package main import ( "github.com/gorilla/mux" "github.com/gorilla/sessions" "net/http" "github.com/dballard/transmet/user" "fmt" "time" "io/ioutil" "regexp" "strings" "strconv" "github.com/dballard/transmet/categories" "github.com/dballard/transmet/news" "bytes" txtTemplate "text/template" "net/url" ) func GetFlashes(session *sessions.Session) map[string]interface{} { var flashes = make(map[string]interface{}) flashes["error"] = session.Flashes(flash_err) flashes["info"] = session.Flashes(flash_info) return flashes } func sessionWipe(session *sessions.Session) { session.Values = make(map[interface{}]interface{}) } func initSessionUser(r *http.Request) (*user.User, *sessions.Session) { session, _ := store.Get(r, "c_user") if session.Values["username"] == nil { return nil, session } return user.NewUserFromUsername(db, session.Values["username"].(string)), session } // wrapper for handlers requiring a User func userHandler(next func(http.ResponseWriter, *http.Request, *user.User)) func(http.ResponseWriter, *http.Request) { return func(w http.ResponseWriter, r *http.Request) { user, _ := initSessionUser(r) if user == nil { http.Redirect(w, r, "/login", http.StatusFound) } else { next(w, r, user) } } } // wrapper for handlers forking on GET and POST // r.HandleFunc("/login", getPostHandler(LoginFormHandler, LoginPostHandler)) func getPostHandler(getFn, postFn func(http.ResponseWriter, *http.Request)) func(http.ResponseWriter, *http.Request) { return func(w http.ResponseWriter, r *http.Request) { if r.Method == "GET" { getFn(w, r) } else { // POST postFn(w, r) } } } func ShowTemplate(template string, w http.ResponseWriter, data map[string]interface{}) { err := templates[template].Execute(w, data) if err != nil { fmt.Println("Exec err: ", err) } // TODO: show error 500 page } // Log in page handler func LoginFormHandler(w http.ResponseWriter, r *http.Request) { session, _ := store.Get(r, "c_user") flashes := GetFlashes(session) session.Save(r, w) ShowTemplate("login", w, map[string]interface{}{"flashes": flashes}) } // handler for login POST // TODO: proper per account and client flood control rate limiting // currently weak per call slow down is by-passable at scale func LoginPostHandler(w http.ResponseWriter, r *http.Request) { time.Sleep(500 * time.Millisecond) // WEAK poor mans rate limiting for logins r.ParseForm() username := r.PostFormValue("username") // lookup user password := r.PostFormValue("password") user := user.NewUserFromAuth(db, username, password) if user != nil { session, _ := store.Get(r, "c_user") session.Values["username"] = user.Username session.Save(r, w) if r.URL.Query().Get("url") != "" { http.Redirect(w, r, "/add?" + r.URL.RawQuery, http.StatusFound) } http.Redirect(w, r, "/", http.StatusFound) } else { time.Sleep(500 * time.Millisecond) // WEAK bypassable poor mans rate limiting for failed logins session, _ := store.Get(r, "c_user") session.AddFlash("Username or password", flash_err) session.Save(r, w) http.Redirect(w, r, "/login?"+r.URL.RawQuery, http.StatusFound) } } // logout POST handler func LogoutHandler(w http.ResponseWriter, r *http.Request, user *user.User) { session, _ := store.Get(r, "c_user") //session.Options = &sessions.Options{MaxAge: -1} sessionWipe(session) session.Save(r, w) http.Redirect(w, r, "/", http.StatusFound) } func getUrlTitle(url string) string { resp, err := http.Get(url) if err != nil { fmt.Println("Error looking up link", url, ":", err) } else { body, err := ioutil.ReadAll(resp.Body) if err != nil { fmt.Println("Error reading link", url, ":", err) } else { re := regexp.MustCompile("< *[Tt][Ii][Tt][Ll][Ee] *>(.*)") title := re.FindStringSubmatch(string(body)) if title != nil { return strings.TrimSpace(title[1]) } } } return "" } // ?url= func addFormHandler(w http.ResponseWriter, r *http.Request, user *user.User) { categories.LoadCategories(db) session, _ := store.Get(r, "c_user") flashes := GetFlashes(session) popup := session.Values["popup"] delete(session.Values, "popup") title := session.Values["title"] delete(session.Values, "title") link := session.Values["link"] delete(session.Values, "link") description := session.Values["description"] delete(session.Values, "description") session.Save(r, w) if link != nil { fmt.Println("link: '" + link.