// POST users/create func HandleCreate(context router.Context) error { // Authorise err := authorise.Path(context) if err != nil { return router.NotAuthorizedError(err) } // Setup context params, err := context.Params() if err != nil { return router.InternalError(err) } // We should check for duplicates in here id, err := users.Create(params.Map()) if err != nil { return router.InternalError(err, "Error", "Sorry, an error occurred creating the user record.") } else { context.Logf("#info Created user id,%d", id) } // Redirect to the new user p, err := users.Find(id) if err != nil { return router.InternalError(err, "Error", "Sorry, an error occurred finding the new user record.") } return router.Redirect(context, p.URLIndex()) }
// HandleUpdate handles POST or PUT /images/1/update func HandleUpdate(context router.Context) error { // Find the image image, err := images.Find(context.ParamInt("id")) if err != nil { context.Logf("#error Error finding image %s", err) return router.NotFoundError(err) } // Authorise err = authorise.Resource(context, image) if err != nil { return router.NotAuthorizedError(err) } // Update the image params, err := context.Params() if err != nil { return router.InternalError(err) } err = image.Update(params.Map()) if err != nil { return router.InternalError(err) } // We redirect back to source if redirect param is set return router.Redirect(context, image.URLUpdate()) }
// HandleUpdate handles the POST of the form to update a page func HandleUpdate(context router.Context) error { // Find the page page, err := pages.Find(context.ParamInt("id")) if err != nil { return router.NotFoundError(err) } // Authorise update page err = authorise.ResourceAndAuthenticity(context, page) if err != nil { return router.NotAuthorizedError(err) } // Update the page from params params, err := context.Params() if err != nil { return router.InternalError(err) } err = page.Update(params.Map()) if err != nil { return router.InternalError(err) } // Redirect to page return router.Redirect(context, page.URLShow()) }
// HandleUpdate handles the POST of the form to update a user func HandleUpdate(context router.Context) error { // Find the user user, err := users.Find(context.ParamInt("id")) if err != nil { return router.NotFoundError(err) } // Authorise update user err = authorise.ResourceAndAuthenticity(context, user) if err != nil { return router.NotAuthorizedError(err) } // Get the params params, err := context.Params() if err != nil { return router.InternalError(err) } // Clean params further for customers, they may only update email, password, key allowedParams := params.Map() u := authorise.CurrentUser(context) if !u.Admin() { // allowedParams = params.Clean(users.AllowedParamsCustomer()) } err = user.Update(allowedParams) if err != nil { return router.InternalError(err) } // Redirect to user return router.Redirect(context, user.URLShow()) }
// HandleUpdate responds to POST /comments/update func HandleUpdate(context router.Context) error { // Find the comment comment, err := comments.Find(context.ParamInt("id")) if err != nil { return router.NotFoundError(err) } // Authorise update comment, check auth token err = authorise.ResourceAndAuthenticity(context, comment) if err != nil { return router.NotAuthorizedError(err) } // Update the comment from params params, err := context.Params() if err != nil { return router.InternalError(err) } // Clean params according to role accepted := comments.AllowedParams() if authorise.CurrentUser(context).Admin() { accepted = comments.AllowedParamsAdmin() } cleanedParams := params.Clean(accepted) err = comment.Update(cleanedParams) if err != nil { return router.InternalError(err) } // Redirect to comment return router.Redirect(context, comment.URLShow()) }
// HandleUpdate or PUT /users/1/update func HandleUpdate(context router.Context) error { // Find the user id := context.ParamInt("id") user, err := users.Find(id) if err != nil { context.Logf("#error Error finding user %s", err) return router.NotFoundError(err) } // Authorise err = authorise.ResourceAndAuthenticity(context, user) if err != nil { return router.NotAuthorizedError(err) } // Get the params params, err := context.Params() if err != nil { return router.InternalError(err) } context.Logf("PARAMS RECD:%v", params) err = user.Update(params.Map()) if err != nil { return router.InternalError(err) } // Redirect to user return router.Redirect(context, user.URLShow()) }
