func (e *Editor) serveWriter(writer http.ResponseWriter, request *http.Request) {
if !e.store.HasWriteAccessForRequest(request) {
log.Printf("%s %s: no write permissions", request.Method, request.URL)
failer.ServeUnauthorized(writer, request)
return
}
var content = request.FormValue("content")
if content == "" {
log.Printf("%s %s: no valid content in request", request.Method, request.URL)
failer.ServeBadRequest(writer, request)
return
}
e.store.WriteString(request, content)
if err := e.store.Err(); err != nil {
log.Printf("%s %s: %s", request.Method, request.URL, err)
failer.ServeInternalServerError(writer, request)
return
}
log.Printf("%s %s: wrote %d bytes", request.Method, request.URL, len(content))
if request.FormValue("saveAndReturn") != "" {
router.RedirectToViewMode(writer, request)
return
}
router.RedirectToEditMode(writer, request)
}
func (a *HttpBasicAuthenticator) LoginHandler() http.Handler {
return http.HandlerFunc(func(writer http.ResponseWriter, request *http.Request) {
if a.loginRequiresHeader != "" && request.Header.Get(a.loginRequiresHeader) == "" {
log.Printf("%s %s: deny login because of missing connection header '%s'",
request.Method, request.URL, a.loginRequiresHeader)
failer.ServeBadRequest(writer, request)
return
}
var user = a.userAttemptingAuth(request)
if user != "" {
a.authenticate(writer, request)
// NOTE: Delay request even if authentication was successful, so that the
// attacker needs our response
time.Sleep(a.bruteBlocker.Delay(user, request.RemoteAddr, a.requestAuth.IsAuthenticated(request)))
if a.requestAuth.IsAuthenticated(request) && a.requestAuth.UserID(request) == user {
log.Printf("%s %s: authenticated as %s", request.Method, request.URL, a.requestAuth.UserID(request))
a.sessionAuth.SetUserID(writer, request, a.requestAuth.UserID(request))
router.RedirectToViewMode(writer, request)
return
}
}
a.basicAuth.RequireAuth(writer, request)
})
}
func (r Router) ServeHTTP(writer http.ResponseWriter, request *http.Request) {
var err = request.ParseForm()
if err != nil {
log.Printf("%s %s: %s", request.Method, request.URL, err)
failer.ServeBadRequest(writer, request)
} else if Is(ModeTemplate, request) {
r.templateDeliverer.ServeHTTP(writer, request)
} else if Is(ModeLogin, request) {
r.authenticator.ServeHTTP(writer, request)
} else if Is(ModeEdit, request) || Is(ModeCreate, request) || Is(ModeDelete, request) {
r.editor.ServeHTTP(writer, request)
} else {
r.viewer.ServeHTTP(writer, request)
}
}
