func ReviewUpdatePost(c *gin.Context) {
session := sessions.Default(c)
db := models.GetDB()
c.Request.ParseMultipartForm(32 << 20)
review := &models.Review{}
if err := c.Bind(review); err == nil {
if mpartFile, mpartHeader, err := c.Request.FormFile("image"); err == nil {
defer mpartFile.Close()
review.Image, err = saveFile(mpartHeader, mpartFile)
if err != nil {
c.HTML(500, "errors/500", helpers.ErrorData(err))
return
}
}
if err := db.Model(&models.Review{}).Updates(review).Error; err != nil {
session.AddFlash(err.Error())
session.Save()
c.Redirect(303, c.Request.RequestURI)
return
}
session.AddFlash("Отзыв был успешно сохранен")
} else {
log.Println(err)
session.AddFlash("Ошибка! Внимательно проверьте заполнение всех полей")
}
session.Save()
c.Redirect(303, "/reviews")
}
//ReviewUpdate handles /edit_review?token=:secure_token route
func ReviewUpdateGet(c *gin.Context) {
session := sessions.Default(c)
flashes := session.Flashes()
session.Save()
db := models.GetDB()
id := getIDFromToken(c.Request.FormValue("token"))
review := &models.Review{}
db.First(review, id)
if review.ID == 0 || review.Published {
err := fmt.Errorf("Отзыв не найден или уже был опубликован и не подлежит редактированию")
c.HTML(404, "errors/404", helpers.ErrorData(err))
return
}
var articles []models.Article
db.Where("published = ?", true).Find(&articles)
review.Published = true //set default to true
c.HTML(200, "reviews/form", gin.H{
"Title": "Редактировать отзыв",
"Articles": articles,
"Active": "reviews",
"Review": review,
"SecureEdit": true,
"Flash": flashes,
})
}
func CurrentUserUuid(c *gin.Context) string {
sess := sessions.Default(c)
if sess.Get("uuid") == nil {
return ""
}
return sess.Get("uuid").(string)
}
func ReviewAdminUpdatePost(c *gin.Context) {
session := sessions.Default(c)
db := models.GetDB()
c.Request.ParseMultipartForm(32 << 20)
review := &models.Review{}
if c.Bind(review) == nil {
review.ArticleID = helpers.Atouintr(c.Request.FormValue("article_id"))
if mpartFile, mpartHeader, err := c.Request.FormFile("image"); err == nil {
defer mpartFile.Close()
review.Image, err = saveFile(mpartHeader, mpartFile)
if err != nil {
c.HTML(500, "errors/500", helpers.ErrorData(err))
return
}
}
if err := db.Model(&models.Review{}).Updates(review).Error; err != nil {
session.AddFlash(err.Error())
session.Save()
c.Redirect(303, c.Request.RequestURI)
return
}
c.Redirect(303, "/admin/reviews")
} else {
session.AddFlash("Ошибка! Проверьте внимательно заполнение всех полей!")
session.Save()
c.Redirect(303, c.Request.RequestURI)
}
}
func SignUpPost(c *gin.Context) {
session := sessions.Default(c)
db := models.GetDB()
register := &models.Register{}
if c.Bind(register) == nil {
user := &models.User{}
db.Where("lower(email) = lower(?)", register.Email).First(user)
if user.ID != 0 {
session.AddFlash("Пользователь с таким эл. адресом уже существует")
session.Save()
c.Redirect(303, "/signup")
return
}
//create user
user.Email = register.Email
user.Password = register.Password
if err := db.Create(user).Error; err != nil {
session.AddFlash("Ошибка регистрации пользователя")
session.Save()
log.Printf("ERROR: ошибка регистрации пользователя: %v", err)
c.Redirect(303, "/signup")
return
}
session.Set("user_id", user.ID)
session.Save()
c.Redirect(303, "/")
}
}
// UserMiddleware gets the current user object from the database that
// matches userID from the session, it then sets it on the gin context.
