// HandleUpdate handles the POST of the form to update a story func HandleUpdate(context router.Context) error { // Find the story story, err := stories.Find(context.ParamInt("id")) if err != nil { return router.NotFoundError(err) } // Authorise update story err = authorise.ResourceAndAuthenticity(context, story) if err != nil { return router.NotAuthorizedError(err) } // Update the story from params params, err := context.Params() if err != nil { return router.InternalError(err) } err = story.Update(params.Map()) if err != nil { return err // Create returns a router.Error } err = updateStoriesRank() if err != nil { return router.InternalError(err) } // Redirect to story return router.Redirect(context, story.URLShow()) }
// HandleUpdate handles the POST of the form to update a page func HandleUpdate(context router.Context) error { // Find the page page, err := pages.Find(context.ParamInt("id")) if err != nil { return router.NotFoundError(err) } // Authorise update page err = authorise.ResourceAndAuthenticity(context, page) if err != nil { return router.NotAuthorizedError(err) } // Update the page from params params, err := context.Params() if err != nil { return router.InternalError(err) } err = page.Update(params.Map()) if err != nil { return router.InternalError(err) } // Redirect to page return router.Redirect(context, page.URLShow()) }
// HandleShowPath serves requests to a custom page url func HandleShowPath(context router.Context) error { // Setup context for template path := context.Path() // If no pages or users exist, redirect to set up page if missingUsersAndPages() { return router.Redirect(context, "/fragmenta/setup") } q := pages.Query().Where("url=?", path).Limit(1) pages, err := pages.FindAll(q) if err != nil || len(pages) == 0 { return router.NotFoundError(err) } // Get the first of pages to render page := pages[0] // For show path of pages, we authorise showing the page FOR ALL users if it is published if !page.IsPublished() { // Authorise err = authorise.Resource(context, page) if err != nil { return router.NotAuthorizedError(err) } } return renderPage(context, page) }
// HandleShow serve a get request at /users/1 func HandleShow(context router.Context) error { // Find the user user, err := users.Find(context.ParamInt("id")) if err != nil { context.Logf("#error parsing user id: %s", err) return router.NotFoundError(err) } userMeta := fmt.Sprintf("%s – %s", user.Name, user.Summary) // Set up view view := view.New(context) // Find the first image which matches this user image, err := images.Find(user.ImageID) if err == nil { // only add image key if we have one view.AddKey("image", image) } // Render the Template view.AddKey("user", user) view.AddKey("meta_title", userMeta) view.AddKey("meta_desc", userMeta) view.AddKey("meta_keywords", user.Keywords()) return view.Render() }
// HandleUpdate responds to POST /comments/update func HandleUpdate(context router.Context) error { // Find the comment comment, err := comments.Find(context.ParamInt("id")) if err != nil { return router.NotFoundError(err) } // Authorise update comment, check auth token err = authorise.ResourceAndAuthenticity(context, comment) if err != nil { return router.NotAuthorizedError(err) } // Update the comment from params params, err := context.Params() if err != nil { return router.InternalError(err) } err = comment.Update(params.Map()) if err != nil { return router.InternalError(err) } // Redirect to comment return router.Redirect(context, comment.URLShow()) }
// HandleCreate handles the POST of the create form for pages func HandleCreate(context router.Context) error { // Authorise err := authorise.ResourceAndAuthenticity(context, nil) if err != nil { return router.NotAuthorizedError(err) } // Setup context params, err := context.Params() if err != nil { return router.InternalError(err) } id, err := pages.Create(params.Map()) if err != nil { return router.InternalError(err) } // Log creation context.Logf("#info Created page id,%d", id) // Redirect to the new page m, err := pages.Find(id) if err != nil { return router.InternalError(err) } return router.Redirect(context, m.URLIndex()) }
// HandleUpdate serves POST or PUT /tags/1/update func HandleUpdate(context router.Context) error { // Find the tag tag, err := tags.Find(context.ParamInt("id")) if err != nil { return router.NotFoundError(err) } // Authorise err = authorise.Resource(context, tag) if err != nil { return router.NotAuthorizedError(err) } // Update the tag params, err := context.Params() if err != nil { return router.InternalError(err) } err = tag.Update(params.Map()) if err != nil { return router.InternalError(err) } // Redirect to tag return router.Redirect(context, tag.URLShow()) }
