Exemple #1
0
//TODO - redundant
func GetUsers(rw http.ResponseWriter, r *http.Request, enc encoding.Encoder, params martini.Params, dtx *apicontext.DataContext) string {
	user, err := customer.GetCustomerUserFromKey(dtx.APIKey)
	if err != nil {
		apierror.GenerateError("Trouble getting customer user", err, rw, r)
		return ""
	}

	if !user.Sudo {
		err = errors.New("Unauthorized!")
		apierror.GenerateError("Unauthorized!", err, rw, r, http.StatusUnauthorized)
		return ""
	}

	cust, err := user.GetCustomer(dtx.APIKey)
	if err != nil {
		apierror.GenerateError("Trouble getting customer", err, rw, r)
		return ""
	}

	if err = cust.GetUsers(dtx.APIKey); err != nil {
		apierror.GenerateError("Trouble getting users", err, rw, r)
		return ""
	}

	return encoding.Must(enc.Encode(cust.Users))
}
Exemple #2
0
func GetLocations(rw http.ResponseWriter, r *http.Request, enc encoding.Encoder, params martini.Params, dtx *apicontext.DataContext) string {
	cu, err := customer.GetCustomerUserFromKey(dtx.APIKey)
	if err != nil {
		err = errors.New("Unauthorized!")
		apierror.GenerateError("Unauthorized!", err, rw, r, http.StatusUnauthorized)
		return ""
	}
	c, err := cu.GetCustomer(dtx.APIKey)
	if err != nil {
		err = errors.New("Unauthorized!")
		apierror.GenerateError("Unauthorized!", err, rw, r, http.StatusUnauthorized)
		return ""
	}
	return encoding.Must(enc.Encode(c.Locations))
}
Exemple #3
0
//Todo redundant
//Hacky like this to work with old forms of authentication
func GetUser(rw http.ResponseWriter, r *http.Request, enc encoding.Encoder) string {
	qs, err := url.Parse(r.URL.String())
	if err != nil {
		apierror.GenerateError("err parsing url", err, rw, r)
		return ""
	}

	key := qs.Query().Get("key")
	if key == "" {
		key = r.FormValue("key")
	}

	user, err := customer.GetCustomerUserFromKey(key)
	if err != nil {
		apierror.GenerateError("Trouble getting customer user", err, rw, r)
		return ""
	}

	return encoding.Must(enc.Encode(user))
}
Exemple #4
0
func GenerateApiKey(rw http.ResponseWriter, r *http.Request, params martini.Params, enc encoding.Encoder, dtx *apicontext.DataContext) string {
	var err error
	qs := r.URL.Query()
	key := qs.Get("key")
	if key == "" {
		key = r.FormValue("key")
	}

	user, err := customer.GetCustomerUserFromKey(key)
	if err != nil || user.Id == "" {
		apierror.GenerateError("Trouble getting customer user using this api key", err, rw, r)
		return ""
	}

	authed := false
	if user.Sudo == false {
		for _, k := range user.Keys {
			if k.Type == customer.PRIVATE_KEY_TYPE && k.Key == key {
				authed = true
				break
			}
		}
	} else {
		authed = true
	}

	if !authed {
		err = errors.New("You do not have sufficient permissions to perform this operation.")
		apierror.GenerateError("Unauthorized", err, rw, r, http.StatusUnauthorized)
		return ""
	}

	id := params["id"]
	if r.FormValue("id") != "" {
		id = r.FormValue("id")
	}

	generateType := params["type"]
	if r.FormValue("type") != "" {
		generateType = r.FormValue("type")
	}

	if id == "" {
		err = errors.New("You must provide a reference to the user whose key should be generated.")
		apierror.GenerateError("Invalid user reference", err, rw, r)
		return ""
	}
	if generateType == "" {
		err = errors.New("You must provide the type of key to be generated")
		apierror.GenerateError("Invalid API key type", err, rw, r)
		return ""
	}
	user.Id = id
	if err = user.Get(key); err != nil {
		apierror.GenerateError("Invalid user reference", err, rw, r)
		return ""
	}

	generated, err := user.GenerateAPIKey(generateType, dtx.BrandArray)
	if err != nil {
		apierror.GenerateError("Failed to generate an API Key", err, rw, r)
		return ""
	}
	return encoding.Must(enc.Encode(generated))
}
Exemple #5
0
func processDataContext(r *http.Request, c martini.Context) (*apicontext.DataContext, error) {
	qs := r.URL.Query()
	apiKey := qs.Get("key")
	brand := qs.Get("brandID")
	website := qs.Get("websiteID")

	//handles api key
	if apiKey == "" {
		apiKey = r.FormValue("key")
	}
	if apiKey == "" {
		apiKey = r.Header.Get("key")
	}
	if apiKey == "" {
		return nil, errors.New("No API Key Supplied.")
	}

	//gets customer user from api key
	user, err := customer.GetCustomerUserFromKey(apiKey)
	if err != nil || user.Id == "" {
		return nil, errors.New("No User for this API Key.")
	}
	// go user.LogApiRequest(r)

	//handles branding
	var brandID int
	if brand == "" {
		brand = r.FormValue("brandID")
	}
	if brand == "" {
		brand = r.Header.Get("brandID")
	}
	if id, err := strconv.Atoi(brand); err == nil {
		brandID = id
	}

	//handles websiteID
	var websiteID int
	if website == "" {
		website = r.FormValue("websiteID")
	}
	if website == "" {
		website = r.Header.Get("websiteID")
	}
	if id, err := strconv.Atoi(website); err == nil {
		websiteID = id
	}

	//load brands in dtx
	//returns our data context...shared amongst controllers
	// var dtx apicontext.DataContext
	dtx := &apicontext.DataContext{
		APIKey:     apiKey,
		BrandID:    brandID,
		WebsiteID:  websiteID,
		UserID:     user.Id, //current authenticated user
		CustomerID: user.CustomerID,
		Globals:    nil,
	}
	err = dtx.GetBrandsArrayAndString(apiKey, brandID)
	if err != nil {
		return nil, err
	}
	return dtx, nil
}