func userInfoHandler(w http.ResponseWriter, r *http.Request) {
if r.Method == "POST" {
f, err := requestedUserAuthenticated(r)
if err != nil {
pErr("%v\n", err)
http.Error(w, "forbidden", http.StatusForbidden)
return
}
err = data.Unmarshal(r.Body, &f.Profile)
if err != nil {
http.Error(w, "error serializing", http.StatusBadRequest)
return
}
err = f.Put()
if err != nil {
http.Error(w, "error saving user file", http.StatusInternalServerError)
return
}
}
f, err := requestedUser(r)
if err != nil {
pOut("%v\n", err)
http.Error(w, "user not found", http.StatusNotFound)
return
}
httpWriteMarshal(w, f.Profile)
}
func userAddHandler(w http.ResponseWriter, r *http.Request) {
m := &data.NewUserMsg{}
err := data.Unmarshal(r.Body, m)
if err != nil {
http.Error(w, "error serializing", http.StatusInternalServerError)
return
}
if len(m.Pass) < data.PasswordMinLength {
http.Error(w, "invalid password", http.StatusBadRequest)
return
}
if !data.EmailRegexp.MatchString(m.Email) {
http.Error(w, "invalid email", http.StatusBadRequest)
return
}
// not authenticated User. ignore current auth token.
f, err := requestedUser(r)
if err == nil {
pOut("%v\n", err)
pOut("attempt to re-register user: %s?\n", f.User())
http.Error(w, "user exists", http.StatusForbidden)
return
}
// ok, store user.
f.Pass = password.Hash(string(m.Pass))
f.Profile.Email = m.Email
f.DateRegistered = time.Now().UTC().String()
// pOut("Pass1: %s\n", m.Pass)
// pOut("Pass2: %s\n", f.Pass)
err = f.Put()
if err != nil {
pErr("%v\n", err)
http.Error(w, "error writing user file", http.StatusInternalServerError)
return
}
// send verification email here...
}
func userAuthHandler(w http.ResponseWriter, r *http.Request) {
ph := ""
err := data.Unmarshal(r.Body, &ph)
if err != nil {
http.Error(w, "error serializing", http.StatusInternalServerError)
return
}
// not authenticated User. ignore current auth token.
f, err := requestedUser(r)
if err != nil {
pErr("%v\n", err)
http.Error(w, "not found", http.StatusNotFound)
return
}
if !password.Check(ph, f.Pass) {
pErr("failed attempt to auth as %s\n", f.User())
http.Error(w, "user or password incorrect", http.StatusForbidden)
return
}
// Generate new token, if there is none.
if len(f.AuthToken) == 0 {
f.AuthToken, err = f.GenerateToken()
if err != nil {
pErr("Error generating token. %v\n", err)
http.Error(w, "500 server error", http.StatusInternalServerError)
return
}
}
err = f.Put()
if err != nil {
pErr("Error writing user file. %v\n", err)
http.Error(w, "500 server error", http.StatusInternalServerError)
return
}
// ok, return token
// (worry later about needing multiple tokens, etc.)
fmt.Fprintf(w, "%s", f.AuthToken)
}
func userPassHandler(w http.ResponseWriter, r *http.Request) {
phs := &data.NewPassMsg{}
err := data.Unmarshal(r.Body, phs)
if err != nil {
http.Error(w, "error serializing", http.StatusInternalServerError)
return
}
// not authenticated User. ignore current auth token.
f, err := requestedUser(r)
if err != nil {
pErr("%v\n", err)
http.Error(w, "user not found", http.StatusNotFound)
return
}
// pOut("Current: %s\n", phs.Current)
// pOut("New: %s\n", phs.New)
if !password.Check(phs.Current, f.Pass) {
pErr("failed attempt to change password for %s\n", f.User())
http.Error(w, "user or password incorrect", http.StatusForbidden)
return
}
// ok, store new pass.
f.Pass = password.Hash(phs.New)
// clear AuthToken so every client needs to re-auth
f.AuthToken = ""
err = f.Put()
if err != nil {
pOut("%v\n", err)
http.Error(w, "error writing user file", http.StatusInternalServerError)
return
}
// send notification email here...
}
func (d *Datastore) Get(key ds.Key) (value Model, err error) {
// setup return type based on key type
value = d.config.Constructor(key)
// get data from leveldb
val, err := d.db.Get(key)
if err != nil {
return nil, err
}
buf, ok := val.([]byte)
if !ok {
return nil, ds.ErrInvalidType
}
// unmarshal it into the model
r := bytes.NewReader(buf)
err = data.Unmarshal(r, value)
if err != nil {
return nil, err
}
return value, nil
}