func RecordsQueryHandler(c echo.Context) error {
session := session.NewSession(c)
if !session.AuthFailed {
endpoint := session.GetEndpoint()
request := session.GetParam("request").(map[string]interface{})
bypass_plugin := false
if session.User.SuperUser && request["where"].(map[string]interface{})["$bypass_plugin"] != nil {
bypass_plugin = true
delete(request["where"].(map[string]interface{}), "$bypass_plugin")
}
if !bypass_plugin && plugin.CheckPlugin("query", endpoint) {
plugin.RunPlugin("query", endpoint, session)
} else {
records, count := endpoint.FindReadRecordsWhere(request["where"].(map[string]interface{}), session.User)
session.SetRecordsAndCalculateCapabilitiesForUser(endpoint.Name, records, session.User)
session.SetRecordCount(count)
}
}
session.Write()
return nil
}
func RecordsDeleteHandler(c echo.Context) error {
session := session.NewSession(c)
if !session.AuthFailed {
endpoint := session.GetEndpoint()
request := session.GetParam("request").(map[string]interface{})
bypass_plugin := false
if session.User.SuperUser && request["content"] != nil && request["content"].(map[string]interface{})["$bypass_plugin"] != nil {
bypass_plugin = true
delete(request["content"].(map[string]interface{}), "$bypass_plugin")
}
if !bypass_plugin && plugin.CheckPlugin("delete", endpoint) {
plugin.RunPlugin("delete", endpoint, session)
} else {
id := bson.ObjectIdHex(session.GetParam("record_id").(string))
record := endpoint.FindDestroyRecordById(id, session.User)
record.DeleteAndTrigger(endpoint.Name, !session.TriggerSession)
}
}
session.Write()
return nil
}
func RecordsTriggerHandler(c echo.Context) error {
session := session.NewSession(c)
if !session.AuthFailed {
endpoint := session.GetEndpoint()
request := session.GetParam("request").(map[string]interface{})
bypass_plugin := false
if session.User.SuperUser && request["content"] != nil && request["content"].(map[string]interface{})["$bypass_plugin"] != nil {
bypass_plugin = true
delete(request["content"].(map[string]interface{}), "$bypass_plugin")
}
if !bypass_plugin && plugin.CheckPlugin("trigger", endpoint) {
plugin.RunPlugin("trigger", endpoint, session)
} else {
id := bson.ObjectIdHex(session.GetParam("record_id").(string))
record := endpoint.FindWriteRecordById(id, session.User)
record.UpdateReferenceMaps()
record.SaveAndTriggerCreate(endpoint.Name, false)
go record.FindAndExecuteTriggerForEvent(endpoint.Name + ":update")
}
}
session.Write()
return nil
}
func GroupJoinHandler(c echo.Context) error {
session := session.NewSession(c)
request := session.GetParam("request").(map[string]interface{})
password := ""
if g, ok := request["group"]; ok {
group := g.(map[string]interface{})
if group["password"] != nil {
password = group["password"].(string)
}
}
if session.User.Id != bson.ObjectId("") {
id := bson.ObjectIdHex(session.GetParam("group_id").(string))
group, _ := session.GetApplication().FindGroupById(id)
if group.CanJoin(session.User, password) {
users := []model.User{session.User}
group.AddUsers(users)
group.Save()
session.SetRecords("groups", []interface{}{group})
}
}
session.Write()
return nil
}
func RecordsUpdateHandler(c echo.Context) error {
session := session.NewSession(c)
if !session.AuthFailed {
endpoint := session.GetEndpoint()
request := session.GetParam("request").(map[string]interface{})
bypass_plugin := false
if session.User.SuperUser && request["content"].(map[string]interface{})["$bypass_plugin"] != nil {
bypass_plugin = true
delete(request["content"].(map[string]interface{}), "$bypass_plugin")
}
if !bypass_plugin && plugin.CheckPlugin("update", endpoint) {
plugin.RunPlugin("update", endpoint, session)
} else {
id := bson.ObjectIdHex(session.GetParam("record_id").(string))
record := endpoint.FindWriteRecordById(id, session.User)
if request != nil && request["content"] != nil {
request_content := request["content"].(map[string]interface{})
request_permissions := request["permissions"].(map[string]interface{})
var trigger = false
if request_content["$trigger"] != nil {
trigger = request_content["$trigger"].(bool)
delete(request_content, "$trigger")
