func GET_callback_AC(c martini.Context, sess sessions.Session) { flow := sess.Get("flow").(FlowState) c.Invoke(update_account) c.Invoke(activate_session) c.Invoke(redirect_to(flow.Source)) }
func (api *dialogueApi) PostTopicsPosts(w http.ResponseWriter, r *http.Request, session sessions.Session, params martini.Params, rndr render.Render) { content := r.FormValue("content") topicId := params["topicId"] author := session.Get("username") // check for content if content == "" { e := ApiError{ Error: "content must be specified", } rndr.JSON(500, e) return } // new post post := &dialogue.Post{ Content: content, TopicId: topicId, Author: author.(string), } if err := api.rdb.SavePost(post); err != nil { e := ApiError{ Error: fmt.Sprintf("Error saving post: %s", err), } rndr.JSON(500, e) return } w.WriteHeader(204) }
func SearchPage(user common.User, session sessions.Session, r render.Render, req *http.Request) { src, err := handleSearch(req.URL.Query()) if err != nil { r.Error(400) } status := common.GetCodeSourceStatus(src) id := rand.Int63() params := req.URL.Query() usr := params.Get("user") repo := params.Get("repo") session.Set(id, usr+"/"+repo) data := struct { common.User Pagename string Theme string SourceStatus string WS_ID int64 Source *common.CodeSource }{user, "search", "standard", string(status), id, src} r.HTML(200, "search", data) }
func handleSubmission(req *http.Request, r render.Render, db *mgo.Database, session sessions.Session, backends []Backend) { template := make(map[string]string) template["contactUrl"] = os.Getenv("CONTACT_URL") template["contactValue"] = os.Getenv("CONTACT_VALUE") template["message"] = "Something went wrong :'(" err := req.ParseForm() if err != nil { r.HTML(http.StatusBadRequest, "error", template) } user := session.Get("user").(string) err = userHasSubmitted(db, user) if err != nil { log.Println(err) r.HTML(http.StatusInternalServerError, "error", template) } else { submission := &Submission{ Name: req.PostForm.Get("name"), Address: req.PostForm.Get("address"), Email: req.PostForm.Get("email"), Size: req.PostForm.Get("size"), } for i := 0; i < len(backends); i++ { go backends[i](submission) } r.HTML(http.StatusOK, "success", nil) } }
func getSignin(s sessions.Session, w http.ResponseWriter, r *http.Request) { s.Delete("username") if !oauthEnabled() { http.Redirect(w, r, "/", http.StatusFound) return } body, err := Asset("templates/signin.html") if err != nil { w.WriteHeader(http.StatusInternalServerError) log.Printf("ERROR: %s", err) return } tmpl, err := template.New("config.js").Parse(string(body)) if err != nil { w.WriteHeader(http.StatusInternalServerError) log.Printf("ERROR: %s", err) return } err = tmpl.Execute(w, struct { Error string Google bool }{ Error: r.FormValue("error"), Google: googleOauthEnabled(), }) if err != nil { w.WriteHeader(http.StatusInternalServerError) log.Printf("ERROR: %s", err) return } }
func (s *AEServer) HandlePostQuestion(w http.ResponseWriter, r *http.Request, session sessions.Session) (int, string) { //Verify user account or something login := session.Get("Login") if login == nil { return 404, Message("Not Logged In!") } tok := login.(string) user := s.syncGetUser(tok) if user == nil { return http.StatusBadRequest, Message("Invalid Cookie!") } q := QuestionFromJson(r.Body) if q == nil { return 404, Message("Poorly Formatted JSON.") } //Assign question an ID q.ID = bson.NewObjectId() q.Author = user.Username q.Timestamp = time.Now() err := s.questions.Save(q) if err != nil { log.Print(err) return http.StatusInternalServerError, Message("Failed to save question") } return 200, q.GetIdHex() }