// HandleShowPath serves requests to a custom page url func HandleShowPath(context router.Context) error { // Setup context for template path := context.Path() q := pages.Query().Where("url=?", path).Limit(1) pages, err := pages.FindAll(q) if err != nil || len(pages) == 0 { return router.NotFoundError(err) } // Get the first of pages to render page := pages[0] // If not published, check authorisation if !page.IsPublished() { // Authorise err = authorise.Resource(context, page) if err != nil { return router.NotAuthorizedError(err) } } return render(context, page) }
// HandleUpdate handles the POST of the form to update a post func HandleUpdate(context router.Context) error { // Find the post post, err := posts.Find(context.ParamInt("id")) if err != nil { return router.NotFoundError(err) } // Authorise update post err = authorise.Resource(context, post) if err != nil { return router.NotAuthorizedError(err) } // Update the post from params params, err := context.Params() if err != nil { return router.InternalError(err) } err = post.Update(params.Map()) if err != nil { return router.InternalError(err) } // Redirect to post return router.Redirect(context, post.URLShow()) }
// HandleUpdateShow handles the POST of the form to update a file func HandleUpdate(context router.Context) error { // Find the file file, err := files.Find(context.ParamInt("id")) if err != nil { return router.NotFoundError(err) } // Authorise update file err = authorise.Resource(context, file) if err != nil { return router.NotAuthorizedError(err) } // Update the file from params params, err := context.Params() if err != nil { return router.InternalError(err) } // Find the to user, by querying users on username or email // Set the user id if found, else return 404 error, user not found // TODO: Make *sure* this only accepts the params we want err = file.Update(params.Map()) if err != nil { return router.InternalError(err) } // Redirect to file return router.Redirect(context, file.URLShow()) }
// HandleUpdateShow renders the form to update a post func HandleUpdateShow(context router.Context) error { // Find the post post, err := posts.Find(context.ParamInt("id")) if err != nil { return router.NotFoundError(err) } // Authorise update post err = authorise.Resource(context, post) if err != nil { return router.NotAuthorizedError(err) } // Find users for author details users, err := users.FindAll(users.Admins()) if err != nil { return router.NotFoundError(err) } // Render the template view := view.New(context) view.AddKey("post", post) view.AddKey("users", users) return view.Render() }
// HandleUpdate handles the POST of the form to update a user func HandleUpdate(context router.Context) error { // Find the user user, err := users.Find(context.ParamInt("id")) if err != nil { return router.NotFoundError(err) } // Authorise update user err = authorise.ResourceAndAuthenticity(context, user) if err != nil { return router.NotAuthorizedError(err) } // Get the params params, err := context.Params() if err != nil { return router.InternalError(err) } // Clean params further for customers, they may only update email, password, key allowedParams := params.Map() u := authorise.CurrentUser(context) if !u.Admin() { // allowedParams = params.Clean(users.AllowedParamsCustomer()) } err = user.Update(allowedParams) if err != nil { return router.InternalError(err) } // Redirect to user return router.Redirect(context, user.URLShow()) }
// HandleShow displays a single story func HandleShow(context router.Context) error { // Find the story story, err := stories.Find(context.ParamInt("id")) if err != nil { return router.InternalError(err) } // Redirect requests to the canonical url if context.Path() != story.URLShow() { return router.Redirect(context, story.URLShow()) } // Find the comments for this story // Fetch the comments q := comments.Where("story_id=?", story.Id).Order(comments.RankOrder) rootComments, err := comments.FindAll(q) if err != nil { return router.InternalError(err) } // Render the template view := view.New(context) view.AddKey("story", story) view.AddKey("meta_title", story.Name) view.AddKey("meta_desc", story.Summary) view.AddKey("meta_keywords", story.Name) view.AddKey("comments", rootComments) return view.Render() }
// HandleIndex serves a get request at /pages func HandleIndex(context router.Context) error { // Authorise err := authorise.Path(context) if err != nil { return router.NotAuthorizedError(err) } // Fetch the pages q := pages.Query().Order("url asc") // Filter if necessary filter := context.Param("filter") if len(filter) > 0 { filter = strings.Replace(filter, "&", "", -1) filter = strings.Replace(filter, " ", "", -1) filter = strings.Replace(filter, " ", " & ", -1) q.Where("(to_tsvector(name) || to_tsvector(summary) || to_tsvector(url) @@ to_tsquery(?) )", filter) } pageList, err := pages.FindAll(q) if err != nil { context.Logf("#error Error indexing pages %s", err) return router.InternalError(err) } // Serve template view := view.New(context) view.AddKey("filter", filter) view.AddKey("pages", pageList) return view.Render() }