// HandleUpdate handles POST or PUT /pages/1/update func HandleUpdate(context router.Context) error { // Find the page page, err := pages.Find(context.ParamInt("id")) if err != nil { return router.NotFoundError(err) } // Authorise updating the page err = authorise.Resource(context, page) if err != nil { return router.NotAuthorizedError(err) } // Update the page from params params, err := context.Params() if err != nil { return router.InternalError(err) } err = page.Update(params.Map()) if err != nil { return router.InternalError(err) } // We then find the page again, and retreive the new Url, in case it has changed during update page, err = pages.Find(context.ParamInt("id")) if err != nil { return router.NotFoundError(err) } // Redirect to page url return router.Redirect(context, page.Url) }
// HandleUpdate responds to POST /comments/update func HandleUpdate(context router.Context) error { // Find the comment comment, err := comments.Find(context.ParamInt("id")) if err != nil { return router.NotFoundError(err) } // Authorise update comment, check auth token err = authorise.ResourceAndAuthenticity(context, comment) if err != nil { return router.NotAuthorizedError(err) } // Update the comment from params params, err := context.Params() if err != nil { return router.InternalError(err) } err = comment.Update(params.Map()) if err != nil { return router.InternalError(err) } // Redirect to comment return router.Redirect(context, comment.URLShow()) }
// HandleCreate handles the POST of the create form for pages func HandleCreate(context router.Context) error { // Authorise err := authorise.ResourceAndAuthenticity(context, nil) if err != nil { return router.NotAuthorizedError(err) } // Setup context params, err := context.Params() if err != nil { return router.InternalError(err) } id, err := pages.Create(params.Map()) if err != nil { return router.InternalError(err) } // Log creation context.Logf("#info Created page id,%d", id) // Redirect to the new page m, err := pages.Find(id) if err != nil { return router.InternalError(err) } return router.Redirect(context, m.URLIndex()) }
// HandleUpdate handles the POST of the form to update a story func HandleUpdate(context router.Context) error { // Find the story story, err := stories.Find(context.ParamInt("id")) if err != nil { return router.NotFoundError(err) } // Authorise update story err = authorise.ResourceAndAuthenticity(context, story) if err != nil { return router.NotAuthorizedError(err) } // Update the story from params params, err := context.Params() if err != nil { return router.InternalError(err) } err = story.Update(params.Map()) if err != nil { return err // Create returns a router.Error } err = updateStoriesRank() if err != nil { return router.InternalError(err) } // Redirect to story return router.Redirect(context, story.URLShow()) }
// HandleUpdate serves POST or PUT /tags/1/update func HandleUpdate(context router.Context) error { // Find the tag tag, err := tags.Find(context.ParamInt("id")) if err != nil { return router.NotFoundError(err) } // Authorise err = authorise.Resource(context, tag) if err != nil { return router.NotAuthorizedError(err) } // Update the tag params, err := context.Params() if err != nil { return router.InternalError(err) } err = tag.Update(params.Map()) if err != nil { return router.InternalError(err) } // Redirect to tag return router.Redirect(context, tag.URLShow()) }
// HandleUpdateShow handles the POST of the form to update a file func HandleUpdate(context router.Context) error { // Find the file file, err := files.Find(context.ParamInt("id")) if err != nil { return router.NotFoundError(err) } // Authorise update file err = authorise.Resource(context, file) if err != nil { return router.NotAuthorizedError(err) } // Update the file from params params, err := context.Params() if err != nil { return router.InternalError(err) } // Find the to user, by querying users on username or email // Set the user id if found, else return 404 error, user not found // TODO: Make *sure* this only accepts the params we want err = file.Update(params.Map()) if err != nil { return router.InternalError(err) } // Redirect to file return router.Redirect(context, file.URLShow()) }
// HandleUpdate handles the POST of the form to update a post func HandleUpdate(context router.Context) error { // Find the post post, err := posts.Find(context.ParamInt("id")) if err != nil { return router.NotFoundError(err) } // Authorise update post err = authorise.Resource(context, post) if err != nil { return router.NotAuthorizedError(err) } // Update the post from params params, err := context.Params() if err != nil { return router.InternalError(err) } err = post.Update(params.Map()) if err != nil { return router.InternalError(err) } // Redirect to post return router.Redirect(context, post.URLShow()) }
