func ServeDocument(w http.ResponseWriter, r *http.Request) { ctx := GetContext(r) if ctx.Account == nil { http.Redirect(w, r, "/login", http.StatusSeeOther) return } acc := ctx.Account vars := mux.Vars(r) idStr := vars["id"] if !bson.IsObjectIdHex(idStr) { ServeNotFound(w, r) return } id := bson.ObjectIdHex(idStr) doc, err := data.GetDocument(id) catch(r, err) if doc == nil || doc.Deleted { ServeNotFound(w, r) return } mem, err := data.GetMemberProjectAccount(doc.ProjectID, acc.ID) catch(r, err) if mem == nil { ServeForbidden(w, r) return } prj, err := doc.Project() catch(r, err) org, err := prj.Organization() catch(r, err) token := jwt.New(jwt.SigningMethodHS256) token.Claims["accountID"] = ctx.Account.ID.Hex() token.Claims["documentID"] = doc.ID.Hex() token.Claims["expires"] = time.Now().Add(time.Minute * 15).Unix() tokenString, err := token.SignedString([]byte(os.Getenv("SECRET"))) catch(r, err) w.Header().Set("Content-Type", mime.TypeByExtension(".html")) ServeHTMLTemplate(w, r, tplDocumentView, struct { Context *Context Organization *data.Organization Project *data.Project Document *data.Document Token string }{ Context: ctx, Organization: org, Project: prj, Document: doc, Token: tokenString, }) }
func HandleMemberAdd(w http.ResponseWriter, r *http.Request) { ctx := GetContext(r) if ctx.Account == nil { http.Redirect(w, r, "/login", http.StatusSeeOther) return } err := r.ParseForm() catch(r, err) vars := mux.Vars(r) idStr := vars["id"] if !bson.IsObjectIdHex(idStr) { ServeNotFound(w, r) return } id := bson.ObjectIdHex(idStr) prj, err := data.GetProject(id) catch(r, err) if prj == nil { ServeNotFound(w, r) return } if prj.OwnerID != ctx.Account.ID { ServeForbidden(w, r) return } body := struct { Email string `schema:"email"` }{} err = schema.NewDecoder().Decode(&body, r.PostForm) catch(r, err) acc, err := data.GetAccountEmail(body.Email) catch(r, err) if acc == nil { RedirectBack(w, r) return } mem, err := data.GetMemberProjectAccount(prj.ID, acc.ID) catch(r, err) if mem != nil { RedirectBack(w, r) return } nM := data.Member{ OrganizationID: prj.OrganizationID, ProjectID: prj.ID, AccountID: acc.ID, InviterID: ctx.Account.ID, InvitedAt: time.Now(), } err = nM.Put() catch(r, err) mems, err := data.ListMembersProject(prj.ID, 0, math.MaxInt32) catch(r, err) prj.MemberIDs = []bson.ObjectId{} for _, mem := range mems { prj.MemberIDs = append(prj.MemberIDs, mem.ID) } err = prj.Put() catch(r, err) http.Redirect(w, r, "/projects/"+prj.ID.Hex(), http.StatusSeeOther) }