func (h *Handler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
r.ParseForm()
session := common.GetUserSession(r)
sortBy := r.Form.Get("sort")
id, _ := strconv.ParseInt(r.Form.Get("id"), 10, 64)
entries, err := vsafedb.Entries(h.Store, session.Key().Id, r.Form.Get("q"))
if err != nil {
http_util.ReportError(w, "Error reading database", err)
return
}
switch sortBy {
case "newest":
vsafedb.Reverse(entries)
default:
vsafedb.SortByTitle(entries)
}
http_util.WriteTemplate(
w,
kTemplate,
&view{
Values: http_util.Values{r.Form},
Name: session.User.Name,
Entries: entries,
Url: r.URL,
Id: id})
}
func goBack(w http.ResponseWriter, r *http.Request, id int64) {
var u *url.URL
u, err := url.Parse(r.Form.Get("prev"))
if err != nil {
http_util.ReportError(w, "Error parsing prev url", err)
return
}
http_util.Redirect(w, r, withId(u, id).String())
}
func (h *Handler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
if r.Method == "GET" {
http_util.WriteTemplate(w, kTemplate, nil)
} else {
r.ParseForm()
userName := r.Form.Get("name")
password := r.Form.Get("password")
var user vsafe.User
err := h.Store.UserByName(nil, userName, &user)
if err == vsafedb.ErrNoSuchId {
http_util.WriteTemplate(w, kTemplate, "Login incorrect.")
return
}
if err != nil {
http_util.ReportError(w, "Database error", err)
return
}
key, err := user.VerifyPassword(password)
if err == vsafe.ErrWrongPassword {
http_util.WriteTemplate(w, kTemplate, "Login incorrect.")
return
}
if err != nil {
http_util.ReportError(w, "Error verifying password", err)
return
}
gs, err := common.NewGorillaSession(h.SessionStore, r)
if err != nil {
http_util.ReportError(w, "Error creating session", err)
return
}
session := common.CreateUserSession(gs)
session.SetUserId(user.Id)
session.SetKey(key)
session.ID = "" // For added security, force a new session ID
session.Save(r, w)
http_util.Redirect(w, r, r.Form.Get("prev"))
}
}
func (h *authHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
user, _, err := authorizeSession(r, kSessionStore)
if err == errNotLoggedIn {
http_util.Redirect(
w,
r,
http_util.NewUrl("/auth/login", "prev", r.URL.String()).String())
return
}
if err != nil {
http_util.ReportError(w, "Error reading database.", err)
return
}
logging.SetUserName(r, user.Name)
h.ServeMux.ServeHTTP(w, r)
}
func (h pollHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
r.ParseForm()
keyId, _ := strconv.ParseInt(r.Form.Get("kid"), 10, 64)
user, key, err := authorizeSession(r, kPollingStore)
if err == errNotLoggedIn {
http_util.Error(w, 401)
return
}
if err != nil {
http_util.ReportError(w, "Error reading database.", err)
return
}
logging.SetUserName(r, user.Name)
if keyId != key.Id {
http_util.Error(w, 401)
return
}
http_util.Error(w, 200)
}
func (h *Handler) doGet(w http.ResponseWriter, r *http.Request, id int64) {
session := common.GetUserSession(r)
if isIdValid(id) {
var entryWithEtag vsafe.EntryWithEtag
err := vsafedb.EntryByIdWithEtag(
h.Store, nil, id, session.Key(), &entryWithEtag)
if err == vsafedb.ErrNoSuchId {
fmt.Fprintln(w, "No entry found.")
return
}
if err != nil {
http_util.ReportError(w, "Error reading database.", err)
return
}
http_util.WriteTemplate(
w,
kTemplate,
newView(
fromEntry(&entryWithEtag.Entry, entryWithEtag.Etag),
true,
session.Key().Id,
common.NewXsrfToken(r, kSingle),
nil))
} else {
initValues := make(url.Values)
initValues.Set("url", "http://")
// Because this page is always POST, the presence of etag signals that
// we are editing an entry, not fetching for the first time.
// The value of etag in this context does not matter since we are editing
// a new entry.
initValues.Set("etag", "new")
http_util.WriteTemplate(
w,
kTemplate,
newView(
initValues,
false,
session.Key().Id,
common.NewXsrfToken(r, kSingle),
nil))
}
}
func (h *Handler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
session := common.GetUserSession(r)
if r.Method == "GET" {
http_util.WriteTemplate(
w,
kTemplate,
&view{
Name: session.User.Name,
Xsrf: common.NewXsrfToken(r, kChPasswd)})
} else {
r.ParseForm()
if !common.VerifyXsrfToken(r, kChPasswd) {
http_util.WriteTemplate(
w,
kTemplate,
&view{
Name: session.User.Name,
Xsrf: common.NewXsrfToken(r, kChPasswd),
Message: common.ErrXsrf.Error()})
return
}
old := r.Form.Get("old")
new := r.Form.Get("new")
verify := r.Form.Get("verify")
if new != verify {
http_util.WriteTemplate(
w,
kTemplate,
&view{
Name: session.User.Name,
Xsrf: common.NewXsrfToken(r, kChPasswd),
Message: "Password re-typed incorrectly."})
return
}
if len(new) < kMinPasswordLength {
http_util.WriteTemplate(
w,
kTemplate,
&view{
Name: session.User.Name,
Xsrf: common.NewXsrfToken(r, kChPasswd),
Message: fmt.Sprintf(
"Password must be at least %d characters.",
kMinPasswordLength)})
return
}
err := h.Doer.Do(func(t db.Transaction) error {
user, err := vsafedb.ChangePassword(
h.Store, t, session.User.Id, old, new)
if err != nil {
return err
}
session.User = user
return nil
})
if err == vsafe.ErrWrongPassword {
http_util.WriteTemplate(
w,
kTemplate,
&view{
Name: session.User.Name,
Xsrf: common.NewXsrfToken(r, kChPasswd),
Message: "Old password wrong."})
return
}
if err != nil {
http_util.ReportError(w, "Error updating database", err)
return
}
http_util.WriteTemplate(
w,
kTemplate,
&view{
Name: session.User.Name,
Message: "Password changed successfully.",
Xsrf: common.NewXsrfToken(r, kChPasswd),
Success: true})
}
}