func (v *View) RenderAdmin(w http.ResponseWriter, r *http.Request, templateName string, data map[string]interface{}) {
if data == nil {
data = map[string]interface{}{}
}
// Override the yield func so that we can inject the partial template
funcs := template.FuncMap{
"yield": func() (template.HTML, error) {
buff := bytes.NewBuffer(nil)
err := v.templates.ExecuteTemplate(buff, templateName, data)
return template.HTML(buff.String()), err
},
}
sessionInstance := session.Instance(r)
data["Flash"] = r.URL.Query().Get("Flash")
//Not ideal. Would like session to be injected and not get it by .Instance
data["LoggedInUserId"] = sessionInstance.Values["user_id"]
data["LoggedInUsername"] = sessionInstance.Values["username"]
adminLayoutClone, _ := v.adminLayout.Clone()
adminLayoutClone.Funcs(funcs)
err := adminLayoutClone.Execute(w, data)
if err != nil {
http.Error(w, "Template not found", http.StatusInternalServerError)
}
}
// POSTDashboardProfile handles the POST request for updating the profile of the user
func POSTDashboardProfile(a *application.App) httprouter.Handle {
return func(w http.ResponseWriter, r *http.Request, _ httprouter.Params) {
// Get session
sess := session.Instance(r)
var err error
userID := sess.Values["user_id"].(uint)
uR := &users.UserRepository{Db: a.Database}
user := uR.ByID(userID)
// Check if the submission is for personal data change
if strings.Compare(r.FormValue("action"), "update_personal") == 0 {
user.Email = r.FormValue("email")
user.FirstName = r.FormValue("first_name")
user.LastName = r.FormValue("last_name")
err = uR.Update(&user)
}
// Check if the submission is for password change
if strings.Compare(r.FormValue("action"), "update_password") == 0 {
err = users.ValidatePasswordChange(
uR,
user,
r.FormValue("current_password"),
r.FormValue("new_password"),
r.FormValue("new_password_verification"))
if err == nil {
user.Password = hash.CreateFromPassword(r.FormValue("new_password"))
err = uR.Update(&user)
}
}
viewParameters := map[string]interface{}{
"User": user,
"Success": "Successfully saved",
"Title": "Profile",
}
// Check if there were any errors encountered in the update process
if err != nil {
viewParameters["Error"] = err.Error()
delete(viewParameters, "Success")
}
a.View.Render(w, r, "admin/dashboard/profile", viewParameters)
}
}
//AuthenticateRequest checks if for a given requrest the user is authenticated or not
func AuthenticateRequest(w http.ResponseWriter, r *http.Request) {
//Redirect to login if they are not authenticated
//Get session
sess := session.Instance(r)
//If user is not authenticated, don't allow them to access the page
if sess.Values["user_id"] == nil {
query := url.Values{}
query.Add("next", url.QueryEscape(r.URL.String()))
http.Redirect(w, r, "/admin/login?"+query.Encode(), http.StatusFound)
}
}
// POSTDashboardLogin POST admin/login
func POSTDashboardLogin(a *application.App) httprouter.Handle {
return func(w http.ResponseWriter, r *http.Request, _ httprouter.Params) {
sessionInstance := session.Instance(r)
loginAttemptsKey := a.Config.SessionConfig.LoginAttemptsKey
maxLoginAttempts := a.Config.SessionConfig.MaxLoginAttempts
// Prevent brute force login attempts by not hitting MySQL and pretending like it was invalid
if sessionInstance.Values[loginAttemptsKey] != nil && sessionInstance.Values[loginAttemptsKey].(int) >= maxLoginAttempts {
log.Println("Brute force login prevented")
a.View.Render(w, r, "admin/dashboard/index", map[string]interface{}{
"Error": "Brute force login",
})
return
}
uR := &users.UserRepository{Db: a.Database}
success, err := users.LoginUser(sessionInstance, uR, r.FormValue("username"), r.FormValue("password"))
if err != nil {
log.Println("Login unsuccessfull" + strconv.FormatBool(success))
a.View.Render(w, r, "admin/dashboard/login", map[string]interface{}{
"HideHeader": true,
"Error": err.Error(),
"Username": r.FormValue("username"),
})
}
//We have a successful login. Save data to session, and redirect user to dashboard
err = sessionInstance.Save(r, w)
if err != nil {
log.Println("Error with saving session")
}
//Redirect to "next" if we have a next
nextURL, err := url.QueryUnescape(r.URL.Query().Get("next"))
redirectURL := "/admin"
if nextURL != "" {
redirectURL = nextURL
}
http.Redirect(w, r, redirectURL, http.StatusFound)
}
}
//GETDashboardLogout GET admin/logout
func GETDashboardLogout(a *application.App) httprouter.Handle {
return func(w http.ResponseWriter, r *http.Request, _ httprouter.Params) {
// Get session
sess := session.Instance(r)
// If user is authenticated
if sess.Values["user_id"] != nil {
session.Empty(sess)
sess.Save(r, w)
}
http.Redirect(w, r, "/admin/login", http.StatusFound)
}
}
// GETDashboardProfile returns the view for the profile of the user
func GETDashboardProfile(a *application.App) httprouter.Handle {
return func(w http.ResponseWriter, r *http.Request, _ httprouter.Params) {
// Get session
sess := session.Instance(r)
userID := sess.Values["user_id"].(uint)
uR := &users.UserRepository{Db: a.Database}
userModel := uR.ByID(userID)
a.View.Render(w, r, "admin/dashboard/profile", map[string]interface{}{
"User": userModel,
})
}
}