func (app *App) handleUserSetPass(w http.ResponseWriter, r *http.Request) {
switch r.Method {
case "GET":
app.serveFile("404.html").ServeHTTP(w, r)
case "POST":
username := r.PostFormValue("username")
password := r.PostFormValue("password")
if username == "" || password == "" {
http.Error(w, "must provide username and password fields", http.StatusBadRequest)
return
}
tx, err := app.db.Begin()
if err != nil {
app.dbError(w, r, err)
return
}
if err := db.SetPass(tx, username, phash.Gen(password)); err != nil {
http.Error(w, err.Error(), http.StatusInternalServerError)
return
}
defer tx.Rollback()
if err := tx.Commit(); err != nil {
app.dbError(w, r, err)
return
}
w.WriteHeader(http.StatusOK)
default:
http.Error(w, "I only respond to POSTs", http.StatusNotImplemented)
}
}
func (app *App) handleUsersCreate(w http.ResponseWriter, r *http.Request) {
if r.Method != "POST" {
http.Error(w, "I only respond to GETs", http.StatusNotImplemented)
return
}
username := r.PostFormValue("username")
pass := r.PostFormValue("password")
email := r.PostFormValue("email")
admin := r.PostFormValue("admin") == "true"
if username == "" {
http.Error(w, "No username provided", http.StatusBadRequest)
return
}
if pass == "" {
http.Error(w, "Empty password provided", http.StatusBadRequest)
return
}
hashedPass := phash.Gen(pass)
tx, err := app.db.Begin()
if err != nil {
app.dbError(w, r, err)
return
}
defer tx.Rollback()
if _, err := db.NewUser(tx, username, hashedPass, email, admin); err != nil {
http.Error(w, "Could not save user to database: "+err.Error(),
http.StatusInternalServerError)
return
}
if err := tx.Commit(); err != nil {
app.dbError(w, r, err)
return
}
w.WriteHeader(http.StatusOK)
}
func (app *App) handleRegister(w http.ResponseWriter, r *http.Request) {
// Register is only displayed if there are no users on the system.
// It is only for the inital login.
tx, err := app.db.Begin()
if err != nil {
app.dbError(w, r, err)
return
}
defer tx.Rollback()
users, err := db.AllUsers(tx)
if err != nil {
app.dbError(w, r, err)
return
}
if len(users) != 0 {
if r.Method == "GET" {
http.Redirect(w, r, "/", http.StatusTemporaryRedirect)
} else {
http.Error(w, "Unauthorized", http.StatusUnauthorized)
}
return
}
if r.Method == "GET" {
app.serveFile("register.html").ServeHTTP(w, r)
return
} else if r.Method != "POST" {
http.Error(w, "I only respond to GET and POSTs", http.StatusNotImplemented)
return
}
username := r.PostFormValue("username")
pass := r.PostFormValue("password")
email := r.PostFormValue("email")
if username == "" {
http.Error(w, "No username provided", http.StatusBadRequest)
return
}
if pass == "" {
http.Error(w, "Empty password provided", http.StatusBadRequest)
return
}
hashedPass := phash.Gen(pass)
user, err := db.NewUser(tx, username, hashedPass, email, true)
if err != nil {
http.Error(w, "Could not save user to database: "+err.Error(),
http.StatusInternalServerError)
return
}
if err := tx.Commit(); err != nil {
app.dbError(w, r, err)
return
}
u := &User{Id: user.Id, Name: user.Name}
if err := app.setUser(r, w, u); err != nil {
http.Error(w, "Failed to set session cookie: "+err.Error(),
http.StatusInternalServerError)
return
}
w.WriteHeader(http.StatusOK)
}