func SignupActionHandler(w http.ResponseWriter, r *http.Request, _ httprouter.Params) { session, validAuth, httperr := auth.CheckSession(r) if !validAuth || !auth.ValidCSRF(r, session, false) || httperr != nil { http.Redirect(w, r, paths.SignupPath, http.StatusUnauthorized) return } ss := auth.GetSetSession(w, r, session) if ss == nil { views.RenderTemplate(w, r, reload.ErrorPage, http.StatusInternalServerError, database.ErrInternalServerError) return } reg := &Signup{ First: r.PostFormValue("_fname"), Last: r.PostFormValue("_lname"), Email: r.PostFormValue("_email"), School: r.PostFormValue("_school"), State: r.PostFormValue("_state"), } if err := reg.validate(); err != nil { views.RenderTemplate(w, r, reload.Signup, http.StatusOK, &SignupData{ ss.CSRFToken, err.Error(), }) return } reg.Store() http.Redirect(w, r, paths.ThankYouPath, http.StatusFound) }
// LoginActionHandler handles POST requests to "/login/" func LoginActionHandler(w http.ResponseWriter, r *http.Request, _ httprouter.Params) { // The CSRF token check is inside AuthenticateUser. status, data, err := auth.AuthenticateUser(w, r) // Errors from AuthenticateUser or a status of InvalidAuth indicate that // the user is not authenticated, and we should handle the response // accordingly. if err != nil { switch err.Err { // Re-render with error information. case auth.ErrBadUsername, auth.ErrBadPassword, auth.ErrInvalidLogin, auth.ErrTooManyRequests, auth.ErrInvalidCSRFToken: views.RenderTemplate(w, r, reload.Login, err.Status, data) default: views.RenderTemplate(w, r, reload.ErrorPage, http.StatusInternalServerError, err) } return } if status == auth.ValidAuth { // It's okay to send the user to their original destination. http.Redirect(w, r, data.Redir, http.StatusFound) return } else { views.RenderTemplate(w, r, reload.ErrorPage, http.StatusInternalServerError, database.ErrInternalServerError) return } http.Redirect(w, r, paths.LoginPath, http.StatusOK) }
// LoginViewHandler handles GET requests to "/login/" func LoginViewHandler(w http.ResponseWriter, r *http.Request, _ httprouter.Params) { // Specific headers for our login page. w.Header().Set("pragma", "no-cache") w.Header().Set("cache-control", "no-cache, no-store") w.Header().Set("expires", "Mon, 01-Jan-1990 00:00:00 GMT") session, validAuth, httperr := auth.CheckSession(r) if httperr != nil { views.RenderTemplate(w, r, reload.ErrorPage, http.StatusInternalServerError, httperr) } // If the user is logged in then just redirect to the dashboard. // This is why the logic may look a little backwards. if validAuth { http.Redirect(w, r, paths.DashboardPath, http.StatusFound) return } ss := auth.GetSetSession(w, r, session) if ss == nil { views.RenderTemplate(w, r, reload.ErrorPage, http.StatusInternalServerError, database.ErrInternalServerError) return } views.RenderTemplate(w, r, reload.Login, http.StatusOK, &dt.LoginData{r.Host, ss.CSRFToken, "", ""}) }
func SignupViewHandler(w http.ResponseWriter, r *http.Request, _ httprouter.Params) { session, _, httperr := auth.CheckSession(r) if httperr != nil { views.RenderTemplate(w, r, reload.ErrorPage, http.StatusInternalServerError, httperr) } ss := auth.GetSetSession(w, r, session) if ss == nil { views.RenderTemplate(w, r, reload.ErrorPage, http.StatusInternalServerError, database.ErrInternalServerError) return } views.RenderTemplate(w, r, reload.Signup, http.StatusOK, &SignupData{ss.CSRFToken, ""}) }
// LogoutActionHandler handles POST requests to "/logout/" func LogoutActionHandler(w http.ResponseWriter, r *http.Request, _ httprouter.Params) { session, validAuth, httperr := auth.CheckSession(r) if httperr != nil { views.RenderTemplate(w, r, reload.ErrorPage, httperr.Status, httperr) return } if !validAuth || !auth.ValidCSRF(r, session, false) { http.Redirect(w, r, paths.LoginPath, http.StatusFound) return } if !auth.DestroySession(w, r) { glog.Errorln(auth.ErrUnableToLogOut) views.RenderTemplate(w, r, reload.ErrorPage, http.StatusInternalServerError, auth.ErrUnableToLogOut) return } http.Redirect(w, r, paths.IndexPath, http.StatusFound) }
// AboutViewHandler handles GET requests to "/about/" func AboutViewHandler(w http.ResponseWriter, r *http.Request, _ httprouter.Params) { views.RenderTemplate(w, r, reload.About, http.StatusOK, nil) }