func updateAuth(u *url.URL, h http.Header, r *AuthChange, c *Context) (int, http.Header, Response, error) { a := new(profile.Auth) if r.Id != nil { a.Id = *r.Id } else { a.Hash = []byte(*r.Hash) a.Username = r.Username } err := a.Get() if err != nil { return error400("couldn't find that auth", err.Error()) } if a.Profile != c.Profile.Id { return error400("unauthorized access") } if r.Hash != nil { a.InHash = []byte(*r.Hash) } a.Username = r.Username a.Name = r.Name a.Authorized = r.Authorized err = a.Save() if err != nil { return error500("db failure: p544", err.Error()) } return getAuths(u, h, nil, c) }
func authenticate(r *http.Request) (http.Header, error) { token := r.Header.Get(ChuteToken) if token == "" { return nil, tigertonic.Unauthorized{errors.New("please log in")} } auth := new(profile.Auth) auth.Token = &token err := auth.Get() if err != nil { return nil, tigertonic.Unauthorized{errors.New("please log in")} } c := tigertonic.Context(r).(*Context) c.Auth = auth c.Profile = new(profile.Profile) err = c.Profile.Get(auth) if err != nil { return nil, tigertonic.Unauthorized{errors.New("please log in")} } return nil, nil }