// POST /users/password/reset
func HandlePasswordResetSend(context router.Context) error {
// Find the user by email (if not found let them know)
// Find the user by hex token in the db
email := context.Param("email")
user, err := users.First(users.Where("email=?", email))
if err != nil {
return router.Redirect(context, "/users/password/reset?message=invalid_email")
}
// Generate a random token and url for the email
token := auth.BytesToHex(auth.RandomToken())
// Generate the url to use in our email
base := fmt.Sprintf("%s://%s", context.Request().URL.Scheme, context.Request().URL.Host)
url := fmt.Sprintf("%s/users/password?token=%s", base, token)
context.Logf("#info sending reset email:%s url:%s", email, url)
// Update the user record with with this token
p := map[string]string{"reset_token": token}
user.Update(p)
// Send a password reset email out
//mail.Send("mymail")
// Tell the user what we have done
return router.Redirect(context, "/users/password/sent")
}
// HandleUpdate handles POST or PUT /pages/1/update
func HandleUpdate(context router.Context) error {
// Find the page
page, err := pages.Find(context.ParamInt("id"))
if err != nil {
return router.NotFoundError(err)
}
// Authorise updating the page
err = authorise.Resource(context, page)
if err != nil {
return router.NotAuthorizedError(err)
}
// Update the page from params
params, err := context.Params()
if err != nil {
return router.InternalError(err)
}
err = page.Update(params.Map())
if err != nil {
return router.InternalError(err)
}
// We then find the page again, and retreive the new Url, in case it has changed during update
page, err = pages.Find(context.ParamInt("id"))
if err != nil {
return router.NotFoundError(err)
}
// Redirect to page url
return router.Redirect(context, page.Url)
}
// HandleCreate handles the POST of the create form for pages
func HandleCreate(context router.Context) error {
// Authorise
err := authorise.ResourceAndAuthenticity(context, nil)
if err != nil {
return router.NotAuthorizedError(err)
}
// Setup context
params, err := context.Params()
if err != nil {
return router.InternalError(err)
}
id, err := pages.Create(params.Map())
if err != nil {
return router.InternalError(err)
}
// Log creation
context.Logf("#info Created page id,%d", id)
// Redirect to the new page
m, err := pages.Find(id)
if err != nil {
return router.InternalError(err)
}
return router.Redirect(context, m.URLIndex())
}
// HandleUpdate responds to POST /comments/update
func HandleUpdate(context router.Context) error {
// Find the comment
comment, err := comments.Find(context.ParamInt("id"))
if err != nil {
return router.NotFoundError(err)
}
// Authorise update comment, check auth token
err = authorise.ResourceAndAuthenticity(context, comment)
if err != nil {
return router.NotAuthorizedError(err)
}
// Update the comment from params
params, err := context.Params()
if err != nil {
return router.InternalError(err)
}
err = comment.Update(params.Map())
if err != nil {
return router.InternalError(err)
}
// Redirect to comment
return router.Redirect(context, comment.URLShow())
}
// POST users/create
func HandleCreate(context router.Context) error {
// Authorise
err := authorise.Path(context)
if err != nil {
return router.NotAuthorizedError(err)
}
// Setup context
params, err := context.Params()
if err != nil {
return router.InternalError(err)
}
// We should check for duplicates in here
id, err := users.Create(params.Map())
if err != nil {
return router.InternalError(err, "Error", "Sorry, an error occurred creating the user record.")
} else {
context.Logf("#info Created user id,%d", id)
}
// Redirect to the new user
p, err := users.Find(id)
if err != nil {
return router.InternalError(err, "Error", "Sorry, an error occurred finding the new user record.")
