Exemple #1
0
func GetUser(w http.ResponseWriter, r *http.Request) {
	userIDStr := r.FormValue("userID")
	if userIDStr == "me" {
		response.OK(w, store.CurrentUser(r))
		return
	}

	var parser store.Parser
	userID := parser.Int(userIDStr)
	if parser.Err != nil {
		response.ClientError(w, http.StatusBadRequest)
		return
	}

	user := context.Get(r, "user").(store.User)

	otherUser, err := store.GetUserWithParams(userID, store.GetUserParams{user.ID()})
	if err != nil {
		response.ServerError(w, err)
		return
	}

	if otherUser == nil {
		response.ClientError(w, http.StatusNotFound)
		return
	}

	response.OK(w, otherUser)
}
Exemple #2
0
// middleware that restricts access to users only
func apiMiddleware(w http.ResponseWriter, r *http.Request, next http.HandlerFunc) {
	user := store.CurrentUser(r)
	if user != nil && user.Exists() {
		context.Set(r, "user", user)
		next(w, r)
	} else {
		response.ClientError(w, http.StatusForbidden)
	}
}
Exemple #3
0
//
// /login
//
func login(w http.ResponseWriter, r *http.Request) {
	switch r.Method {
	case "POST":
		Login(w, r)
	case "GET":
		response.OK(w, store.CurrentUser(r))
	default:
		response.ClientError(w, http.StatusMethodNotAllowed)
	}
}
Exemple #4
0
func loginSuccess(w http.ResponseWriter, r *http.Request, email string) {
	session.Set(w, r, email)

	user := store.CurrentUser(r)
	if !user.Exists() {
		response.ClientError(w, http.StatusForbidden)
		return
	}

	response.OK(w, user)
}