Exemplo n.º 1
func WebSensorsAgent(ctx context.Context, db data.DB, u *models.User) {
	// Get the db's changes, then filter by updates, then
	// filter by whether this user can read the record
	changes := data.Filter(data.FilterKind(db.Changes(), models.EventKind), func(c *data.Change) bool {
		ok, _ := access.CanRead(db, u, c.Record)
		return ok

	for {
		select {
		case c, ok := <-*changes:
			if !ok {
				break Run

			switch c.Record.(*models.Event).Name {
				webSensorLocation(db, u, c.Record.(*models.Event).Data)
		case <-ctx.Done():
			break Run

Exemplo n.º 2
Arquivo: task.go Projeto: elos/gaia
func TaskAgent(ctx context.Context, db data.DB, u *models.User) {

	changes := data.Filter(data.FilterKind(db.Changes(), models.EventKind), func(c *data.Change) bool {
		ok, _ := access.CanRead(db, u, c.Record)
		return ok

	for {
		select {
		case c, ok := <-*changes:
			if !ok {
				break Run

			switch c.Record.(*models.Event).Name {
			case TaskMakeGoal:
				taskMakeGoal(db, u, c.Record.(*models.Event).Data)
			case TaskDropGoal:
				taskDropGoal(db, u, c.Record.(*models.Event).Data)
		case <-ctx.Done():
			break Run

Exemplo n.º 3
Arquivo: query.go Projeto: elos/gaia
// execute retrieves the records matching a *query, which the user can read, and marshals them to attr maps.
// Errors:
//		- db.Query error
//		- access.CanRead error
//		- iter.Close error
func execute(db data.DB, u *models.User, q *query) ([]map[string]interface{}, error) {
	rs := make([]map[string]interface{}, 0)

	iter, err := db.Query(q.Kind).Limit(q.Limit).Batch(q.Batch).Skip(q.Skip).Select(q.Select).Order(q.Order...).Execute()
	if err != nil {
		return nil, err

	m := models.ModelFor(q.Kind)
	for iter.Next(m) {
		ok, err := access.CanRead(db, u, m)

		if err != nil {
			return nil, err

		if !ok {

		temp := make(map[string]interface{})
		transfer.TransferAttrs(m, &temp)
		rs = append(rs, temp)
		m = models.ModelFor(q.Kind)

	if err := iter.Close(); err != nil {
		return nil, err

	return rs, nil
Exemplo n.º 4
func LocationAgent(ctx context.Context, db data.DB, u *models.User) {
	locTag, err := tag.ForName(db, u, tag.Location)
	if err != nil {
	updTag, err := tag.ForName(db, u, tag.Update)
	if err != nil {

	// Get the db's changes, then filter by updates, then
	// filter by whether this user can read the record
	changes := data.Filter(data.FilterKind(db.Changes(), models.EventKind), func(c *data.Change) bool {
		ok, _ := access.CanRead(db, u, c.Record)
		if !ok {
			return false

		return event.ContainsTags(c.Record.(*models.Event), locTag, updTag)

	for {
		select {
		case c, ok := <-*changes:
			if !ok {
				break Run

			locationUpdate(db, u, c.Record.(*models.Event))
		case <-ctx.Done():
			break Run

Exemplo n.º 5
Arquivo: record.go Projeto: elos/gaia
func RecordChangesGET(ctx context.Context, ws *websocket.Conn, db data.DB, logger services.Logger) {
	l := logger.WithPrefix("RecordChangesGet: ")

	u, ok := user.FromContext(ctx)
	if !ok {
		l.Print("failed to retrieve user from context")

	// Get the db's changes, then filter by updates, then
	// filter by whether this user can read the record
	changes := data.Filter(db.Changes(), func(c *data.Change) bool {
		ok, err := access.CanRead(db, u, c.Record)
		if err != nil {
			l.Printf("error checking access control: %s", err)
		return ok

	var kind data.Kind
	if kindParam := ws.Request().Form.Get(kindParam); kindParam != "" {
		kind = data.Kind(kindParam)

		if _, ok := models.Kinds[kind]; !ok {
			l.Printf("unrecognized kind: %q", kind)
			if err := websocket.Message.Send(ws, fmt.Sprintf("The kind %q is not recognized", kind)); err != nil {
				if err != io.EOF {
					l.Printf("error sending on websocket: %s", err)

