func Auth(ctx banana.Context, p ...int) error {
bnuid, err := ctx.Req().Cookie(UID_COOKIE_NAME)
if err != nil {
if err == http.ErrNoCookie {
log.Println("cookies not found")
return ErrNotLogin
}
return err
}
isLogin, username, err := user.DecodeToken(bnuid.Value)
if err != nil {
log.Println("decode error")
return ErrNotLogin
}
if !isLogin {
log.Println("is not login")
return ErrNotLogin
}
privilege := 0
for _, x := range p {
privilege = privilege | x
}
can, err := user.Authentication(username, privilege)
if err != nil {
log.Println("auth error")
return err
}
if !can {
return ErrNoPermit
}
return nil
}
func UsersCreatePage(ctx banana.Context) error {
err := Auth(ctx, PrivilegeUserRead)
switch err {
case ErrNoPermit:
return err
case ErrNotLogin:
http.Redirect(ctx.Res(), ctx.Req(), "/login?error&u=/cp/users", http.StatusFound)
return nil
case nil:
default:
return err
}
/*
idStr, ok := ctx.Params()["id"]
if !ok {
http.Redirect(ctx.Res(), ctx.Req(), "/cp/users", http.StatusFound)
return nil
}
id, err := strconv.ParseInt(idStr, 10, 32)
if err != nil {
http.Redirect(ctx.Res(), ctx.Req(), "/cp/users", http.StatusFound)
return nil
}
u, err := user.FindOne(int(id))
if err != nil {
return err
}
*/
u := 1
layout := ThemeLayout{}
layout.Content = ThemeBlock{theme.CP("user"), struct{ Info interface{} }{u}}
return ctx.Tpl(theme.CP("layout"), layout)
}
func UsersCreate(ctx banana.Context) error {
r := ctx.Req()
err := Auth(ctx, PrivilegeUserWrite)
switch err {
case ErrNoPermit:
return err
case ErrNotLogin:
return err
case nil:
default:
return err
}
username, pwd := r.FormValue("username"), r.FormValue("pwd")
p, err := strconv.ParseInt(r.FormValue("privilege"), 10, 32)
if err != nil {
return err
}
privilege := int(p) & (PrivilegePostDelete | PrivilegePostDelete | PrivilegePostWrite | PrivilegeUserDelete | PrivilegeUserRead | PrivilegeUserWrite | PrivilegeCategoryRead | PrivilegeCategoryWrite | PrivilegeCategoryDelete)
err = user.Add(username, pwd, privilege)
if err != nil {
return err
}
return ctx.Json(struct{}{})
}
func Post(ctx banana.Context) error {
err := Auth(ctx, PrivilegePostRead)
switch err {
case ErrNoPermit:
return err
case ErrNotLogin:
http.Redirect(ctx.Res(), ctx.Req(), "/login?error", http.StatusFound)
return nil
case nil:
default:
return err
}
var (
idStr string
ok bool
)
if idStr, ok = ctx.Params()["id"]; !ok {
panic("no id")
}
id, err := strconv.ParseInt(idStr, 10, 32)
if err != nil {
panic(err)
}
p := post.ReadRaw(int(id))
categories, err := category.Query()
if err != nil {
return err
}
layout := ThemeLayout{}
layout.Content = ThemeBlock{theme.CP("post"), struct{ Post, Categories interface{} }{p, categories}}
return ctx.Tpl(theme.CP("layout"), layout)
}
func SaveNewPost(ctx banana.Context) error {
err := Auth(ctx, PrivilegePostWrite)
switch err {
case ErrNoPermit:
return err
case ErrNotLogin:
return err
case nil:
default:
return err
}
r := ctx.Req()
cid, err := strconv.ParseInt(r.FormValue("category"), 10, 32)
if err != nil {
return err
}
p := post.New()
p.Title = r.FormValue("title")
p.Content = r.FormValue("content")
p.Category.Id = int(cid)
p.Description = r.FormValue("description")
p.Keywords.Parse(r.FormValue("keywords"))
err = p.Save()
if err != nil {
return err
}
return ctx.Json(p)
}
func DashBoard(ctx banana.Context) error {
err := Auth(ctx, PrivilegePostRead)
switch err {
case ErrNoPermit:
http.Redirect(ctx.Res(), ctx.Req(), "/login?error&u=/cp/dashboard", http.StatusFound)
return err
case ErrNotLogin:
http.Redirect(ctx.Res(), ctx.Req(), "/login?error&u=/cp/dashboard", http.StatusFound)
return err
case nil:
default:
return err
}
layout := ThemeLayout{}
layout.Content = ThemeBlock{theme.CP("starter"), 1}
return ctx.Tpl(theme.CP("layout"), layout)
}
func Posts(ctx banana.Context) error {
err := Auth(ctx, PrivilegePostRead)
switch err {
case ErrNoPermit:
return err
case ErrNotLogin:
http.Redirect(ctx.Res(), ctx.Req(), "/login?error&u=/cp/posts", http.StatusFound)
return nil
case nil:
default:
return err
}
ps := post.Query(0, 10)
layout := ThemeLayout{}
layout.Content = ThemeBlock{theme.CP("posts"), ps}
return ctx.Tpl(theme.CP("layout"), layout)
}
func Users(ctx banana.Context) error {
err := Auth(ctx, PrivilegeUserRead)
switch err {
case ErrNoPermit:
return err
case ErrNotLogin:
http.Redirect(ctx.Res(), ctx.Req(), "/login?error&u=/cp/users", http.StatusFound)
return nil
case nil:
default:
return err
}
users, err := user.Query(0, 10)
if err != nil {
return err
}
layout := ThemeLayout{}
layout.Content = ThemeBlock{theme.CP("users"), struct{ List interface{} }{users}}
return ctx.Tpl(theme.CP("layout"), layout)
}
func NewPost(ctx banana.Context) error {
err := Auth(ctx, PrivilegePostRead)
switch err {
case ErrNoPermit:
return err
case ErrNotLogin:
http.Redirect(ctx.Res(), ctx.Req(), "/login?error", http.StatusFound)
return nil
case nil:
default:
return err
}
categories, err := category.Query()
if err != nil {
return err
}
p := post.New()
layout := ThemeLayout{}
layout.Content = ThemeBlock{theme.CP("post"), struct{ Post, Categories interface{} }{p, categories}}
return ctx.Tpl(theme.CP("layout"), layout)
}
func Login(ctx banana.Context) error {
r := ctx.Req()
username, pwd := r.FormValue("username"), r.FormValue("pwd")
result, sign, err := user.Check(username, pwd)
if err != nil {
return err
}
if result {
timeout := time.Now().Add(user.Expires)
userCookie := &http.Cookie{}
userCookie.Expires = timeout
userCookie.Name = UID_COOKIE_NAME
userCookie.Value = sign
http.SetCookie(ctx.Res(), userCookie)
http.Redirect(ctx.Res(), ctx.Req(), "/cp/dashboard", http.StatusFound)
} else {
http.Redirect(ctx.Res(), ctx.Req(), "/login?error", http.StatusFound)
}
return nil
}