Exemple #1
0
// PUT http://localhost:8080/profiles/ahdkZXZ-ZmVkZXJhdGlvbi1zZXJ2aWNlc3IVCxIIcHJvZmlsZXMYgICAgICAgAoM
// {"first_name": "Ivan", "nick_name": "Socks", "last_name": "Hawkes"}
//
func (u *ProfileApi) update(r *restful.Request, w *restful.Response) {
	c := appengine.NewContext(r.Request)

	// Decode the request parameter to determine the key for the entity.
	k, err := datastore.DecodeKey(r.PathParameter("profile-id"))
	if err != nil {
		http.Error(w, err.Error(), http.StatusBadRequest)
		return
	}

	// Marshall the entity from the request into a struct.
	p := new(Profile)
	err = r.ReadEntity(&p)
	if err != nil {
		w.WriteError(http.StatusNotAcceptable, err)
		return
	}

	// Retrieve the old entity from the datastore.
	old := Profile{}
	if err := datastore.Get(c, k, &old); err != nil {
		if err.Error() == "datastore: no such entity" {
			http.Error(w, err.Error(), http.StatusNotFound)
		} else {
			http.Error(w, err.Error(), http.StatusInternalServerError)
		}
		return
	}

	// Check we own the profile before allowing them to update it.
	// Optionally, return a 404 instead to help prevent guessing ids.
	// TODO: Allow admins access.
	if old.Email != user.Current(c).String() {
		http.Error(w, "You do not have access to this resource", http.StatusForbidden)
		return
	}

	// Since the whole entity is re-written, we need to assign any invariant fields again
	// e.g. the owner of the entity.
	p.Email = user.Current(c).String()

	// Keep track of the last modification date.
	p.LastModified = time.Now()

	// Attempt to overwrite the old entity.
	_, err = datastore.Put(c, k, p)
	if err != nil {
		http.Error(w, err.Error(), http.StatusInternalServerError)
		return
	}

	// Let them know it succeeded.
	w.WriteHeader(http.StatusNoContent)
}
Exemple #2
0
func createProfile(res http.ResponseWriter, req *http.Request) {
	ctx := appengine.NewContext(req)
	u := user.Current(ctx)

	if req.Method == "POST" {
		username := req.FormValue("username")
		// TODO Confirm input is valid
		// TODO Make sure username is not taken
		key := datastore.NewKey(ctx, "profile", u.Email, 0, nil)
		p := profile{
			Username: username,
		}
		_, err := datastore.Put(ctx, key, &p)
		if err != nil {
			http.Error(res, "Server error!", http.StatusInternalServerError)
			log.Errorf(ctx, "Create profile Error: %s\n", err.Error())
			return
		}
	}
	err := tpl.ExecuteTemplate(res, "createProfile.gohtml", nil)
	if err != nil {
		http.Error(res, "Server error!", http.StatusInternalServerError)
		log.Errorf(ctx, "Template Execute Error: %s\n", err.Error())
		return
	}
}
Exemple #3
0
// The same as putTodoHandler, but it expects there to be an "id" parameter.
// It then writes a new record with that id, overwriting the old one.
func updateTaskHandler(w http.ResponseWriter, r *http.Request) {
	// create AppEngine context
	ctx := appengine.NewContext(r)

	// get description from request
	description := r.FormValue("description")
	// get due date from request
	dueDate := r.FormValue("dueDate")
	d, err := time.Parse("2006-01-02", dueDate)
	// get item ID from request
	id := r.FormValue("id")
	itemID, err1 := strconv.ParseInt(id, 10, 64)
	// get user from logged-in user
	email := user.Current(ctx).Email
	if err != nil {
		http.Error(w, dueDate+" doesn't look like a valid date to me!",
			400)
	} else if err1 != nil {
		http.Error(w, id+" doesn't look like an item ID to me!",
			400)
	} else {
		state := r.FormValue("state")
		respondWith(w, *(updateTodoItem(ctx,
			email,
			description,
			d,
			state == "on",
			itemID)))
		rootHandler(w, r)
	}
}
Exemple #4
0
func home(res http.ResponseWriter, req *http.Request) {
	if req.URL.Path != "/" {
		profile(res, req)
		return
	}

	ctx := appengine.NewContext(req)
	u := user.Current(ctx)
	log.Infof(ctx, "user: "******"/login", 302)
			return
		}
		model.Profile = *profile
	}

