
	} else if device.ID == link.Receiver.ID {
		unread = req.Unread
	}
	link, err = r.UpdateLink(link, unread, comment)
	if err != nil {
		Respond(w, r, http.StatusInternalServerError, "Internal server error", []interface{}{})
		return
	}
	Respond(w, r, http.StatusOK, "Successfully retrieved link information", []interface{}{link})
	return
}
Exemple #11
0
func getLinks(w http.ResponseWriter, r *twocloud.RequestBundle) {
	username := r.Request.URL.Query().Get(":username")
	user := r.AuthUser
	role := r.Request.URL.Query().Get("role")
	roleFlag := twocloud.RoleEither
	if role == "sender" {
		roleFlag = twocloud.RoleSender
	} else if role == "receiver" {
		roleFlag = twocloud.RoleReceiver
	}
	var after, before uint64
	var err error
	afterstr := r.Request.URL.Query().Get("after")
	if afterstr != "" {
		after, err = strconv.ParseUint(afterstr, 10, 64)
		if err != nil {
			Respond(w, r, http.StatusBadRequest, "Invalid after ID.", []interface{}{})
			return
		}
	}
	beforestr := r.Request.URL.Query().Get("before")
	if beforestr != "" {
		before, err = strconv.ParseUint(beforestr, 10, 64)
		if err != nil {
			Respond(w, r, http.StatusBadRequest, "Invalid before ID.", []interface{}{})
			return
		}
	}
	count := 20
	countstr := r.Request.URL.Query().Get("count")
	if countstr != "" {
		newcount, err := strconv.Atoi(countstr)
		if err != nil {
			Respond(w, r, http.StatusBadRequest, "Invalid count.", []interface{}{})
			return
		}
		if newcount > 0 && newcount <= 100 {
			count = newcount
		}
	}
	var links []twocloud.Link
	if strings.ToLower(username) != strings.ToLower(r.AuthUser.Username) {
		if !r.AuthUser.IsAdmin {
			Respond(w, r, http.StatusUnauthorized, "You don't have access to that user's links.", []interface{}{})
			return
		}
		id, err := r.GetUserID(username)
		if err != nil {
			r.Log.Error(err.Error())
			Respond(w, r, http.StatusInternalServerError, "Internal server error", []interface{}{})
			return
		}
		user, err = r.GetUser(id)
		if err != nil {
			r.Log.Error(err.Error())
			Respond(w, r, http.StatusInternalServerError, "Internal server error", []interface{}{})
			return
		}
	}
	deviceID := r.Request.URL.Query().Get(":device")
	if deviceID != "" {
		id, err := strconv.ParseUint(r.Request.URL.Query().Get(":device"), 10, 64)
		if err != nil {
			r.Log.Error(err.Error())
			Respond(w, r, http.StatusInternalServerError, "Internal server error", []interface{}{})
			return
		}
		device, err := r.GetDevice(id)
		if err != nil {
			r.Log.Error(err.Error())
			Respond(w, r, http.StatusInternalServerError, "Internal server error", []interface{}{})
			return
		}
		if device.UserID != user.ID {
			Respond(w, r, http.StatusBadRequest, "That device ID does not belong to that user.", []interface{}{})
			return
		}
		links, err = r.GetLinksByDevice(device, roleFlag, before, after, count)
		if err != nil {
			r.Log.Error(err.Error())
			Respond(w, r, http.StatusInternalServerError, "Internal server error", []interface{}{})
			return
		}
	} else {
		links, err = r.GetLinksByUser(user, roleFlag, before, after, count)
		if err != nil {
			r.Log.Error(err.Error())
			Respond(w, r, http.StatusInternalServerError, "Internal server error", []interface{}{})
			return
		}
	}
	Respond(w, r, http.StatusOK, "Successfully retrieved a list of links", []interface{}{links})
	return
}
Exemple #12
0
func sendLinks(w http.ResponseWriter, r *twocloud.RequestBundle) {
	username := r.Request.URL.Query().Get(":username")
	user := r.AuthUser
	if strings.ToLower(username) != strings.ToLower(r.AuthUser.Username) {
		if !r.AuthUser.IsAdmin {
			Respond(w, r, http.StatusUnauthorized, "You don't have access to that user's links.", []interface{}{})
			return
		}
		id, err := r.GetUserID(username)
		if err != nil {
			r.Log.Error(err.Error())
			Respond(w, r, http.StatusInternalServerError, "Internal server error", []interface{}{})
			return
		}
		user, err = r.GetUser(id)
		if err != nil {
			r.Log.Error(err.Error())
			Respond(w, r, http.StatusInternalServerError, "Internal server error", []interface{}{})
			return
		}
	}
	deviceID, err := strconv.ParseUint(r.Request.URL.Query().Get(":device"), 10, 64)
	if err != nil {
		r.Log.Error(err.Error())
		Respond(w, r, http.StatusBadRequest, "Invalid device ID", []interface{}{})
		return
	}
	device, err := r.GetDevice(deviceID)
	if err != nil {
		r.Log.Error(err.Error())
		Respond(w, r, http.StatusInternalServerError, "Internal server error", []interface{}{})
		return
	}
	if device.UserID != user.ID {
		Respond(w, r, http.StatusBadRequest, "That device ID does not belong to that user.", []interface{}{})