} else {
trigger = !session.TriggerSession
}
if session.User.SuperUser != true {
if request_content["protected"] != nil {
request_content["protected"] = record.Content["protected"]
}
}
record.Content = request_content
record.Permissions.UpdatePermissions(request_permissions)
record.UpdateReferenceMaps()
record.StripReferenceData()
record.SaveAndTrigger(endpoint.Name, trigger)
session.SetRecordsAndCalculateCapabilitiesForUser(session.GetEndpoint().Name, []model.Record{record}, session.User)
}
session.SetRecordsAndCalculateCapabilitiesForUser(session.GetEndpoint().Name, []model.Record{record}, session.User)
}
}
session.Write()
return nil
}
func FilesCreateHandler(c echo.Context) error {
session := session.NewSession(c)
request := session.GetParam("request").(map[string]interface{})
file_params := request["file"].(map[string]interface{})
var size int64
url := ""
if file_params["size"] != nil {
size, _ = file_params["size"].(json.Number).Int64()
}
if file_params["url"] != nil {
url = file_params["url"].(string)
}
if url != "" || size != 0 {
if !session.AuthFailed {
record_id := bson.ObjectIdHex(session.GetParam("record_id").(string))
endpoint := session.GetEndpoint()
record := endpoint.FindWriteRecordById(record_id, session.User)
if record.Id != bson.ObjectId("") {
file := model.File{}
file.ApplicationId = session.GetApplication().Id
file.RecordId = record.Id
file.EndpointId = endpoint.Id
file.Name = file_params["name"].(string)
if size != 0 {
file.Size = size
} else {
file.URL = url
}
file.Save()
if file_params["size"] != nil {
file.GenerateRequest()
}
record.AddFile(file)
session.SetRecords("files", []model.File{file})
}
}
} else {
session.SetError(1400)
}
session.Write()
return nil
}
func UsersDeleteHandler(c echo.Context) error {
session := session.NewSession(c)
if !session.AuthFailed {
user := session.User
user.Delete()
}
session.Write()
return nil
}
func AdminListEndpointsHandler(c echo.Context) error {
session := session.NewSession(c)
if !session.AuthFailed && session.User.SuperUser == true {
app := session.GetApplication()
session.SetRecords("endpoints", app.AllEndpoints())
}
session.Write()
return nil
}
func FilesGetHandler(c echo.Context) error {
// Create the User Session
session := session.NewSession(c)
// Validate that the request signature is valid
session.ValidateFileRequest()
redirect := false
if !session.AuthFailed {
// Get the endpoint for that record
endpoint := session.GetEndpoint()
if plugin.CheckPlugin("get_file", endpoint) {
plugin.RunPlugin("get_file", endpoint, session)
} else {
// Get the ID of the record that owns the file
record_id := bson.ObjectIdHex(session.GetParam("record_id").(string))
// Get the record from the endpoint collection
record := endpoint.FindReadRecordById(record_id, session.User)
// Check if the record exists
if record.Id != bson.ObjectId("") {
// Get the ID of the file
file_id := bson.ObjectIdHex(session.GetParam("file_id").(string))
// Get the file from the database
file := record.FindFileById(file_id)
// Validate that the file exists
if file.Id != bson.ObjectId("") {
// Redirect to the file path
c.Redirect(301, file.DownloadURL())
redirect = true
// Log the request
session.LogRequest()
}
}
if !redirect {
session.Write()
}
}
}
return nil
}
func RecordsBulkQueryHandler(c echo.Context) error {
s := session.NewSession(c)
if !s.AuthFailed {
request := s.GetParam("request").(map[string]interface{})
requests := request["requests"].([]interface{})
c := make(chan bool, len(requests))
for _, request := range requests {
go func(request interface{}, session *session.Session) {
endpoint := session.GetApplication().FindEndpointByName(request.(map[string]interface{})["endpoint"].(string))
guid := request.(map[string]interface{})["guid"].(string)
t := time.Now()
if plugin.CheckPlugin("query", endpoint) {
s := session.CopySessionForBulkRequest(guid)
plugin.RunPlugin("query", endpoint, s)
session.CopyResponseFromSessionForBulkRequest(s, guid, endpoint.Name)
} else {
r := request.(map[string]interface{})["request"].(map[string]interface{})
