Пример #1
0
func (h *Handler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
	r.ParseForm()
	session := common.GetUserSession(r)
	sortBy := r.Form.Get("sort")
	id, _ := strconv.ParseInt(r.Form.Get("id"), 10, 64)
	entries, err := vsafedb.Entries(h.Store, session.Key().Id, r.Form.Get("q"))
	if err != nil {
		http_util.ReportError(w, "Error reading database", err)
		return
	}
	switch sortBy {
	case "newest":
		vsafedb.Reverse(entries)
	default:
		vsafedb.SortByTitle(entries)
	}
	http_util.WriteTemplate(
		w,
		kTemplate,
		&view{
			Values:  http_util.Values{r.Form},
			Name:    session.User.Name,
			Entries: entries,
			Url:     r.URL,
			Id:      id})
}
Пример #2
0
func goBack(w http.ResponseWriter, r *http.Request, id int64) {
	var u *url.URL
	u, err := url.Parse(r.Form.Get("prev"))
	if err != nil {
		http_util.ReportError(w, "Error parsing prev url", err)
		return
	}
	http_util.Redirect(w, r, withId(u, id).String())
}
Пример #3
0
func (h *Handler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
	if r.Method == "GET" {
		http_util.WriteTemplate(w, kTemplate, nil)
	} else {
		r.ParseForm()
		userName := r.Form.Get("name")
		password := r.Form.Get("password")
		var user vsafe.User
		err := h.Store.UserByName(nil, userName, &user)
		if err == vsafedb.ErrNoSuchId {
			http_util.WriteTemplate(w, kTemplate, "Login incorrect.")
			return
		}
		if err != nil {
			http_util.ReportError(w, "Database error", err)
			return
		}
		key, err := user.VerifyPassword(password)
		if err == vsafe.ErrWrongPassword {
			http_util.WriteTemplate(w, kTemplate, "Login incorrect.")
			return
		}
		if err != nil {
			http_util.ReportError(w, "Error verifying password", err)
			return
		}
		gs, err := common.NewGorillaSession(h.SessionStore, r)
		if err != nil {
			http_util.ReportError(w, "Error creating session", err)
			return
		}
		session := common.CreateUserSession(gs)
		session.SetUserId(user.Id)
		session.SetKey(key)
		session.ID = "" // For added security, force a new session ID
		session.Save(r, w)
		http_util.Redirect(w, r, r.Form.Get("prev"))
	}
}
Пример #4
0
func (h *authHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
	user, _, err := authorizeSession(r, kSessionStore)
	if err == errNotLoggedIn {
		http_util.Redirect(
			w,
			r,
			http_util.NewUrl("/auth/login", "prev", r.URL.String()).String())
		return
	}
	if err != nil {
		http_util.ReportError(w, "Error reading database.", err)
		return
	}
	logging.SetUserName(r, user.Name)
	h.ServeMux.ServeHTTP(w, r)
}
Пример #5
0
func (h pollHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
	r.ParseForm()
	keyId, _ := strconv.ParseInt(r.Form.Get("kid"), 10, 64)
	user, key, err := authorizeSession(r, kPollingStore)
	if err == errNotLoggedIn {
		http_util.Error(w, 401)
		return
	}
	if err != nil {
		http_util.ReportError(w, "Error reading database.", err)
		return
	}
	logging.SetUserName(r, user.Name)
	if keyId != key.Id {
		http_util.Error(w, 401)
		return
	}
	http_util.Error(w, 200)
}
Пример #6
0
func (h *Handler) doGet(w http.ResponseWriter, r *http.Request, id int64) {
	session := common.GetUserSession(r)
	if isIdValid(id) {
		var entryWithEtag vsafe.EntryWithEtag
		err := vsafedb.EntryByIdWithEtag(
			h.Store, nil, id, session.Key(), &entryWithEtag)
		if err == vsafedb.ErrNoSuchId {
			fmt.Fprintln(w, "No entry found.")
			return
		}
		if err != nil {
			http_util.ReportError(w, "Error reading database.", err)
			return
		}
		http_util.WriteTemplate(
			w,
			kTemplate,
			newView(
				fromEntry(&entryWithEtag.Entry, entryWithEtag.Etag),
				true,
				session.Key().Id,
				common.NewXsrfToken(r, kSingle),
				nil))
	} else {
		initValues := make(url.Values)
		initValues.Set("url", "http://")
		// Because this page is always POST, the presence of etag signals that
		// we are editing an entry, not fetching for the first time.
		// The value of etag in this context does not matter since we are editing
		// a new entry.
		initValues.Set("etag", "new")
		http_util.WriteTemplate(
			w,
			kTemplate,
			newView(
				initValues,
				false,
				session.Key().Id,
				common.NewXsrfToken(r, kSingle),
				nil))
	}
}
Пример #7
0
func (h *Handler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
	session := common.GetUserSession(r)
	if r.Method == "GET" {
		http_util.WriteTemplate(
			w,
			kTemplate,
			&view{
				Name: session.User.Name,
				Xsrf: common.NewXsrfToken(r, kChPasswd)})
	} else {
		r.ParseForm()
		if !common.VerifyXsrfToken(r, kChPasswd) {
			http_util.WriteTemplate(
				w,
				kTemplate,
				&view{
					Name:    session.User.Name,
					Xsrf:    common.NewXsrfToken(r, kChPasswd),
					Message: common.ErrXsrf.Error()})
			return
		}
		old := r.Form.Get("old")
		new := r.Form.Get("new")
		verify := r.Form.Get("verify")
		if new != verify {
			http_util.WriteTemplate(
				w,
				kTemplate,
				&view{
					Name:    session.User.Name,
					Xsrf:    common.NewXsrfToken(r, kChPasswd),
					Message: "Password re-typed incorrectly."})
			return
		}
		if len(new) < kMinPasswordLength {
			http_util.WriteTemplate(
				w,
				kTemplate,
				&view{
					Name: session.User.Name,
					Xsrf: common.NewXsrfToken(r, kChPasswd),
					Message: fmt.Sprintf(
						"Password must be at least %d characters.",
						kMinPasswordLength)})
			return
		}
		err := h.Doer.Do(func(t db.Transaction) error {
			user, err := vsafedb.ChangePassword(
				h.Store, t, session.User.Id, old, new)
			if err != nil {
				return err
			}
			session.User = user
			return nil
		})
		if err == vsafe.ErrWrongPassword {
			http_util.WriteTemplate(
				w,
				kTemplate,
				&view{
					Name:    session.User.Name,
					Xsrf:    common.NewXsrfToken(r, kChPasswd),
					Message: "Old password wrong."})
			return
		}
		if err != nil {
			http_util.ReportError(w, "Error updating database", err)
			return
		}
		http_util.WriteTemplate(
			w,
			kTemplate,
			&view{
				Name:    session.User.Name,
				Message: "Password changed successfully.",
				Xsrf:    common.NewXsrfToken(r, kChPasswd),
				Success: true})
	}
}