// POST pages/create func HandleCreate(context router.Context) error { // Authorise err := authorise.Path(context) if err != nil { return router.NotAuthorizedError(err) } // Setup context params, err := context.Params() if err != nil { return router.InternalError(err) } id, err := pages.Create(params.Map()) if err != nil { context.Logf("#info Failed to create page %v", params) return router.InternalError(err) } // Log creation context.Logf("#info Created page id,%d", id) // Redirect to the new page p, err := pages.Find(id) if err != nil { context.Logf("#error Error creating page,%s", err) } return router.Redirect(context, p.URLIndex()) }
// HandleUpdate or PUT /users/1/update func HandleUpdate(context router.Context) error { // Find the user id := context.ParamInt("id") user, err := users.Find(id) if err != nil { context.Logf("#error Error finding user %s", err) return router.NotFoundError(err) } // Authorise err = authorise.Resource(context, user) if err != nil { return router.NotAuthorizedError(err) } // We expect only one image, what about replacing the existing when updating? // At present we just create a new image files, err := context.ParamFiles("image") if err != nil { return router.InternalError(err) } // Get the params params, err := context.Params() if err != nil { return router.InternalError(err) } var imageID int64 if len(files) > 0 { fileHandle := files[0] // Create an image (saving the image representation on disk) imageParams := map[string]string{"name": user.Name, "status": "100"} imageID, err = images.Create(imageParams, fileHandle) if err != nil { return router.InternalError(err) } params.Set("image_id", fmt.Sprintf("%d", imageID)) delete(params, "image") } err = user.Update(params.Map()) if err != nil { return router.InternalError(err) } // Redirect to user return router.Redirect(context, user.URLShow()) }
// HandleCreate handles the POST of the create form for users func HandleCreate(context router.Context) error { // Authorise err := authorise.Resource(context, nil) if err != nil { return router.NotAuthorizedError(err) } // Setup context params, err := context.Params() if err != nil { return router.InternalError(err) } // Default to customer role etc - admins will have to promote afterwards params.Set("role", fmt.Sprintf("%d", users.RoleCustomer)) params.Set("status", fmt.Sprintf("%d", status.Published)) id, err := users.Create(params.Map()) if err != nil { return err } // Log creation context.Logf("#info Created user id,%d", id) // Redirect to the new user user, err := users.Find(id) if err != nil { return router.InternalError(err) } // Save the details in a secure cookie session, err := auth.Session(context, context.Request()) if err != nil { return router.InternalError(err) } context.Logf("#info CREATE for user: %d", user.Id) session.Set(auth.SessionUserKey, fmt.Sprintf("%d", user.Id)) session.Save(context) // Send them to their user profile page return router.Redirect(context, user.URLShow()) }
// HandleCreate responds to POST images/create func HandleCreate(context router.Context) error { // Authorise err := authorise.Path(context) if err != nil { return router.NotAuthorizedError(err) } // We expect only one image, what about replacing the existing when updating? // At present we just create a new image files, err := context.ParamFiles("image") if err != nil { return router.InternalError(err) } if len(files) == 0 { return router.NotFoundError(nil) } // Get the params params, err := context.Params() if err != nil { return router.InternalError(err) } id, err := images.Create(params.Map(), files[0]) if err != nil { context.Logf("#error Error creating image,%s", err) return router.InternalError(err) } // Log creation context.Logf("#info Created image id,%d", id) // Redirect to the new image m, err := images.Find(id) if err != nil { context.Logf("#error Error creating image,%s", err) } return router.Redirect(context, m.URLShow()) }
