func (con User) Handler(c context.Context) http.Handler { cfg := readeef.GetConfig(c) return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { user := readeef.GetUser(c, r) action := webfw.GetMultiPatternIdentifier(c, r) params := webfw.GetParams(c, r) var resp responseError switch action { case "list": resp = listUsers(user) case "add": buf := util.BufferPool.GetBuffer() defer util.BufferPool.Put(buf) buf.ReadFrom(r.Body) resp = addUser(user, data.Login(params["login"]), buf.String(), []byte(cfg.Auth.Secret)) case "remove": resp = removeUser(user, data.Login(params["login"])) case "setAttr": resp = setAttributeForUser(user, []byte(cfg.Auth.Secret), data.Login(params["login"]), params["attr"], []byte(params["value"])) } switch resp.err { case errForbidden: w.WriteHeader(http.StatusForbidden) return case errUserExists: resp.val["Error"] = true resp.val["ErrorType"] = resp.errType resp.err = nil case errCurrentUser: resp.val["Error"] = true resp.val["ErrorType"] = resp.errType resp.err = nil } var b []byte if resp.err == nil { b, resp.err = json.Marshal(resp.val) } if resp.err != nil { webfw.GetLogger(c).Print(resp.err) w.WriteHeader(http.StatusInternalServerError) return } w.Write(b) }) }
func (con Login) Handler(c context.Context) http.HandlerFunc { return func(w http.ResponseWriter, r *http.Request) { l := webfw.GetLogger(c) sess := webfw.GetSession(c, r) renderData := renderer.RenderData{} if r.Method == "GET" { if v, ok := sess.Flash("form-error"); ok { renderData["form-error"] = v } } else { if err := r.ParseForm(); err != nil { l.Fatal(err) } username := data.Login(r.Form.Get("username")) password := r.Form.Get("password") repo := GetRepo(c) conf := GetConfig(c) u := repo.UserByLogin(username) formError := false if u.Err() != nil { sess.SetFlash("form-error", "login-incorrect") formError = true } else if !u.Authenticate(password, []byte(conf.Auth.Secret)) { sess.SetFlash("form-error", "login-incorrect") formError = true } else { sess.Set(AuthUserKey, u) sess.Set(AuthNameKey, username) } if formError { http.Redirect(w, r, r.URL.String(), http.StatusTemporaryRedirect) } else { var returnPath string if v, ok := sess.Flash("return-to"); ok { returnPath = v.(string) } else { returnPath = webfw.GetDispatcher(c).Pattern } http.Redirect(w, r, returnPath, http.StatusTemporaryRedirect) } return } err := webfw.GetRenderCtx(c, r)(w, renderData, "login.tmpl") if err != nil { l.Print(err) } } }
func TestUser(t *testing.T) { u := User{} u.data.FirstName = "First" u.data.LastName = "Last" tests.CheckString(t, "First Last", u.String()) u.data.Email = "*****@*****.**" tests.CheckString(t, "First Last <*****@*****.**>", u.String()) d := u.Data() tests.CheckString(t, "*****@*****.**", d.Email) d = u.Data(data.User{Email: ""}) tests.CheckString(t, "", d.Email) tests.CheckString(t, "", d.FirstName) tests.CheckBool(t, false, u.Validate() == nil) u.data.Email = "example" tests.CheckBool(t, false, u.Validate() == nil) u.data.Email = "*****@*****.**" tests.CheckBool(t, false, u.Validate() == nil) u.data.Login = data.Login("login") tests.CheckBool(t, true, u.Validate() == nil) ejson, eerr := json.Marshal(u.data) tests.CheckBool(t, true, eerr == nil) ajson, aerr := json.Marshal(u) tests.CheckBool(t, true, aerr == nil) tests.CheckBytes(t, ejson, ajson) tests.CheckBytes(t, []byte{}, u.data.MD5API) tests.CheckString(t, "", u.data.HashType) tests.CheckBytes(t, []byte{}, u.data.Hash) u.Password("pass", []byte("secret")) h := md5.Sum([]byte(fmt.Sprintf("%s:%s", "login", "pass"))) tests.CheckBytes(t, h[:], u.data.MD5API) tests.CheckString(t, "sha1", u.data.HashType) tests.CheckBytes(t, u.generateHash("pass", []byte("secret")), u.data.Hash) }
func initAdminUser(repo content.Repo, secret []byte) error { users := repo.AllUsers() if repo.HasErr() { return repo.Err() } if len(users) > 0 { return nil } u := repo.User() u.Data(data.User{Login: data.Login("admin"), Active: true, Admin: true}) u.Password("admin", secret) u.Update() return u.Err() }