(string) + "'") //TODO category_id ShowTemplate("add", w, map[string]interface{}{"user": user, "flashes": flashes, "categories": categories.CategoriesTree, "link": link, "title": title, "description": description, "popup": popup}) return } var url = r.URL.Query().Get("url") reHttp := regexp.MustCompile("^https?://") if url != "" && ! reHttp.Match([]byte(url)) { url = "http://" + url } title = r.URL.Query().Get("title") if title == "" && url != "" { title = getUrlTitle(url) } popup = r.URL.Query().Get("popup") ShowTemplate("add", w, map[string]interface{}{"user": user, "flashes": flashes, "link": url, "categories": categories.CategoriesTree, "title": title, "popup": popup}) } func addPostHandler(w http.ResponseWriter, r *http.Request, user *user.User) { session, _ := store.Get(r, "c_user") var news news.News news.Title, _ = url.QueryUnescape(r.FormValue("title")) news.Notes, _ = url.QueryUnescape(r.FormValue("notes")) news.Url = r.FormValue("link") popup := r.FormValue("popup") category_id, err := strconv.Atoi(r.FormValue("category")) if err != nil { category_id = -1 } news.Category_id = category_id err = (&news).Insert(db) if err != nil { session.AddFlash("Error saving news: " + err.Error(), flash_err) session.Values["title"] = news.Title session.Values["link"] = news.Url session.Values["notes"] = news.Notes session.Values["popup"] = popup session.Save(r, w) http.Redirect(w, r, "/add", http.StatusFound) } else { // TODO auto close? redirect session.AddFlash("Added news \""+news.Title+"\"", flash_info) session.Save(r, w) if popup == "1" { http.Redirect(w, r, "/added", http.StatusFound) } else { http.Redirect(w, r, "/", http.StatusFound) } } } func templateFormHandler(w http.ResponseWriter, r *http.Request, user *user.User) { session, _ := store.Get(r, "c_user") flashes := GetFlashes(session) session.Save(r, w) news, count, err := news.Unexported(db) if err != nil { return } var templateBuf bytes.Buffer template, err := txtTemplate.ParseFiles("templates/html_template.txt") if err != nil { fmt.Println("Error processing html_tempalte:" , err) } err = template.Execute(&templateBuf, map[string]interface{}{"news": news}) if err != nil { fmt.Println("Exec err: ", err) } ShowTemplate("list", w, map[string]interface{}{"user": user, "flashes": flashes, "template": &templateBuf, "count": count, "url": config.Url}) } func exportHandler(w http.ResponseWriter, r *http.Request, user *user.User) { session, _ := store.Get(r, "c_user") err := news.MarkExported(db) if err != nil { session.AddFlash("Error marking last batch of news exported", flash_err) } else { session.AddFlash("Last batch of news marked exported", flash_info) } session.Save(r, w) http.Redirect(w, r, "/", http.StatusFound) } func addedHandler(w http.ResponseWriter, r *http.Request, user *user.User) { session, _ := store.Get(r, "c_user") flashes := GetFlashes(session) session.Save(r, w) ShowTemplate("added", w, map[string]interface{}{"user": user, "flashes": flashes}) } func init_route_handlers() { http.Handle("/js/", http.StripPrefix("/js/", http.FileServer(http.Dir("js/")))) http.Handle("/css/", http.StripPrefix("/css/", http.FileServer(http.Dir("css/")))) http.Handle("/fonts/", http.StripPrefix("/fonts", http.FileServer(http.Dir("fonts/")))) r := mux.NewRouter() r.HandleFunc("/login", getPostHandler(LoginFormHandler, LoginPostHandler)) r.HandleFunc("/logout", userHandler(LogoutHandler)) r.HandleFunc("/add", getPostHandler(userHandler(addFormHandler), userHandler(addPostHandler))) r.HandleFunc("/", userHandler(templateFormHandler)) r.HandleFunc("/export", userHandler(exportHandler)) r.HandleFunc("/added", userHandler(addedHandler)) http.Handle("/", r) }