}
return router.Redirect(context, p.URLIndex())
}
// HandleUpdate serves POST or PUT /tags/1/update
func HandleUpdate(context router.Context) error {
// Find the tag
tag, err := tags.Find(context.ParamInt("id"))
if err != nil {
return router.NotFoundError(err)
}
// Authorise
err = authorise.Resource(context, tag)
if err != nil {
return router.NotAuthorizedError(err)
}
// Update the tag
params, err := context.Params()
if err != nil {
return router.InternalError(err)
}
err = tag.Update(params.Map())
if err != nil {
return router.InternalError(err)
}
// Redirect to tag
return router.Redirect(context, tag.URLShow())
}
// HandleUpdateShow handles the POST of the form to update a file
func HandleUpdate(context router.Context) error {
// Find the file
file, err := files.Find(context.ParamInt("id"))
if err != nil {
return router.NotFoundError(err)
}
// Authorise update file
err = authorise.Resource(context, file)
if err != nil {
return router.NotAuthorizedError(err)
}
// Update the file from params
params, err := context.Params()
if err != nil {
return router.InternalError(err)
}
// Find the to user, by querying users on username or email
// Set the user id if found, else return 404 error, user not found
// TODO: Make *sure* this only accepts the params we want
err = file.Update(params.Map())
if err != nil {
return router.InternalError(err)
}
// Redirect to file
return router.Redirect(context, file.URLShow())
}
// HandleUpdate handles the POST of the form to update a post
func HandleUpdate(context router.Context) error {
// Find the post
post, err := posts.Find(context.ParamInt("id"))
if err != nil {
return router.NotFoundError(err)
}
// Authorise update post
err = authorise.Resource(context, post)
if err != nil {
return router.NotAuthorizedError(err)
}
// Update the post from params
params, err := context.Params()
if err != nil {
return router.InternalError(err)
}
err = post.Update(params.Map())
if err != nil {
return router.InternalError(err)
}
// Redirect to post
return router.Redirect(context, post.URLShow())
}
// POST pages/create
func HandleCreate(context router.Context) error {
// Authorise
err := authorise.Path(context)
if err != nil {
return router.NotAuthorizedError(err)
}
// Setup context
params, err := context.Params()
if err != nil {
return router.InternalError(err)
}
id, err := pages.Create(params.Map())
if err != nil {
context.Logf("#info Failed to create page %v", params)
return router.InternalError(err)
}
// Log creation
context.Logf("#info Created page id,%d", id)
// Redirect to the new page
p, err := pages.Find(id)
if err != nil {
context.Logf("#error Error creating page,%s", err)
}
return router.Redirect(context, p.URLIndex())
}
// HandleShow displays a single story
func HandleShow(context router.Context) error {
// Find the story
story, err := stories.Find(context.ParamInt("id"))
if err != nil {
return router.InternalError(err)
}
// Redirect requests to the canonical url
if context.Path() != story.URLShow() {
return router.Redirect(context, story.URLShow())
}
// Find the comments for this story
// Fetch the comments
q := comments.Where("story_id=?", story.Id).Order(comments.RankOrder)
rootComments, err := comments.FindAll(q)
if err != nil {
return router.InternalError(err)
}
// Render the template
view := view.New(context)
view.AddKey("story", story)
view.AddKey("meta_title", story.Name)
view.AddKey("meta_desc", story.Summary)
view.AddKey("meta_keywords", story.Name)
view.AddKey("comments", rootComments)
return view.Render()
}
// HandleShowPath serves requests to a custom page url
func HandleShowPath(context router.Context) error {
// Setup context for template
path := context.Path()
// If no pages or users exist, redirect to set up page
if missingUsersAndPages() {
return router.Redirect(context, "/fragmenta/setup")
}
q := pages.Query().Where("url=?", path).Limit(1)
pages, err := pages.FindAll(q)
if err != nil || len(pages) == 0 {
return router.NotFoundError(err)
}
// Get the first of pages to render
page := pages[0]
// For show path of pages, we authorise showing the page FOR ALL users if it is published
if !page.IsPublished() {
// Authorise
err = authorise.Resource(context, page)
if err != nil {
return router.NotAuthorizedError(err)
}
}
return renderPage(context, page)
}
// HandleUpdate handles the POST of the form to update a page
func HandleUpdate(context router.Context) error {
// Find the page
page, err := pages.Find(context.ParamInt("id"))
if err != nil {
return router.NotFoundError(err)
}
// Authorise update page
err = authorise.ResourceAndAuthenticity(context, page)
if err != nil {
return router.NotAuthorizedError(err)
}
// Update the page from params
params, err := context.Params()
if err != nil {
return router.InternalError(err)
}
err = page.Update(params.Map())
if err != nil {
return router.InternalError(err)
}
// Redirect to page
return router.Redirect(context, page.URLShow())
}
// HandleUpdate handles the POST of the form to update a user
func HandleUpdate(context router.Context) error {
// Find the user
user, err := users.Find(context.ParamInt("id"))
if err != nil {
return router.NotFoundError(err)
}
// Authorise update user
err = authorise.ResourceAndAuthenticity(context, user)
if err != nil {
return router.NotAuthorizedError(err)
}
// Get the params
params, err := context.Params()
if err != nil {
return router.InternalError(err)
}
// Clean params further for customers, they may only update email, password, key
allowedParams := params.Map()
u := authorise.CurrentUser(context)
if !u.Admin() {