		// If a kind was specified, filter by it
		changes = data.FilterKind(changes, kind)

	for {
		select {
		case change, ok := <-*changes:
			if !ok {
				l.Printf("change channel was closed")

			l.Printf("recieved change: %+v", change)

			changeTransport := transfer.Change(change)

			if err := websocket.JSON.Send(ws, changeTransport); err != nil {
				if err != io.EOF {
					l.Printf("error sending to socket: %s", err)

		case <-time.After(5 * time.Second):
			l.Printf("no change in 5 seconds, but still listening")
		case <-ctx.Done():
			l.Printf("context cancelled")
			// context was cancelled
Exemplo n.º 6
Arquivo: record.go Projeto: elos/gaia
// RecordQueryPOST implements gaia's response to a POST request to the '/record/query/' endpoint.
// Assumptions: The user has been authenticated.
// Proceedings:
// Success:
//		* StatusOK
// Error:
//		* InternalServerError: parsing url params,
//		* BadRequest: no kind parameter, unrecognized kind
func RecordQueryPOST(ctx context.Context, w http.ResponseWriter, r *http.Request, logger services.Logger, db data.DB) {
	l := logger.WithPrefix("RecordQueryPOST: ")

	// Parse the form
	if err := r.ParseForm(); err != nil {
		l.Printf("error parsing form: %s", err)
		http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)

	// Retrieve the kind parameter
	k := r.FormValue(kindParam)
	if k == "" {
		l.Printf("no kind parameter")
		http.Error(w, fmt.Sprintf("You must specify a %q parameter", kindParam), http.StatusBadRequest)
	kind := data.Kind(k)

	// Verify the kind is recognized
	if !models.Kinds[kind] {
		l.Printf("unrecognized kind %q", kind)
		http.Error(w, fmt.Sprintf("The kind %q is not recognized", kind), http.StatusBadRequest)

	// Retrieve the limit, batch and skip parameters
	lim := r.FormValue(limitParam)
	bat := r.FormValue(batchParam)
	ski := r.FormValue(skipParam)

	// Set up the variables to apply to the query
	var limit, batch, skip int
	if lim != "" {
		limit, _ = strconv.Atoi(lim)
	} else if bat != "" {
		batch, _ = strconv.Atoi(bat)
	} else if ski != "" {
		skip, _ = strconv.Atoi(ski)

	// Read the selection attrs from the body
	var requestBody []byte
	var err error
	defer r.Body.Close()
	if requestBody, err = ioutil.ReadAll(r.Body); err != nil {
		l.Printf("error while reading request body: %s", err)
		http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)

	// These are the selectors, unmarshal the request body into them
	attrs := make(data.AttrMap)

	// only unmarshall if there is any request body
	if len(requestBody) > 0 {
		if err = json.Unmarshal(requestBody, &attrs); err != nil {
			l.Printf("info: request body:\n%s", string(requestBody))
			l.Printf("error: while unmarshalling request body, %s", err)
			http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)

	// Retrieve the user we are acting on behalf
	u, ok := user.FromContext(ctx)
	if !ok {
		l.Print("failed to retrieve user from context")
		http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)

	// Load our actual query
	var iter data.Iterator
	if iter, err = db.Query(kind).Select(attrs).Limit(limit).Batch(batch).Skip(skip).Order(r.Form["order"]...).Execute(); err != nil {
		l.Printf("db.Query(%q).Select(%v).Limit(%d).Batch(%d).Skip(%d) error: %s", kind, attrs, limit, batch, skip, err)
		http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)

	fmt.Fprint(w, "[")

	first := true

	// Iterator through the results and write the response
	m := models.ModelFor(kind)
	for iter.Next(m) {
		if !first {
			fmt.Fprint(w, ",")
		first = false
		if ok, err := access.CanRead(db, u, m); err != nil {
			// We've hit an error and need to bail
			l.Printf("access.CanRead error: %s", err)
			http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)
		} else if ok {
			bytes, err := json.Marshal(m)
			if err != nil {
				l.Printf("error marshalling JSON: %s", err)
				http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)