func (mgr *Manager) authMidware(c martini.Context, w http.ResponseWriter, r *http.Request, ss sessions.Session) { if !strings.HasPrefix(r.URL.Path, API_PREFIX) { return } if !mgr.authRequired(r) { return } uid_ := ss.Get("uid") if uid_ == nil { w.WriteHeader(403) return } uid, ok := uid_.(int) if !ok { w.WriteHeader(403) return } exists := 0 mgr.db.QueryRow("select 1 from admins where id == ?", uid).Scan(&exists) if exists == 1 { return } w.WriteHeader(403) }
func LoginPost(lu forms.Login, session sessions.Session, r render.Render, dbh *db.Dbh) { errs := ValidateLogin(&lu) if len(errs) > 0 { log.Printf("errors: %+v\n", errs) } user := dbh.GetUserByEmail(lu.Email) match := auth.MatchPassword(lu.Password, user.Password, user.Salt) if match { sessionkey := SessionKey(user.Email, user.Password, user.Salt) session.Set("loggedin", "true") session.Set("uid", user.Id) session.Set("email", user.Email) session.Set("key", sessionkey) dbh.CreateSession(models.UserSession{UserId: user.Id, SessionKey: sessionkey, Active: true, Timestamp: time.Now().Unix()}) r.Redirect(strings.Join([]string{utils.AppCfg.Url(), "albums"}, "/"), http.StatusFound) return } session.Set("flash", "Invalid Email or Password") r.Redirect(strings.Join([]string{utils.AppCfg.Url(), "login"}, "/"), http.StatusFound) }
/* Handle requests to vote in a poll Expects the following json request. { choiceId: 0 } Response: json response of the created poll */ func PollVoteHandler(w http.ResponseWriter, r *http.Request, s sessions.Session, params martini.Params, ctx pollr.ApplicationContext) { // Find the requested poll and return a 404 if not found voterId := s.Get("voterId") if voterId == nil { fmt.Println("Can't find voterId!") http.Error(w, "Cheater", 404) return } poll, err := ctx.FindPoll(params["id"]) if err != nil { log.Printf("Poll %s not found", params["id"]) http.Error(w, "Poll not found", 404) return } // Decode the json request body to find the choiceId votePollEvent := &VotePollEvent{} if err := json.NewDecoder(r.Body).Decode(&votePollEvent); err != nil { fmt.Printf("VOTE: ERROR DECODING VOTEPOLLEVENT %s", r.Body) http.Error(w, "Bad vote data", 404) return } if votePollEvent.ChoiceId > uint(len(poll.Choices)) { fmt.Println("VOTE: ERROR CHOICEID OUT OF RANGE") http.Error(w, "Bad vote data", 404) return } ctx.Vote(voterId.(string), params["id"], votePollEvent.ChoiceId) }
// LtiProblemSets handles /lti/problem_set requests. // It creates the user/course if necessary, creates a session, // and redirects the user to the problem set picker UI URL. func LtiProblemSets(w http.ResponseWriter, r *http.Request, tx *sql.Tx, form LTIRequest, render render.Render, session sessions.Session) { now := time.Now() // load the coarse if _, err := getUpdateCourse(tx, &form, now); err != nil { loggedHTTPErrorf(w, http.StatusInternalServerError, "db error: %v", err) return } // load the user user, err := getUpdateUser(tx, &form, now) if err != nil { loggedHTTPErrorf(w, http.StatusInternalServerError, "db error: %v", err) return } // sign the user in session.Set("id", user.ID) u := &url.URL{ Path: "/", Fragment: fmt.Sprintf("/problem_sets/%s/%s", url.QueryEscape(form.OAuthConsumerKey), url.QueryEscape(form.LaunchPresentationReturnURL)), } log.Printf("problem set picker redirecting to %s", u.String()) //http.Redirect(w, r, u.String(), http.StatusSeeOther) http.Redirect(w, r, "/v2/users/me/cookie", http.StatusSeeOther) }
func Index(session sessions.Session, r render.Render, auth core.AuthData) { var session_data = struct { Username string PostsData Posts }{} v := session.Get("username") if v != nil { session_data.Username = v.(string) } req, _ := http.NewRequest("GET", "http://foojr.com/blog/posts", nil) //XXX handle error resp, _ := auth.CheckRequest(req) defer resp.Body.Close() data, _ := ioutil.ReadAll(resp.Body) //XXX handle error var posts Posts json.Unmarshal(data, &posts) //XXX handle error session_data.PostsData = posts r.HTML(200, "index", session_data) }