func main() { confpath := flag.String("config", "", "config path") flag.Parse() cfg, err := readeef.ReadConfig(*confpath) if err != nil { exitWithError(fmt.Sprintf("Error reading config from path '%s': %v", *confpath, err)) } logger := readeef.NewLogger(cfg) repo, err := repo.New(cfg.DB.Driver, cfg.DB.Connect, logger) if err != nil { exitWithError(fmt.Sprintf("Error connecting to database: %v", err)) } switch flag.Arg(0) { case "add": if flag.NArg() != 3 { exitWithError("Not enough arguments for 'add' command. Login and password must be specified") } login := flag.Arg(1) pass := flag.Arg(2) u := repo.User() i := u.Data() i.Login = data.Login(login) i.Active = true u.Data(i) u.Password(pass, []byte(cfg.Auth.Secret)) u.Update() if u.HasErr() { exitWithError(fmt.Sprintf("Error setting password for user '%s': %v", login, u.Err())) } case "remove": if flag.NArg() != 2 { exitWithError("Not enough arguments for 'remove' command. Login must be specified") } login := flag.Arg(1) u := repo.UserByLogin(data.Login(login)) u.Delete() if u.HasErr() { exitWithError(fmt.Sprintf("Error getting user '%s' from the database: %v", login, u.Err())) } case "get": if flag.NArg() != 3 { exitWithError("Not enough arguments for 'get' command. Login and user property must be specified") } login := flag.Arg(1) prop := flag.Arg(2) u := repo.UserByLogin(data.Login(login)) if repo.HasErr() { exitWithError(fmt.Sprintf("Error getting user '%s' from the database: %v", login, repo.Err())) } lowerProp := strings.ToLower(prop) switch lowerProp { case "firstname", "first_name": fmt.Printf("%s\n", u.Data().FirstName) case "lastname", "last_name": fmt.Printf("%s\n", u.Data().LastName) case "email": fmt.Printf("%s\n", u.Data().Email) case "hashtype", "hash_type": fmt.Printf("%s\n", u.Data().HashType) case "salt": fmt.Printf("%v\n", u.Data().Salt) case "hash": fmt.Printf("%v\n", u.Data().Hash) case "md5api", "md5_api": fmt.Printf("%v\n", u.Data().MD5API) case "admin": fmt.Printf("%v\n", u.Data().Admin) case "active": fmt.Printf("%v\n", u.Data().Active) default: exitWithError(fmt.Sprintf("Unknown user property '%s'", prop)) } case "set": if flag.NArg() != 4 { exitWithError("Not enough arguments for 'set' command. Login, user property, and value must be specified") } login := flag.Arg(1) prop := flag.Arg(2) val := flag.Arg(3) u := repo.UserByLogin(data.Login(login)) if repo.HasErr() { exitWithError(fmt.Sprintf("Error getting user '%s' from the database: %v", login, repo.Err())) } in := u.Data() lowerProp := strings.ToLower(prop) switch lowerProp { case "firstname", "first_name": in.FirstName = val case "lastname", "last_name": in.LastName = val case "email": in.Email = val case "password": u.Password(val, []byte(cfg.Auth.Secret)) case "admin", "active": enabled := false if val == "1" || val == "true" || val == "on" { enabled = true } if lowerProp == "admin" { in.Admin = enabled } else { in.Active = enabled } default: exitWithError(fmt.Sprintf("Unknown user property '%s'", prop)) } u.Update() if u.HasErr() { exitWithError(fmt.Sprintf("Error updating the user database record for '%s': %v", login, u.Err())) } case "list": users := repo.AllUsers() if repo.HasErr() { exitWithError(fmt.Sprintf("Error getting users from the database: %v", repo.Err())) } for _, u := range users { fmt.Printf("%s\n", u.Data().Login) } case "list-detailed": users := repo.AllUsers() if repo.HasErr() { exitWithError(fmt.Sprintf("Error getting users from the database: %v", repo.Err())) } for _, u := range users { in := u.Data() fmt.Printf("Login: %s", in.Login) if in.FirstName != "" { fmt.Printf(", first name: %s", in.FirstName) } if in.LastName != "" { fmt.Printf(", last name: %s", in.LastName) } if in.Email != "" { fmt.Printf(", email: %s", in.Email) } if in.HashType != "" { fmt.Printf(", has type: %s", in.HashType) } fmt.Printf("\n") } default: exitWithError(fmt.Sprintf("Unknown command '%s'", flag.Arg(0))) } }
func TestUser(t *testing.T) { u := repo.User() tests.CheckBool(t, false, u.HasErr(), u.Err()) u.Update() tests.CheckBool(t, true, u.HasErr()) err := u.Err() _, ok := err.