// This allows the user to be used throughout the application without
// needing to query it again each time it is needed.
func UserMiddleware() gin.HandlerFunc {
return func(c *gin.Context) {
var userID uint
session := sessions.Default(c)
// grab userID from session
v := session.Get("userID")
if v == nil {
userID = 0
} else {
userID = v.(uint)
}
// a valid userID starts at 1, 0 is an unauthenticated user
if userID > 0 {
var user User
db.DB.Where("id = ?", userID).First(&user)
c.Set("user", &user)
} else {
c.Set("user", nil)
}
c.Next()
}
}
// Login is a page with a login form and an alternative to the login API,
// this route handles both GET and POST requests.
func Login(c *gin.Context) {
session := sessions.Default(c)
defer session.Save()
// returnURL can come from GET or POST or use default.
returnURL := c.DefaultQuery("return_url", c.DefaultPostForm("return_url", "/"))
if c.Request.Method == "POST" {
var schema LoginSchema
if c.Bind(&schema) == nil {
// Fetch the user matching this username.
user := GetUserByUsername(schema.Username)
// If the user exists, the ID is > 0, check the password.
if user.ID > 0 && user.CheckPassword(schema.Password) {
session.Set("userID", user.ID)
c.Redirect(http.StatusFound, returnURL)
return
}
session.AddFlash("Invalid username or password")
}
}
c.HTML(200, "login.html", pongo2.Context{
"title": "Login",
"messages": session.Flashes(),
"csrf_token": nosurf.Token(c.Request),
"return_url": returnURL,
})
}
func LoginPostHandler(c *gin.Context) {
redirect := c.DefaultQuery(auth.RedirectParam, "/")
a := auth.Default(c)
if a.User.IsAuthenticated() {
c.Redirect(http.StatusMovedPermanently, redirect)
return
}
loginURL := fmt.Sprintf("/login?%s=%s", auth.RedirectParam, redirect)
var form LoginForm
if c.Bind(&form) == nil {
model := models.Default(c)
u := model.GetUserByNicknamePwd(form.Nickname, form.Password)
if u != nil {
session := sessions.Default(c)
err := auth.AuthenticateSession(session, u)
if err != nil {
c.JSON(http.StatusBadRequest, err)
}
c.Redirect(http.StatusMovedPermanently, redirect)
return
} else {
c.Redirect(http.StatusMovedPermanently, loginURL)
return
}
} else {
c.Redirect(http.StatusMovedPermanently, loginURL)
return
}
}
func (h *FrontendHandlers) PostLogin(c *gin.Context) {
data := &LoginData{
Username: c.PostForm("username"),
Password: c.PostForm("password"),
}
if v := validateLogin(data); v.HasError() {
data.Validate = v.Messages()
h.render.HTML(c.Writer, 200, "login", data)
return
}
info, err := h.loginService.Login(data.Username, data.Password)
if err != nil {
data.Error = err.Error()
h.render.HTML(c.Writer, 200, "login", data)
return
}
session := sessions.Default(c)
session.Set("user_id", info.Id)
session.Save()
c.Redirect(302, "/")
}
//CommentCreatePost handles /new_comment route
func CommentCreatePost(c *gin.Context) {
session := sessions.Default(c)
db := models.GetDB()
comment := &models.Comment{}
if c.Bind(comment) == nil {
//simple captcha check
captcha, err := base64.StdEncoding.DecodeString(comment.Captcha)
if err != nil {
c.HTML(500, "errors/500", helpers.ErrorData(err))
return
}
if string(captcha) != "100.00" {
c.HTML(400, "errors/400", nil)
return
}
comment.Published = false //leave unpublished
if err := db.Create(comment).Error; err != nil {
c.HTML(400, "errors/400", helpers.ErrorData(err))
return
}
notifyAdminOfComment(comment)
session.AddFlash("Спасибо! Ваш вопрос будет опубликован после проверки.")
session.Save()
c.Redirect(303, fmt.Sprintf("/articles/%d#comments", comment.ArticleID))
} else {
session.AddFlash("Ошибка! Внимательно проверьте заполнение всех полей!")
