func GetUser(w http.ResponseWriter, r *http.Request) {
userIDStr := r.FormValue("userID")
if userIDStr == "me" {
response.OK(w, store.CurrentUser(r))
return
}
var parser store.Parser
userID := parser.Int(userIDStr)
if parser.Err != nil {
response.ClientError(w, http.StatusBadRequest)
return
}
user := context.Get(r, "user").(store.User)
otherUser, err := store.GetUserWithParams(userID, store.GetUserParams{user.ID()})
if err != nil {
response.ServerError(w, err)
return
}
if otherUser == nil {
response.ClientError(w, http.StatusNotFound)
return
}
response.OK(w, otherUser)
}
// middleware that restricts access to users only
func apiMiddleware(w http.ResponseWriter, r *http.Request, next http.HandlerFunc) {
user := store.CurrentUser(r)
if user != nil && user.Exists() {
context.Set(r, "user", user)
next(w, r)
} else {
response.ClientError(w, http.StatusForbidden)
}
}
//
// /login
//
func login(w http.ResponseWriter, r *http.Request) {
switch r.Method {
case "POST":
Login(w, r)
case "GET":
response.OK(w, store.CurrentUser(r))
default:
response.ClientError(w, http.StatusMethodNotAllowed)
}
}
func loginSuccess(w http.ResponseWriter, r *http.Request, email string) {
session.Set(w, r, email)
user := store.CurrentUser(r)
if !user.Exists() {
response.ClientError(w, http.StatusForbidden)
return
}
response.OK(w, user)
}