	// TODO: get recent tweets
	var tweets []Tweet
	tweets, err := recentTweets(ctx)
	if err != nil {
		http.Error(res, err.Error(), 500)
	}
	model.Tweets = tweets

	renderTemplate(res, "home.html", model)
}
Exemple #5
0
func showUser(res http.ResponseWriter, req *http.Request) {
	ctx := appengine.NewContext(req)
	u := user.Current(ctx)
	email := u.Email

	key := datastore.NewKey(ctx, "User", email, 0, nil)
	var entity User
	err := datastore.Get(ctx, key, &entity)

	if err == datastore.ErrNoSuchEntity {
		http.NotFound(res, req)
		return
	} else if err != nil {
		http.Error(res, err.Error(), 500)
		return
	}
	log.Infof(ctx, "%v", entity)
	res.Header().Set("Content-Type", "text/html")
	fmt.Fprintln(res, `
		<dl>
			<dt>`+entity.FirstName+`</dt>
			<dd>`+entity.LastName+`</dd>
			<dd>`+u.Email+`</dd>
		</dl>
	`)
}
Exemple #6
0
func registerHandler(w http.ResponseWriter, r *http.Request) {

	c := appengine.NewContext(r)

	log.Infof(c, "Register")

	u := user.Current(c)
	r.ParseForm()

	userKey := r.FormValue("UserKey")
	log.Infof(c, "UserKey:%s", userKey)
	if existUser(r, userKey) {
		log.Infof(c, "Exists")
		return
	}

	rtn := User{
		UserKey: userKey,
		Size:    0,
	}

	_, err := datastore.Put(c, datastore.NewKey(c, "User", u.ID, 0, nil), &rtn)
	if err != nil {
		panic(err)
	}

	//Profile Page
	meRender(w, "./templates/me/profile.tmpl", rtn)
}
Exemple #7
0
func createProfile(res http.ResponseWriter, req *http.Request) {
	ctx := appengine.NewContext(req)
	if req.Method == "POST" {
		u := user.Current(ctx)
		profile := Profile{
			Email:     u.Email,
			FirstName: req.FormValue("firstname"),
			LastName:  req.FormValue("lastname"),
		}
		key := datastore.NewKey(ctx, "Profile", u.Email, 0, nil)
		_, err := datastore.Put(ctx, key, &profile)
		if err != nil {
			http.Error(res, "Server Error", http.StatusInternalServerError)
			log.Errorf(ctx, err.Error())
			return
		}
		http.Redirect(res, req, "/", http.StatusSeeOther)
	}
	f, err := os.Open("createProfile.gohtml")
	if err != nil {
		http.Error(res, "Server Error", http.StatusInternalServerError)
		log.Errorf(ctx, err.Error())
		return
	}
	io.Copy(res, f)
}
Exemple #8
0
func emailMentions(ctx context.Context, tweet *Tweet) {
	u := user.Current(ctx)
	var words []string
	words = strings.Fields(tweet.Message)
	for _, value := range words {
		if strings.HasPrefix(value, "@") {
			username := value[1:]
			profile, err := getProfileByUsername(ctx, username)
			if err != nil {
				// they don't have a profile, so skip it
				continue
			}
			msg := &mail.Message{
				Sender:  u.Email,
				To:      []string{profile.Username + " <" + profile.Email + ">"},
				Subject: "You were mentioned in a tweet",
				Body:    tweet.Message + " from " + tweet.Username + " - " + humanize.Time(tweet.Time),
			}
			if err := mail.Send(ctx, msg); err != nil {
				log.Errorf(ctx, "Alas, my user, the email failed to sendeth: %v", err)
				continue
			}

		}
	}
}
Exemple #9
0
// If the user logs in (and grants permission), they will be redirected here
func loginHandler(w http.ResponseWriter, r *http.Request) {
	ctx := appengine.NewContext(r)
	u := user.Current(ctx)
	if u == nil {
		log.Errorf(ctx, "No identifiable Google user; is this browser in privacy mode ?")
		http.Error(w, "No identifiable Google user; is this browser in privacy mode ?", http.StatusInternalServerError)
		return
	}
	//c.Infof(" ** Google user logged in ! [%s]", u.Email)