// HandleLogin handles a post to /users/login func HandleLogin(context router.Context) error { // Check we're not already logged in, if so redirect // Get the user details from the database params, err := context.Params() if err != nil { return router.NotFoundError(err) } // Need something neater than this - how best to do it? q := users.Where("email=?", params.Get("email")) user, err := users.First(q) if err != nil { context.Logf("#error Login failed for user no such user : %s %s", params.Get("email"), err) return router.Redirect(context, "/users/login?error=failed_email") } err = auth.CheckPassword(params.Get("password"), user.EncryptedPassword) if err != nil { context.Logf("#error Login failed for user : %s %s", params.Get("email"), err) return router.Redirect(context, "/users/login?error=failed_password") } // Now save the user details in a secure cookie, so that we remember the next request session, err := auth.Session(context, context.Request()) if err != nil { context.Logf("#error problem retrieving session") } context.Logf("#info Login success for user: %d %s", user.Id, user.Email) session.Set(auth.SessionUserKey, fmt.Sprintf("%d", user.Id)) session.Save(context) // Redirect to whatever page the user tried to visit before (if any) // For now send them to root return router.Redirect(context, "/") }
// HandleLogin handles a post to /users/login func HandleLogin(context router.Context) error { // Check we're not already logged in, if so redirect // Get the user details from the database params, err := context.Params() if err != nil { return router.NotFoundError(err) } // Find the user with this email q := users.Where("email=?", params.Get("email")) user, err := users.First(q) if err != nil { q = users.Where("name=?", params.Get("email")) // NB use of email field user, err = users.First(q) } if err != nil { context.Logf("#error Login failed for user no such user : %s %s", params.Get("email"), err) return router.Redirect(context, "/users/login?error=failed_email") } err = auth.CheckPassword(params.Get("password"), user.EncryptedPassword) if err != nil { context.Logf("#error Login failed for user : %s %s", params.Get("email"), err) return router.Redirect(context, "/users/login?error=failed_password") } // Save the fact user is logged in to session cookie err = loginUser(context, user) if err != nil { return router.InternalError(err) } // Redirect to whatever page the user tried to visit before (if any) // For now send them to root return router.Redirect(context, "/") }
// HandleCreate responds to POST tags/create func HandleCreate(context router.Context) error { // Authorise err := authorise.Path(context) if err != nil { return router.NotAuthorizedError(err) } // Setup context params, err := context.Params() if err != nil { return router.InternalError(err) } id, err := tags.Create(params.Map()) if err != nil { context.Logf("#info Failed to create tag %v", params) return router.InternalError(err) } // Log creation context.Logf("#info Created tag id,%d", id) // Redirect to the new tag tag, err := tags.Find(id) if err != nil { context.Logf("#error Error creating tag,%s", err) } // Always regenerate dotted ids - we fetch all tags first to avoid db calls q := tags.Query().Select("select id,parent_id from tags").Order("id asc") tagsList, err := tags.FindAll(q) if err == nil { dottedParams := map[string]string{} dottedParams["dotted_ids"] = tag.CalculateDottedIds(tagsList) tags.Query().Where("id=?", tag.Id).Update(dottedParams) } return router.Redirect(context, tag.URLIndex()) }
// HandleUpdate handles the POST of the form to update a story func HandleUpdate(context router.Context) error { // Find the story story, err := stories.Find(context.ParamInt("id")) if err != nil { return router.NotFoundError(err) } // Authorise update story err = authorise.ResourceAndAuthenticity(context, story) if err != nil { return router.NotAuthorizedError(err) } // Update the story from params params, err := context.Params() if err != nil { return router.InternalError(err) } // Clean params according to role accepted := stories.AllowedParams() if authorise.CurrentUser(context).Admin() { accepted = stories.AllowedParamsAdmin() } cleanedParams := params.Clean(accepted) err = story.Update(cleanedParams) if err != nil { return err // Create returns a router.Error } err = updateStoriesRank() if err != nil { return router.InternalError(err) } // Redirect to story return router.Redirect(context, story.URLShow()) }
// HandleUpdate or PUT /users/1/update func HandleUpdate(context router.Context) error { // Find the user id := context.ParamInt("id") user, err := users.Find(id) if err != nil { context.Logf("#error Error finding user %s", err) return router.NotFoundError(err) } // Authorise err = authorise.ResourceAndAuthenticity(context, user) if err != nil { return router.NotAuthorizedError(err) } // Get the params params, err := context.Params() if err != nil { return router.InternalError(err) } // Clean params according to role accepted := users.AllowedParams() if authorise.CurrentUser(context).Admin() { accepted = users.AllowedParamsAdmin() } allowedParams := params.Clean(accepted) err = user.Update(allowedParams) if err != nil { return router.InternalError(err) } // Redirect to user return router.Redirect(context, user.URLShow()) }