(content.ValidationError) tests.CheckBool(t, true, ok, err) u.Data(data.User{Login: data.Login("login")}) tests.CheckBool(t, false, u.HasErr(), u.Err()) u.Update() tests.CheckBool(t, false, u.HasErr(), u.Err()) u2 := repo.UserByLogin(data.Login("login")) tests.CheckBool(t, false, u2.HasErr(), u2.Err()) tests.CheckString(t, "login", string(u2.Data().Login)) u.Delete() tests.CheckBool(t, false, u.HasErr(), u.Err()) u2 = repo.UserByLogin(data.Login("login")) tests.CheckBool(t, true, u2.HasErr()) tests.CheckBool(t, true, u2.Err() == content.ErrNoContent) u = createUser(data.User{Login: data.Login("login")}) now := time.Now() uf := createUserFeed(u, data.Feed{Link: "http://sugr.org/en/sitemap.xml", Title: "User feed 1"}) uf.AddArticles([]content.Article{ createArticle(data.Article{Title: "article1", Date: now, Link: "http://sugr.org/bg/products/gearshift"}), createArticle(data.Article{Title: "article2", Date: now.Add(2 * time.Hour), Link: "http://sugr.org/bg/products/readeef"}), createArticle(data.Article{Title: "article3", Date: now.Add(-3 * time.Hour), Link: "http://sugr.org/bg/about/us"}), }) u.AddFeed(uf) var id1, id2, id3 data.ArticleId for _, a := range uf.AllArticles() { d := a.Data() switch d.Title { case "article1": id1 = d.Id case "article2": id2 = d.Id case "article3": id3 = d.Id default: tests.CheckBool(t, true, false, "Unknown article") } } tests.CheckBool(t, false, uf.HasErr(), uf.Err()) tests.CheckInt64(t, 1, int64(len(u.AllFeeds()))) tests.CheckString(t, "http://sugr.org/en/sitemap.xml", u.AllFeeds()[0].Data().Link) tests.CheckString(t, "User feed 1", u.AllFeeds()[0].Data().Title) a := u.ArticleById(10000000) tests.CheckBool(t, true, a.Err() == content.ErrNoContent) a = u.ArticleById(id1) tests.CheckBool(t, false, a.HasErr(), a.Err()) tests.CheckString(t, "article1", a.Data().Title) a2 := u.ArticlesById([]data.ArticleId{100000000, id1, id2}) tests.CheckBool(t, false, u.HasErr(), u.Err()) tests.CheckInt64(t, 2, int64(len(a2))) for i := range a2 { d := a2[i].Data() switch d.Title { case "article1": case "article2": default: tests.CheckBool(t, false, true, "Unknown article") } } u.SortingById() ua := u.Articles() tests.CheckBool(t, false, u.HasErr(), u.Err()) tests.CheckInt64(t, 3, int64(len(ua))) tests.CheckInt64(t, int64(id1), int64(ua[0].Data().Id)) tests.CheckString(t, "article2", ua[1].Data().Title) tests.CheckInt64(t, now.Add(-3*time.Hour).Unix(), ua[2].Data().Date.Unix()) u.SortingByDate() ua = u.Articles() tests.CheckInt64(t, int64(id3), int64(ua[0].Data().Id)) tests.CheckString(t, "article1", ua[1].Data().Title) tests.CheckInt64(t, now.Add(2*time.Hour).Unix(), ua[2].Data().Date.Unix()) u.Reverse() ua = u.Articles() tests.CheckInt64(t, int64(id2), int64(ua[0].Data().Id)) tests.CheckString(t, "article1", ua[1].Data().Title) tests.CheckInt64(t, now.Add(-3*time.Hour).Unix(), ua[2].Data().Date.Unix()) ua[1].Read(false) ua[2].Read(false) u.Reverse() u.SortingById() ua = u.Articles(data.ArticleQueryOptions{UnreadOnly: true}) tests.CheckBool(t, false, u.HasErr(), u.Err()) tests.CheckInt64(t, 2, int64(len(ua))) tests.CheckInt64(t, int64(id1), int64(ua[0].Data().Id)) tests.CheckString(t, "article3", ua[1].Data().Title) u.ArticleById(id2).Read(false) ua = u.Articles(data.ArticleQueryOptions{UnreadOnly: true}) tests.CheckInt64(t, 3, int64(len(ua))) u.ReadState(true, data.ArticleUpdateStateOptions{BeforeDate: now.Add(time.Minute)}) tests.CheckBool(t, false, u.HasErr(), u.Err()) ua = u.Articles(data.ArticleQueryOptions{UnreadOnly: true}) tests.CheckBool(t, false, u.HasErr(), u.Err()) tests.CheckInt64(t, 1, int64(len(ua))) tests.CheckInt64(t, int64(id2), int64(ua[0].Data().Id)) u.ArticleById(id1).Read(false) u.ReadState(true, data.ArticleUpdateStateOptions{AfterDate: now.Add(time.Minute)}) tests.CheckBool(t, false, u.HasErr(), u.Err()) ua = u.Articles(data.ArticleQueryOptions{UnreadOnly: true}) tests.CheckInt64(t, 1, int64(len(ua))) tests.CheckInt64(t, int64(id1), int64(ua[0].Data().Id)) u.ArticleById(id1).Favorite(true) u.ArticleById(id3).Favorite(true) uIds := u.Ids(data.ArticleIdQueryOptions{UnreadOnly: true}) tests.CheckBool(t, false, u.HasErr(), u.Err()) tests.CheckInt64(t, 1, int64(len(uIds))) tests.CheckInt64(t, int64(id1), int64(uIds[0])) fIds := u.Ids(data.ArticleIdQueryOptions{FavoriteOnly: true}) tests.CheckBool(t, false, u.HasErr(), u.Err()) tests.CheckInt64(t, 2, int64(len(fIds))) for i := range fIds { switch fIds[i] { case id1: case id3: default: tests.CheckBool(t, false, true, "Unknown article id") } } tests.CheckInt64(t, 3, u.Count()) tests.CheckBool(t, false, u.HasErr(), u.Err()) ua = u.Articles(data.ArticleQueryOptions{FavoriteOnly: true}) tests.CheckBool(t, false, u.HasErr(), u.Err()) tests.CheckInt64(t, 2, int64(len(ua))) for i := range ua { d := ua[i].Data() switch d.Id { case id1: case