		return
	}
	var req LinksReq
	body, err := ioutil.ReadAll(r.Request.Body)
	if err != nil {
		r.Log.Error(err.Error())
		Respond(w, r, http.StatusInternalServerError, "Internal server error.", []interface{}{})
		return
	}
	err = json.Unmarshal(body, &req)
	if err != nil {
		r.Log.Error(err.Error())
		Respond(w, r, http.StatusBadRequest, "Error decoding request.", []interface{}{})
		return
	}
	links := []twocloud.Link{}
	for _, link := range req.Links {
		if link.URL == nil || link.URL.Address == "" {
			Respond(w, r, http.StatusBadRequest, "The address field must be specified.", []interface{}{})
			return
		}
		link.Sender = r.Device
		link.Receiver = device
		link.Unread = true
		links = append(links, link)
	}
	links, err = r.AddLinks(links)
	if err != nil {
		r.Log.Error(err.Error())
		Respond(w, r, http.StatusInternalServerError, "Internal server error.", []interface{}{})
	}
	Respond(w, r, http.StatusCreated, "Successfully created links", []interface{}{links})
	return
}
Exemple #13
0
func markNotificationRead(w http.ResponseWriter, r *twocloud.RequestBundle) {
	username := r.Request.URL.Query().Get(":username")
	user := r.AuthUser
	var err error
	if strings.ToLower(username) != strings.ToLower(r.AuthUser.Username) {
		if !r.AuthUser.IsAdmin {
			Respond(w, r, http.StatusUnauthorized, "You don't have access to that user's notifications.", []interface{}{})
			return
		}
		id, err := r.GetUserID(username)
		if err != nil {
			r.Log.Error(err.Error())
			Respond(w, r, http.StatusInternalServerError, "Internal server error", []interface{}{})
			return
		}
		user, err = r.GetUser(id)
		if err != nil {
			r.Log.Error(err.Error())
			Respond(w, r, http.StatusInternalServerError, "Internal server error", []interface{}{})
			return
		}
	}
	notificationID, err := strconv.ParseUint(r.Request.URL.Query().Get(":notification"), 10, 64)
	if err != nil {
		Respond(w, r, http.StatusBadRequest, "Invalid notification ID", []interface{}{})
		return
	}
	notification, err := r.GetNotification(notificationID)
	if err != nil {
		Respond(w, r, http.StatusInternalServerError, "Internal server error", []interface{}{})
		return
	}
	if notification.DestinationType == "user" && notification.Destination != user.ID {
		Respond(w, r, http.StatusBadRequest, "That notification doesn't belong to that user.", []interface{}{})
		return
	} else if notification.DestinationType == "device" {
		device, err := r.GetDevice(notification.Destination)
		if err != nil {
			Respond(w, r, http.StatusInternalServerError, "Internal server error", []interface{}{})
			return
		}
		if device.UserID != user.ID {
			Respond(w, r, http.StatusBadRequest, "That notification does not belong to that user.", []interface{}{})
			return
		}
	}
	var req twocloud.Notification
	body, err := ioutil.ReadAll(r.Request.Body)
	if err != nil {
		r.Log.Error(err.Error())
		Respond(w, r, http.StatusInternalServerError, "Internal server error.", []interface{}{})
		return
	}
	err = json.Unmarshal(body, &req)
	if err != nil {
		r.Log.Error(err.Error())
		Respond(w, r, http.StatusBadRequest, "Error decoding request.", []interface{}{})
		return
	}
	if req.Unread {
		Respond(w, r, http.StatusBadRequest, "Unread cannot be true.", []interface{}{})
		return
	}
	notification.Unread = req.Unread
	notification, err = r.MarkNotificationRead(notification)
	if err != nil {
		Respond(w, r, http.StatusInternalServerError, "Internal server error", []interface{}{})
		return
	}
	Respond(w, r, http.StatusOK, "Successfully updated the notification", []interface{}{notification})
	return
}
Exemple #14
0
func sendNotification(w http.ResponseWriter, r *twocloud.RequestBundle) {
	if !r.AuthUser.IsAdmin {
		Respond(w, r, http.StatusForbidden, "You don't have permission to send notifications.", []interface{}{})
		return
	}
	var req notificationReq
	body, err := ioutil.ReadAll(r.Request.Body)
	if err != nil {
		r.Log.Error(err.Error())
		Respond(w, r, http.StatusInternalServerError, "Internal server error.", []interface{}{})
		return
	}
	err = json.Unmarshal(body, &req)
	if err != nil {
		r.Log.Error(err.Error())
		Respond(w, r, http.StatusBadRequest, "Error decoding request.", []interface{}{})
		return
	}
	username := r.Request.URL.Query().Get(":username")
	if username != "" {
		deviceIDstr := r.Request.URL.Query().Get(":device")
		if deviceIDstr != "" {
			deviceID, err := strconv.ParseUint(deviceIDstr, 10, 64)
			if err != nil {
				r.Log.Error(err.Error())
				Respond(w, r, http.StatusBadRequest, "Invalid device ID", []interface{}{})
				return
			}