// POST users/create func HandleCreate(context router.Context) error { // Authorise err := authorise.Path(context) if err != nil { return router.NotAuthorizedError(err) } // Setup context params, err := context.Params() if err != nil { return router.InternalError(err) } // We should check for duplicates in here id, err := users.Create(params.Map()) if err != nil { return router.InternalError(err, "Error", "Sorry, an error occurred creating the user record.") } else { context.Logf("#info Created user id,%d", id) } // Redirect to the new user p, err := users.Find(id) if err != nil { return router.InternalError(err, "Error", "Sorry, an error occurred finding the new user record.") } return router.Redirect(context, p.URLIndex()) }
// HandleUpdate responds to POST /comments/update func HandleUpdate(context router.Context) error { // Find the comment comment, err := comments.Find(context.ParamInt("id")) if err != nil { return router.NotFoundError(err) } // Authorise update comment, check auth token err = authorise.ResourceAndAuthenticity(context, comment) if err != nil { return router.NotAuthorizedError(err) } // Update the comment from params params, err := context.Params() if err != nil { return router.InternalError(err) } // Clean params according to role accepted := comments.AllowedParams() if authorise.CurrentUser(context).Admin() { accepted = comments.AllowedParamsAdmin() } cleanedParams := params.Clean(accepted) err = comment.Update(cleanedParams) if err != nil { return router.InternalError(err) } // Redirect to comment return router.Redirect(context, comment.URLShow()) }
// HandleShow displays a single story func HandleShow(context router.Context) error { // Find the story story, err := stories.Find(context.ParamInt("id")) if err != nil { return router.InternalError(err) } // Find the comments for this story // Fetch the comments q := comments.Where("story_id=?", story.Id).Order(comments.RankOrder) rootComments, err := comments.FindAll(q) if err != nil { return router.InternalError(err) } // Render the template view := view.New(context) view.AddKey("story", story) view.AddKey("meta_title", story.Name) view.AddKey("meta_desc", story.Summary) view.AddKey("meta_keywords", story.Name) view.AddKey("comments", rootComments) view.AddKey("authenticity_token", authorise.CreateAuthenticityToken(context)) return view.Render() }
// Serve a get request at /images // // func HandleIndex(context router.Context) error { // Authorise err := authorise.Path(context) if err != nil { return router.NotAuthorizedError(err) } // Setup context for template view := view.New(context) // Build a query q := images.Query() // Show only published (defaults to showing all) // q.Apply(status.WherePublished) // Order by required order, or default to id asc switch context.Param("order") { case "1": q.Order("created_at desc") case "2": q.Order("updated_at desc") case "3": q.Order("name asc") default: q.Order("id desc") } // Filter if necessary - this assumes name and summary cols filter := context.Param("filter") if len(filter) > 0 { filter = strings.Replace(filter, "&", "", -1) filter = strings.Replace(filter, " ", "", -1) filter = strings.Replace(filter, " ", " & ", -1) q.Where("( to_tsvector(name) || to_tsvector(summary) @@ to_tsquery(?) )", filter) } // Fetch the images imagesList, err := images.FindAll(q) if err != nil { return router.InternalError(err) } // Serve template view.AddKey("filter", filter) view.AddKey("images", imagesList) // Can we add these programatically? view.AddKey("admin_links", helpers.Link("Create image", images.New().URLCreate())) return view.Render() }
// Resource authorises the path and resource for the current user // if model is nil it is ignored and permission granted func Resource(c router.Context, r ResourceModel) error { // If not public path, check based on user role user := c.Get("current_user").(*users.User) switch user.Role { case users.RoleAdmin: return authoriseAdmin(c, r) default: return authoriseReader(c, r) } }
func loginUser(context router.Context, user *users.User) error { // Now save the user details in a secure cookie, so that we remember the next request session, err := auth.Session(context, context.Request()) if err != nil { return err } context.Logf("#info Login success for user: %d %s", user.Id, user.Email) session.Set(auth.SessionUserKey, fmt.Sprintf("%d", user.Id)) session.Save(context) return nil }
// HandleLoginShow handles GET /users/login func HandleLoginShow(context router.Context) error { // Check we have no current user u := authorise.CurrentUser(context) if !u.Anon() { return router.Redirect(context, fmt.Sprintf("/users/%d", u.Id)) } // Render the template view := view.New(context) view.AddKey("error", context.Param("error")) return view.Render() }
// HandleShow displays a single user func HandleShow(context router.Context) error { // Find the user user, err := users.Find(context.ParamInt("id")) if err != nil { return router.NotFoundError(err) } // Render the template view := view.New(context) view.AddKey("user", user) return view.Render() }
