Пример #1
0
func (h *Handler) doGet(w http.ResponseWriter, r *http.Request, id int64) {
	session := common.GetUserSession(r)
	if isIdValid(id) {
		var entryWithEtag vsafe.EntryWithEtag
		err := vsafedb.EntryByIdWithEtag(
			h.Store, nil, id, session.Key(), &entryWithEtag)
		if err == vsafedb.ErrNoSuchId {
			fmt.Fprintln(w, "No entry found.")
			return
		}
		if err != nil {
			http_util.ReportError(w, "Error reading database.", err)
			return
		}
		http_util.WriteTemplate(
			w,
			kTemplate,
			newView(
				fromEntry(&entryWithEtag.Entry, entryWithEtag.Etag),
				true,
				session.Key().Id,
				common.NewXsrfToken(r, kSingle),
				nil))
	} else {
		initValues := make(url.Values)
		initValues.Set("url", "http://")
		// Because this page is always POST, the presence of etag signals that
		// we are editing an entry, not fetching for the first time.
		// The value of etag in this context does not matter since we are editing
		// a new entry.
		initValues.Set("etag", "new")
		http_util.WriteTemplate(
			w,
			kTemplate,
			newView(
				initValues,
				false,
				session.Key().Id,
				common.NewXsrfToken(r, kSingle),
				nil))
	}
}
Пример #2
0
func (h *Handler) doPost(w http.ResponseWriter, r *http.Request, id int64) {
	var err error
	session := common.GetUserSession(r)
	if !common.VerifyXsrfToken(r, kSingle) {
		err = common.ErrXsrf
	} else if http_util.HasParam(r.Form, "delete") {
		if isIdValid(id) {
			err = h.Store.RemoveEntry(nil, id, session.User.GetOwner())
		}
	} else if http_util.HasParam(r.Form, "cancel") {
		// Do nothing
	} else {
		var mutation functional.Filterer
		mutation, err = toEntry(r.Form)
		if err == nil {
			if isIdValid(id) {
				tag, _ := strconv.ParseUint(r.Form.Get("etag"), 10, 64)
				err = h.Doer.Do(func(t db.Transaction) error {
					return vsafedb.UpdateEntryWithEtag(
						h.Store, t, id, tag, session.Key(), mutation)
				})
			} else {
				var newId int64
				var entry vsafe.Entry
				mutation.Filter(&entry)
				newId, err = vsafedb.AddEntry(h.Store, nil, session.Key(), &entry)
				if err == nil {
					id = newId
				}
			}
		}
	}
	if err == vsafedb.ErrConcurrentModification {
		err = errors.New("Someone else updated this entry after you started. Click cancel and try again.")
	}
	if err != nil {
		http_util.WriteTemplate(
			w,
			kTemplate,
			newView(
				r.Form,
				isIdValid(id),
				session.Key().Id,
				common.NewXsrfToken(r, kSingle),
				err))
	} else {
		goBack(w, r, id)
	}
}
Пример #3
0
func (h *Handler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
	session := common.GetUserSession(r)
	if r.Method == "GET" {
		http_util.WriteTemplate(
			w,
			kTemplate,
			&view{
				Name: session.User.Name,
				Xsrf: common.NewXsrfToken(r, kChPasswd)})
	} else {
		r.ParseForm()
		if !common.VerifyXsrfToken(r, kChPasswd) {
			http_util.WriteTemplate(
				w,
				kTemplate,
				&view{
					Name:    session.User.Name,
					Xsrf:    common.NewXsrfToken(r, kChPasswd),
					Message: common.ErrXsrf.Error()})
			return
		}
		old := r.Form.Get("old")
		new := r.Form.Get("new")
		verify := r.Form.Get("verify")
		if new != verify {
			http_util.WriteTemplate(
				w,
				kTemplate,
				&view{
					Name:    session.User.Name,
					Xsrf:    common.NewXsrfToken(r, kChPasswd),
					Message: "Password re-typed incorrectly."})
			return
		}
		if len(new) < kMinPasswordLength {
			http_util.WriteTemplate(
				w,
				kTemplate,
				&view{
					Name: session.User.Name,
					Xsrf: common.NewXsrfToken(r, kChPasswd),
					Message: fmt.Sprintf(
						"Password must be at least %d characters.",
						kMinPasswordLength)})
			return
		}
		err := h.Doer.Do(func(t db.Transaction) error {
			user, err := vsafedb.ChangePassword(
				h.Store, t, session.User.Id, old, new)
			if err != nil {
				return err
			}
			session.User = user
			return nil
		})
		if err == vsafe.ErrWrongPassword {
			http_util.WriteTemplate(
				w,
				kTemplate,
				&view{
					Name:    session.User.Name,
					Xsrf:    common.NewXsrfToken(r, kChPasswd),
					Message: "Old password wrong."})
			return
		}
		if err != nil {
			http_util.ReportError(w, "Error updating database", err)
			return
		}
		http_util.WriteTemplate(
			w,
			kTemplate,
			&view{
				Name:    session.User.Name,
				Message: "Password changed successfully.",
				Xsrf:    common.NewXsrfToken(r, kChPasswd),
				Success: true})
	}
}