	// Snag their email address forever more
	session, err := sessions.Get(r)
	if err != nil {
		// This isn't usually an important error (the session was most likely expired, which is why
		// we're logging in) - so log as Info, not Error.
		log.Infof(ctx, "sessions.Get [failing is OK for this call] had err: %v", err)
	}
	session.Values["email"] = u.Email
	session.Values["tstamp"] = time.Now().Format(time.RFC3339)
	if err := session.Save(r, w); err != nil {
		log.Errorf(ctx, "session.Save: %v", err)
	}

	// Now head back to the main page
	http.Redirect(w, r, "/", http.StatusFound)
}
Exemple #10
0
func putUser(r *http.Request) (*User, error) {
	c := appengine.NewContext(r)
	u := user.Current(c)
	r.ParseForm()

	size, err := strconv.ParseInt(r.FormValue("Size"), 10, 64)
	if err != nil {
		return nil, err
	}
	rtn := User{
		UserKey:   r.FormValue("UserKey"),
		Name:      r.FormValue("Name"),
		Job:       r.FormValue("Job"),
		Email:     r.FormValue("Email"),
		Url:       r.FormValue("Url"),
		TwitterId: r.FormValue("TwitterId"),
		LastWord:  r.FormValue("LastWord"),
		Size:      size,
	}

	_, err = datastore.Put(c, datastore.NewKey(c, "User", u.ID, 0, nil), &rtn)
	if err != nil {
		return nil, err
	}
	return &rtn, nil
}
Exemple #11
0
// GET http://localhost:8080/profiles/ahdkZXZ-ZmVkZXJhdGlvbi1zZXJ2aWNlc3IVCxIIcHJvZmlsZXMYgICAgICAgAoM
//
func (u ProfileApi) read(r *restful.Request, w *restful.Response) {
	c := appengine.NewContext(r.Request)

	// Decode the request parameter to determine the key for the entity.
	k, err := datastore.DecodeKey(r.PathParameter("profile-id"))
	if err != nil {
		http.Error(w, err.Error(), http.StatusBadRequest)
		return
	}

	// Retrieve the entity from the datastore.
	p := Profile{}
	if err := datastore.Get(c, k, &p); err != nil {
		if err.Error() == "datastore: no such entity" {
			http.Error(w, err.Error(), http.StatusNotFound)
		} else {
			http.Error(w, err.Error(), http.StatusInternalServerError)
		}
		return
	}

	// Check we own the profile before allowing them to view it.
	// Optionally, return a 404 instead to help prevent guessing ids.
	// TODO: Allow admins access.
	if p.Email != user.Current(c).String() {
		http.Error(w, "You do not have access to this resource", http.StatusForbidden)
		return
	}

	w.WriteEntity(p)
}
Exemple #12
0
// POST http://localhost:8080/profiles
// {"first_name": "Ivan", "nick_name": "Socks", "last_name": "Hawkes"}
//
func (u *ProfileApi) insert(r *restful.Request, w *restful.Response) {
	c := appengine.NewContext(r.Request)

	// Marshall the entity from the request into a struct.
	p := new(Profile)
	err := r.ReadEntity(&p)
	if err != nil {
		w.WriteError(http.StatusNotAcceptable, err)
		return
	}

	// Ensure we start with a sensible value for this field.
	p.LastModified = time.Now()

	// The profile belongs to this user.
	p.Email = user.Current(c).String()

	k, err := datastore.Put(c, datastore.NewIncompleteKey(c, "profiles", nil), p)
	if err != nil {
		http.Error(w, err.Error(), http.StatusInternalServerError)
		return
	}

	// Let them know the location of the newly created resource.
	// TODO: Use a safe Url path append function.
	w.AddHeader("Location", u.Path+"/"+k.Encode())

	// Return the resultant entity.
	w.WriteHeader(http.StatusCreated)
	w.WriteEntity(p)
}
Exemple #13
0
func APIKeyAddHandler(w http.ResponseWriter, r *http.Request) {
	c := appengine.NewContext(r)
	u := user.Current(c)
	if u == nil {
		loginUrl, _ := user.LoginURL(c, r.URL.RequestURI())
		http.Redirect(w, r, loginUrl, http.StatusFound)
		return
	} else {
		if !u.Admin {
			w.WriteHeader(http.StatusForbidden)
			w.Write([]byte("You're not an admin. Go away."))
		} else {
			key := randomString(26)
			owner := r.FormValue("owner")

			if owner == "" {
				w.Write([]byte("You forgot a parameter."))
			} else {
				apiKey := APIKey{
					APIKey:     key,
					OwnerEmail: owner,
				}
				dkey := datastore.NewIncompleteKey(c, "APIKey", nil)
				_, err := datastore.Put(c, dkey, &apiKey)
				if err != nil {
					w.Write([]byte(fmt.Sprintf("error! %s", err.Error())))
				} else {
					w.Write([]byte(key))