records, count := endpoint.FindReadRecordsWhere(r["where"].(map[string]interface{}), session.User)
session.SetRecordsAndCalculateCapabilitiesForUserForGuid(endpoint.Name, records, session.User, guid)
session.SetRecordCountForGuid(count, guid)
}
logger.Log("Bulk Loaded:", "/"+endpoint.ApplicationId.Hex()+"/"+endpoint.Name+"/query", time.Now().Sub(t).String(), session.User.Id.Hex())
c <- true
}(request, &s)
}
i := 0
for {
<-c
i++
if i >= len(requests) {
break
}
}
}
s.Write()
return nil
}
func GroupDestroyHandler(c echo.Context) error {
session := session.NewSession(c)
if !session.AuthFailed {
id := bson.ObjectIdHex(session.GetParam("group_id").(string))
group, _ := session.GetApplication().FindGroupById(id)
if group.CanModify(session.User) {
group.Delete()
} else {
session.SetError(1002)
}
} else {
session.SetError(1001)
}
session.Write()
return nil
}
func UsersUpdateHandler(c echo.Context) error {
session := session.NewSession(c)
request_params := session.GetParam("request").(map[string]interface{})
user_params := request_params["user"].(map[string]interface{})
user_id := session.GetParam("user_id").(string)
user := session.GetApplication().FindUserById(bson.ObjectIdHex(user_id))
can_edit := session.User.SuperUser || session.User.Id == user.Id
password := user_params["current_password"]
valid := session.User.SuperUser || (password != nil && user.VerifyPassword(password.(string)))
//fmt.Println(can_edit, user_id)
if user.Id == bson.ObjectId("") || !can_edit {
session.SetError(1101)
} else if !valid {
session.SetError(1106)
} else {
if user_params["name"] != nil {
user.Name = user_params["name"].(string)
}
if user_params["email"] != nil {
user.Email = user_params["email"].(string)
}
if user_params["password"] != nil {
user.SetPassword(user_params["password"].(string))
}
user.Save()
session.SetRecords("users", []interface{}{user})
}
session.Write()
return nil
}
func UsersGetHandler(c echo.Context) error {
session := session.NewSession(c)
user_id := session.GetParam("user_id").(string)
user := session.GetApplication().FindUserById(bson.ObjectIdHex(user_id))
if !session.AuthFailed {
// Only Send Private Profile if the user matches
if session.User.Id == user.Id {
user.SendPrivateProfile()
}
session.SetRecords("users", []interface{}{user})
}
session.Write()
return nil
}
func GroupLeaveHandler(c echo.Context) error {
session := session.NewSession(c)
if session.User.Id != bson.ObjectId("") {
id := bson.ObjectIdHex(session.GetParam("group_id").(string))
group, _ := session.GetApplication().FindGroupById(id)
users := []model.User{session.User}
group.RemoveUsers(users)
group.Save()
session.SetRecords("groups", []interface{}{group})
}
session.Write()
return nil
}
func GroupUpdateHandler(c echo.Context) error {
session := session.NewSession(c)
if !session.AuthFailed {
group_params := session.GetParam("request").(map[string]interface{})
id := bson.ObjectIdHex(session.GetParam("group_id").(string))
group, _ := session.GetApplication().FindGroupById(id)
if group.CanModify(session.User) {
group.Update(group_params)
group.Save()
}
session.SetRecords("groups", []interface{}{group})
}
session.Write()
return nil
}
func GroupCreateHandler(c echo.Context) error {
session := session.NewSession(c)
if !session.AuthFailed {
request := session.GetParam("request").(map[string]interface{})
group_params := request["group"].(map[string]interface{})
group := model.Group{}
group.ApplicationId = bson.ObjectIdHex(session.GetParam("application_id").(string))
group.Save()
group.Update(group_params)
group.Save()
session.SetRecords("groups", []interface{}{group})
}
session.Write()
return nil
}
func UsersCreateHandler(c echo.Context) error {
session := session.NewSession(c)
request_params := session.GetParam("request").(map[string]interface{})
user_params := request_params["user"].(map[string]interface{})
user := model.User{}
user.ApplicationId = bson.ObjectIdHex(session.GetParam("application_id").(string))
email := strings.ToLower(user_params["email"].(string))
if user_params["name"] != nil && user_params["email"] != nil && user_params["facebook_id"] == nil {
user.Name = user_params["name"].(string)