			device, err := r.GetDevice(deviceID)
			if err != nil {
				r.Log.Error(err.Error())
				Respond(w, r, http.StatusInternalServerError, "Internal server error", []interface{}{})
				return
			}
			notifications, err := r.SendNotificationsToDevice(device, req.Notifications)
			if err != nil {
				r.Log.Error(err.Error())
				Respond(w, r, http.StatusInternalServerError, "Internal server error", []interface{}{})
				return
			}
			Respond(w, r, http.StatusCreated, "Successfully created notifications", []interface{}{notifications})
			return
		}
		id, err := r.GetUserID(username)
		if err != nil {
			r.Log.Error(err.Error())
			Respond(w, r, http.StatusInternalServerError, "Internal server error", []interface{}{})
			return
		}
		user, err := r.GetUser(id)
		if err != nil {
			r.Log.Error(err.Error())
			Respond(w, r, http.StatusInternalServerError, "Internal server error", []interface{}{})
			return
		}
		notifications, err := r.SendNotificationsToUser(user, req.Notifications)
		if err != nil {
			r.Log.Error(err.Error())
			Respond(w, r, http.StatusInternalServerError, "Internal server error", []interface{}{})
			return
		}
		Respond(w, r, http.StatusCreated, "Successfully created notifications", []interface{}{notifications})
		return
	}
	notifications, err := r.BroadcastNotifications(req.Notifications, req.Filter)
	if err == twocloud.InvalidBroadcastFilter {
		Respond(w, r, http.StatusBadRequest, err.Error(), []interface{}{})
		return
	} else if err != nil {
		r.Log.Error(err.Error())
		Respond(w, r, http.StatusInternalServerError, "Internal server error", []interface{}{})
		return
	}
	Respond(w, r, http.StatusCreated, "Successfully created notifications", []interface{}{notifications})
	return
}
Exemple #15
0
func updateUser(w http.ResponseWriter, r *twocloud.RequestBundle) {
	var req modifyUserRequest
	user := r.AuthUser
	username := r.Request.URL.Query().Get(":username")
	if strings.ToLower(username) != strings.ToLower(r.AuthUser.Username) {
		if !r.AuthUser.IsAdmin {
			Respond(w, r, http.StatusForbidden, "You don't have access to that user's account.", []interface{}{})
			return
		}
		id, err := r.GetUserID(username)
		if err != nil {
			r.Log.Error(err.Error())
			Respond(w, r, http.StatusInternalServerError, "Internal server error.", []interface{}{})
			return
		}
		user, err = r.GetUser(id)
		if err != nil {
			r.Log.Error(err.Error())
			Respond(w, r, http.StatusInternalServerError, "Internal server error.", []interface{}{})
			return
		}
	}
	body, err := ioutil.ReadAll(r.Request.Body)
	if err != nil {
		r.Log.Error(err.Error())
		Respond(w, r, http.StatusInternalServerError, "Internal server error.", []interface{}{})
		return
	}
	err = json.Unmarshal(body, &req)
	if err != nil {
		r.Log.Error(err.Error())
		Respond(w, r, http.StatusBadRequest, "Error decoding request.", []interface{}{})
		return
	}
	email := user.Email
	given_name := user.Name.Given
	family_name := user.Name.Family
	name_changed := false
	admin := false
	for _, field := range req.Fields {
		switch field {
		case "email":
			if req.User.Email == "" {
				Respond(w, r, http.StatusBadRequest, "Email cannot be empty.", []interface{}{})
				return
			}
			email = req.User.Email
			break
		case "name.given":
			given_name = req.User.Name.Given
			name_changed = true
			break
		case "name.family":
			family_name = req.User.Name.Family
			name_changed = true
			break
		case "admin":
			if !r.AuthUser.IsAdmin {
				Respond(w, r, http.StatusForbidden, "You don't have the ability to grant or revoke admin status.", []interface{}{})
				return
			}
			admin = true
			break
		}
	}
	err = r.UpdateUser(user, email, given_name, family_name, name_changed)
	if err != nil {
		r.Log.Error(err.Error())
		Respond(w, r, http.StatusInternalServerError, "Internal server error.", []interface{}{})
		return
	}
	user.Email = email
	if name_changed {
		user.Name.Given = given_name
		user.Name.Family = family_name
	}
	if admin {
		if req.User.IsAdmin && !user.IsAdmin {
			err = r.MakeAdmin(user)
			if err != nil {
				r.Log.Error(err.Error())
				Respond(w, r, http.StatusInternalServerError, "Internal server error.", []interface{}{})
				return
			}
			user.IsAdmin = true
		} else if !req.User.IsAdmin && user.IsAdmin {
			err = r.StripAdmin(user)
			if err != nil {
				r.Log.Error(err.Error())
				Respond(w, r, http.StatusInternalServerError, "Internal server error.", []interface{}{})
				return
			}
			user.IsAdmin = false
		}
	}
	Respond(w, r, http.StatusOK, "Successfully updated the user account", []interface{}{user})
	return
}