				}
			}
		}
	}
}
Exemple #14
0
func createProfile(res http.ResponseWriter, req *http.Request) {
	ctx := appengine.NewContext(req)
	u := user.Current(ctx)

	if req.Method == "POST" {
		username := req.FormValue("username")
		// check if name is taken
		if !confirmCreateProfile(username) {
			http.Error(res, "Invalid input!", http.StatusBadRequest)
			log.Warningf(ctx, "Invalid profile information from %s\n", req.RemoteAddr)
			return
		}

		key := datastore.NewKey(ctx, "profile", u.Email, 0, nil)
		p := profile{
			Username: username,
			Email:    u.Email,
		}
		_, err := datastore.Put(ctx, key, &p)
		if err != nil {
			http.Error(res, "server error!", http.StatusInternalServerError)
			log.Errorf(ctx, "Create profile Error: &s\n", err.Error())
			return
		}
	}
	err := tpl.ExecuteTemplate(res, "createProfile.gohtml", nil)
	if err != nil {
		http.Error(res, "Serever error!", http.StatusInternalServerError)
		log.Errorf(ctx, "Template Parse Error: %s\n", err.Error())
		return
	}
}
Exemple #15
0
// If the user is not logged in, then return the login url.  Otherwise return a json
// structure containing the user's name and email address, and which team they are on.
func Api1UserProfileHandler(w http.ResponseWriter, r *http.Request) {
	w.Header().Set("Content-Type", "application/json; charset=utf-8")

	data := UserProfileData{}
	ctx := appengine.NewContext(r)
	u := user.Current(ctx)
	if u == nil {
		url, _ := user.LoginURL(ctx, "/")
		data.LoginUrl = url
		datajson, err := json.Marshal(data)
		if err != nil {
			http.Error(w, "Internal Service Error", http.StatusInternalServerError)
			return
		}
		fmt.Fprintf(w, "%s", datajson)
		return
	}
	url, _ := user.LogoutURL(ctx, "/")
	data.LogoutUrl = url
	data.Email = u.Email
	data.IsAdmin = u.Admin
	data.IsLoggedIn = true
	datajson, err := json.Marshal(data)
	if err != nil {
		http.Error(w, "Internal Service Error", http.StatusInternalServerError)
		return
	}

	fmt.Fprintf(w, "%s", datajson)
}
Exemple #16
0
func handleIndex(res http.ResponseWriter, req *http.Request) {
	// for anything but "/" treat it like a user profile
	if req.URL.Path != "/" {
		handleUserProfile(res, req)
		return
	}
	ctx := appengine.NewContext(req)
	u := user.Current(ctx)

	// get recent tweets
	var tweets []*Tweet
	var err error
	if u == nil {
		tweets, err = getTweets(ctx)
	} else {
		tweets, err = getHomeTweets(ctx, u.Email)
	}
	if err != nil {
		http.Error(res, err.Error(), 500)
		return
	}

