コード例 #1
0
ファイル: user.go プロジェクト: carnivalmobile/drone
// PostUserSync accepts a request to post user sync
//
//     POST /api/user/sync
//
func PostUserSync(c web.C, w http.ResponseWriter, r *http.Request) {
	var ctx = context.FromC(c)
	var user = ToUser(c)
	if user == nil {
		w.WriteHeader(http.StatusUnauthorized)
		return
	}

	var remote = remote.Lookup(user.Remote)
	if remote == nil {
		w.WriteHeader(http.StatusNotFound)
		return
	}

	if user.Syncing {
		w.WriteHeader(http.StatusConflict)
		return
	}

	user.Syncing = true
	if err := datastore.PutUser(ctx, user); err != nil {
		w.WriteHeader(http.StatusNotFound)
		return
	}

	go sync.SyncUser(ctx, user, remote)
	w.WriteHeader(http.StatusNoContent)
	return
}
コード例 #2
0
ファイル: users.go プロジェクト: Intellifora/drone
// PostUser accepts a request to create a new user in the
// system. The created user account is returned in JSON
// format if successful.
//
//     POST /api/users/:host/:login
//
func PostUser(c web.C, w http.ResponseWriter, r *http.Request) {
	var ctx = context.FromC(c)
	var (
		host  = c.URLParams["host"]
		login = c.URLParams["login"]
	)
	var remote = remote.Lookup(host)
	if remote == nil {
		w.WriteHeader(http.StatusNotFound)
		return
	}

	// not sure I love this, but POST now flexibly accepts the oauth_token for
	// GitHub as either application/x-www-form-urlencoded OR as applcation/json
	// with this format:
	//    { "oauth_token": "...." }
	var oauthToken string
	switch cnttype := r.Header.Get("Content-Type"); cnttype {
	case "application/json":
		var out interface{}
		err := json.NewDecoder(r.Body).Decode(&out)
		if err == nil {
			if val, ok := out.(map[string]interface{})["oauth_token"]; ok {
				oauthToken = val.(string)
			}
		}
	case "application/x-www-form-urlencoded":
		oauthToken = r.PostForm.Get("oauth_token")
	default:
		// we don't recognize the content-type, but it isn't worth it
		// to error here
		log.Printf("PostUser(%s) Unknown 'Content-Type': %s)", r.URL, cnttype)
	}
	account := model.NewUser(host, login, "", oauthToken)

	if err := datastore.PostUser(ctx, account); err != nil {
		w.WriteHeader(http.StatusBadRequest)
		return
	}

	// borrowed this concept from login.go. upon first creation we
	// may trying syncing the user's repositories.
	account.Syncing = account.IsStale()
	if err := datastore.PutUser(ctx, account); err != nil {
		log.Println(err)
		w.WriteHeader(http.StatusBadRequest)
		return
	}

	if account.Syncing {
		log.Println("sync user account.", account.Login)

		// sync inside a goroutine
		go sync.SyncUser(ctx, account, remote)
	}

	json.NewEncoder(w).Encode(account)
}
コード例 #3
0
ファイル: user.go プロジェクト: zankard/drone
// PostUserSync accepts a request to post user sync
//
//     POST /api/user/sync
//
func PostUserSync(c web.C, w http.ResponseWriter, r *http.Request) {
	var ctx = context.FromC(c)
	var user = ToUser(c)
	if user == nil {
		w.WriteHeader(http.StatusUnauthorized)
		return
	}

	var remote = remote.Lookup(user.Remote)
	if remote == nil {
		w.WriteHeader(http.StatusNotFound)
		return
	}

	if user.Syncing {
		w.WriteHeader(http.StatusConflict)
		return
	}

	// Request a new token and update
	user_token, err := remote.GetToken(user)
	if user_token != nil {
		user.Access = user_token.AccessToken
		user.Secret = user_token.RefreshToken
		user.TokenExpiry = user_token.Expiry
	} else if err != nil {
		w.WriteHeader(http.StatusNotFound)
		return
	}

	user.Syncing = true
	if err := datastore.PutUser(ctx, user); err != nil {
		w.WriteHeader(http.StatusNotFound)
		return
	}

	go sync.SyncUser(ctx, user, remote)
	w.WriteHeader(http.StatusNoContent)
	return
}
コード例 #4
0
ファイル: login.go プロジェクト: carnivalmobile/drone
// GetLogin accepts a request to authorize the user and to
// return a valid OAuth2 access token. The access token is
// returned as url segment #access_token
//
//     GET /login/:host
//
func GetLogin(c web.C, w http.ResponseWriter, r *http.Request) {
	var ctx = context.FromC(c)
	var host = c.URLParams["host"]
	var redirect = "/"
	var remote = remote.Lookup(host)
	if remote == nil {
		w.WriteHeader(http.StatusNotFound)
		return
	}

	// authenticate the user
	login, err := remote.Authorize(w, r)
	if err != nil {
		log.Println(err)
		w.WriteHeader(http.StatusBadRequest)
		return
	} else if login == nil {
		// in this case we probably just redirected
		// the user, so we can exit with no error
		return
	}

	// get the user from the database
	u, err := datastore.GetUserLogin(ctx, host, login.Login)
	if err != nil {
		// if self-registration is disabled we should
		// return a notAuthorized error. the only exception
		// is if no users exist yet in the system we'll proceed.
		if capability.Enabled(ctx, capability.Registration) == false {
			users, err := datastore.GetUserList(ctx)
			if err != nil || len(users) != 0 {
				log.Println("Unable to create account. Registration is closed")
				w.WriteHeader(http.StatusForbidden)
				return
			}
		}

		// create the user account
		u = model.NewUser(remote.GetKind(), login.Login, login.Email)
		u.Name = login.Name
		u.SetEmail(login.Email)

		// insert the user into the database
		if err := datastore.PostUser(ctx, u); err != nil {
			log.Println(err)
			w.WriteHeader(http.StatusBadRequest)
			return
		}

		// if this is the first user, they
		// should be an admin.
		if u.ID == 1 {
			u.Admin = true
		}
	}

	// update the user access token
	// in case it changed in GitHub
	u.Access = login.Access
	u.Secret = login.Secret
	u.Name = login.Name
	u.SetEmail(login.Email)
	u.Syncing = u.IsStale()

	if err := datastore.PutUser(ctx, u); err != nil {
		log.Println(err)
		w.WriteHeader(http.StatusBadRequest)
		return
	}

	// look at the last synchronized date to determine if
	// we need to re-sync the account.
	//
	// todo(bradrydzewski) this should move to a server/sync package and
	//      should be injected into this struct, just like the database code.
	//
	// todo(bradrydzewski) this login should be a bit more intelligent
	//      than the current implementation.
	if u.Syncing {
		redirect = "/sync"
		log.Println("sync user account.", u.Login)

		// sync inside a goroutine
		go sync.SyncUser(ctx, u, remote)
	}

	token, err := session.GenerateToken(ctx, r, u)
	if err != nil {
		log.Println(err)
		w.WriteHeader(http.StatusInternalServerError)
		return
	}
	redirect = redirect + "#access_token=" + token

	http.Redirect(w, r, redirect, http.StatusSeeOther)
}