func getChannel(c *api.Context, w http.ResponseWriter, r *http.Request) {
params := mux.Vars(r)
name := params["channelname"]
teamName := params["team"]
team := checkSessionSwitch(c, w, r, teamName)
if team == nil {
// Error already set by getTeam
return
}
var channel *model.Channel
if result := <-api.Srv.Store.Channel().CheckPermissionsToByName(c.Session.TeamId, name, c.Session.UserId); result.Err != nil {
c.Err = result.Err
return
} else {
channelId := result.Data.(string)
if len(channelId) == 0 {
if channel = autoJoinChannelName(c, w, r, name); channel == nil {
http.Redirect(w, r, c.GetTeamURL()+"/channels/town-square", http.StatusFound)
return
}
} else {
if result := <-api.Srv.Store.Channel().Get(channelId); result.Err != nil {
c.Err = result.Err
return
} else {
channel = result.Data.(*model.Channel)
}
}
}
doLoadChannel(c, w, r, team, channel, "")
}
func login(c *api.Context, w http.ResponseWriter, r *http.Request) {
if !CheckBrowserCompatability(c, r) {
return
}
params := mux.Vars(r)
teamName := params["team"]
var team *model.Team
if tResult := <-api.Srv.Store.Team().GetByName(teamName); tResult.Err != nil {
l4g.Error("Couldn't find team name=%v, teamURL=%v, err=%v", teamName, c.GetTeamURL(), tResult.Err.Message)
// This should probably do somthing nicer
http.Redirect(w, r, "http://"+r.Host, http.StatusTemporaryRedirect)
return
} else {
team = tResult.Data.(*model.Team)
}
// If we are already logged into this team then go to home
if len(c.Session.UserId) != 0 && c.Session.TeamId == team.Id {
page := NewHtmlTemplatePage("home", "Home")
page.Props["TeamURL"] = c.GetTeamURL()
page.Render(c, w)
return
}
page := NewHtmlTemplatePage("login", "Login")
page.Props["TeamDisplayName"] = team.DisplayName
page.Props["TeamName"] = teamName
page.Props["AuthServices"] = model.ArrayToJson(utils.GetAllowedAuthServices())
page.Render(c, w)
}
func login(c *api.Context, w http.ResponseWriter, r *http.Request) {
if !CheckBrowserCompatability(c, r) {
return
}
params := mux.Vars(r)
teamName := params["team"]
var team *model.Team
if tResult := <-api.Srv.Store.Team().GetByName(teamName); tResult.Err != nil {
l4g.Error("Couldn't find team name=%v, teamURL=%v, err=%v", teamName, c.GetTeamURL(), tResult.Err.Message)
http.Redirect(w, r, api.GetProtocol(r)+"://"+r.Host, http.StatusTemporaryRedirect)
return
} else {
team = tResult.Data.(*model.Team)
}
// If we are already logged into this team then go to home
if len(c.Session.UserId) != 0 && c.Session.TeamId == team.Id {
page := NewHtmlTemplatePage("home", "Home")
page.Props["TeamURL"] = c.GetTeamURL()
page.Render(c, w)
return
}
// We still might be able to switch to this team because we've logged in before
if multiCookie, err := r.Cookie(model.MULTI_SESSION_TOKEN); err == nil {
multiToken := multiCookie.Value
if len(multiToken) > 0 {
tokens := strings.Split(multiToken, " ")
for _, token := range tokens {
if sr := <-api.Srv.Store.Session().Get(token); sr.Err == nil {
s := sr.Data.(*model.Session)
if !s.IsExpired() && s.TeamId == team.Id {
w.Header().Set(model.HEADER_TOKEN, s.Token)
sessionCookie := &http.Cookie{
Name: model.SESSION_TOKEN,
Value: s.Token,
Path: "/",
MaxAge: model.SESSION_TIME_WEB_IN_SECS,
HttpOnly: true,
}
http.SetCookie(w, sessionCookie)
http.Redirect(w, r, c.GetSiteURL()+"/"+team.Name+"/channels/town-square", http.StatusTemporaryRedirect)
return
}
}
}
}
}
page := NewHtmlTemplatePage("login", "Login")