	type Model struct {
		Tweets []*Tweet
	}
	model := Model{
		Tweets: tweets,
	}

	renderTemplate(res, req, "index", model)
}
Exemple #17
0
func registerFeed(w http.ResponseWriter, r *http.Request) *appError {
	s := strings.TrimSpace(r.FormValue("url"))
	if s == "" {
		return &appError{
			Error:   errInvalidRequest,
			Message: "url is required",
			Code:    http.StatusBadRequest,
		}
	}
	u, err := url.Parse(s)
	if err != nil {
		return &appError{
			Error:   err,
			Message: "can't parse url",
			Code:    http.StatusBadRequest,
		}
	}
	if !u.IsAbs() {
		return &appError{
			Error:   errInvalidRequest,
			Message: "require an absolute url",
			Code:    http.StatusBadRequest,
		}
	}
	c := appengine.NewContext(r)
	client := urlfetch.Client(c)
	f, err := fetchFeed(client, s)
	if err != nil {
		return &appError{
			Error:   err,
			Message: "failed to get",
			Code:    http.StatusInternalServerError,
		}
	}
	m := Magazine{
		Title:    f.Title,
		URL:      s,
		Creation: time.Now(),
		LastMod:  time.Now(),
	}
	m.Init(c)
	usr := user.Current(c)
	if usr == nil {
		return &appError{
			Error:   errUserRejected,
			Message: "failed to initialize user environment",
			Code:    http.StatusUnauthorized,
		}
	}
	err = RegisterMagazine(c, usr, &m, f)
	if err != nil {
		return &appError{
			Error:   err,
			Message: "failed to register",
			Code:    http.StatusInternalServerError,
		}
	}
	http.Redirect(w, r, "/", http.StatusFound)
	return nil
}
Exemple #18
0
func handleSign(w http.ResponseWriter, r *http.Request) {
	if r.Method != "POST" {
		http.Error(w, "POST requests only", http.StatusMethodNotAllowed)
		return
	}
	c := appengine.NewContext(r)
	if err := r.ParseForm(); err != nil {
		http.Error(w, err.Error(), http.StatusInternalServerError)
		return
	}
	g := &Greeting{
		Content: r.FormValue("content"),
		Date:    time.Now(),
	}
	if u := user.Current(c); u != nil {
		g.Author = u.String()
	}
	key := datastore.NewIncompleteKey(c, "Greeting", guestbookKey(c))
	if _, err := datastore.Put(c, key, g); err != nil {
		http.Error(w, err.Error(), http.StatusInternalServerError)
		return
	}
	// Redirect with 303 which causes the subsequent request to use GET.
	http.Redirect(w, r, "/", http.StatusSeeOther)
}
Exemple #19
0
func handle(res http.ResponseWriter, req *http.Request) {
	if req.URL.Path != "/" {
		http.NotFound(res, req)
		return
	}
	ctx := appengine.NewContext(req)
	u := user.Current(ctx)
	key := datastore.NewKey(ctx, "Profile", u.Email, 0, nil)
	var profile Profile
	err := datastore.Get(ctx, key, &profile)
	if err == datastore.ErrNoSuchEntity {
		http.Redirect(res, req, "/createProfile", http.StatusSeeOther)
		return
	} else if err != nil {
		http.Error(res, "Server Error", http.StatusInternalServerError)
		log.Errorf(ctx, err.Error())
		return
	}

	tpl, err := template.ParseFiles("viewProfile.gohtml")
	if err != nil {
		http.Error(res, "Server Error", http.StatusInternalServerError)
		log.Errorf(ctx, err.Error())
		return
	}
	err = tpl.Execute(res, &profile)
	if err != nil {
		http.Error(res, "Server Error", http.StatusInternalServerError)
		log.Errorf(ctx, err.Error())
		return
	}
}
Exemple #20
0
func editpost(rw http.ResponseWriter, req *http.Request) {
	c := appengine.NewContext(req)
	s := req.FormValue("encoded_key")
	k, err := datastore.DecodeKey(s)
	if err != nil {
		http.Error(rw, err.Error(), http.StatusInternalServerError)
		return
	}
	mypost := Post{}
	err = datastore.Get(c, k, &mypost)
	if err != nil {
		http.Error(rw, err.Error(), http.StatusInternalServerError)
		return
	}
	if mypost.Author == user.Current(c).String() {
		message := mypost.Message
		title := "Edit a Post"
		t := template.Must(template.ParseFiles("assets/edit.html"))
		t.ExecuteTemplate(rw, "New", struct {
			Title   string
			Message string
			ID      string
			Parent  string
		}{Title: title, Message: message, ID: s})
	} else {
		http.Redirect(rw, req, "/", http.StatusOK)
	}
}
Exemple #21
0
func showList(res http.ResponseWriter, req *http.Request, params httprouter.Params) {
	tpl, err := template.ParseFiles("assets/templates/templates.gohtml")
	if err != nil {
		panic(err)
	}

	ctx := appengine.NewContext(req)
	u := user.Current(ctx)
	qp := datastore.NewQuery("ToDo")
	ToDos := []ToDo{}
	keys, error := qp.GetAll(ctx, &ToDos)
	for _, value := range ToDos {

