func addUserUpvotedPostIDsToData(r *http.Request, postModel *models.PostModel, data map[string]interface{}) error {
if user, ok := context.SessionUser(r); ok {
userUpvotedPostIDs, err := postModel.GetVotedPostIds(nil, squirrel.Eq{"post_votes.user_id": user.ID})
if err != nil {
return errors.Wrap(err, "get upvoted post ids error")
}
data["UserUpvotedPostIDs"] = userUpvotedPostIDs
}
return nil
}
func getLogin(a *application.App, w http.ResponseWriter, r *http.Request) error {
if _, ok := context.SessionUser(r); ok {
return httperror.StatusError{http.StatusOK, errors.New("Already logged in")}
}
// TODO: replace code with CSRF token
url := a.Config.OAuth2.AuthCodeURL("uteach-login") + "&connection=Username-Password-Authentication" // connection required by Auth0
http.Redirect(w, r, url, http.StatusFound)
return nil
}
func updatePostVote(a *application.App, w http.ResponseWriter, r *http.Request, voted bool) error {
post := context.Post(r)
user, _ := context.SessionUser(r)
pm := models.NewPostModel(a.DB)
if err := pm.UpdatePostVoteForUser(nil, post, user, voted); err != nil {
return errors.Wrap(err, "update post vote error")
}
w.WriteHeader(http.StatusOK)
return nil
}
// MustLogin ensures the next handler is only accessible by users that are logged in.
func (m *Middleware) MustLogin(next http.Handler) http.Handler {
fn := func(w http.ResponseWriter, r *http.Request) {
if _, ok := context.SessionUser(r); !ok {
httperror.HandleError(w, httperror.StatusError{http.StatusForbidden, nil})
return
}
next.ServeHTTP(w, r)
}
return http.HandlerFunc(fn)
}
func postNewPost(a *application.App, w http.ResponseWriter, r *http.Request) (err error) {
title := r.FormValue("title")
text := r.FormValue("text")
topic := context.Topic(r)
user, _ := context.SessionUser(r)
// we want the post and tags to be created together so use one tx. If one part fails the rest won't be committed.
tx, err := a.DB.Beginx()
if err != nil {
return errors.Wrap(err, "begin transacion error")
}
defer func() {
if err != nil {
tx.Rollback()
return
}
err = tx.Commit()
err = errors.Wrap(err, "commit error")
}()
postModel := models.NewPostModel(a.DB)
post := &models.Post{Title: title, Content: text, Topic: topic, Creator: user}
if err = postModel.Add(tx, post); err != nil {
return errors.Wrap(err, "add post error")
}
tagIDStr := r.FormValue("tag")
if tagIDStr != "" {
tagID, err := strconv.ParseInt(tagIDStr, 10, 64)
if err != nil {
return httperror.StatusError{http.StatusBadRequest, err}
}
tagModel := models.NewTagModel(a.DB)
tag, err := tagModel.FindOne(nil, squirrel.Eq{"tags.id": tagID})
if err != nil {
return errors.Wrap(err, "find one error")
}
if err = tagModel.AddPostTag(tx, post, tag); err != nil {
return errors.Wrap(err, "add post tag error")
}
}
http.Redirect(w, r, post.URL(), http.StatusFound)
return nil
}
func (m *Middleware) isPostCreator(r *http.Request) bool {
post := context.Post(r)
user, ok := context.SessionUser(r)
return ok && *post.Creator == *user
}
func (m *Middleware) isAdmin(r *http.Request) bool {
user, ok := context.SessionUser(r)
return ok && user.IsAdmin
}