func LoginHandler(w http.ResponseWriter, r *http.Request, session sessions.Session, log *log.Logger) string { c, err := config.ReadDefault("users.cfg") if err != nil { return "Can't login. Problems reading user and password." } username := r.FormValue("username") password := r.FormValue("password") allowedUsername, _ := c.RawStringDefault("user") allowedPassword, _ := c.RawStringDefault("password") if username == allowedUsername && password == allowedPassword { log.Print("User WAS logged in.") session.Set("username", username) session.Set("password", password) http.Redirect(w, r, "/home", http.StatusFound) return "OK" } log.Print("User wasn't logged in. User " + username + " and password " + password) http.Redirect(w, r, "/login", http.StatusFound) return "Username or password incorrect" }
func SetupAdmin(args martini.Params, session sessions.Session, r render.Render) { form := &forms.SetupAdmin{} session.Set("setup", "true") genform := utils.GenerateForm(form, "/setup", "POST", nil) r.HTML(200, "setup", genform) }
func GET_callback_BB(c martini.Context, sess sessions.Session) { flow := sess.Get("flow").(FlowState) c.Invoke(match_session_identity_with_flow) c.Invoke(create_account) c.Invoke(redirect_to(flow.Source)) }
// ReadUser is a route which fetches user according to parameter "id" on API side and according to retrieved // session cookie on frontend side. // Returns user struct with all posts merged to object on API call. Frontend call will render user "home" page, "user/index.tmpl". func ReadUser(req *http.Request, params martini.Params, res render.Render, s sessions.Session) { var user User switch Root(req) { case "api": id, err := strconv.Atoi(params["id"]) if err != nil { log.Println(err) res.JSON(400, map[string]interface{}{"error": "The user ID could not be parsed from the request URL."}) return } user.ID = int64(id) user, err := user.Get() if err != nil { log.Println(err) if err.Error() == "not found" { res.JSON(404, NotFound()) return } res.JSON(500, map[string]interface{}{"error": "Internal server error"}) return } res.JSON(200, user) return case "user": user, err := user.Session(s) if err != nil { log.Println(err) s.Set("user", -1) res.HTML(500, "error", err) return } res.HTML(200, "user/index", user) return } }
func Login(session sessions.Session, db *mgo.Database, r render.Render, req *http.Request, writer http.ResponseWriter) string { writer.Header().Set("Content-Type", "text/javascript") userid := req.FormValue("userid") callback := req.FormValue("callback") password := req.FormValue("password") fmt.Println("userid", userid) if userid == "" { return util.Jsonp(JsonRet{"login", 401, "请登录", "abc"}, callback) } else { result := bson.M{} err := db.C("auth_user").Find(bson.M{"id": userid}).One(&result) fmt.Println(password) fmt.Println(result) if err == nil { values := result if values["password"] == password { session.Set("userid", values["id"]) session.Set("username", values["name"]) values["password"] = nil items := []interface{}{} db.C("good_shares").Find(bson.M{"acc": userid}).All(&items) values["items"] = items fmt.Println("登录成功!") return util.Jsonp(JsonRet{"login", 200, "登录成功", values}, callback) } else { return util.Jsonp(JsonRet{"login", 401, "登录失败!密码错误!", nil}, callback) } } else { return util.Jsonp(JsonRet{"login", 401, "登录失败!用户名错误!", nil}, callback) } } }
