func TestReadUser(t *testing.T) {
readUser := new(data.User)
testRead(t, "/users/"+user.Username, readUser)
readUser.CreateTime = user.CreateTime
structJSONCompare(t, user, readUser)
}
func scanUser(user *data.User, rows *sql.Rows) error {
var createTimeString string
err := rows.Scan(
&user.Username,
&user.Password,
&user.Salt,
&user.Role,
&user.TrustLevel,
&createTimeString,
)
if err != nil {
return err
}
createTime, err := time.Parse("2006-01-02 15:04:05", createTimeString) // this assumes UTC as timezone
if err != nil {
log.Println("User scanner failed to parse time.")
return err
}
user.CreateTime = createTime
return nil
}
func TestSelectUser(t *testing.T) {
selectedUser := new(data.User)
selectedUser.Username = user.Username
err := Select(selectedUser)
if err != nil {
t.Error(err)
}
t.Log(selectedUser.CreateTime.UTC())
t.Log(user.CreateTime.UTC())
selectedUser.CreateTime = user.CreateTime // Hack because MySQL will eat part of the timestamp and they won't match
structJSONCompare(t, user, selectedUser)
}
// Generic Delete handler
func Delete(w http.ResponseWriter, r *http.Request) {
user, permissions := auth.Challenge(w, r, true)
if user == nil || permissions < 1 {
http.Error(w, "Please Login", http.StatusUnauthorized)
return
}
w.Header().Set("Access-Control-Allow-Origin", "*")
w.Header().Set("Access-Control-Allow-Headers", "Origin, X-Requested-With, Content-Type, Accept")
vars := mux.Vars(r)
var (
val interface{} // Generic container for the deleted object
err error
)
// Build a URI like representation of the datatype
types := []string{vars["datatype"]}
if childtype, ok := vars["childtype"]; ok {
types = append(types, childtype)
}
// Switch based on that URI like representation and instantiate something in the generic container. Also infer the identifier from the vars and perform validation.
switch strings.Join(types, "/") {
case "items":
item := new(data.Item)
item.ID, err = strconv.ParseInt(vars["key"], 10, 64)
val = item
case "items/comments":
comment := new(data.ItemComment)
comment.ID, err = strconv.ParseInt(vars["childkey"], 10, 64)
val = comment
case "users":
if vars["key"] != user.Username {
http.Error(w, "Please don't delete other users", http.StatusUnauthorized)
return
}
user := new(data.User)
user.Username = vars["key"]
val = user
case "roles":
role := new(data.Role)
role.Title = vars["key"]
val = role
case "taxonomy":
term := new(data.Term)
term.Term = vars["key"]
val = term
default:
http.NotFound(w, r)
return
}
if err != nil {
log.Println(err)
http.Error(w, "Malformed key in URI", http.StatusBadRequest)
return
}
// Perform the delete
err = storage.Delete(val)
if err == storage.ErrZeroAffected {
http.Error(w, "No matches for query", http.StatusNotFound)
return
} else if err != nil {
log.Println(err)
http.Error(w, "Delete Database error, likely due to malformed request", http.StatusInternalServerError)
return
}
// Confirm the delete
w.WriteHeader(http.StatusNoContent)
}
// Generic Read handler for reading single objects
func Read(w http.ResponseWriter, r *http.Request) {
//No Auth for the moment
w.Header().Set("Access-Control-Allow-Origin", "*")
w.Header().Set("Access-Control-Allow-Headers", "Origin, X-Requested-With, Content-Type, Accept")
vars := mux.Vars(r)
var (
val interface{} // Generic container for the read object
err error
)
// Build a URI like representation of the datatype
types := []string{vars["datatype"]}
if childtype, ok := vars["childtype"]; ok {
types = append(types, childtype)
}
// Switch based on that URI like representation and instantiate something in the generic container. Also infer the identifier from the vars and perform validation.