// HandleLogin handles a post to /users/login func HandleLogin(context router.Context) error { params, err := context.Params() if err != nil { return router.NotFoundError(err) } // Check users against their username - we could also check against the email later? name := params.Get("name") q := users.Where("name=?", name) user, err := users.FindFirst(q) if err != nil { context.Logf("#error Login failed for user : %s %s", name, err) return router.Redirect(context, "/users/login?error=failed_name") } err = auth.CheckPassword(params.Get("password"), user.Password) if err != nil { context.Logf("#error Login failed for user : %s %s", name, err) return router.Redirect(context, "/users/login?error=failed_password") } // Save the details in a secure cookie session, err := auth.Session(context, context.Request()) if err != nil { return router.InternalError(err) } context.Logf("#info LOGIN for user: %d", user.Id) session.Set(auth.SessionUserKey, fmt.Sprintf("%d", user.Id)) session.Save(context) // Send them to their user profile page return router.Redirect(context, user.URLShow()) }
// HandleCreate handles the POST of the create form for stories func HandleCreate(context router.Context) error { // Check csrf token err := authorise.AuthenticityToken(context) if err != nil { return router.NotAuthorizedError(err) } // Check permissions - if not logged in and above 1 points, redirect to error if !authorise.CurrentUser(context).CanSubmit() { return router.NotAuthorizedError(nil, "Sorry", "You need to be registered and have more than 1 points to submit stories.") } // Get params params, err := context.Params() if err != nil { return router.InternalError(err) } // Get user details user := authorise.CurrentUser(context) ip := getUserIP(context) url := params.Get("url") // Strip trailing slashes on url before comparisons // we could possibly also strip url fragments if strings.HasSuffix(url, "/") { url = strings.Trim(url, "/") params.Set("url", url) } // Check that no story with this url already exists q := stories.Where("url=?", url) duplicates, err := stories.FindAll(q) if err != nil { return router.InternalError(err) } if len(duplicates) > 0 { dupe := duplicates[0] // Add a point to dupe and return addStoryVote(dupe, user, ip, 1) return router.Redirect(context, dupe.URLShow()) } // Clean params according to role accepted := stories.AllowedParams() if authorise.CurrentUser(context).Admin() { accepted = stories.AllowedParamsAdmin() } cleanedParams := params.Clean(accepted) // Set a few params cleanedParams["points"] = "1" cleanedParams["user_id"] = fmt.Sprintf("%d", user.Id) cleanedParams["user_name"] = user.Name id, err := stories.Create(cleanedParams) if err != nil { return err // Create returns a router.Error } // Log creation context.Logf("#info Created story id,%d", id) // Redirect to the new story story, err := stories.Find(id) if err != nil { return router.InternalError(err) } // We need to add a vote to the story here too by adding a join to the new id err = recordStoryVote(story, user, ip, +1) if err != nil { return err } // Re-rank stories err = updateStoriesRank() if err != nil { return err } return router.Redirect(context, story.URLIndex()) }
// HandleCreate handles the POST of the create form for comments func HandleCreate(context router.Context) error { // Authorise csrf token err := authorise.AuthenticityToken(context) if err != nil { return router.NotAuthorizedError(err) } // Check permissions - if not logged in and above 0 points, redirect if !authorise.CurrentUser(context).CanComment() { return router.NotAuthorizedError(nil, "Sorry", "You need to be registered and have more than 0 points to comment.") } // Setup context params, err := context.Params() if err != nil { return router.InternalError(err) } // Find parent story - this must exist story, err := stories.Find(params.GetInt("story_id")) if err != nil { return router.NotFoundError(err) } params.SetInt("story_id", story.Id) params.Set("story_name", story.Name) // Set a few params user := authorise.CurrentUser(context) params.SetInt("user_id", user.Id) params.Set("user_name", user.Name) params.SetInt("points", 1) // Find the parent and set dotted id // these are of the form xx.xx. with a trailing dot // this saves us from saving twice on create parentID := context.ParamInt("parent_id") if parentID > 0 { parent, err := comments.Find(parentID) if err != nil { return router.NotFoundError(err) } context.Logf("PARENT:%d - %s", parent.Id, parent.DottedIds) params.Set("dotted_ids", fmt.Sprintf(parent.DottedIds+".")) } id, err := comments.Create(params.Map()) if err != nil { return router.InternalError(err) } // Log creation context.Logf("#info Created comment id,%d", id) // Update the story comment Count storyParams := map[string]string{"comment_count": fmt.Sprintf("%d", story.CommentCount+1)} err = story.Update(storyParams) if err != nil { return router.InternalError(err, "Error", "Could not update story.") } // Redirect to the new comment m, err := comments.Find(id) if err != nil { return router.InternalError(err) } // Re-rank comments on this story err = updateCommentsRank(m.StoryId) if err != nil { return err } return router.Redirect(context, m.URLStory()) }
// HandleCreate handles POST users/create func HandleCreate(context router.Context) error { // Check csrf token err := authorise.AuthenticityToken(context) if err != nil { return router.NotAuthorizedError(err) } // Setup context params, err := context.Params() if err != nil { return router.InternalError(err) } // Check for email duplicates email := params.Get("email") if len(email) > 0 { if len(email) < 3 || !strings.Contains(email, "@") { return router.InternalError(err, "Invalid email", "Please just miss out the email field, or use a valid email.") } count, err := users.Query().Where("email=?", email).Count() if err != nil { return router.InternalError(err) } if count > 0 { return router.NotAuthorizedError(err, "User already exists", "Sorry, a user already exists with that email.") } } // Check for invalid or duplicate names name := params.Get("name") if len(name) < 2 { return router.InternalError(err, "Name too short", "Please choose a username longer than 2 characters") } count, err := users.Query().Where("name=?", name).Count() if err != nil { return router.InternalError(err) } if count > 0 { return router.NotAuthorizedError(err, "User already exists", "Sorry, a user already exists with that name, please choose another.") } // Set some defaults for the new user params.SetInt("status", status.Published) params.SetInt("role", users.RoleReader) params.SetInt("points", 1) // Now try to create the user id, err := users.Create(params.Map()) if err != nil { return router.InternalError(err, "Error", "Sorry, an error occurred creating the user record.") } context.Logf("#info Created user id,%d", id) // Find the user again so we can save login user, err := users.Find(id) if err != nil { context.Logf("#error parsing user id: %s", err) return router.NotFoundError(err) } // Save the fact user is logged in to session cookie err = loginUser(context, user) if err != nil { return router.InternalError(err) } // Redirect to root return router.Redirect(context, "/?message=welcome") }
// HandleCreate handles the POST of the create form for stories func HandleCreate(context router.Context) error { // Check csrf token err := authorise.AuthenticityToken(context) if err != nil { return router.NotAuthorizedError(err) } // Check permissions - if not logged in and above 1 points, redirect to error if !authorise.CurrentUser(context).CanSubmit() { return router.NotAuthorizedError(nil, "Sorry", "You need to be registered and have more than 1 points to submit stories.") } // Get params params, err := context.Params() if err != nil { return router.InternalError(err) } // Get user details user := authorise.CurrentUser(context) ip := getUserIP(context) // Process urls url := params.Get("url") // Strip trailing slashes on url before comparisons if strings.HasSuffix(url, "/") { url = strings.Trim(url, "/") } // Strip ?utm_source etc - remove all after ?utm_source if strings.Contains(url, "?utm_") { url = strings.Split(url, "?utm_")[0] } // Strip url fragments (For example trailing # on medium urls) if strings.Contains(url, "#") { url = strings.Split(url, "#")[0] } // Rewrite mobile youtube links if strings.HasPrefix(url, "https://m.youtube.com") { url = strings.Replace(url, "https://m.youtube.com", "https://www.youtube.com", 1) } params.Set("url", url) // Check that no story with this url already exists q := stories.Where("url=?", url) duplicates, err := stories.FindAll(q) if err != nil { return router.InternalError(err) } if len(duplicates) > 0 { story := duplicates[0] // Check we have no votes already from this user, if we do fail if storyHasUserVote(story, user) { return router.NotAuthorizedError(err, "Vote