func (s *AEServer) HandleLogin(r *http.Request, params martini.Params, session sessions.Session) (int, string) { a := AuthFromJson(r.Body) if a == nil { time.Sleep(time.Second) return 404, Message("Login Failed") } sltr := StrResponse{} sltr.Arg = a.Username sltr.Resp = make(chan string) s.ch_getsalt <- sltr salt := <-sltr.Resp if salt == "" { return 401, Message("No login salt registered!") } user := s.FindUserByName(a.Username) salt_pass := DoHash(user.Password, salt) if salt_pass != a.Password { fmt.Println("Invalid password.") time.Sleep(time.Second) return http.StatusUnauthorized, Message("Invalid Username or Password.") } user.login = time.Now() tok := s.GetSessionToken() s.ch_login <- &Session{tok, user} session.Set("Login", tok) fmt.Println("Logged in!") return 200, Stringify(user) }
func DoLogin(entity models.UserLogin, session sessions.Session, enc Encoder, db gorp.SqlExecutor) (int, string) { status := &models.DefaultStruct{ Id: http.StatusForbidden, Name: messages.GetLocaleMessage("en", "MSG_LOGIN_INVALID"), Lang_key: "en", } user := GetUserByLogin(entity, db) if user.Name != "" { err := sessionauth.AuthenticateSession(session, user) if err != nil { status.Name = messages.GetLocaleMessage("en", "MSG_SESSION_INIT_ERROR") return http.StatusForbidden, Must(enc.EncodeOne(status)) } user.Authenticated = true user.UpdateLastLogin() status.Name = messages.GetLocaleMessage("en", "MSG_SUCCESSFUL_LOGIN") return http.StatusOK, Must(enc.EncodeOne(user)) } else { sessionauth.Logout(session, user) session.Clear() return http.StatusForbidden, Must(enc.EncodeOne(status)) } return http.StatusForbidden, Must(enc.EncodeOne(status)) }
func UserGet(ren render.Render, params martini.Params, dbmap *gorp.DbMap, s sessions.Session) { var usr User log.Println(params) err := dbmap.SelectOne(&usr, "SELECT * from users WHERE id = $1", s.Get("userId")) PanicIf(err) ren.JSON(200, usr) }
func loginWithNameAndPwd(r *http.Request, res http.ResponseWriter, params martini.Params, session sessions.Session, render render.Render, l *log.Logger) { err := r.ParseForm() if err != nil { l.Printf("ParseForm error: %v\n", err) render.HTML(200, "error", "登录失败!") return } username := r.PostFormValue("username") //password := r.PostFormValue("password") l.Printf("Start logging in, username = %s \n", username) //gitlabClient, err := gogitlab.NewGitlabByLogin(constant.GitLabHost, constant.GitLabApiPath, username, password) //if err != nil { // l.Printf("Login error: %v\n", err) // render.HTML(200, "error", "登录失败!") // return //} //gitUser, err := gitlabClient.CurrentUser() //if err != nil { // l.Printf("Get current error: %v\n", err) // render.HTML(200, "error", "登录失败!") // return //} uInfo := &UserInfo{} session.Set(constant.UserInfoKey, uInfo) render.HTML(200, "dashboard", uInfo) }
func awardUser(db *mgo.Database, session sessions.Session, r render.Render, x csrf.CSRF) { template := make(map[string]string) template["contactUrl"] = os.Getenv("CONTACT_URL") template["contactValue"] = os.Getenv("CONTACT_VALUE") user := session.Get("user").(string) status := checkStatus(db, user) if status == 0 { template["message"] = "Can't seem to find records of you :/" r.HTML(http.StatusUnauthorized, "error", template) } else if status == 1 { err := userHasAuth(db, user) if err != nil { log.Println(err) template["message"] = "Uh oh! Please report this :(" r.HTML(http.StatusInternalServerError, "error", template) } else { r.HTML(http.StatusOK, "form", x.GetToken()) } } else if status == 2 { r.HTML(http.StatusOK, "form", x.GetToken()) } else if status == 3 { template["message"] = "Hey buddy, it seems you have been awarded before." r.HTML(http.StatusUnauthorized, "error", template) } }
