func (lilo *basicLoginLogout) HandleLogout(request shared.IRequest) (shared.IResponse, error) {
//request.Session.shared.IUser = nil
log.Println("LOGOUT")
request.ResetSession()
request.Session().AddFlash("success", "Logged Out")
return getRedirectResponse("/")
}
func (th *simpleTemplateHandler) Handle(request shared.IRequest) (shared.IResponse, error) {
writer, err := th.manager.GetHTMLTemplateWriter(th.name, request.Session())
if err != nil {
return nil, err
}
writer.Data = th.data
return writer, nil
}
func (h *RawFileHandler) Handle(req shared.IRequest) (shared.IResponse, error) {
w, _ := req.GetRaw()
file, err := os.Open(h.WebRoot + "/" + h.Filename)
if err != nil {
fmt.Fprintln(w, err.Error())
w.WriteHeader(http.StatusInternalServerError)
return nil, nil
}
defer file.Close()
io.Copy(w, file)
return nil, nil
}
func (wh *wrappedHandler) Handle(request shared.IRequest) (shared.IResponse, error) {
requestData := wh.handler.RequestDataPlaceholder()
_, r := request.GetRaw()
// Decode request body JSON to object
dec := json.NewDecoder(r.Body)
err := dec.Decode(requestData)
if err != nil {
return nil, err
}
// Do the request
return wh.handler.Handle(request, requestData)
}
func (ga *GoogleAuth) TryToAuthenticate(request shared.IRequest) (string, interface{}, error) {
googleToken, ok := request.QueryString().String("code")
if !ok {
return "", nil, nil
}
log.Printf("Google Auth with Token %s\n", googleToken)
token, err := ga.Exchange(googleToken)
if err != nil {
return "", nil, err
}
email, err := token.GooglePlusID()
if err != nil {
return "", nil, err
}
log.Printf("Google auth response: %s\n", email)
return "google_id", email, nil
}
func (h *FileHandler) writeDatabaseEntry(request shared.IRequest, dbEntry map[string]interface{}, fileCollection string) error {
qc := databath.GetMinimalQueryConditions(fileCollection, "form")
q, err := databath.GetQuery(request.GetContext(), h.Model, qc, true)
if err != nil {
return err
}
sqlString, parameters, err := q.BuildInsert(dbEntry)
if err != nil {
return err
}
db, err := request.DB()
if err != nil {
return err
}
fmt.Println(sqlString)
res, err := db.Exec(sqlString, parameters...)
if err != nil {
return err
}
pk, _ := res.LastInsertId()
/*
actionSummary := &shared_structs.ActionSummary{
UserId: request.Session().User().Id,
Action: "create",
Collection: fileCollection,
Pk: uint64(pk),
Fields: dbEntry,
}
*/
createObject := map[string]interface{}{
"collection": fileCollection,
"id": uint64(pk),
"object": dbEntry,
}
request.Broadcast("create", createObject)
return nil
}
func (h *FileHandler) Upload(request shared.IRequest) error {
var functionName string
var fileCollection string
var collectionRef string
var collectionId uint64
err := request.URLMatch(&functionName, &fileCollection, &collectionRef, &collectionId)
if err != nil {
return err
}
_, r := request.GetRaw()
if r.Method != "POST" && r.Method != "PUT" {
request.WriteString("Must post a file (1)")
return nil
}
mpr, err := r.MultipartReader()
if err != nil {
return err
}
var part *multipart.Part
for {
thisPart, err := mpr.NextPart()
if err != nil {
break
}
if thisPart.FormName() == "attachment" {
part = thisPart
break
}
}
if part == nil {
request.WriteString("Must post a file (2)")
return nil
}
origName := part.FileName()
randBytes := make([]byte, 22, 22)
_, _ = rand.Reader.Read(randBytes)
fileName := hex.EncodeToString(randBytes)
bucket, err := h.getBucket()
if err != nil {
return err
}
upload, err := ioutil.ReadAll(part)
if err != nil {
return err
}
err = bucket.Put(h.Path+fileName, upload, "application/octet-stream", s3.Private)
if err != nil {
return err
}
log.Println("File Written")
dbEntry := map[string]interface{}{
collectionRef: collectionId,
"file": fileName,
"filename": origName,
}
err = h.writeDatabaseEntry(request, dbEntry, fileCollection)
if err != nil {
return err
}
request.WriteString(`
<script type='text/javascript'>
window.top.file_done()
</script>
Uploaded Successfully.