Failed", "Sorry you are not allowed to vote twice, nice try!") } // Add a point to dupe and return addStoryVote(story, user, ip, 1) return router.Redirect(context, story.URLShow()) } // Clean params according to role accepted := stories.AllowedParams() if authorise.CurrentUser(context).Admin() { accepted = stories.AllowedParamsAdmin() } cleanedParams := params.Clean(accepted) // Set a few params cleanedParams["points"] = "1" cleanedParams["user_id"] = fmt.Sprintf("%d", user.Id) cleanedParams["user_name"] = user.Name id, err := stories.Create(cleanedParams) if err != nil { return err // Create returns a router.Error } // Log creation context.Logf("#info Created story id,%d", id) // Redirect to the new story story, err := stories.Find(id) if err != nil { return router.InternalError(err) } // We need to add a vote to the story here too by adding a join to the new id err = recordStoryVote(story, user, ip, +1) if err != nil { return err } // Re-rank stories err = updateStoriesRank() if err != nil { return err } return router.Redirect(context, story.URLIndex()) }
// HandleCreate handles the POST of the create form for files func HandleCreate(context router.Context) error { // Do not perform auth on posts - we could check a shared secret here or similar but that is not secure // better to require siging of posts by users with their own key to confirm identity if we wanted to check submissions. // Parse multipart first - must fix this to do it automatically fileParams, err := context.ParamFiles("file") if err != nil || len(fileParams) < 1 { return router.InternalError(err, "Invalid file", "Sorry, the file upload failed.") } fh := fileParams[0] context.Logf("#info FILE RECD:%v", fh.Filename) // Now extract other params params, err := context.Params() if err != nil { return router.InternalError(err) } // First find the username, if we have no user, reject post //context.Logf("PARAMS:%v", params) // PARAMS:map[sender:[Kenny Grant] recipient:[testtest]] // Check for user with name recipient // Find the user user, err := users.FindName(context.Param("recipient")) if err != nil || user == nil { return router.NotFoundError(err, "User not found", "Sorry this user doesn't exist") } // link with the named recipient user params.SetInt("user_id", user.Id) context.Logf("PARAMS:%v", params) // Ideally perform some identity check on the sender here, and set sender id if we have a user? // Perhaps require sending pgp sig of data? // We only consider the first file id, err := files.Create(params.Map(), fh) if err != nil { return router.InternalError(err) } // Log creation context.Logf("#info Created file id,%d", id) /* _, err := files.Find(id) if err != nil { return router.InternalError(err) } */ // Render a 200 response view := view.New(context) view.Layout("files/views/create.json.got") return view.Render() // return router.Redirect(context, m.URLIndex()) }
// HandleCreate handles the POST of the create form for stories func HandleCreate(context router.Context) error { // Check csrf token err := authorise.AuthenticityToken(context) if err != nil { return router.NotAuthorizedError(err) } // Check permissions - if not logged in and above 1 points, redirect to error if !authorise.CurrentUser(context).CanSubmit() { return router.NotAuthorizedError(nil, "Sorry", "You need to be registered and have more than 1 points to submit stories.") } // Get user details user := authorise.CurrentUser(context) ip := getUserIP(context) // Check that no story with this url already exists q := stories.Where("url=?", context.Param("url")) duplicates, err := stories.FindAll(q) if err != nil { return router.InternalError(err) } if len(duplicates) > 0 { dupe := duplicates[0] // Add a point to dupe addStoryVote(dupe, user, ip, 1) return router.Redirect(context, dupe.URLShow()) } // Setup context params, err := context.Params() if err != nil { return router.InternalError(err) } // Set a few params params.SetInt("points", 1) params.SetInt("user_id", user.Id) params.Set("user_name", user.Name) id, err := stories.Create(params.Map()) if err != nil { return err // Create returns a router.Error } // Log creation context.Logf("#info Created story id,%d", id) // Redirect to the new story story, err := stories.Find(id) if err != nil { return router.InternalError(err) } // We need to add a vote to the story here too by adding a join to the new id err = recordStoryVote(story, user, ip, +1) if err != nil { return err } // Re-rank stories err = updateStoriesRank() if err != nil { return err } return router.Redirect(context, story.URLIndex()) }