	}

	if error != nil {
		log.Infof(ctx, "%v", error.Error())
	}

	json.NewEncoder(res).Encode(ToDos)

	err = tpl.ExecuteTemplate(res, "todo-list", ToDos)
	if err != nil {
		http.Error(res, err.Error(), 500)
	}
}
Exemple #22
0
func board(rw http.ResponseWriter, req *http.Request) {
	// rw.Header().Set("Content-type", "text/html")
	c := appengine.NewContext(req)
	u := user.Current(c)
	// rw.Header().Set("Location", req.URL.String())
	// rw.WriteHeader(http.StatusFound)

	posts := []Post{}
	q := datastore.NewQuery("post").Filter("OP =", true).Order("-PostDate")
	k, err := q.GetAll(c, &posts)
	if err != nil {
		http.Error(rw, err.Error(), http.StatusInternalServerError)
		return
	}
	threads := []Thread{}
	for i, value := range posts {
		threads = append(threads, Thread{value, k[i].Encode()})
	}

	t := template.Must(template.ParseFiles("assets/board.html"))
	t.ExecuteTemplate(rw, "Board", struct {
		User   string
		Thread []Thread
	}{
		u.String(),
		threads,
	})
}
Exemple #23
0
func loginWithGoogle() gin.HandlerFunc {
	return func(c *gin.Context) {
		ctx := appengine.NewContext(c.Request)
		u := user.Current(ctx)
		if u == nil {
			url, _ := user.LoginURL(ctx, c.Request.URL.String())
			c.HTML(302, "login.tmpl", gin.H{
				"url": url,
			})
			c.Abort()
			return
		}
		email := strings.Split(u.Email, "@")
		if email[1] == "elo7.com" && len(email) == 2 {
			developer := models.Developer{Email: u.Email}
			developer.Create(&db)

			log.Infof(ctx, developer.Email)
		} else {
			url, _ := user.LogoutURL(ctx, "/")
			c.Redirect(http.StatusTemporaryRedirect, url)
		}
		c.Next()
	}
}
func followHandler(res http.ResponseWriter, req *http.Request) {
	ctx := appengine.NewContext(req)
	u := user.Current(ctx)
	switch req.Method {
	case "POST":
		var userName string
		err := json.NewDecoder(req.Body).Decode(&userName)
		if err != nil {
			http.Error(res, err.Error(), 500)
			return
		}
		err = follow(ctx, u.Email, userName)
		if err != nil {
			http.Error(res, err.Error(), 500)
			return
		}
		json.NewEncoder(res).Encode(true)
	case "GET":
		profile, err := getProfile(ctx, u.Email)
		if err != nil {
			http.Error(res, err.Error(), 500)
			return
		}
		json.NewEncoder(res).Encode(profile.Following)
	case "DELETE":
		// delete a follower
	default:
		http.Error(res, "method not allowed", 405)
	}
}
Exemple #25
0
func index(res http.ResponseWriter, req *http.Request) {
	ctx := appengine.NewContext(req)
	// user.Current gives data about what the requester is
	// logged in as, or nil if they are not logged in.
	u := user.Current(ctx)

	var model indexModel

	// If they are not nil, they are logged in.
	if u != nil {
		// So let the template know, and get the logout url.
		model.Login = true
		logoutURL, err := user.LogoutURL(ctx, "/")
		if err != nil {
			log.Errorf(ctx, err.Error())
			http.Error(res, "Server Error", http.StatusInternalServerError)
			return
		}
		model.LogoutURL = logoutURL
	} else {
		// Otherwise, get the login url.
		loginURL, err := user.LoginURL(ctx, "/")
		if err != nil {
			log.Errorf(ctx, err.Error())
			http.Error(res, "Server Error", http.StatusInternalServerError)
			return
		}
		model.LoginURL = loginURL
	}
	tpl.ExecuteTemplate(res, "index", model)
}
Exemple #26
0
func appstatsHandler(w http.ResponseWriter, r *http.Request) {
	ctx := storeContext(appengine.NewContext(r))
	if appengine.IsDevAppServer() {
		// noop
	} else if u := user.Current(ctx); u == nil {
		if loginURL, err := user.LoginURL(ctx, r.URL.String()); err == nil {
			http.Redirect(w, r, loginURL, http.StatusTemporaryRedirect)
		} else {
			serveError(w, err)
		}
		return
	} else if !u.Admin {
		http.Error(w, "Forbidden", http.StatusForbidden)
		return
	}