id3: default: tests.CheckBool(t, false, true, "Unknown article id") } } u.SortingById() ua = u.Articles(data.ArticleQueryOptions{AfterId: id1}) tests.CheckBool(t, false, u.HasErr(), u.Err()) tests.CheckInt64(t, 2, int64(len(ua))) for i := range ua { d := ua[i].Data() switch d.Id { case id2: case id3: default: tests.CheckBool(t, false, true, "Unknown article id") } } u.Reverse() ua = u.Articles(data.ArticleQueryOptions{BeforeId: id2}) tests.CheckBool(t, false, u.HasErr(), u.Err()) tests.CheckInt64(t, 1, int64(len(ua))) tests.CheckString(t, "article1", ua[0].Data().Title) asc1 := createArticleScores(data.ArticleScores{ArticleId: id1, Score1: 2, Score2: 2}) asc2 := createArticleScores(data.ArticleScores{ArticleId: id2, Score1: 1, Score2: 3}) sa := u.Articles(data.ArticleQueryOptions{AfterDate: now.Add(-20 * time.Hour), BeforeDate: now.Add(20 * time.Hour), IncludeScores: true, HighScoredFirst: true}) tests.CheckBool(t, false, u.HasErr(), u.Err()) tests.CheckInt64(t, 2, int64(len(sa))) for i := range sa { switch sa[i].Data().Id { case 1: tests.CheckInt64(t, asc1.Calculate(), sa[i].Data().Score) case 2: tests.CheckInt64(t, asc2.Calculate(), sa[i].Data().Score) } } ua = u.Articles() ua[0].Read(true) ua[1].Read(true) ua[2].Read(false) ua[0].Favorite(true) ua[1].Favorite(false) ua[2].Favorite(true) count := u.Count() tests.CheckBool(t, false, u.HasErr(), u.Err()) tests.CheckInt64(t, 3, count) count = u.Count(data.ArticleCountOptions{UnreadOnly: true}) tests.CheckBool(t, false, u.HasErr(), u.Err()) tests.CheckInt64(t, 1, count) count = u.Count(data.ArticleCountOptions{FavoriteOnly: true}) tests.CheckBool(t, false, u.HasErr(), u.Err()) tests.CheckInt64(t, 2, count) count = u.Count(data.ArticleCountOptions{FavoriteOnly: true, UnreadOnly: true}) tests.CheckBool(t, false, u.HasErr(), u.Err()) tests.CheckInt64(t, 1, count) count = u.Count(data.ArticleCountOptions{BeforeId: id2}) tests.CheckBool(t, false, u.HasErr(), u.Err()) tests.CheckInt64(t, 1, count) count = u.Count(data.ArticleCountOptions{AfterId: id1}) tests.CheckBool(t, false, u.HasErr(), u.Err()) tests.CheckInt64(t, 2, count) count = u.Count(data.ArticleCountOptions{BeforeId: id3, AfterId: id1}) tests.CheckBool(t, false, u.HasErr(), u.Err()) tests.CheckInt64(t, 1, count) }
func (controller TtRss) Handler(c context.Context) http.Handler { repo := readeef.GetRepo(c) logger := webfw.GetLogger(c) config := readeef.GetConfig(c) return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { action := webfw.GetMultiPatternIdentifier(c, r) if action == "redirecter" { http.Redirect(w, r, "/", http.StatusMovedPermanently) } req := ttRssRequest{} resp := ttRssResponse{} var err error var errType string var user content.User var con interface{} switch { default: var b []byte in := map[string]interface{}{} if b, err = ioutil.ReadAll(r.Body); err != nil { err = fmt.Errorf("reading request body: %s", err) break } if err = json.Unmarshal(b, &in); err != nil { err = fmt.Errorf("decoding JSON request: %s", err) break } req = ttRssConvertRequest(in) logger.Debugf("Request: %#v\n", req) resp.Seq = req.Seq if req.Op != "login" && req.Op != "isLoggedIn" { if sess, ok := ttRssSessions[req.Sid]; ok { user = repo.UserByLogin(data.Login(sess.login)) if repo.Err() != nil { errType = "NOT_LOGGED_IN" } else { sess.lastVisit = time.Now() ttRssSessions[req.Sid] = sess } } else { errType = "NOT_LOGGED_IN" } } if errType != "" { logger.Debugf("TT-RSS Sessions: %#v\n", ttRssSessions) break } logger.Debugf("TT-RSS OP: %s\n", req.Op) switch req.Op { case "getApiLevel": con = ttRssGenericContent{Level: TTRSS_API_LEVEL} case "getVersion": con = ttRssGenericContent{Version: TTRSS_VERSION} case "login": user = repo.UserByLogin(data.Login(req.User)) if repo.Err() != nil { errType = "LOGIN_ERROR" err = fmt.Errorf("getting TT-RSS user: %s", repo.Err()) break } if !user.Authenticate(req.Password, []byte(config.Auth.Secret)) { errType = "LOGIN_ERROR" err = fmt.Errorf("authentication for TT-RSS user '%s'", user.Data().Login) break } var sessId string login := user.Data().Login for id, sess := range ttRssSessions { if sess.login == login { sessId = id } } if sessId == "" { sessId = strings.Replace(util.UUID(), "-", "", -1) ttRssSessions[sessId] = ttRssSession{login: login, lastVisit: time.Now()} } con = ttRssGenericContent{ ApiLevel: TTRSS_API_LEVEL, SessionId: sessId, } case "logout": delete(ttRssSessions, req.Sid) con = ttRssGenericContent{Status: "OK"} case "isLoggedIn": if _, ok := ttRssSessions[req.Sid]; ok { con = ttRssGenericContent{Status: true} } else { con = ttRssGenericContent{Status: false} } case "getUnread": var ar content.ArticleRepo o := data.ArticleCountOptions{UnreadOnly: true} if req.IsCat { tagId := data.TagId(req.FeedId) if tagId > 0 { ar = user.TagById(tagId) } else if tagId == TTRSS_CAT_UNCATEGORIZED { ar = user o.UntaggedOnly = true } else if tagId == TTRSS_CAT_SPECIAL { ar = user o.FavoriteOnly = true } } else { switch req.FeedId { case TTRSS_FAVORITE_ID: ar = user o.FavoriteOnly = true case TTRSS_FRESH_ID: ar = user o.AfterDate = time.Now().Add(TTRSS_FRESH_DURATION) case TTRSS_ALL_ID, 0: ar = user default: if req.FeedId > 0 { feed := user.FeedById(req.FeedId) if feed.HasErr() { err = feed.Err() break } ar = feed } } } if ar == nil { con = ttRssGenericContent{Unread: "0"} } else if con == nil { con = ttRssGenericContent{Unread: strconv.FormatInt(ar.Count(o), 10)} } case "getCounters": if req.OutputMode == "" { req.OutputMode = "flc" } cContent := ttRssCountersContent{} o := data.ArticleCountOptions{UnreadOnly: true} unreadCount := user.Count(o) cContent = append(cContent, ttRssCounter{Id: "global-unread", Counter: unreadCount}) feeds := user.AllFeeds() cContent = append(cContent, ttRssCounter{Id: "subscribed-feeds", Counter: int64(len(feeds))}) cContent = append(cContent, ttRssCounter{Id: TTRSS_ARCHIVED_ID}) cContent = append(cContent, ttRssCounter{Id: TTRSS_FAVORITE_ID, Counter: user.Count(data.ArticleCountOptions{UnreadOnly: true, FavoriteOnly: true}), AuxCounter: user.Count(data.ArticleCountOptions{FavoriteOnly: true})}) cContent = append(cContent, ttRssCounter{Id: TTRSS_PUBLISHED_ID}) freshTime := time.Now().Add(TTRSS_FRESH_DURATION) cContent = append(cContent, ttRssCounter{Id: TTRSS_FRESH_ID, Counter: user.Count(data.ArticleCountOptions{UnreadOnly: true, AfterDate: freshTime}), AuxCounter: 0}) cContent = append(cContent, ttRssCounter{Id: TTRSS_ALL_ID, Counter: user.Count(), AuxCounter: 0}) for _, f := range feeds { cContent = append(cContent, ttRssCounter{Id: int64(f.Data().Id), Counter: f.Count(o)}, ) } cContent = append(cContent, ttRssCounter{Id: TTRSS_CAT_LABELS, Counter: 0, Kind: "cat"}) for _, t := range user.Tags() { cContent = append(cContent, ttRssCounter{ Id: int64(t.Data().Id), Counter: t.Count(o), Kind: "cat", }, ) } cContent = append(cContent, ttRssCounter{ Id: TTRSS_CAT_UNCATEGORIZED, Counter: user.Count(data.ArticleCountOptions{UnreadOnly: true, UntaggedOnly: true}), Kind: "cat", }, ) if user.HasErr() { err = fmt.Errorf("Error getting user counters: %v\n", user.Err()) } con = cContent case "getFeeds": fContent := ttRssFeedsContent{} if req.CatId == TTRSS_CAT_ALL || req.CatId == TTRSS_CAT_SPECIAL { unreadFav := user.Count(data.ArticleCountOptions{UnreadOnly: true, FavoriteOnly: true}) if unreadFav > 0 || !req.UnreadOnly { fContent = append(fContent, ttRssFeed{ Id: TTRSS_FAVORITE_ID, Title: ttRssSpecialTitle(TTRSS_FAVORITE_ID), Unread: unreadFav, CatId: TTRSS_FAVORITE_ID, }) } freshTime := time.Now().Add(TTRSS_FRESH_DURATION) unreadFresh := user.Count(data.ArticleCountOptions{UnreadOnly: true, AfterDate: freshTime}) if unreadFresh > 0 || !req.UnreadOnly { fContent = append(fContent, ttRssFeed{ Id: TTRSS_FRESH_ID, Title: ttRssSpecialTitle(TTRSS_FRESH_ID), Unread: unreadFresh, CatId: TTRSS_FAVORITE_ID, }) } unreadAll := user.Count(data.ArticleCountOptions{UnreadOnly: true}) if unreadAll > 0 || !req.UnreadOnly { fContent = append(fContent, ttRssFeed{ Id: TTRSS_ALL_ID, Title: ttRssSpecialTitle(TTRSS_ALL_ID), Unread: unreadAll, CatId: TTRSS_FAVORITE_ID, }) } } var feeds []content.UserFeed var catId int if req.CatId == TTRSS_CAT_ALL || req.CatId == TTRSS_CAT_ALL_EXCEPT_VIRTUAL { feeds = user.AllFeeds() } else { if req.CatId == TTRSS_CAT_UNCATEGORIZED { tagged := user.AllTaggedFeeds() for _, t := range tagged { if len(t.Tags()) == 0 { feeds = append(feeds, t) } } } else if req.CatId > 0 { catId = int(req.CatId) t := user.TagById(req.CatId) tagged := t.AllFeeds() if t.HasErr() { err = t.Err() break } for _, t := range tagged { feeds = append(feeds, t) } } } if len(feeds) > 0 { o := data.ArticleCountOptions{UnreadOnly: true} for i := range feeds { if req.Limit > 0 { if i < req.Offset || i >= req.Limit+req.Offset { continue } } d := feeds[i].Data() unread := feeds[i].Count(o) if unread > 0 || !req.UnreadOnly { fContent = append(fContent, ttRssFeed{ Id: d.Id, Title: d.Title, FeedUrl: d.Link, CatId: catId, Unread: unread, LastUpdated: time.Now().Unix(), OrderId: 0, }) } } } if user.HasErr() { err = fmt.Errorf("Error getting user feeds: %v\n", user.Err()) } con = fContent case "getCategories": cContent := ttRssCategoriesContent{} o := data.ArticleCountOptions{UnreadOnly: true} for _, t := range user.Tags() { td := t.Data() count := t.Count(o) if count > 0 || !req.UnreadOnly { cContent = append(cContent, ttRssCat{Id: strconv.FormatInt(int64(td.Id), 10), Title: string(td.Value), Unread: count}, ) } } count := user.Count(data.ArticleCountOptions{UnreadOnly: true, UntaggedOnly: true}) if count > 0 || !req.UnreadOnly { cContent = append(cContent, ttRssCat{Id: strconv.FormatInt(TTRSS_CAT_UNCATEGORIZED, 10), Title: "Uncategorized", Unread: count}, ) } o.FavoriteOnly = true count = user.Count(o) if count > 0 || !req.UnreadOnly { cContent = append(cContent, ttRssCat{Id: strconv.FormatInt(TTRSS_CAT_SPECIAL, 10), Title: "Special", Unread: count}, ) } con = cContent case "getHeadlines": if req.FeedId == 0 { errType = "INCORRECT_USAGE" break } limit := req.Limit if limit == 0 { limit = 200 } var articles []content.UserArticle var articleRepo content.ArticleRepo var feedTitle string firstId := data.ArticleId(0) o := data.ArticleQueryOptions{Limit: limit, Offset: req.Skip, UnreadFirst: true, SkipSessionProcessors: true} if req.IsCat { if req.FeedId == TTRSS_CAT_UNCATEGORIZED { ttRssSetupSorting(req, user) articleRepo = user o.UntaggedOnly = true feedTitle = "Uncategorized" } else if req.FeedId > 0 { t := user.TagById(data.TagId(req.FeedId)) ttRssSetupSorting(req, t) articleRepo = t feedTitle = string(t.Data().Value) } } else { if req.FeedId == TTRSS_FAVORITE_ID { ttRssSetupSorting(req, user) o.FavoriteOnly = true articleRepo = user feedTitle = "Starred articles" } else if req.FeedId == TTRSS_FRESH_ID { ttRssSetupSorting(req, user) o.AfterDate = time.Now().Add(TTRSS_FRESH_DURATION) articleRepo = user feedTitle = "Fresh articles" } else if req.FeedId == TTRSS_ALL_ID { ttRssSetupSorting(req, user) articleRepo = user feedTitle = "All articles" } else if req.FeedId > 0 { feed := user.FeedById(req.FeedId) ttRssSetupSorting(req, feed) articleRepo = feed feedTitle = feed.Data().Title } } if req.SinceId > 0 { o.AfterId = req.SinceId } if articleRepo != nil { if req.Search != "" { if controller.sp != nil { if as, ok := articleRepo.(content.ArticleSearch); ok { articles = as.Query(req.Search, controller.sp, limit, req.Skip) } } } else { var skip bool switch req.ViewMode { case "all_articles": case "adaptive": case "unread": o.UnreadOnly = true case "marked": o.FavoriteOnly = true default: skip = true } if !skip { articles = articleRepo.Articles(o) } } } if len(articles) > 0 { firstId = articles[0].Data().Id } headlines := ttRssHeadlinesFromArticles(articles, feedTitle, req.ShowContent, req.ShowExcerpt) if req.IncludeHeader { header := ttRssHeadlinesHeader{Id: req.FeedId, FirstId: firstId, IsCat: req.IsCat} hContent := ttRssHeadlinesHeaderContent{} hContent = append(hContent, header) hContent = append(hContent, headlines) con = hContent } else { con = headlines } case "updateArticle": articles := user.ArticlesById(req.ArticleIds, data.ArticleQueryOptions{SkipSessionProcessors: true}) updateCount := int64(0) switch req.Field { case 0, 2: for _, a := range articles { d := a.Data() updated := false switch req.Field { case 0: switch req.Mode { case 0: if d.Favorite { updated = true d.Favorite = false } case 1: if !d.Favorite { updated = true d.Favorite = true } case 2: updated = true d.Favorite = !d.Favorite } if updated { a.Favorite(d.Favorite) } case 2: switch req.Mode { case 0: if !d.Read { updated = true d.Read = true } case 1: if d.Read { updated = true d.Read = false } case 2: updated = true d.Read = !d.Read } if updated { a.Read(d.Read) } } if updated { if a.HasErr() { err = a.Err() break } updateCount++ } } if err != nil { break } con = ttRssGenericContent{Status: "OK", Updated: updateCount} } case "getArticle": articles := user.ArticlesById(req.ArticleId, data.ArticleQueryOptions{SkipSessionProcessors: true}) feedTitles := map[data.FeedId]string{} for _, a := range articles { d := a.Data() if _, ok := feedTitles[d.FeedId]; !ok { f := repo.FeedById(d.FeedId) feedTitles[d.FeedId] = f.Data().Title } } cContent := ttRssArticlesContent{} for _, a := range articles { d := a.Data() title := feedTitles[d.FeedId] h := ttRssArticle{ Id: strconv.FormatInt(int64(d.Id), 10), Unread: !d.Read, Marked: d.Favorite, Updated: d.Date.Unix(), Title: d.Title, Link: d.Link, FeedId: strconv.FormatInt(int64(d.FeedId), 10), FeedTitle: title, Content: d.Description, } cContent = append(cContent, h) } con = cContent case "getConfig": con = ttRssConfigContent{DaemonIsRunning: true, NumFeeds: len(user.AllFeeds())} case "updateFeed": con = ttRssGenericContent{Status: "OK"} case "catchupFeed": var ar content.ArticleRepo o := data.ArticleUpdateStateOptions{BeforeDate: time.Now()} if req.IsCat { tagId := data.TagId(req.FeedId) ar = user.TagById(tagId) if tagId == TTRSS_CAT_UNCATEGORIZED { o.UntaggedOnly = true } } else { ar = user.FeedById(req.FeedId) } if ar != nil { ar.ReadState(true, o) if e, ok := ar.(content.Error); ok { if e.HasErr() { err = e.Err() break } } con = ttRssGenericContent{Status: "OK"} } case "getPref": switch req.PrefName { case "DEFAULT_UPDATE_INTERVAL": con = ttRssGenericContent{Value: int(config.FeedManager.Converted.UpdateInterval.Minutes())} case "DEFAULT_ARTICLE_LIMIT": con = ttRssGenericContent{Value: 200} case "HIDE_READ_FEEDS": con = ttRssGenericContent{Value: user.Data().ProfileData["unreadOnly"]} case "FEEDS_SORT_BY_UNREAD", "ENABLE_FEED_CATS", "SHOW_CONTENT_PREVIEW": con = ttRssGenericContent{Value: true} case "FRESH_ARTICLE_MAX_AGE": con = ttRssGenericContent{Value: (-1 * TTRSS_FRESH_DURATION).Hours()} } case "getLabels": con = []interface{}{} case "setArticleLabel": con = ttRssGenericContent{Status: "OK", Updated: 0} case "shareToPublished": errType = "Publishing failed" case "subscribeToFeed": f := repo.FeedByLink(req.FeedUrl) for _, u := range f.Users() { if u.Data().Login == user.Data().Login { con = ttRssSubscribeContent{Status: struct { Code int `json:"code"` }{0}} break } } if f.HasErr() { err = f.Err() break } f, err := controller.fm.AddFeedByLink(req.FeedUrl) if err != nil { errType = "INCORRECT_USAGE" break } uf := user.AddFeed(f) if uf.HasErr() { err = uf.Err() break } con = ttRssSubscribeContent{Status: struct { Code int `json:"code"` }{1}} case "unsubscribeFeed": f := user.FeedById(req.FeedId) f.Detach() users := f.Users() if f.HasErr() { err = f.Err() if err == content.ErrNoContent { errType = "FEED_NOT_FOUND" } break } if len(users) == 0 { controller.fm.RemoveFeed(f) } con = ttRssGenericContent{Status: "OK"} case "getFeedTree": items := []ttRssCategory{} special := ttRssCategory{Id: "CAT:-1", Items: []ttRssCategory{}, Name: "Special", Type: "category", BareId: -1} special.Items = append(special.Items, ttRssFeedListCategoryFeed(user, nil, TTRSS_ALL_ID, false)) special.Items = append(special.Items, ttRssFeedListCategoryFeed(user, nil, TTRSS_FRESH_ID, false)) special.Items = append(special.Items, ttRssFeedListCategoryFeed(user, nil, TTRSS_FAVORITE_ID, false)) special.Items = append(special.Items, ttRssFeedListCategoryFeed(user, nil, TTRSS_PUBLISHED_ID, false)) special.Items = append(special.Items, ttRssFeedListCategoryFeed(user, nil, TTRSS_ARCHIVED_ID, false)) special.Items = append(special.Items, ttRssFeedListCategoryFeed(user, nil, TTRSS_RECENTLY_READ_ID, false)) items = append(items, special) tf := user.AllTaggedFeeds() uncat := ttRssCategory{Id: "CAT:0", Items: []ttRssCategory{}, BareId: 0, Name: "Uncategorized", Type: "category"} tagCategories := map[content.Tag]ttRssCategory{} for _, f := range tf { tags := f.Tags() item := ttRssFeedListCategoryFeed(user, f, f.Data().Id, true) if len(tags) > 0 { for _, t := range tags { var c ttRssCategory if cached, ok := tagCategories[t]; ok { c = cached } else { c = ttRssCategory{ Id: "CAT:" + strconv.FormatInt(int64(t.Data().Id), 10), BareId: data.FeedId(t.Data().Id), Name: string(t.Data().Value), Type: "category", Items: []ttRssCategory{}, } } c.Items = append(c.Items, item) tagCategories[t] = c } } else { uncat.Items = append(uncat.Items, item) } } categories := []ttRssCategory{uncat} for _, c := range tagCategories { categories = append(categories, c) } for _, c := range categories { if len(c.Items) == 1 { c.Param = "(1 feed)" } else { c.Param = fmt.Sprintf("(%d feed)", len(c.Items)) } items = append(items, c) } fl := ttRssCategory{Identifier: "id", Label: "name"} fl.Items = items if user.HasErr() { err = user.Err() } else { con = ttRssFeedTreeContent{Categories: fl} } default: errType = "UNKNOWN_METHOD" con = ttRssGenericContent{Method: req.Op} } } if err == nil && errType == "" { resp.Status = TTRSS_API_STATUS_OK } else { logger.Infof("Error processing TT-RSS API request: %s %v\n", errType, err) resp.Status = TTRSS_API_STATUS_ERR con = ttRssErrorContent{Error: errType} } var b []byte b, err = json.Marshal(con) if err == nil { resp.Content = json.RawMessage(b) } b, err = json.Marshal(&resp) if err == nil { w.Header().Set("Content-Type", "text/json") w.Header().Set("Api-Content-Length", strconv.Itoa(len(b))) w.Write(b) logger.Debugf("Output for %s: %s\n", req.Op, string(b)) } else { logger.Print(fmt.Errorf("TT-RSS error %s: %v", req.Op, err)) w.WriteHeader(http.StatusInternalServerError) } }) }
func (mw Auth) Handler(ph http.Handler, c context.Context) http.Handler { logger := webfw.GetLogger(c) handler := func(w http.ResponseWriter, r *http.Request) { for _, prefix := range mw.IgnoreURLPrefix { if prefix[0] == '/' { prefix = prefix[1:] } if strings.HasPrefix(r.URL.Path, mw.Pattern+prefix+"/") { ph.ServeHTTP(w, r) return } } route, _, ok := webfw.GetDispatcher(c).RequestRoute(r) if !ok { ph.ServeHTTP(w, r) return } repo := GetRepo(c) switch ac := route.Controller.(type) { case AuthController: if !ac.LoginRequired(c, r) { ph.ServeHTTP(w, r) return } sess := webfw.GetSession(c, r) var u content.User validUser := false if uv, ok := sess.Get(AuthUserKey); ok { if u, ok = uv.(content.User); ok { validUser = true } } if !validUser { if uv, ok := sess.Get(AuthNameKey); ok { if n, ok := uv.(data.Login); ok { u = repo.UserByLogin(n) if u.HasErr() { logger.Print(u.Err()) } else { validUser = true sess.Set(AuthUserKey, u) } } } } if validUser && !u.Data().Active { logger.Infoln("User " + u.Data().Login + " is inactive") validUser = false } if !validUser { d := webfw.GetDispatcher(c) sess.SetFlash(CtxKey("return-to"), r.URL.Path) path := d.NameToPath("auth-login", webfw.MethodGet) if path == "" { path = "/" } http.Redirect(w, r, path, http.StatusMovedPermanently) return } case ApiAuthController: if !ac.AuthRequired(c, r) { ph.ServeHTTP(w, r) return } url, login, signature, nonce, date, t := authData(r) validUser := false var u content.User if login != "" && signature != "" && !t.IsZero() { switch { default: u = repo.UserByLogin(data.Login(login)) if u.HasErr() { logger.Printf("Error getting db user '%s': %v\n", login, u.Err()) break } decoded, err := base64.StdEncoding.DecodeString(signature) if err != nil { logger.Printf("Error decoding auth header: %v\n", err) break } if t.Add(30 * time.Second).Before(time.Now()) { break } if !mw.Nonce.Check(nonce) { break } mw.Nonce.Remove(nonce) buf := util.BufferPool.GetBuffer() defer util.BufferPool.Put(buf) buf.ReadFrom(r.Body) r.Body = ioutil.NopCloser(buf) bodyHash := md5.New() if _, err := bodyHash.Write(buf.Bytes()); err != nil { logger.Printf("Error generating the hash for the request body: %v\n", err) break } contentMD5 := base64.StdEncoding.EncodeToString(bodyHash.Sum(nil)) message := fmt.Sprintf("%s\n%s\n%s\n%s\n%s\n%s\n", url, r.Method, contentMD5, r.Header.Get("Content-Type"), date, nonce) b := make([]byte, base64.StdEncoding.EncodedLen(len(u.Data().MD5API))) base64.StdEncoding.Encode(b, u.Data().MD5API) hm := hmac.New(sha256.New, b) if _, err := hm.Write([]byte(message)); err != nil { logger.Printf("Error generating the hashed message: %v\n", err) break } if !hmac.Equal(hm.Sum(nil), decoded) { logger.Printf("Error matching the supplied auth message to the generated one.\n") break } if !u.Data().Active { logger.Println("User " + u.Data().Login + " is inactive") break } validUser = true } } if validUser { c.Set(r, context.BaseCtxKey("user"), u) } else { if rej, ok := ac.(AuthRejectHandler); ok { rej.AuthReject(c, r) } else { w.WriteHeader(http.StatusUnauthorized) return } } } ph.ServeHTTP(w, r) } return http.HandlerFunc(handler) }