// allowedParams = params.Clean(users.AllowedParamsCustomer())
}
err = user.Update(allowedParams)
if err != nil {
return router.InternalError(err)
}
// Redirect to user
return router.Redirect(context, user.URLShow())
}
// HandleUpdate handles the POST of the form to update a story
func HandleUpdate(context router.Context) error {
// Find the story
story, err := stories.Find(context.ParamInt("id"))
if err != nil {
return router.NotFoundError(err)
}
// Authorise update story
err = authorise.ResourceAndAuthenticity(context, story)
if err != nil {
return router.NotAuthorizedError(err)
}
// Update the story from params
params, err := context.Params()
if err != nil {
return router.InternalError(err)
}
err = story.Update(params.Map())
if err != nil {
return err // Create returns a router.Error
}
err = updateStoriesRank()
if err != nil {
return router.InternalError(err)
}
// Redirect to story
return router.Redirect(context, story.URLShow())
}
// HandleUpdate responds to POST /comments/update
func HandleUpdate(context router.Context) error {
// Find the comment
comment, err := comments.Find(context.ParamInt("id"))
if err != nil {
return router.NotFoundError(err)
}
// Authorise update comment, check auth token
err = authorise.ResourceAndAuthenticity(context, comment)
if err != nil {
return router.NotAuthorizedError(err)
}
// Update the comment from params
params, err := context.Params()
if err != nil {
return router.InternalError(err)
}
// Clean params according to role
accepted := comments.AllowedParams()
if authorise.CurrentUser(context).Admin() {
accepted = comments.AllowedParamsAdmin()
}
cleanedParams := params.Clean(accepted)
err = comment.Update(cleanedParams)
if err != nil {
return router.InternalError(err)
}
// Redirect to comment
return router.Redirect(context, comment.URLShow())
}
// HandleUpdate or PUT /users/1/update
func HandleUpdate(context router.Context) error {
// Find the user
id := context.ParamInt("id")
user, err := users.Find(id)
if err != nil {
context.Logf("#error Error finding user %s", err)
return router.NotFoundError(err)
}
// Authorise
err = authorise.ResourceAndAuthenticity(context, user)
if err != nil {
return router.NotAuthorizedError(err)
}
// Get the params
params, err := context.Params()
if err != nil {
return router.InternalError(err)
}
context.Logf("PARAMS RECD:%v", params)
err = user.Update(params.Map())
if err != nil {
return router.InternalError(err)
}
// Redirect to user
return router.Redirect(context, user.URLShow())
}
// HandleHome serves a get request at /
func HandleHome(context router.Context) error {
// Setup context for template
view := view.New(context)
// Authorise
err := authorise.Path(context)
if err != nil {
return router.NotAuthorizedError(err)
}
// If nothing exists, redirect to set up page
if missingUsersAndPages() {
return router.Redirect(context, "/fragmenta/setup")
}
page, err := pages.Find(1)
if err != nil {
return router.InternalError(err)
}
view.AddKey("page", page)
view.AddKey("meta_title", page.Name)
view.AddKey("meta_desc", page.Summary)
view.AddKey("meta_keywords", page.Keywords)
return view.Render()
}
// HandleUpdate handles POST or PUT /images/1/update
func HandleUpdate(context router.Context) error {
// Find the image
image, err := images.Find(context.ParamInt("id"))
if err != nil {
context.Logf("#error Error finding image %s", err)
return router.NotFoundError(err)
}
// Authorise
err = authorise.Resource(context, image)
if err != nil {
return router.NotAuthorizedError(err)
}
// Update the image
params, err := context.Params()
if err != nil {
return router.InternalError(err)
}
err = image.Update(params.Map())
if err != nil {
return router.InternalError(err)
}
// We redirect back to source if redirect param is set
return router.Redirect(context, image.URLUpdate())
}
// HandleLogout logs the current user out
func HandleLogout(context router.Context) error {
// Clear the current session cookie
auth.ClearSession(context)
// Redirect to home
return router.Redirect(context, "/")
}
// HandleLogin handles a post to /users/login
func HandleLogin(context router.Context) error {
// Check we're not already logged in, if so redirect
// Get the user details from the database
params, err := context.Params()
if err != nil {
return router.NotFoundError(err)
}
// Find the user with this email
q := users.Where("email=?", params.Get("email"))
user, err := users.First(q)
if err != nil {
q = users.Where("name=?", params.Get("email")) // NB use of email field
user, err = users.First(q)
}
if err != nil {
context.Logf("#error Login failed for user no such user : %s %s", params.Get("email"), err)
return router.Redirect(context, "/users/login?error=failed_email")
}
err = auth.CheckPassword(params.Get("password"), user.EncryptedPassword)
if err != nil {
context.Logf("#error Login failed for user : %s %s", params.Get("email"), err)
return router.Redirect(context, "/users/login?error=failed_password")
}
// Save the fact user is logged in to session cookie
err = loginUser(context, user)
if err != nil {
return router.InternalError(err)
}
// Redirect to whatever page the user tried to visit before (if any)
// For now send them to root
return router.Redirect(context, "/")
}
// HandleLogin handles a post to /users/login
func HandleLogin(context router.Context) error {
// Check we're not already logged in, if so redirect
// Get the user details from the database
params, err := context.Params()
if err != nil {
return router.NotFoundError(err)
}
// Need something neater than this - how best to do it?