page.Props["TeamDisplayName"] = team.DisplayName
page.Props["TeamName"] = team.Name
page.Render(c, w)
}
func root(c *api.Context, w http.ResponseWriter, r *http.Request) {
if !CheckBrowserCompatability(c, r) {
return
}
if len(c.Session.UserId) == 0 {
page := NewHtmlTemplatePage("signup_team", "Signup")
page.Render(c, w)
} else {
page := NewHtmlTemplatePage("home", "Home")
page.Props["TeamURL"] = c.GetTeamURL()
page.Render(c, w)
}
}
func postPermalink(c *api.Context, w http.ResponseWriter, r *http.Request) {
params := mux.Vars(r)
teamName := params["team"]
postId := params["postid"]
if len(postId) != 26 {
c.Err = model.NewAppError("postPermalink", "Invalid Post ID", "id="+postId)
return
}
team := checkSessionSwitch(c, w, r, teamName)
if team == nil {
// Error already set by getTeam
return
}
var post *model.Post
if result := <-api.Srv.Store.Post().Get(postId); result.Err != nil {
c.Err = result.Err
return
} else {
postlist := result.Data.(*model.PostList)
post = postlist.Posts[postlist.Order[0]]
}
var channel *model.Channel
if result := <-api.Srv.Store.Channel().CheckPermissionsTo(c.Session.TeamId, post.ChannelId, c.Session.UserId); result.Err != nil {
c.Err = result.Err
return
} else {
if result.Data.(int64) == 0 {
if channel = autoJoinChannelId(c, w, r, post.ChannelId); channel == nil {
http.Redirect(w, r, c.GetTeamURL()+"/channels/town-square", http.StatusFound)
return
}
} else {
if result := <-api.Srv.Store.Channel().Get(post.ChannelId); result.Err != nil {
c.Err = result.Err
return
} else {
channel = result.Data.(*model.Channel)
}
}
}
doLoadChannel(c, w, r, team, channel, post.Id)
}
func joinOpenChannel(c *api.Context, w http.ResponseWriter, r *http.Request, channel store.StoreChannel) *model.Channel {
if cr := <-channel; cr.Err != nil {
http.Redirect(w, r, c.GetTeamURL()+"/channels/town-square", http.StatusFound)
return nil
} else {
channel := cr.Data.(*model.Channel)
if channel.Type == model.CHANNEL_OPEN {
api.JoinChannel(c, channel.Id, "")
if c.Err != nil {
return nil
}
} else {
http.Redirect(w, r, c.GetTeamURL()+"/channels/town-square", http.StatusFound)
return nil
}
return channel
}
}
func getChannel(c *api.Context, w http.ResponseWriter, r *http.Request) {
params := mux.Vars(r)
name := params["channelname"]
var channelId string
if result := <-api.Srv.Store.Channel().CheckPermissionsToByName(c.Session.TeamId, name, c.Session.UserId); result.Err != nil {
c.Err = result.Err
return
} else {
channelId = result.Data.(string)
}
if len(channelId) == 0 {
if strings.Index(name, "__") > 0 {
// It's a direct message channel that doesn't exist yet so let's create it
ids := strings.Split(name, "__")
otherUserId := ""
if ids[0] == c.Session.UserId {
otherUserId = ids[1]
} else {
otherUserId = ids[0]
}
if sc, err := api.CreateDirectChannel(c, otherUserId); err != nil {
api.Handle404(w, r)
return
} else {
channelId = sc.Id
}
} else {
// lets make sure the user is valid
if result := <-api.Srv.Store.User().Get(c.Session.UserId); result.Err != nil {
c.Err = result.Err
c.RemoveSessionCookie(w)
l4g.Error("Error in getting users profile for id=%v forcing logout", c.Session.UserId)
return
}
//api.Handle404(w, r)
//Bad channel urls just redirect to the town-square for now
http.Redirect(w, r, c.GetTeamURL()+"/channels/town-square", http.StatusFound)
return
}
}
var team *model.Team
if tResult := <-api.Srv.Store.Team().Get(c.Session.TeamId); tResult.Err != nil {
