// PUT /developers/{token}/reset, Edit password
func PasswordEditHandler(rw http.ResponseWriter, req *http.Request) {
if err := req.ParseForm(); err != nil {
renderer.JSON(rw, http.StatusBadRequest, map[string]string{
"status": requests.StatusFailed,
"error": err.Error(),
})
return
}
id := req.FormValue("id")
u, err := db.GetDeveloperById(id)
if err != nil {
renderer.JSON(rw, http.StatusBadRequest, map[string]string{
"status": requests.StatusFailed,
"error": err.Error(),
})
return
}
query := map[string]interface{}{"token": mux.Vars(req)["token"]}
update := map[string]interface{}{"password": util.HashPassword(req.FormValue("new"), u.Salt)}
if err := db.UpdateDeveloper(query, update); err != nil {
renderer.JSON(rw, http.StatusBadRequest, map[string]string{
"status": requests.StatusFailed,
"error": err.Error(),
})
return
}
renderer.JSON(rw, http.StatusOK, map[string]interface{}{
"status": requests.StatusSuccess,
"user": u,
})
}
// POST /developer/token, logs in a user by creating a new token
func CreateTokenHandler(rw http.ResponseWriter, req *http.Request) {
var body requests.LoginReq
decoder := json.NewDecoder(req.Body)
err := decoder.Decode(&body)
if err != nil {
renderer.JSON(rw, http.StatusBadRequest, map[string]string{
"status": requests.StatusFailed,
"error": err.Error(),
})
return
}
email := body.Email
password := body.Password
if email == "" || password == "" {
renderer.JSON(rw, http.StatusBadRequest, map[string]string{
"status": requests.StatusFailed,
"error": "Email and Password Required.",
})
return
}
query := map[string]interface{}{"email": email}
u, err := db.GetDeveloper(query)
if err != nil {
renderer.JSON(rw, http.StatusInternalServerError, map[string]string{
"status": requests.StatusFailed,
"error": "No such developer with email " + email + ".",
})
return
}
if util.HashPassword(password, u.Salt) != u.Password {
renderer.JSON(rw, http.StatusInternalServerError, map[string]string{
"status": requests.StatusFailed,
"error": "Incorrect Password",
})
return
}
token := util.HashToken()
update := map[string]interface{}{"token": token}
if err := db.UpdateDeveloper(query, update); err != nil {
renderer.JSON(rw, http.StatusInternalServerError, map[string]string{
"status": requests.StatusFailed,
"error": err.Error(),
})
return
}
renderer.JSON(rw, http.StatusOK, map[string]interface{}{
"status": requests.StatusCreated,
"token": token,
})
}
func CheckAdminHandler(rw http.ResponseWriter, req *http.Request) {
var body requests.LoginReq
decoder := json.NewDecoder(req.Body)
err := decoder.Decode(&body)
if err != nil {
renderer.JSON(rw, http.StatusBadRequest, map[string]string{
"status": requests.StatusFailed,
"error": err.Error(),
})
return
}
email := body.Email
password := body.Password
if email == "" || password == "" {
renderer.JSON(rw, http.StatusBadRequest, map[string]string{
"status": requests.StatusFailed,
"error": "Email and Password Required.",
})
return
}
query := map[string]interface{}{"email": email}
u, err := db.GetDeveloper(query)
if err != nil {
renderer.JSON(rw, http.StatusBadRequest, map[string]string{
"status": requests.StatusFailed,
"error": "not admin",
})
return
}
if util.HashPassword(password, u.Salt) != u.Password {
renderer.JSON(rw, http.StatusBadRequest, map[string]string{
"status": requests.StatusFailed,
"error": "not admin",
})
return
}
if !u.IsAdmin {
renderer.JSON(rw, http.StatusBadRequest, map[string]string{
"status": requests.StatusFailed,
"error": "not admin",
})
return
}
renderer.JSON(rw, http.StatusOK, map[string]string{
"status": requests.StatusSuccess,
})
}
func AuthHandler(req *http.Request, user, pass string) (bool, error) {
query := bson.M{}
if pass == "" {
query["token"] = user
} else {
query["email"] = user
}
dev, err := db.GetDeveloper(query)
if err != nil || dev.ID == "" {
return false, err
}
if pass != "" && dev.Password != util.HashPassword(pass, dev.Salt) {
return false, nil
}
return true, nil
}
func Save(d *schemas.Developer) error {
if d.Salt == "" {
d.Salt = uuid.New()
d.Password = util.HashPassword(d.Password, d.Salt)
}
var err error
b := backoff.NewTicker(backoff.NewExponentialBackOff()).C
for _ = range b {
if err = devs.Insert(d); err != nil {
continue
}
break
}
return err
}
// PUT /developers/{token}, edits a developer
func UpdateDeveloperHandler(rw http.ResponseWriter, req *http.Request) {
token := mux.Vars(req)["token"]
if token == "" {
renderer.JSON(rw, http.StatusBadRequest, map[string]string{
"status": requests.StatusFailed,
"error": "missing token",
})
return
}
if err := req.ParseForm(); err != nil {
renderer.JSON(rw, http.StatusBadRequest, map[string]string{
"status": requests.StatusFailed,
"error": err.Error(),
})
return
}
query := map[string]interface{}{"token": token}
update := map[string]interface{}{}
u, err := db.GetDeveloper(query)
if err != nil {
renderer.JSON(rw, http.StatusInternalServerError, map[string]string{
"status": requests.StatusFailed,
"error": err.Error(),
})
return
}
if password := req.FormValue("password"); password != "" {
oldpass := req.FormValue("oldpassword")
if oldpass == "" || util.HashPassword(oldpass, u.Salt) != u.Password {
renderer.JSON(rw, http.StatusBadRequest, map[string]string{
"status": requests.StatusFailed,
"error": "Old password is incorrect.",
})
return
}
update["password"] = util.HashPassword(password, u.Salt)
}
if nextPaymentTime := req.FormValue("nextPaymentTime"); nextPaymentTime != "" {
update["nextPaymentTime"], err = time.Parse(time.RFC3339, nextPaymentTime)
}
if isAdmin := req.FormValue("isAdmin"); isAdmin != "" {
update["isAdmin"] = isAdmin == "on" || isAdmin == "true"
}
if isPaid := req.FormValue("isPaid"); isPaid != "" {
update["isPaid"] = isPaid == "on" || isPaid == "true"
}
// TODO add datetime parsing
for _, field := range []string{"name", "email", "integrationEngineer"} {
val := req.FormValue(field)
if val != "" {
update[field] = val
}
}
if err := db.UpdateDeveloper(query, update); err != nil {
renderer.JSON(rw, http.StatusInternalServerError, map[string]string{
"status": requests.StatusFailed,
"error": err.Error(),
})
return
}
renderer.JSON(rw, http.StatusOK, map[string]interface{}{
"status": requests.StatusUpdated,
"update": update,
})
}