session.Save()
c.Redirect(303, "/")
}
}
func (self *SessionController) SignOut(c *gin.Context) {
session := sessions.Default(c)
session.Delete("token")
session.Save()
c.Redirect(http.StatusSeeOther, "/")
}
func (h *FrontendHandlers) Logout(c *gin.Context) {
session := sessions.Default(c)
session.Clear()
session.Save()
c.Redirect(302, "/login")
}
func saveRememberMe(c *gin.Context) error {
session := sessions.Default(c)
loginUser := session.Get(authConf.Session.SessionKey)
RMSession := setRMSessionValue(c, authConf.Session.SessionKey, loginUser)
return saveRMSession(c, RMSession)
}
//SignInPost handles POST /signin route, authenticates user
func SignInPost(c *gin.Context) {
session := sessions.Default(c)
user := &models.User{}
if err := c.Bind(user); err != nil {
session.AddFlash("Please, fill out form correctly.")
session.Save()
c.Redirect(http.StatusFound, "/signin")
return
}
userDB, _ := models.GetUserByEmail(user.Email)
if userDB.ID == 0 {
logrus.Errorf("Login error, IP: %s, Email: %s", c.ClientIP(), user.Email)
session.AddFlash("Email or password incorrect")
session.Save()
c.Redirect(http.StatusFound, "/signin")
return
}
if err := bcrypt.CompareHashAndPassword([]byte(userDB.Password), []byte(user.Password)); err != nil {
logrus.Errorf("Login error, IP: %s, Email: %s", c.ClientIP(), user.Email)
session.AddFlash("Email or password incorrect")
session.Save()
c.Redirect(http.StatusFound, "/signin")
return
}
session.Set("UserID", userDB.ID)
session.Save()
c.Redirect(http.StatusFound, "/")
}
func RegisterPostHandler(c *gin.Context) {
redirect := c.DefaultQuery(auth.RedirectParam, "/")
a := auth.Default(c)
if a.User.IsAuthenticated() {
c.Redirect(http.StatusMovedPermanently, redirect)
return
}
registerURL := fmt.Sprintf("/register?%s=%s", auth.RedirectParam, redirect)
var form LoginForm
if c.Bind(&form) == nil {
model := models.Default(c)
u := model.AddUserWithNicknamePwd(form.Nickname, form.Password)
if u != nil {
session := sessions.Default(c)
err := auth.AuthenticateSession(session, u)
if err != nil {
c.JSON(http.StatusBadRequest, err)
}
c.Redirect(http.StatusMovedPermanently, redirect)
return
} else {
log.Print("Register user add error")
c.Redirect(http.StatusMovedPermanently, registerURL)
return
}
} else {
log.Print("Register form bind error")
c.Redirect(http.StatusMovedPermanently, registerURL)
return
}
}
func LogoutHandler(c *gin.Context) {
session := sessions.Default(c)
a := auth.Default(c)
auth.Logout(session, a.User)
c.Redirect(http.StatusMovedPermanently, "/")
}
//PageShow handles /pages/:id route
func PageShow(c *gin.Context) {
db := models.GetDB()
session := sessions.Default(c)
idslug := c.Param("idslug")
id := helpers.Atouint(strings.Split(idslug, "-")[0])
page := &models.Page{}
db.First(page, id)
if page.ID == 0 || !page.Published {
c.HTML(404, "errors/404", nil)
return
}
//redirect to canonical url
if c.Request.URL.Path != page.URL() {
c.Redirect(303, page.URL())
return
}
c.HTML(200, "pages/show", gin.H{
"Page": page,
"Title": page.Name,
"Active": page.URL(),
"MetaDescription": page.MetaDescription,
"MetaKeywords": page.MetaKeywords,
"Authenticated": (session.Get("user_id") != nil),
})
}
func (fc *FrontController) HomeCtr(c *gin.Context) {
page, err := strconv.Atoi(c.DefaultQuery("page", "1"))
if err != nil {
log.Fatal(err)
}
page -= 1
if page < 0 {
page = 0
}
prev_page := page
if prev_page < 1 {
prev_page = 1
}
next_page := page + 2
rpp := 20
offset := page * rpp
CKey := fmt.Sprintf("home-page-%d-rpp-%d", page, rpp)
var blogList string
val, ok := Cache.Get(CKey)
if val != nil && ok == true {
fmt.Println("Ok, we found cache, Cache Len: ", Cache.Len())
blogList = val.(string)
} else {