c.Err = tResult.Err
return
} else {
team = tResult.Data.(*model.Team)
}
page := NewHtmlTemplatePage("channel", "")
page.Title = name + " - " + team.DisplayName + " " + page.SiteName
page.Props["TeamDisplayName"] = team.DisplayName
page.Props["TeamType"] = team.Type
page.Props["TeamId"] = team.Id
page.Props["ChannelName"] = name
page.Props["ChannelId"] = channelId
page.Props["UserId"] = c.Session.UserId
page.Render(c, w)
}
func logout(c *api.Context, w http.ResponseWriter, r *http.Request) {
api.Logout(c, w, r)
http.Redirect(w, r, c.GetTeamURL(), http.StatusFound)
}
func getChannel(c *api.Context, w http.ResponseWriter, r *http.Request) {
params := mux.Vars(r)
name := params["channelname"]
teamName := params["team"]
var team *model.Team
teamChan := api.Srv.Store.Team().Get(c.Session.TeamId)
var channelId string
if result := <-api.Srv.Store.Channel().CheckPermissionsToByName(c.Session.TeamId, name, c.Session.UserId); result.Err != nil {
c.Err = result.Err
return
} else {
channelId = result.Data.(string)
}
if tResult := <-teamChan; tResult.Err != nil {
c.Err = tResult.Err
return
} else {
team = tResult.Data.(*model.Team)
}
if team.Name != teamName {
l4g.Error("It appears you are logged into " + team.Name + ", but are trying to access " + teamName)
http.Redirect(w, r, c.GetSiteURL()+"/"+team.Name+"/channels/town-square", http.StatusFound)
return
}
if len(channelId) == 0 {
if strings.Index(name, "__") > 0 {
// It's a direct message channel that doesn't exist yet so let's create it
ids := strings.Split(name, "__")
otherUserId := ""
if ids[0] == c.Session.UserId {
otherUserId = ids[1]
} else {
otherUserId = ids[0]
}
if sc, err := api.CreateDirectChannel(c, otherUserId); err != nil {
api.Handle404(w, r)
return
} else {
channelId = sc.Id
}
} else {
// lets make sure the user is valid
if result := <-api.Srv.Store.User().Get(c.Session.UserId); result.Err != nil {
c.Err = result.Err
c.RemoveSessionCookie(w, r)
l4g.Error("Error in getting users profile for id=%v forcing logout", c.Session.UserId)
return
}
// We will attempt to auto-join open channels
if cr := <-api.Srv.Store.Channel().GetByName(c.Session.TeamId, name); cr.Err != nil {
http.Redirect(w, r, c.GetTeamURL()+"/channels/town-square", http.StatusFound)
} else {
channel := cr.Data.(*model.Channel)
if channel.Type == model.CHANNEL_OPEN {
api.JoinChannel(c, channel.Id, "")
if c.Err != nil {
return
}
channelId = channel.Id
} else {
http.Redirect(w, r, c.GetTeamURL()+"/channels/town-square", http.StatusFound)
}
}
}
}
page := NewHtmlTemplatePage("channel", "")
page.Props["Title"] = name + " - " + team.DisplayName + " " + page.ClientProps["SiteName"]
page.Props["TeamDisplayName"] = team.DisplayName
page.Props["TeamName"] = team.Name
page.Props["TeamType"] = team.Type
page.Props["TeamId"] = team.Id
page.Props["ChannelName"] = name
page.Props["ChannelId"] = channelId
page.Props["UserId"] = c.Session.UserId
page.Render(c, w)
}
func getChannel(c *api.Context, w http.ResponseWriter, r *http.Request) {
params := mux.Vars(r)
name := params["channelname"]
teamName := params["team"]
var team *model.Team
if result := <-api.Srv.Store.Team().GetByName(teamName); result.Err != nil {
c.Err = result.Err
return
} else {
team = result.Data.(*model.Team)
}
// We are logged into a different team. Lets see if we have another
// session in the cookie that will give us access.
