func ErrorsUnauthorized(app *forest.App) func(ctx *bear.Context) { return func(ctx *bear.Context) { app.Response( ctx, http.StatusUnauthorized, forest.Failure, safeErrorMessage(app, ctx, app.Error("Unauthorized"))).Write(nil) } }
func ErrorsBadRequest(app *forest.App) func(ctx *bear.Context) { return func(ctx *bear.Context) { app.Response( ctx, http.StatusBadRequest, forest.Failure, safeErrorMessage(app, ctx, app.Error("Generic"))).Write(nil) } }
func ErrorsServerError(app *forest.App) func(ctx *bear.Context) { return func(ctx *bear.Context) { app.Response( ctx, http.StatusInternalServerError, forest.Failure, safeErrorMessage(app, ctx, app.Error("Generic"))).Write(nil) } }
func Authenticate(app *forest.App) func(ctx *bear.Context) { return func(ctx *bear.Context) { userID, ok := ctx.Get(forest.SessionUserID).(string) if !ok || len(userID) == 0 { app.Response(ctx, http.StatusUnauthorized, forest.Failure, app.Error("Unauthorized")).Write(nil) return } ctx.Next() } }
func SessionDel(app *forest.App, manager SessionManager) func(ctx *bear.Context) { return func(ctx *bear.Context) { sessionID, ok := ctx.Get(forest.SessionID).(string) if !ok { err := fmt.Errorf("SessionDel %s: %v", forest.SessionID, ctx.Get(forest.SessionID)) ctx.Set(forest.Error, err) message := safeErrorMessage(app, ctx, app.Error("Generic")) app.Response(ctx, http.StatusInternalServerError, forest.Failure, message).Write(nil) return } userID, ok := ctx.Get(forest.SessionUserID).(string) if !ok { err := fmt.Errorf("SessionDel %s: %v", forest.SessionUserID, ctx.Get(forest.SessionUserID)) ctx.Set(forest.Error, err) message := safeErrorMessage(app, ctx, app.Error("Generic")) app.Response(ctx, http.StatusInternalServerError, forest.Failure, message).Write(nil) return } if err := manager.Delete(sessionID, userID); err != nil { ctx.Set(forest.Error, err) message := safeErrorMessage(app, ctx, app.Error("Generic")) app.Response(ctx, http.StatusInternalServerError, forest.Failure, message).Write(nil) return } ctx.Next() } }
func BodyParser(app *forest.App) func(ctx *bear.Context) { return func(ctx *bear.Context) { destination, ok := ctx.Get(forest.Body).(Populater) if !ok { ctx.Set(forest.Error, fmt.Errorf("(*forest.App).BodyParser unitialized")) message := safeErrorMessage(app, ctx, app.Error("Parse")) app.Response(ctx, http.StatusInternalServerError, forest.Failure, message).Write(nil) return } if ctx.Request.Body == nil { ctx.Set(forest.SafeError, fmt.Errorf("%s: body is empty", app.Error("Parse"))) message := safeErrorMessage(app, ctx, app.Error("Parse")) app.Response(ctx, http.StatusBadRequest, forest.Failure, message).Write(nil) return } if err := destination.Populate(ctx.Request.Body); err != nil { ctx.Set(forest.SafeError, fmt.Errorf("%s: %s", app.Error("Parse"), err)) message := safeErrorMessage(app, ctx, app.Error("Parse")) app.Response(ctx, http.StatusBadRequest, forest.Failure, message).Write(nil) return } ctx.Next() } }
func CSRF(app *forest.App) func(ctx *bear.Context) { type postBody struct { SessionID string `json:"sessionid"` // forest.SessionID == "sessionid" } return func(ctx *bear.Context) { if ctx.Request.Body == nil { app.Response(ctx, http.StatusBadRequest, forest.Failure, app.Error("CSRF")).Write(nil) return } pb := new(postBody) body, _ := ioutil.ReadAll(ctx.Request.Body) if body == nil || len(body) < 2 { // smallest JSON body is {}, 2 chars app.Response( ctx, http.StatusBadRequest, forest.Failure, app.Error("Parse")).Write(nil) return } // set ctx.Request.Body back to an untouched io.ReadCloser ctx.Request.Body = ioutil.NopCloser(bytes.NewBuffer(body)) if err := json.Unmarshal(body, pb); err != nil { app.Response( ctx, http.StatusBadRequest, forest.Failure, app.Error("Parse")+": "+err.Error()).Write(nil) return } sessionID, ok := ctx.Get(forest.SessionID).(string) if !ok || sessionID != pb.SessionID { app.Response( ctx, http.StatusBadRequest, forest.Failure, app.Error("CSRF")).Write(nil) return } ctx.Next() } }
func ErrorsNotFound(app *forest.App) func(ctx *bear.Context) { return func(ctx *bear.Context) { message := safeErrorMessage(app, ctx, app.Error("NotFound")) app.Response(ctx, http.StatusNotFound, forest.Failure, message).Write(nil) } }