func (api *dialogueApi) apiAuthorize(r *http.Request, session sessions.Session, rndr render.Render) { // check authorization headers username := r.Header.Get("X-Auth-User") token := r.Header.Get("X-Auth-Token") if username == "" || token == "" { e := ApiError{ Error: "username and token must be present", } rndr.JSON(401, e) return } // verify token auth, err := api.rdb.GetAuthorization(username) if err != nil { e := ApiError{ Error: fmt.Sprintf("error verifying token: %s", err), } rndr.JSON(401, e) return } if auth == nil || auth.Token != token { e := ApiError{ Error: "invalid username/token", } rndr.JSON(401, e) return } // all is well, set session session.Set("username", username) }
func PreventReauth(session sessions.Session, r render.Render) { _, ok := session.Get("id").(int64) if ok { session.AddFlash("warning: You are already signed in!") r.Redirect("/dashboard") } }
// Handler to require a user to log in. If the user is currently logged in // nothing happens. Otherwise clear existing session and redirect the user // to the login page func RequireLogin(s sessions.Session, r render.Render) { session := s.Get("user_session") if session == nil { s.Clear() r.Redirect("/login") } }
func Check(w http.ResponseWriter, r *http.Request, sess sessions.Session) { auth := sess.Get("auth") if auth == nil { http.Redirect(w, r, "/admin/auth", http.StatusFound) return } }
func inner_GET_authorize(c martini.Context, sess sessions.Session, r *http.Request, ar *osin.AuthorizeRequest) bool { var ( identity = ActiveIdentity(c) source = current_url(r) handler martini.Handler ) if identity != nil { ar.UserData = identity sess.Delete("flow") return true } else { sess.Set("flow", FlowState{ Type: AuthorizeFlow, Source: source, StartAt: time.Now(), }) if provider := r.URL.Query().Get("p"); provider == "" { handler = show_provider_chooser() } else { handler = redirect_to_provider(provider) } } c.Invoke(handler) return false }
func userSiginCheck(info SiginIfo, session sessions.Session) string { var result bool info.UserName, result = check.CheckUserName(info.UserName) if result != true { return "-1" } info.UserNumber, result = check.CheckNumber(info.UserNumber) if result != true { return "-2" } isSelected := model.CheckSelected(info.UserNumber) if isSelected == false { return "-3" } resultSigin := model.Sigin(info.UserName, info.UserNumber) if resultSigin != true { return "-4" } else { session.Set("user_name", info.UserName) session.Set("user_number", info.UserNumber) return "1" } }
func userInforEdit(session sessions.Session, r render.Render) { user_number := session.Get("user_number") user_name := session.Get("user_name") if user_number == nil || user_name == nil { r.HTML(200, "home", nil) } var name string var number string if value, ok := user_name.(string); ok { name = value } else { r.HTML(200, "home", nil) } if value, ok := user_number.(string); ok { number = value } else { r.HTML(200, "home", nil) } var user model.User user, err := model.GetUserInfo(name, number) if err != true { r.HTML(200, "home", nil) } else { r.HTML(200, "userInforEdit", user) } }
func AuthRequired(su models.User, session sessions.Session, res http.ResponseWriter, req *http.Request) { if su.Id > 0 { return } log.Println("Login Required") session.Set("flash", "Login Required") http.Redirect(res, req, strings.Join([]string{utils.AppCfg.Url(), "login"}, "/"), http.StatusFound) }
func (u UserHandler) Profile(session sessions.Session, user sessionauth.User, params martini.Params, r render.Render) { //fmt.Printf("Profile session: %v\n", session) //fmt.Printf("Profile params: %v\n", params) fmt.Printf("Profile user: %v\n", user.(*model.UserModel)) fmt.Printf("Profile , AUTHUNIQUEID:%v \n", session.Get("AUTHUNIQUEID")) //fmt.Printf("Profile , id:%v \n", session.Get("id")) r.HTML(200, "user/profile", user.(*model.UserModel)) }