if c.Session.TeamId != team.Id {
index, session := api.FindMultiSessionForTeamId(r, team.Id)
if session == nil {
// redirect to login
http.Redirect(w, r, c.GetSiteURL()+"/"+team.Name+"/?redirect="+url.QueryEscape(r.URL.Path), http.StatusTemporaryRedirect)
} else {
c.Session = *session
c.SessionTokenIndex = index
}
}
userChan := api.Srv.Store.User().Get(c.Session.UserId)
var channelId string
if result := <-api.Srv.Store.Channel().CheckPermissionsToByName(c.Session.TeamId, name, c.Session.UserId); result.Err != nil {
c.Err = result.Err
return
} else {
channelId = result.Data.(string)
}
var user *model.User
if ur := <-userChan; ur.Err != nil {
c.Err = ur.Err
c.RemoveSessionCookie(w, r)
l4g.Error("Error in getting users profile for id=%v forcing logout", c.Session.UserId)
return
} else {
user = ur.Data.(*model.User)
}
if len(channelId) == 0 {
if strings.Index(name, "__") > 0 {
// It's a direct message channel that doesn't exist yet so let's create it
ids := strings.Split(name, "__")
otherUserId := ""
if ids[0] == c.Session.UserId {
otherUserId = ids[1]
} else {
otherUserId = ids[0]
}
if sc, err := api.CreateDirectChannel(c, otherUserId); err != nil {
api.Handle404(w, r)
return
} else {
channelId = sc.Id
}
} else {
// We will attempt to auto-join open channels
if cr := <-api.Srv.Store.Channel().GetByName(c.Session.TeamId, name); cr.Err != nil {
http.Redirect(w, r, c.GetTeamURL()+"/channels/town-square", http.StatusFound)
} else {
channel := cr.Data.(*model.Channel)
if channel.Type == model.CHANNEL_OPEN {
api.JoinChannel(c, channel.Id, "")
if c.Err != nil {
return
}
channelId = channel.Id
} else {
http.Redirect(w, r, c.GetTeamURL()+"/channels/town-square", http.StatusFound)
}
}
}
}
page := NewHtmlTemplatePage("channel", "")
page.Props["Title"] = name + " - " + team.DisplayName + " " + page.ClientCfg["SiteName"]
page.Props["TeamDisplayName"] = team.DisplayName
page.Props["TeamName"] = team.Name
page.Props["TeamType"] = team.Type
page.Props["TeamId"] = team.Id
page.Props["ChannelName"] = name
page.Props["ChannelId"] = channelId
page.Props["UserId"] = c.Session.UserId
page.Team = team
page.User = user
page.Render(c, w)
}
func verifyEmail(c *api.Context, w http.ResponseWriter, r *http.Request) {
resend := r.URL.Query().Get("resend")
name := r.URL.Query().Get("name")
email := r.URL.Query().Get("email")
hashedId := r.URL.Query().Get("hid")
userId := r.URL.Query().Get("uid")
if resend == "true" {
teamId := ""
if result := <-api.Srv.Store.Team().GetByName(name); result.Err != nil {
c.Err = result.Err
return
} else {
teamId = result.Data.(*model.Team).Id
}
if result := <-api.Srv.Store.User().GetByEmail(teamId, email); result.Err != nil {
c.Err = result.Err
return
} else {
user := result.Data.(*model.User)
api.FireAndForgetVerifyEmail(user.Id, strings.Split(user.Nickname, " ")[0], user.Email, name, c.GetTeamURL())
http.Redirect(w, r, "/", http.StatusFound)
return
}
}
var isVerified string
if len(userId) != 26 {
isVerified = "false"
} else if len(hashedId) == 0 {
isVerified = "false"
} else if model.ComparePassword(hashedId, userId) {
isVerified = "true"
if c.Err = (<-api.Srv.Store.User().VerifyEmail(userId)).Err; c.Err != nil {
return
} else {
c.LogAudit("")
}
} else {
isVerified = "false"
}
page := NewHtmlTemplatePage("verify", "Email Verified")
page.Props["IsVerified"] = isVerified
page.Render(c, w)
}