q := users.Where("email=?", params.Get("email"))
user, err := users.First(q)
if err != nil {
context.Logf("#error Login failed for user no such user : %s %s", params.Get("email"), err)
return router.Redirect(context, "/users/login?error=failed_email")
}
err = auth.CheckPassword(params.Get("password"), user.EncryptedPassword)
if err != nil {
context.Logf("#error Login failed for user : %s %s", params.Get("email"), err)
return router.Redirect(context, "/users/login?error=failed_password")
}
// Now save the user details in a secure cookie, so that we remember the next request
session, err := auth.Session(context, context.Request())
if err != nil {
context.Logf("#error problem retrieving session")
}
context.Logf("#info Login success for user: %d %s", user.Id, user.Email)
session.Set(auth.SessionUserKey, fmt.Sprintf("%d", user.Id))
session.Save(context)
// Redirect to whatever page the user tried to visit before (if any)
// For now send them to root
return router.Redirect(context, "/")
}
// HandleUpdate or PUT /users/1/update
func HandleUpdate(context router.Context) error {
// Find the user
id := context.ParamInt("id")
user, err := users.Find(id)
if err != nil {
context.Logf("#error Error finding user %s", err)
return router.NotFoundError(err)
}
// Authorise
err = authorise.Resource(context, user)
if err != nil {
return router.NotAuthorizedError(err)
}
// We expect only one image, what about replacing the existing when updating?
// At present we just create a new image
files, err := context.ParamFiles("image")
if err != nil {
return router.InternalError(err)
}
// Get the params
params, err := context.Params()
if err != nil {
return router.InternalError(err)
}
var imageID int64
if len(files) > 0 {
fileHandle := files[0]
// Create an image (saving the image representation on disk)
imageParams := map[string]string{"name": user.Name, "status": "100"}
imageID, err = images.Create(imageParams, fileHandle)
if err != nil {
return router.InternalError(err)
}
params.Set("image_id", fmt.Sprintf("%d", imageID))
delete(params, "image")
}
err = user.Update(params.Map())
if err != nil {
return router.InternalError(err)
}
// Redirect to user
return router.Redirect(context, user.URLShow())
}
// HandleLoginShow handles GET /users/login
func HandleLoginShow(context router.Context) error {
// Check we have no current user
u := authorise.CurrentUser(context)
if !u.Anon() {
return router.Redirect(context, fmt.Sprintf("/users/%d", u.Id))
}
// Render the template
view := view.New(context)
view.AddKey("error", context.Param("error"))
return view.Render()
}
// HandleLogin handles a post to /users/login
func HandleLogin(context router.Context) error {
params, err := context.Params()
if err != nil {
return router.NotFoundError(err)
}
// Check users against their username - we could also check against the email later?