switch strings.Join(types, "/") {
case "items":
item := new(data.Item)
item.ID, err = strconv.ParseInt(vars["key"], 10, 64)
val = item
case "items/comments":
comment := new(data.ItemComment)
comment.ID, err = strconv.ParseInt(vars["childkey"], 10, 64)
val = comment
case "users":
user := new(data.User)
user.Username = vars["key"]
val = user
case "users/direction":
direction := new(data.UserDirection)
direction.Username = vars["key"]
val = direction
case "roles":
role := new(data.Role)
role.Title = vars["key"]
val = role
case "taxonomy":
term := new(data.Term)
term.Term = vars["key"]
val = term
case "taxonomy/ranking":
ranking := new(data.TermRanking)
ranking.Term = vars["key"]
val = ranking
default:
http.NotFound(w, r)
return
}
if err != nil {
log.Println(err)
http.Error(w, "Malformed key in URI", http.StatusBadRequest)
return
}
// Perform the Select
err = storage.Select(val)
if err == storage.ErrZeroAffected {
http.Error(w, "No matches for query", http.StatusNotFound)
return
} else if err != nil {
log.Println(err)
http.Error(w, "Select Database error, likely due to malformed request", http.StatusInternalServerError)
return
}
// Important. Let's never send salt/hash out.
switch v := val.(type) {
case *data.User:
v.Salt = ""
v.Password = ""
}
w.Header().Set("Content-Type", "application/json") // Header are important when GZIP is enabled
// Return the object we've selected from the database.
encoder := json.NewEncoder(w)
err = encoder.Encode(val)
if err != nil {
log.Println(err)
}
}
// Handle requests containing JSON with user credentials. If the credentials are valid the response will set a session cookie effectively logging in the user.
//
// Expected JSON format:
// {"Username":"******", "Password":"******"}
//
// Invalid credentials will result in a 401 StatusUnauthorized response. Malformed JSON will result in a 400 StatusBadRequest or possibly 500 StatusInternalServerError.
func AuthHandlerFunc(w http.ResponseWriter, r *http.Request) {
// Parse the JSON into a user object
loginInfo := new(data.User)
decoder := json.NewDecoder(r.Body)
err := decoder.Decode(&loginInfo)
if err != nil {
log.Println("JSON problem")
log.Println(err)
http.Error(w, "Malformed json.", http.StatusBadRequest)
return
}
// Try and load the actual user
user := new(data.User)
user.Username = loginInfo.Username
err = storage.Select(user)
if err == storage.ErrZeroAffected {
log.Println("No such user: "******"Invalid credentials.", http.StatusUnauthorized)
return
} else if err != nil {
log.Println(err)
http.Error(w, "Database error, likely due to malformed request.", http.StatusInternalServerError)
return
}
// Validate
if !user.Auth(loginInfo.Password) {
log.Println("Wrong Password for: ", user.Username)
http.Error(w, "Invalid credentials.", http.StatusUnauthorized)
return
}
// Get role permissions
role := new(data.Role)
role.Title = user.Role
err = storage.Select(role)
if err != nil {
log.Println("Issues loading role during auth", err)
role.Permissions = 0 // Default to no permissions
}
// Build a cookie session
session, _ := store.Get(r, "rter-credentials")
session.Values["username"] = user.Username
session.Values["role"] = user.Role
session.Values["permissions"] = role.Permissions
err = session.Save(r, w)
if err != nil {
log.Println(err)
}
}
// Handle a POST request with an image, phone_id, lat, lng and heading. Return a target heading from the web UI
func MultiUploadHandler(rterDir string, uploadPath string, w http.ResponseWriter, r *http.Request) {
imageFile, header, err := r.FormFile("image")
if err != nil {
return
}
user := new(data.User)
user.Username = r.FormValue("phone_id")
err = storage.Select(user)
if err == storage.ErrZeroAffected {
user.Role = "public"
storage.Insert(user)
// log.Println("upload failed, phone_id invalid:", user.Username)