// POST pages/create func HandleCreate(context router.Context) error { // Authorise err := authorise.Path(context) if err != nil { return router.NotAuthorizedError(err) } // Setup context params, err := context.Params() if err != nil { return router.InternalError(err) } id, err := pages.Create(params.Map()) if err != nil { context.Logf("#info Failed to create page %v", params) return router.InternalError(err) } // Log creation context.Logf("#info Created page id,%d", id) // Redirect to the new page p, err := pages.Find(id) if err != nil { context.Logf("#error Error creating page,%s", err) } return router.Redirect(context, p.URLIndex()) }
// HandleIndex displays a list of posts func HandleIndex(context router.Context) error { // Authorise err := authorise.Path(context) if err != nil { return router.NotAuthorizedError(err) } // Build a query q := posts.Query() // Order by required order, or default to id asc switch context.Param("order") { case "1": q.Order("created desc") case "2": q.Order("updated desc") case "3": q.Order("name asc") default: q.Order("id asc") } // Filter if necessary - this assumes name and summary cols filter := context.Param("filter") if len(filter) > 0 { filter = strings.Replace(filter, "&", "", -1) filter = strings.Replace(filter, " ", "", -1) filter = strings.Replace(filter, " ", " & ", -1) q.Where("( to_tsvector(name) || to_tsvector(summary) @@ to_tsquery(?) )", filter) } // Fetch the posts results, err := posts.FindAll(q) if err != nil { return router.InternalError(err) } // Render the template view := view.New(context) view.AddKey("filter", filter) view.AddKey("posts", results) return view.Render() }
// POST /users/password/reset func HandlePasswordResetSend(context router.Context) error { // Find the user by email (if not found let them know) // Find the user by hex token in the db email := context.Param("email") user, err := users.First(users.Where("email=?", email)) if err != nil { return router.Redirect(context, "/users/password/reset?message=invalid_email") } // Generate a random token and url for the email token := auth.BytesToHex(auth.RandomToken()) // Generate the url to use in our email base := fmt.Sprintf("%s://%s", context.Request().URL.Scheme, context.Request().URL.Host) url := fmt.Sprintf("%s/users/password?token=%s", base, token) context.Logf("#info sending reset email:%s url:%s", email, url) // Update the user record with with this token p := map[string]string{"reset_token": token} user.Update(p) // Send a password reset email out //mail.Send("mymail") // Tell the user what we have done return router.Redirect(context, "/users/password/sent") }
// HandleUpdate or PUT /users/1/update func HandleUpdate(context router.Context) error { // Find the user id := context.ParamInt("id") user, err := users.Find(id) if err != nil { context.Logf("#error Error finding user %s", err) return router.NotFoundError(err) } // Authorise err = authorise.ResourceAndAuthenticity(context, user) if err != nil { return router.NotAuthorizedError(err) } // Get the params params, err := context.Params() if err != nil { return router.InternalError(err) } context.Logf("PARAMS RECD:%v", params) err = user.Update(params.Map()) if err != nil { return router.InternalError(err) } // Redirect to user return router.Redirect(context, user.URLShow()) }
// HandleShowName displays a single user by name func HandleShowName(context router.Context) error { // Find the user user, err := users.FindName(context.Param("name")) if err != nil { return router.NotFoundError(err) } // Render the template view := view.New(context) view.AddKey("user", user) view.Template("users/views/show.html.got") return view.Render() }
// AuthenticityToken checks the token in the current request func AuthenticityToken(context router.Context) error { token := context.Param(auth.SessionTokenKey) err := auth.CheckAuthenticityToken(token, context.Request()) if err != nil { // If the check fails, log out the user and completely clear the session context.Logf("#warn invalid authenticity token at %v", context) session, err := auth.SessionGet(context.Request()) if err != nil { return err } session.Clear(context.Writer()) } return err }
// HandleShow displays a single comment func HandleShow(context router.Context) error { // Find the comment comment, err := comments.Find(context.ParamInt("id")) if err != nil { return router.InternalError(err) } // No auth as all are public - if we restricted by status we might need to authorise here // Render the template view := view.New(context) view.AddKey("comment", comment) view.AddKey("authenticity_token", authorise.CreateAuthenticityToken(context)) return view.Render() }
// HandleShow displays a single page func HandleShow(context router.Context) error { // Find the page page, err := pages.Find(context.ParamInt("id")) if err != nil { return router.InternalError(err) } // Authorise access err = authorise.Resource(context, page) if err != nil { return router.NotAuthorizedError(err) } return render(context, page) }