Exemple #1
0
// DELETE /api/v0/hub
// Params: access_token, slug
func DeleteHub(w http.ResponseWriter, r *http.Request, c router.Context) error {
	db, _ := c.Meta["db"].(*sqlx.DB)
	userid := c.Meta["user_id"].(int64)

	slug := r.FormValue("slug")
	if slug == "" {
		return res.BadRequest(w, res.ErrorMsg{"invalid_request", "slug required"})
	}
	h := data.Hub{}
	if err := h.Get(db, slug); err != nil {
		if e, ok := err.(*data.Error); ok {
			return res.BadRequest(w, res.ErrorMsg{e.Code, e.Desc})
		}
		return err
	}

	if userid != h.UserID {
		return res.BadRequest(w, res.ErrorMsg{"invalid_request", "user does not own hub"})
	}

	// Since all is well, delete hub from database
	h = data.Hub{
		Slug: slug,
	}
	if err := h.Delete(db); err != nil {
		if e, ok := err.(*data.Error); ok {
			return res.BadRequest(w, res.ErrorMsg{e.Code, e.Desc})
		}
		return err
	}

	return res.OK(w, h)
}
Exemple #2
0
// POST /api/v0/hub
// Params: access_token, slug, (scope?)
func AddHub(w http.ResponseWriter, r *http.Request, c router.Context) error {
	db, _ := c.Meta["db"].(*sqlx.DB)

	slug := r.FormValue("slug")
	if slug == "" {
		return res.BadRequest(w, res.ErrorMsg{"invalid_request", "slug required"})
	}

	// Since all is well, add hub to database
	h := data.Hub{
		Slug:   slug,
		UserID: c.Meta["user_id"].(int64),
	}
	if err := h.Insert(db); err != nil {
		if e, ok := err.(*data.Error); ok {
			return res.BadRequest(w, res.ErrorMsg{e.Code, e.Desc})
		}
		return err
	}

	return res.OK(w, h)
}
Exemple #3
0
// POST /signup
// Params: username, email, password
func Signup(w http.ResponseWriter, r *http.Request, c router.Context) error {
	db, ok := c.Meta["db"].(*sqlx.DB)
	if !ok {
		return errors.New("db not set in context")
	}

	username := r.FormValue("username")
	if username == "" {
		return res.BadRequest(w, res.ErrorMsg{"username_required", "username required"})
	}

	email := r.FormValue("email")
	if email == "" {
		return res.BadRequest(w, res.ErrorMsg{"email_required", "email required"})
	}

	password := r.FormValue("password")
	if password == "" {
		return res.BadRequest(w, res.ErrorMsg{"password_required", "password required"})
	}

	u := &data.User{
		Username: username,
		Email:    email,
	}
	if err := u.EncryptPassword(password); err != nil {
		return err
	}
	if err := u.Insert(db); err != nil {
		if e, ok := err.(*data.Error); ok {
			return res.BadRequest(w, res.ErrorMsg{e.Code, e.Desc})
		}
		return err
	}

	return res.Respond(w, http.StatusCreated, u)
}
Exemple #4
0
// GET /api/v0/hub
// Params: access_token
func ShowHub(w http.ResponseWriter, r *http.Request, c router.Context) error {
	db, _ := c.Meta["db"].(*sqlx.DB)

	// Since all is well, get hub(s) from database
	var h data.Hubs
	if err := h.SelectByUserId(db, c.Meta["user_id"].(int64)); err != nil {
		if e, ok := err.(*data.Error); ok {
			return res.BadRequest(w, res.ErrorMsg{e.Code, e.Desc})
		}
		return err
	}

	// prepare oAuth2 access token payload
	payload := struct {
		Hubs []string `json:"hub"`
	}{
		h,
	}

	return res.OK(w, payload)
}
Exemple #5
0
// POST /oauth/token
// Params: grant_type, login, password
// Requires a tokenSecret to be set in context
func UserToken(w http.ResponseWriter, r *http.Request, c router.Context) error {
	db, ok := c.Meta["db"].(*sqlx.DB)
	if !ok {
		return errors.New("db not set in context")
	}
	tokenSecret, ok := c.Meta["tokenSecret"].([]byte)
	if !ok {
		return errors.New("token secret not set in context")
	}

	if r.FormValue("grant_type") != "password" {
		return res.BadRequest(w, res.ErrorMsg{"unsupported_grant_type", "supports only password grant type"})
	}

	login := r.FormValue("login")
	if login == "" {
		return res.BadRequest(w, res.ErrorMsg{"invalid_request", "login required"})
	}

	password := r.FormValue("password")
	if password == "" {
		return res.BadRequest(w, res.ErrorMsg{"invalid_request", "password required"})
	}

	u := data.User{}
	if err := u.GetByLogin(db, login); err != nil {
		if e, ok := err.(*data.Error); ok {
			return res.BadRequest(w, res.ErrorMsg{"invalid_grant", e.Desc})
		}
		return err
	}

	if !u.VerifyPassword(password) {
		return res.BadRequest(w, res.ErrorMsg{"invalid_grant", "failed to authenticate user"})
	}

	// Since all is well, generate token and add to database
	t := data.Token{
		UserID:    u.ID,
		ExpiresIn: (30 * 24 * time.Hour).Nanoseconds(), // 30 days
	}
	if err := t.Insert(db); err != nil {
		return err
	}

	// get the encoded JSON Web token
	jwt, err := t.EncodeJWT(tokenSecret)
	if err != nil {
		return err
	}

	// prepare oAuth2 access token payload
	payload := struct {
		AccessToken string `json:"access_token"`
		TokenType   string `json:"token_type"`
		ExpiresIn   string `json:"expires_in"`
	}{
		jwt,
		"bearer",
		time.Duration(t.ExpiresIn).String(),
	}

	return res.OK(w, payload)
}