// http.Error(w, "Invalid credentials.", http.StatusUnauthorized)
// return
} else if err != nil {
log.Println(err)
http.Error(w, "Database error, likely due to malformed request.", http.StatusInternalServerError)
return
}
os.Mkdir(filepath.Join(uploadPath, user.Username), os.ModeDir|0775)
matchingItems := make([]*data.Item, 0)
err = storage.SelectWhere(&matchingItems, "WHERE Type=\"streaming-video-v0\" AND Author=?", user.Username)
exists := true
if err == storage.ErrZeroAffected {
exists = false
} else if err != nil {
log.Println(err)
http.Error(w, "Database error, likely due to malformed request.", http.StatusInternalServerError)
return
}
var item *data.Item
if exists {
item = matchingItems[0]
} else {
item = new(data.Item)
}
item.Author = user.Username
item.Type = "streaming-video-v0"
item.Live = true
item.HasGeo = true
item.HasHeading = true
item.Lat, err = strconv.ParseFloat(r.FormValue("lat"), 64)
if err != nil {
item.HasGeo = false
}
item.Lng, err = strconv.ParseFloat(r.FormValue("lng"), 64)
if err != nil {
item.HasGeo = false
}
item.Heading, err = strconv.ParseFloat(r.FormValue("heading"), 64)
if err != nil {
item.HasHeading = false
}
item.StartTime = time.Now()
item.StopTime = item.StartTime
path := uploadPath
if strings.HasSuffix(header.Filename, ".png") {
path = filepath.Join(path, fmt.Sprintf("%v/%v.png", user.Username, item.StopTime.UnixNano()))
} else if strings.HasSuffix(header.Filename, ".jpg") || strings.HasSuffix(header.Filename, "jpeg") {
path = filepath.Join(path, fmt.Sprintf("%v/%v.jpg", user.Username, item.StopTime.UnixNano()))
}
outputFile, err := os.OpenFile(path, os.O_WRONLY|os.O_CREATE, 0664)
if err != nil {
log.Println(err)
http.Error(w, "Error, likely due to malformed request.", http.StatusInternalServerError)
}
defer outputFile.Close()
io.Copy(outputFile, imageFile)
path = path[len(rterDir):]
item.ContentURI = path
item.ThumbnailURI = path
if exists {
storage.Update(item)
} else {
storage.Insert(item)
}
userDirection := new(data.UserDirection)
userDirection.Username = user.Username
err = storage.Select(userDirection)
if err != nil {
log.Println(err)
http.Error(w, "Database error, likely due to malformed request.", http.StatusInternalServerError)
return
}
w.Write([]byte(strconv.FormatFloat(userDirection.Heading, 'f', 6, 64)))
}
func scanUser(user *data.User, rows *sql.Rows) error {
var createTimeString string
var updateTimeString string
var statusTimeString string
err := rows.Scan(
&user.Username,
&user.Password,
&user.Salt,
&user.Role,
&user.TrustLevel,
&createTimeString,
&user.Heading,
&user.Lat,
&user.Lng,
&updateTimeString,
&user.Status,
&statusTimeString,
)
if err != nil {
return err
}
// TODO: this is a hacky fix for null times
if createTimeString == "0000-00-00 00:00:00" {
createTimeString = "0001-01-01 00:00:00"
}
createTime, err := time.Parse("2006-01-02 15:04:05", createTimeString) // this assumes UTC as timezone
if err != nil {
log.Println("User scanner failed to parse create time.")
return err
}
user.CreateTime = createTime
// TODO: this is a hacky fix for null times
if updateTimeString == "0000-00-00 00:00:00" {
updateTimeString = "0001-01-01 00:00:00"
}
updateTime, err := time.Parse("2006-01-02 15:04:05", updateTimeString) // this assumes UTC as timezone
if err != nil {
log.Println("User scanner failed to parse update time.")
return err
}
user.UpdateTime = updateTime
// TODO: this is a hacky fix for null times
if statusTimeString == "0000-00-00 00:00:00" {
statusTimeString = "0001-01-01 00:00:00"
}
statusTime, err := time.Parse("2006-01-02 15:04:05", statusTimeString) // this assumes UTC as timezone
if err != nil {
log.Println("User scanner failed to parse time.")
return err
}
user.StatusTime = statusTime
return nil
}