//TODO - redundant func GetUsers(rw http.ResponseWriter, r *http.Request, enc encoding.Encoder, params martini.Params, dtx *apicontext.DataContext) string { user, err := customer.GetCustomerUserFromKey(dtx.APIKey) if err != nil { apierror.GenerateError("Trouble getting customer user", err, rw, r) return "" } if !user.Sudo { err = errors.New("Unauthorized!") apierror.GenerateError("Unauthorized!", err, rw, r, http.StatusUnauthorized) return "" } cust, err := user.GetCustomer(dtx.APIKey) if err != nil { apierror.GenerateError("Trouble getting customer", err, rw, r) return "" } if err = cust.GetUsers(dtx.APIKey); err != nil { apierror.GenerateError("Trouble getting users", err, rw, r) return "" } return encoding.Must(enc.Encode(cust.Users)) }
func GetLocations(rw http.ResponseWriter, r *http.Request, enc encoding.Encoder, params martini.Params, dtx *apicontext.DataContext) string { cu, err := customer.GetCustomerUserFromKey(dtx.APIKey) if err != nil { err = errors.New("Unauthorized!") apierror.GenerateError("Unauthorized!", err, rw, r, http.StatusUnauthorized) return "" } c, err := cu.GetCustomer(dtx.APIKey) if err != nil { err = errors.New("Unauthorized!") apierror.GenerateError("Unauthorized!", err, rw, r, http.StatusUnauthorized) return "" } return encoding.Must(enc.Encode(c.Locations)) }
//Todo redundant //Hacky like this to work with old forms of authentication func GetUser(rw http.ResponseWriter, r *http.Request, enc encoding.Encoder) string { qs, err := url.Parse(r.URL.String()) if err != nil { apierror.GenerateError("err parsing url", err, rw, r) return "" } key := qs.Query().Get("key") if key == "" { key = r.FormValue("key") } user, err := customer.GetCustomerUserFromKey(key) if err != nil { apierror.GenerateError("Trouble getting customer user", err, rw, r) return "" } return encoding.Must(enc.Encode(user)) }
func GenerateApiKey(rw http.ResponseWriter, r *http.Request, params martini.Params, enc encoding.Encoder, dtx *apicontext.DataContext) string { var err error qs := r.URL.Query() key := qs.Get("key") if key == "" { key = r.FormValue("key") } user, err := customer.GetCustomerUserFromKey(key) if err != nil || user.Id == "" { apierror.GenerateError("Trouble getting customer user using this api key", err, rw, r) return "" } authed := false if user.Sudo == false { for _, k := range user.Keys { if k.Type == customer.PRIVATE_KEY_TYPE && k.Key == key { authed = true break } } } else { authed = true } if !authed { err = errors.New("You do not have sufficient permissions to perform this operation.") apierror.GenerateError("Unauthorized", err, rw, r, http.StatusUnauthorized) return "" } id := params["id"] if r.FormValue("id") != "" { id = r.FormValue("id") } generateType := params["type"] if r.FormValue("type") != "" { generateType = r.FormValue("type") } if id == "" { err = errors.New("You must provide a reference to the user whose key should be generated.") apierror.GenerateError("Invalid user reference", err, rw, r) return "" } if generateType == "" { err = errors.New("You must provide the type of key to be generated") apierror.GenerateError("Invalid API key type", err, rw, r) return "" } user.Id = id if err = user.Get(key); err != nil { apierror.GenerateError("Invalid user reference", err, rw, r) return "" } generated, err := user.GenerateAPIKey(generateType, dtx.BrandArray) if err != nil { apierror.GenerateError("Failed to generate an API Key", err, rw, r) return "" } return encoding.Must(enc.Encode(generated)) }
func processDataContext(r *http.Request, c martini.Context) (*apicontext.DataContext, error) { qs := r.URL.Query() apiKey := qs.Get("key") brand := qs.Get("brandID") website := qs.Get("websiteID") //handles api key if apiKey == "" { apiKey = r.FormValue("key") } if apiKey == "" { apiKey = r.Header.Get("key") } if apiKey == "" { return nil, errors.New("No API Key Supplied.") } //gets customer user from api key user, err := customer.GetCustomerUserFromKey(apiKey) if err != nil || user.Id == "" { return nil, errors.New("No User for this API Key.") } // go user.LogApiRequest(r) //handles branding var brandID int if brand == "" { brand = r.FormValue("brandID") } if brand == "" { brand = r.Header.Get("brandID") } if id, err := strconv.Atoi(brand); err == nil { brandID = id } //handles websiteID var websiteID int if website == "" { website = r.FormValue("websiteID") } if website == "" { website = r.Header.Get("websiteID") } if id, err := strconv.Atoi(website); err == nil { websiteID = id } //load brands in dtx //returns our data context...shared amongst controllers // var dtx apicontext.DataContext dtx := &apicontext.DataContext{ APIKey: apiKey, BrandID: brandID, WebsiteID: websiteID, UserID: user.Id, //current authenticated user CustomerID: user.CustomerID, Globals: nil, } err = dtx.GetBrandsArrayAndString(apiKey, brandID) if err != nil { return nil, err } return dtx, nil }