user.Email = email
user.SetPassword(user_params["password"].(string))
} else {
user.Name = user_params["name"].(string)
user.Email = email
user.FacebookId = user_params["facebook_id"].(string)
if user_params["password"] != nil {
user.SetPassword(user_params["password"].(string))
}
}
err := user.Save()
if err {
logger.Error("1105" + user.Id.Hex())
session.SetError(1105)
} else {
user.NewSession()
logger.Error("Registered User: "******"users", []interface{}{user})
}
session.Write()
return nil
}
func UsersAuthenticateHandler(c echo.Context) error {
session := session.NewSession(c)
request_params := session.GetParam("request").(map[string]interface{})
user_params := request_params["user"].(map[string]interface{})
valid := false
user := model.User{}
if user_params["email"] != nil && user_params["password"] != nil {
email := user_params["email"].(string)
password := user_params["password"].(string)
user = session.GetApplication().FindUserByEmail(email)
valid = user.VerifyPassword(password)
} else if user_params["facebook_id"] != nil && user_params["facebook_token"] != nil {
facebook_id := user_params["facebook_id"].(string)
facebook_token := user_params["facebook_token"].(string)
user = session.GetApplication().FindUserByFacebookId(facebook_id)
valid = user.VerifyFacebookToken(facebook_token)
} else if user_params["transfer_id"] != nil && user_params["transfer_token"] != nil {
user_id := user_params["transfer_id"].(string)
transfer_token := user_params["transfer_token"].(string)
user = session.GetApplication().FindUserByTransferId(user_id)
valid = user.VerifyTransferToken(transfer_token)
}
if !valid || user.Id == bson.ObjectId("") {
session.SetError(1101)
} else {
user.NewSession()
session.SetRecords("users", []interface{}{user})
}
session.Write()
return nil
}
func FilesDeleteHandler(c echo.Context) error {
session := session.NewSession(c)
if !session.AuthFailed {
record_id := bson.ObjectIdHex(session.GetParam("record_id").(string))
endpoint := session.GetEndpoint()
record := endpoint.FindReadRecordById(record_id, session.User)
if record.Id != bson.ObjectId("") {
file_id := bson.ObjectIdHex(session.GetParam("file_id").(string))
file := record.FindFileById(file_id)
if file.Id != bson.ObjectId("") {
file.Delete()
record.RemoveFile(file)
}
}
}
session.Write()
return nil
}
func RecordsCreateHandler(c echo.Context) error {
session := session.NewSession(c)
if !session.AuthFailed {
endpoint := session.GetEndpoint()
request := session.GetParam("request").(map[string]interface{})
bypass_plugin := false
if session.User.SuperUser && request["content"].(map[string]interface{})["$bypass_plugin"] != nil {
bypass_plugin = true
delete(request["content"].(map[string]interface{}), "$bypass_plugin")
}
if !bypass_plugin && plugin.CheckPlugin("create", endpoint) {
plugin.RunPlugin("create", endpoint, session)
} else {
if endpoint.CanCreate(session.User) {
record := endpoint.NewRecord()
if session.User.Id != bson.ObjectId("") {
record.CreatedBy = session.User.Id
}
if request != nil && request["content"] != nil {
var trigger = false
if request["content"].(map[string]interface{})["$trigger"] != nil {
trigger = request["content"].(map[string]interface{})["$trigger"].(bool)
delete(request["content"].(map[string]interface{}), "$trigger")
} else {
trigger = !session.TriggerSession
}
if request["content"].(map[string]interface{})["$created_by"] != nil &&
session.User.SuperUser == true {
record.CreatedBy = bson.ObjectIdHex(request["content"].(map[string]interface{})["$created_by"].(string))
delete(request["content"].(map[string]interface{}), "$created_by")
}
request_content := request["content"].(map[string]interface{})
request_permissions := request["permissions"].(map[string]interface{})
record.Content = request_content
record.Permissions.UpdatePermissions(request_permissions)
record.SaveAndTrigger("", false)
record.UpdateReferenceMaps()
record.SaveAndTriggerCreate(endpoint.Name, trigger)
session.SetRecordsAndCalculateCapabilitiesForUser(session.GetEndpoint().Name, []model.Record{record}, session.User)
}
}
}
}
session.Write()
return nil
}