rows, err := DB.Query("Select aid, title from top_article where publish_status = 1 order by aid desc limit ? offset ? ", &rpp, &offset)
if err != nil {
log.Fatal(err)
}
defer rows.Close()
var (
aid int
title sql.NullString
)
for rows.Next() {
err := rows.Scan(&aid, &title)
if err != nil {
log.Fatal(err)
}
blogList += fmt.Sprintf(
"<li><a href=\"/view/%d\">%s</a></li>",
aid,
title.String,
)
}
err = rows.Err()
if err != nil {
log.Fatal(err)
}
Cache.Add(CKey, blogList)
}
session := sessions.Default(c)
username := session.Get("username")
c.HTML(http.StatusOK, "index.html", gin.H{
"bloglist": template.HTML(blogList),
"username": username,
"prev_page": prev_page,
"next_page": next_page,
})
}
func LoginHandler(ctx *gin.Context) {
state = randToken()
session := sessions.Default(ctx)
session.Set("state", state)
session.Save()
ctx.Writer.Write([]byte("<html><title>Golang Google</title> <body> <a href='" + GetLoginURL(state) + "'><button>Login with Google!</button> </a> </body></html>"))
}
func (ac *AdminController) SaveBlogEditCtr(c *gin.Context) {
session := sessions.Default(c)
username := session.Get("username")
if username == nil {
(&umsg{"You have no permission", "/"}).ShowMessage(c)
return
}
var BI EditBlogItem
c.BindWith(&BI, binding.Form)
if BI.Aid == "" {
(&umsg{"Can not find the blog been edit", "/"}).ShowMessage(c)
return
}
if BI.Title == "" {
(&umsg{"Title can not empty", "/"}).ShowMessage(c)
return
}
if BI.Content == "" {
(&umsg{"Content can not empty", "/"}).ShowMessage(c)
return
}
_, err := DB.Exec("update top_article set title=?, content=? where aid = ?", BI.Title, BI.Content, BI.Aid)
if err == nil {
Cache = lru.New(8192)
(&umsg{"Success", "/"}).ShowMessage(c)
} else {
(&umsg{"Failed to save blog", "/"}).ShowMessage(c)
}
}
func SignInPost(c *gin.Context) {
db := models.GetDB()
session := sessions.Default(c)
login := &models.Login{}
if c.Bind(login) == nil {
user := &models.User{}
db.Where("lower(email) = lower(?)", login.Email).First(user)
if user.ID == 0 {
log.Printf("ERROR: Login failed, IP: %s, Email: %s\n", c.ClientIP(), login.Email)
session.AddFlash("Эл. адрес или пароль указаны неверно")
session.Save()
c.Redirect(303, "/signin")
return
}
//create user
if err := user.ComparePassword(login.Password); err != nil {
log.Printf("ERROR: Login failed, IP: %s, Email: %s\n", c.ClientIP(), login.Email)
session.AddFlash("Эл. адрес или пароль указаны неверно")
session.Save()
c.Redirect(303, "/signin")
return
}
session.Set("user_id", user.ID)
session.Save()
c.Redirect(303, "/")
}
}
func (ac *AdminController) SaveBlogAddCtr(c *gin.Context) {
session := sessions.Default(c)
username := session.Get("username")
if username == nil {
(&umsg{"You have no permission", "/"}).ShowMessage(c)
return
}
var BI BlogItem
c.BindWith(&BI, binding.Form)
if BI.Title == "" {
(&umsg{"Title can not empty", "/"}).ShowMessage(c)
return
}
if BI.Content == "" {
(&umsg{"Content can not empty", "/"}).ShowMessage(c)
return
}
_, err := DB.Exec(
"insert into top_article (title, content, publish_time, publish_status) values (?, ?, ?, 1)",
BI.Title, BI.Content, time.Now().Format("2006-01-02 15:04:05"))
if err == nil {
Cache = lru.New(8192)
(&umsg{"Success", "/"}).ShowMessage(c)
} else {
(&umsg{"Failed to save blog", "/"}).ShowMessage(c)
}
}
func GetUser(c *gin.Context) User {
session := sessions.Default(c)
if obj := session.Get("user"); obj != nil {
return obj.(User)
}
return User{}
}
func LogoutHandler(c *gin.Context) {
sess := sessions.Default(c)
next := extractNextPath(c.Request.URL.Query().Get("next"))
sess.Delete("user_id")
sess.Delete("uuid")
sess.Save()
http.Redirect(c.Writer, c.Request, next, http.StatusFound)
}
// LogoutAPI is an API endoint using DELETE to end the current session.
