Esempio n. 1
0
func Recovery(rw http.ResponseWriter, r *http.Request, next http.HandlerFunc) {
	defer func() {
		if rec := recover(); rec != nil {
			log.Printf("error: %#v", rec)
			eye.Handle404(rw, r)
		}
	}()

	next(rw, r)
}
Esempio n. 2
0
func main() {
	mux := routes.New()

	mux.Get("/", func(rw http.ResponseWriter, r *http.Request) {
		var images []string

		rows, err := Db.DB().Query("SELECT uuid FROM images WHERE deleted_at IS NULL ORDER BY id DESC LIMIT 18")
		if err != nil {
			eye.HandleError(rw, r, err)
			return
		}
		defer rows.Close()

		for rows.Next() {
			var name string

			if err := rows.Scan(&name); err != nil {
				eye.HandleError(rw, r, err)
				return
			}

			images = append(images, name)
		}

		eye.DoTemplate("index", rw, r, images)
	})

	mux.Get("/login", func(rw http.ResponseWriter, r *http.Request) {
		tok := csrf.SetToken(r)
		eye.DoTemplate("users/login", rw, r, tok)
	})

	mux.Post("/login", func(rw http.ResponseWriter, r *http.Request) {
		err := r.ParseForm()

		if err != nil {
			panic(err)
		}

		sess := sessions.GetSession(r)

		tok := r.PostForm.Get("token")
		if !csrf.CheckToken(tok, r) {
			eye.HandleError(rw, r, errors.New("Invalid CSRF token"))
			return
		}

		user, err := models.Login(r.PostForm)
		if err != nil {
			if err == models.ErrBadPassword {
				err = errors.New("invalid password")
			}

			eye.HandleError(rw, r, err)
			return
		}

		sess.Set("uid", user.UUID)
		sess.AddFlash("Welcome, " + user.DisplayName)

		http.Redirect(rw, r, "/", http.StatusMovedPermanently)
	})

	mux.Get("/logout", func(rw http.ResponseWriter, r *http.Request) {
		sess := sessions.GetSession(r)
		sess.Clear()
		sess.AddFlash("You are no longer logged in.")

		http.Redirect(rw, r, "/", http.StatusMovedPermanently)
	})

	mux.Get("/register", func(rw http.ResponseWriter, r *http.Request) {
		tok := csrf.SetToken(r)
		eye.DoTemplate("users/register", rw, r, tok)
	})

	mux.Post("/register", func(rw http.ResponseWriter, r *http.Request) {
		err := r.ParseForm()

		if err != nil {
			panic(err)
		}

		sess := sessions.GetSession(r)

		tok := r.PostForm.Get("token")
		if !csrf.CheckToken(tok, r) {
			eye.HandleError(rw, r, errors.New("Invalid CSRF token"))
			return
		}

		u, err := models.NewUser(r.PostForm)
		if err != nil {
			eye.HandleError(rw, r, err)
		}

		sess.Set("uid", u.UUID)
		sess.AddFlash("Welcome, " + u.DisplayName)

		http.Redirect(rw, r, "/", http.StatusMovedPermanently)
	})

	mux.Get("/images/upload", func(rw http.ResponseWriter, r *http.Request) {
		if r.Header.Get("x-sb-uid") != "" {
			tok := csrf.SetToken(r)
			eye.DoTemplate("images/upload", rw, r, tok)
		} else {
			s := sessions.GetSession(r)

			s.AddFlash("You need to be logged in to do that")
		}
	})

	mux.Post("/images/upload", func(rw http.ResponseWriter, r *http.Request) {
		err := r.ParseMultipartForm(10000000) // 10 MB
		if err != nil {
			eye.HandleError(rw, r, err)
			return
		}

		user := context.Get(r, "user").(*models.User)

		i, err := models.NewImage(r, user)
		if err != nil {
			eye.HandleError(rw, r, err)
			return
		}

		http.Redirect(rw, r, "/images/"+i.UUID, 301)
	})

	mux.Get("/images/:id", func(rw http.ResponseWriter, r *http.Request) {
		params := r.URL.Query()
		imgID := params.Get(":id")

		if len(imgID) != 36 {
			eye.Handle404(rw, r)
			return
		}

		img := &models.Image{}
		q := Db.Where("uuid = ?", imgID).First(img)
		if q.Error != nil {
			eye.HandleError(rw, r, q.Error)
			return
		}

		user := &models.User{}
		q = Db.Where("id = ?", img.PosterID).First(user)
		if q.Error != nil {
			eye.HandleError(rw, r, q.Error)
			return
		}

		eye.DoTemplate("images/view", rw, r, struct {
			Image *models.Image
			User  *models.User
		}{
			Image: img,
			User:  user,
		})
	})

	mux.Get("/images/:id/delete", func(rw http.ResponseWriter, r *http.Request) {
		params := r.URL.Query()
		imgID := params.Get(":id")

		if len(imgID) != 36 {
			eye.Handle404(rw, r)
			return
		}

		user := context.Get(r, "user").(*models.User)

		img := &models.Image{}
		q := Db.Where("uuid = ?", imgID).First(img)
		if q.Error != nil {
			eye.HandleError(rw, r, q.Error)
			return
		}

		s := sessions.GetSession(r)

		// TODO: *User.Can("textrole")
		if eye.Can(user.Role, "canhide") {
			Db.Delete(img)

			s.AddFlash("Deleted image " + img.UUID)
		} else {
			s.AddFlash("You do not have the deletion permission.")
		}

		http.Redirect(rw, r, "/", 301)
	})

	// Test code goes here
	if Config.Site.Testing {
		mux.Get("/____error____", func(rw http.ResponseWriter, r *http.Request) {
			eye.HandleError(rw, r, errors.New("test error"))
		})
	}

	n := negroni.Classic()

	n.Use(sessions.Sessions("stevenbooru", CookieStore))
	n.UseFunc(mcontext.ClearContextOnExit)
	n.UseFunc(recovery.Recovery)
	n.Use(&users.Middleware{})
	middleware.Inject(n)
	n.UseHandler(mux)

	n.Run(fmt.Sprintf("%s:%s", Config.HTTP.Bindhost, Config.HTTP.Port))
}