	if err := iter.Close(); err != nil {
		l.Printf("error closing query, %s", err)
		http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)

	fmt.Fprint(w, "]")
Exemplo n.º 7
Arquivo: record.go Projeto: elos/gaia
// RecordGET implements gaia's response to a GET request to the '/record/' endpoint.
// Assumptions: The user has been authenticated.
// Proceedings: Parses the url parameters, retrieving the kind and id parameters (both required).
// Then it loads that record, checks if the user is allowed to access it, if so it returns the model as JSON.
// Success:
//		* StatusOK with the record as JSON
// Errors:
//		* InternalServerError: failure to parse the parameters, database connections, json marshalling
//		* BadRequest: no kind param, no id param, unrecognized kind, invalid id
//		* NotFound: unauthorized, record actually doesn't exist
func RecordGET(ctx context.Context, w http.ResponseWriter, r *http.Request, logger services.Logger, db services.DB) {
	l := logger.WithPrefix("RecordGet: ")

	// Parse the form value
	if err := r.ParseForm(); err != nil {
		l.Printf("error parsing form: %s", err)
		http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)

	// Secure the kind parameter's existence, and superficial validity (i.e., non-empty)
	k := r.FormValue(kindParam)
	if k == "" {
		l.Printf("no kind parameter")
		http.Error(w, fmt.Sprintf("You must specify a '%s' parameter", kindParam), http.StatusBadRequest)
	kind := data.Kind(k)

	// Secure the id parameter's existence, and superficial validity (i.e., non-empty)
	i := r.FormValue(idParam)
	if i == "" {
		l.Printf("no id parameter")
		http.Error(w, fmt.Sprintf("You must specify a '%s' parameter", idParam), http.StatusBadRequest)

	// Ensure the kind is recognized
	if _, ok := models.Kinds[kind]; !ok {
		l.Printf("unrecognized kind: %q", kind)
		http.Error(w, fmt.Sprintf("The kind %q is not recognized", kind), http.StatusBadRequest)

	// Ensure the id is valid
	id, err := db.ParseID(i)
	if err != nil {
		l.Printf("unrecognized id: %q, err: %s", i, err)
		http.Error(w, fmt.Sprintf("The id %q is invalid", i), http.StatusBadRequest)

	m := models.ModelFor(kind)

	if err := db.PopulateByID(m); err != nil {
		switch err {
		// ErrAccessDenial and ErrNotFound are "normal" courses, in the sense that they
		// may be expected in normal usage.
		case data.ErrAccessDenial:
			fallthrough // don't leak information, make it look like a 404
		case data.ErrNotFound:
			// This is, by far, the most common error case here.
			http.Error(w, http.StatusText(http.StatusNotFound), http.StatusNotFound)
		// ErrNoConnection, ErrInvalidID and the under-determined errors are all non-normal cases
		case data.ErrNoConnection:
		case data.ErrInvalidID:
			http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)
		l.Printf("db.PopulateByID error: %s", err)
		return // regardless of what the error was, we are bailing

	// Retrieve the user this request was authenticated as
	u, ok := user.FromContext(ctx)
	if !ok { // This is certainly an issue, and should _never_ happen
		l.Print("failed to retrieve user from context")
		http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)

	// Now we impose the system access control, beyond the database access control
	// TODO: limit the domain of errors CanRead returns
	if allowed, err := access.CanRead(db, u, m); err != nil {
		switch err {
		// Again, though odd, both of these are arguably expected
		case data.ErrAccessDenial:
			fallthrough // don't leak information
		case data.ErrNotFound:
			http.Error(w, http.StatusText(http.StatusNotFound), http.StatusNotFound)
		// These are not-expected
		case data.ErrNoConnection:
		case data.ErrInvalidID:
			http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)
		l.Printf("access.CanRead error: %s", err)
	} else if !allowed {
		// If you can't read the record you are asking for,
		// it "does not exist" as far as you are concerned
		l.Print("access denied")
		http.Error(w, http.StatusText(http.StatusNotFound), http.StatusNotFound)

	bytes, err := json.MarshalIndent(m, "", "	")
	if err != nil {
		l.Printf("error while marshalling json %s", err)
		http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)

	w.Header().Set("Content-Type", "application/json")