func LogoutAPI(c *gin.Context) {
session := sessions.Default(c)
defer session.Save()
var userID uint // userID must be a uint, sets userID to 0
session.Set("userID", userID)
c.JSON(http.StatusOK, gin.H{"status": "OK"})
}
func (ac *AdminController) ListBlogCtr(c *gin.Context) {
page, err := strconv.Atoi(c.DefaultQuery("page", "1"))
if err != nil {
log.Fatal(err)
}
page -= 1
if page < 0 {
page = 0
}
prev_page := page
if prev_page < 1 {
prev_page = 1
}
next_page := page + 2
var blogList string
rpp := 20
offset := page * rpp
log.Println(rpp)
log.Println(offset)
rows, err := DB.Query("Select aid, title from top_article where publish_status = 1 order by aid desc limit ? offset ? ", &rpp, &offset)
if err != nil {
log.Fatal(err)
}
defer rows.Close()
var (
aid int
title sql.NullString
)
for rows.Next() {
err := rows.Scan(&aid, &title)
if err != nil {
log.Fatal(err)
}
blogList += fmt.Sprintf(
"<li><a href=\"/view/%d\">%s</a> [<a href=\"/admin/editblog/%d\">Edit</a>] [<a href=\"/admin/deleteblog/%d\">Delete</a>]</li>",
aid,
title.String,
aid,
aid,
)
}
err = rows.Err()
if err != nil {
log.Fatal(err)
}
session := sessions.Default(c)
username := session.Get("username")
c.HTML(http.StatusOK, "admin.list.blog.html", gin.H{
"bloglist": template.HTML(blogList),
"username": username,
"prev_page": prev_page,
"next_page": next_page,
})
}
func (fc *FrontController) HomeCtr(c *gin.Context) {
config := GetConfig()
db := GetDB(config)
defer db.Close()
page, err := strconv.Atoi(c.DefaultQuery("page", "1"))
if err != nil {
log.Fatal(err)
}
page -= 1
if page < 0 {
page = 0
}
prev_page := page
if prev_page < 1 {
prev_page = 1
}
next_page := page + 2
var blogList string
rpp := 20
offset := page * rpp
log.Println(rpp)
log.Println(offset)
rows, err := db.Query("Select aid, title from top_article where publish_status = 1 order by aid desc limit ? offset ? ", &rpp, &offset)
if err != nil {
log.Fatal(err)
}
defer rows.Close()
var (
aid int
title sql.NullString
)
for rows.Next() {
err := rows.Scan(&aid, &title)
if err != nil {
log.Fatal(err)
}
blogList += fmt.Sprintf(
"<li><a href=\"/view/%d\">%s</a></li>",
aid,
title.String,
)
}
err = rows.Err()
if err != nil {
log.Fatal(err)
}
session := sessions.Default(c)
username := session.Get("username")
c.HTML(http.StatusOK, "index.html", gin.H{
"bloglist": template.HTML(blogList),
"username": username,
"prev_page": prev_page,
"next_page": next_page,
})
}
//UserNew handles GET /admin/new_user route
func UserNew(c *gin.Context) {
h := helpers.DefaultH(c)
h["Title"] = "New user"
h["Active"] = "users"
session := sessions.Default(c)
h["Flash"] = session.Flashes()
session.Save()
c.HTML(http.StatusOK, "users/form", h)
}
func (ac *AdminController) AddBlogCtr(c *gin.Context) {
session := sessions.Default(c)
username := session.Get("username")
if username == nil {
(&umsg{"You have no permission", "/"}).ShowMessage(c)
return
}
c.HTML(http.StatusOK, "add-blog.html", gin.H{})
}
//SignUpGet handles GET /signup route
func SignUpGet(c *gin.Context) {
h := helpers.DefaultH(c)
h["Title"] = "Basic GIN web-site signup form"
h["Active"] = "signup"
session := sessions.Default(c)
h["Flash"] = session.Flashes()
session.Save()
c.HTML(http.StatusOK, "auth/signup", h)
}