`)
return nil
}
func (lilo *basicLoginLogout) HandleLogin(request shared.IRequest) (shared.IResponse, error) {
username := request.PostValueString("username")
password := request.PostValueString("password")
lilo.doLogin(request, false, lilo.ColUsername, username, password)
return nil, nil
}
func (lilo *basicLoginLogout) HandleSetPassword(r shared.IRequest) (shared.IResponse, error) {
doErr := func(err error) (shared.IResponse, error) {
log.Println(err)
r.Session().AddFlash("error", "Something went wrong...")
return getRedirectResponse("/set_password")
}
currentPassword := r.PostValueString("current_password")
newPassword1 := r.PostValueString("new_password_1")
newPassword2 := r.PostValueString("new_password_2")
if newPassword1 != newPassword2 {
r.Session().AddFlash("error", "Passwords didn't match")
return getRedirectResponse("/set_password")
}
if len(currentPassword) < 1 {
// Is user exempt?
//if !r.Session().shared.IUser().SetOnNextLogin {
// r.Session.AddFlash("error", "Incorrect current password")
// r.Redirect("/set_password")
// return
//}
} else {
//Check Current Password
matches, err := r.Session().User().CheckPassword(currentPassword)
if err != nil {
return doErr(err)
}
if !matches {
r.Session().AddFlash("error", "Incorrect current password")
return getRedirectResponse("/set_password")
}
}
/// Is it secure enough?
// TODO:... something useful.
if len(newPassword1) < 5 {
r.Session().AddFlash("error", "Password must be at least 5 characters long")
return getRedirectResponse("/set_password")
}
hashed := HashPassword(newPassword1)
db := lilo.db
_, err := db.Exec(`UPDATE `+lilo.usersTable+` SET `+lilo.ColPassword+` = ?, `+lilo.ColSetOnNextLogin+` = 0 WHERE `+lilo.ColId+` = ?`, hashed, r.Session().UserID())
if err != nil {
return doErr(err)
}
return getRedirectResponse("/app.html")
}
func (lilo *basicLoginLogout) doLogin(request shared.IRequest, noPassword bool, usernameCol string, username interface{}, password string) {
doError := func(verboseMessage string, err error) {
log.Printf("Issue loggin in (not error): %s, U:%s", verboseMessage, username)
if err != nil {
log.Printf("Error loading user '%s' from database: %s\n", username, err.Error())
}
if noPassword {
request.Session().AddFlash("error", verboseMessage)
} else {
request.Session().AddFlash("error", "The presented credentials were not matched. Please try again.")
}
request.Redirect("/login")
}
db := lilo.db
rows, err := db.Query(`SELECT `+lilo.userColString()+` FROM `+lilo.usersTable+` WHERE `+usernameCol+` = ?`, username)
if err != nil {
panic(err)
log.Fatal(err)
return
}
defer rows.Close()
canHaz := rows.Next()
if !canHaz {
if noPassword {
doError(fmt.Sprintf("Could not find %s", username), nil)
} else {
doError("", nil)
}
return
}
user, err := lilo.LoadUser(rows)
if err != nil {
doError("Invalid user identifier", err)
return
}
if !noPassword {
log.Printf("Check Password")
res, err := user.CheckPassword(password)
if err != nil {
doError("", err)
return
}
if !res {
doError("", err)
return
}
}
target := "/app.html"
//if request.Session.LoginTarget != nil {
// target = *request.Session.LoginTarget
// }
request.ResetSession()
request.Session().SetUser(user)
if user.SetOnNextLogin() {
request.Redirect("/set_password")
} else {
request.Redirect(target)
}
log.Printf("Done Check Password")
}