name := params.Get("name")
q := users.Where("name=?", name)
user, err := users.FindFirst(q)
if err != nil {
context.Logf("#error Login failed for user : %s %s", name, err)
return router.Redirect(context, "/users/login?error=failed_name")
}
err = auth.CheckPassword(params.Get("password"), user.Password)
if err != nil {
context.Logf("#error Login failed for user : %s %s", name, err)
return router.Redirect(context, "/users/login?error=failed_password")
}
// Save the details in a secure cookie
session, err := auth.Session(context, context.Request())
if err != nil {
return router.InternalError(err)
}
context.Logf("#info LOGIN for user: %d", user.Id)
session.Set(auth.SessionUserKey, fmt.Sprintf("%d", user.Id))
session.Save(context)
// Send them to their user profile page
return router.Redirect(context, user.URLShow())
}
// HandleCreateShow serves the create form via GET for stories
func HandleCreateShow(context router.Context) error {
// Authorise
err := authorise.Path(context)
if err != nil {
// When not allowed to post stories, redirect to register screen
router.Redirect(context, "/users/create")
}
// Render the template
view := view.New(context)
story := stories.New()
view.AddKey("story", story)
view.AddKey("meta_title", "Go Hacker News Submit")
return view.Render()
}
// HandleCreate handles the POST of the create form for users
func HandleCreate(context router.Context) error {
// Authorise
err := authorise.Resource(context, nil)
if err != nil {
return router.NotAuthorizedError(err)
}
// Setup context
params, err := context.Params()
if err != nil {
return router.InternalError(err)
}
// Default to customer role etc - admins will have to promote afterwards
params.Set("role", fmt.Sprintf("%d", users.RoleCustomer))
params.Set("status", fmt.Sprintf("%d", status.Published))
id, err := users.Create(params.Map())
if err != nil {
return err
}
// Log creation
context.Logf("#info Created user id,%d", id)
// Redirect to the new user
user, err := users.Find(id)
if err != nil {
return router.InternalError(err)
}
// Save the details in a secure cookie
session, err := auth.Session(context, context.Request())
if err != nil {
return router.InternalError(err)
}
context.Logf("#info CREATE for user: %d", user.Id)
session.Set(auth.SessionUserKey, fmt.Sprintf("%d", user.Id))
session.Save(context)
// Send them to their user profile page
return router.Redirect(context, user.URLShow())
}
// HandleCreate responds to POST images/create
func HandleCreate(context router.Context) error {
// Authorise
err := authorise.Path(context)
if err != nil {
return router.NotAuthorizedError(err)
}
// We expect only one image, what about replacing the existing when updating?
// At present we just create a new image
files, err := context.ParamFiles("image")
if err != nil {
return router.InternalError(err)
}
if len(files) == 0 {
return router.NotFoundError(nil)
}
// Get the params
params, err := context.Params()
if err != nil {
return router.InternalError(err)
}
id, err := images.Create(params.Map(), files[0])
if err != nil {
context.Logf("#error Error creating image,%s", err)
return router.InternalError(err)
}
// Log creation
context.Logf("#info Created image id,%d", id)
// Redirect to the new image
m, err := images.Find(id)
if err != nil {
context.Logf("#error Error creating image,%s", err)
}
return router.Redirect(context, m.URLShow())
}
// HandleDestroy handles a DESTROY request for files
func HandleDestroy(context router.Context) error {
// Find the file
file, err := files.Find(context.ParamInt("id"))
if err != nil {
return router.NotFoundError(err)
}
// Authorise destroy file
err = authorise.ResourceAndAuthenticity(context, file)
if err != nil {
return router.NotAuthorizedError(err)
}
// Destroy the file
file.Destroy()
// Redirect to files root
return router.Redirect(context, "/files")
}
// HandleLoginShow shows the page at /users/login
func HandleLoginShow(context router.Context) error {
// Setup context for template
view := view.New(context)
// Check we're not already logged in, if so redirect with a message
// we could alternatively display an error here?
if !authorise.CurrentUser(context).Anon() {
return router.Redirect(context, "/?warn=already_logged_in")
}
switch context.Param("error") {
case "failed_email":
view.AddKey("warning", "Sorry, we couldn't find a user with that email.")
case "failed_password":
view.AddKey("warning", "Sorry, the password was incorrect, please try again.")
}
// Serve
return view.Render()
}
// HandleDestroy responds to POST /tags/1/destroy
func HandleDestroy(context router.Context) error {
// Set the tag on the context for checking
tag, err := tags.Find(context.ParamInt("id"))
if err != nil {
return router.NotFoundError(err)
}
// Authorise
err = authorise.Resource(context, tag)
if err != nil {
return router.NotAuthorizedError(err)
}
// Destroy the tag
tag.Destroy()
// Redirect to tags root
return router.Redirect(context, tag.URLIndex())
}