func SignupActionHandler(w http.ResponseWriter, r *http.Request, _ httprouter.Params) { session, validAuth, httperr := auth.CheckSession(r) if !validAuth || !auth.ValidCSRF(r, session, false) || httperr != nil { http.Redirect(w, r, paths.SignupPath, http.StatusUnauthorized) return } ss := auth.GetSetSession(w, r, session) if ss == nil { views.RenderTemplate(w, r, reload.ErrorPage, http.StatusInternalServerError, database.ErrInternalServerError) return } reg := &Signup{ First: r.PostFormValue("_fname"), Last: r.PostFormValue("_lname"), Email: r.PostFormValue("_email"), School: r.PostFormValue("_school"), State: r.PostFormValue("_state"), } if err := reg.validate(); err != nil { views.RenderTemplate(w, r, reload.Signup, http.StatusOK, &SignupData{ ss.CSRFToken, err.Error(), }) return } reg.Store() http.Redirect(w, r, paths.ThankYouPath, http.StatusFound) }
// LoginViewHandler handles GET requests to "/login/" func LoginViewHandler(w http.ResponseWriter, r *http.Request, _ httprouter.Params) { // Specific headers for our login page. w.Header().Set("pragma", "no-cache") w.Header().Set("cache-control", "no-cache, no-store") w.Header().Set("expires", "Mon, 01-Jan-1990 00:00:00 GMT") session, validAuth, httperr := auth.CheckSession(r) if httperr != nil { views.RenderTemplate(w, r, reload.ErrorPage, http.StatusInternalServerError, httperr) } // If the user is logged in then just redirect to the dashboard. // This is why the logic may look a little backwards. if validAuth { http.Redirect(w, r, paths.DashboardPath, http.StatusFound) return } ss := auth.GetSetSession(w, r, session) if ss == nil { views.RenderTemplate(w, r, reload.ErrorPage, http.StatusInternalServerError, database.ErrInternalServerError) return } views.RenderTemplate(w, r, reload.Login, http.StatusOK, &dt.LoginData{r.Host, ss.CSRFToken, "", ""}) }
func SignupViewHandler(w http.ResponseWriter, r *http.Request, _ httprouter.Params) { session, _, httperr := auth.CheckSession(r) if httperr != nil { views.RenderTemplate(w, r, reload.ErrorPage, http.StatusInternalServerError, httperr) } ss := auth.GetSetSession(w, r, session) if ss == nil { views.RenderTemplate(w, r, reload.ErrorPage, http.StatusInternalServerError, database.ErrInternalServerError) return } views.RenderTemplate(w, r, reload.Signup, http.StatusOK, &SignupData{ss.CSRFToken, ""}) }
// LogoutActionHandler handles POST requests to "/logout/" func LogoutActionHandler(w http.ResponseWriter, r *http.Request, _ httprouter.Params) { session, validAuth, httperr := auth.CheckSession(r) if httperr != nil { views.RenderTemplate(w, r, reload.ErrorPage, httperr.Status, httperr) return } if !validAuth || !auth.ValidCSRF(r, session, false) { http.Redirect(w, r, paths.LoginPath, http.StatusFound) return } if !auth.DestroySession(w, r) { glog.Errorln(auth.ErrUnableToLogOut) views.RenderTemplate(w, r, reload.ErrorPage, http.StatusInternalServerError, auth.ErrUnableToLogOut) return } http.Redirect(w, r, paths.IndexPath, http.StatusFound) }