	if detailsURL == r.URL.Path {
		details(ctx, w, r)
	} else if fileURL == r.URL.Path {
		file(ctx, w, r)
	} else if strings.HasPrefix(r.URL.Path, staticURL) {
		name := r.URL.Path[strings.LastIndex(r.URL.Path, "/")+1:]
		content, ok := static[name]
		if !ok {
			http.Error(w, http.StatusText(http.StatusNotFound), http.StatusNotFound)
			return
		}
		http.ServeContent(w, r, name, initTime, content)
	} else {
		index(ctx, w, r)
	}
}
Exemple #27
0
func rootHandler(w http.ResponseWriter, r *http.Request) {
	ctx := appengine.NewContext(r)
	u := user.Current(ctx)
	if u == nil {
		url, _ := user.LoginURL(ctx, "/")
		fmt.Fprintf(w, `<a href="%s">Sign in or register</a>`, url)
		return
	}

	fmt.Fprint(w, `<html><h1>Hi! Welcome to Tada</h1>`)

	fmt.Fprint(w, "<!-- About to call writeItems -->")

	fmt.Fprint(w, `<ol>`)
	writeItems(w, r, u)
	fmt.Fprint(w, `</ol>`)

	fmt.Fprint(w, "<!-- Called writeItems -->")

	url, _ := user.LogoutURL(ctx, "/")
	fmt.Fprintf(w, `Welcome, %s! (<a href="%s">sign out</a>)`, u, url)

	fmt.Fprint(w, `</html>`)

	makeNewItemForm(w)
}
Exemple #28
0
func isBanned(r *http.Request) bool {
	ctx := req2ctx(r)
	cdb := complaintdb.NewDB(ctx)
	u := user.Current(cdb.Ctx())
	userWhitelist := map[string]int{
		"*****@*****.**":    1,
		"*****@*****.**": 1,
		"*****@*****.**":  1,
		"*****@*****.**": 1,
	}

	reqBytes, _ := httputil.DumpRequest(r, true)

	cdb.Infof("remoteAddr: '%v'", r.RemoteAddr)
	cdb.Infof("user: '******' (%s)", u, u.Email)
	cdb.Infof("inbound IP determined as: '%v'", getIP(r))
	cdb.Infof("HTTP req:-\n%s", string(reqBytes))

	if strings.HasPrefix(r.UserAgent(), "python") {
		cdb.Infof("User-Agent rejected")
		return true
	}
	if _, exists := userWhitelist[u.Email]; !exists {
		cdb.Infof("user not found in whitelist")
		return true
	}
	return false
}
Exemple #29
0
func deleteData(res http.ResponseWriter, req *http.Request) {
	ctx := appengine.NewContext(req)
	u := user.Current(ctx)
	keyVal := req.FormValue("keyVal")
	key, err := datastore.DecodeKey(keyVal)
	if err != nil {
		http.Error(res, "Invalid data", http.StatusBadRequest)
		log.Warningf(ctx, err.Error())
		return
	}
	var l list
	err = datastore.Get(ctx, key, &l)
	if err != nil {
		http.Error(res, "Invalid data", http.StatusBadRequest)
		log.Warningf(ctx, err.Error())
		return
	}
	if l.Owner != u.Email {
		http.Error(res, "Not authorized to delete this entry", http.StatusUnauthorized)
		log.Warningf(ctx, err.Error())
		return
	}
	err = datastore.Delete(ctx, key)
	if err != nil {
		http.Error(res, "Server Error", http.StatusInternalServerError)
		log.Errorf(ctx, err.Error())
		return
	}
}
Exemple #30
0
func serveHome(w http.ResponseWriter, r *http.Request) {
	c := appengine.NewContext(r)

	u := user.Current(c)
	su, err := getUser(c, u)
	if err != nil {
		w.WriteHeader(400)
		fmt.Fprintf(w, "You are not permitted, %v", u)
		return
	}

	log.Infof(c, "Got a request from %v", u)

	projected, earned, err := projections(c, su, 90)
	if err != nil {
		log.Errorf(c, "Error finding projections: %v", err)
	}

	execTemplate(c, w, "index.html",
		map[string]interface{}{
			"user":      u,
			"tasks":     iterateUserTasks(c, su, false),
			"projected": int(projected),
			"earned":    int(earned),
			"missed":    int(projected - earned),
		})
}