package main import ( "github.com/gorilla/mux" "github.com/gorilla/sessions" "net/http" "github.com/dballard/transmet/user" "fmt" "time" "io/ioutil" "regexp" "strings" "strconv" "github.com/dballard/transmet/tags" "github.com/dballard/transmet/news" ) func GetFlashes(session *sessions.Session) map[string]interface{} { var flashes = make(map[string]interface{}) flashes["error"] = session.Flashes(flash_err) flashes["info"] = session.Flashes(flash_info) return flashes } func sessionWipe(session *sessions.Session) { session.Values = make(map[interface{}]interface{}) } func initSessionUser(r *http.Request) (*user.User, *sessions.Session) { session, _ := store.Get(r, "c_user") if session.Values["username"] == nil { return nil, session } return user.NewUserFromUsername(db, session.Values["username"].(string)), session } // wrapper for handlers requiring a User func userHandler(next func(http.ResponseWriter, *http.Request, *user.User)) func(http.ResponseWriter, *http.Request) { return func(w http.ResponseWriter, r *http.Request) { user, _ := initSessionUser(r) if user == nil { http.Redirect(w, r, "/login", http.StatusFound) } else { next(w, r, user) } } } // wrapper for handlers forking on GET and POST // r.HandleFunc("/login", getPostHandler(LoginFormHandler, LoginPostHandler)) func getPostHandler(getFn, postFn func(http.ResponseWriter, *http.Request)) func(http.ResponseWriter, *http.Request) { return func(w http.ResponseWriter, r *http.Request) { if r.Method == "GET" { getFn(w, r) } else { // POST postFn(w, r) } } } func ShowTemplate(template string, w http.ResponseWriter, data map[string]interface{}) { err := templates[template].Execute(w, data) if err != nil { fmt.Println("Exec err: ", err) } // TODO: show error 500 page } // Log in page handler func LoginFormHandler(w http.ResponseWriter, r *http.Request) { session, _ := store.Get(r, "c_user") flashes := GetFlashes(session) session.Save(r, w) ShowTemplate("login", w, map[string]interface{}{"flashes": flashes}) } // handler for login POST // TODO: proper per account and client flood control rate limiting // currently weak per call slow down is by-passable at scale func LoginPostHandler(w http.ResponseWriter, r *http.Request) { time.Sleep(500 * time.Millisecond) // WEAK poor mans rate limiting for logins r.ParseForm() username := r.PostFormValue("username") // lookup user password := r.PostFormValue("password") user := user.NewUserFromAuth(db, username, password) if user != nil { session, _ := store.Get(r, "c_user") session.Values["username"] = user.Username session.Save(r, w) if r.URL.Query().Get("url") != "" { http.Redirect(w, r, "/add?" + r.URL.RawQuery, http.StatusFound) } http.Redirect(w, r, "/", http.StatusFound) } else { time.Sleep(500 * time.Millisecond) // WEAK bypassable poor mans rate limiting for failed logins session, _ := store.Get(r, "c_user") session.AddFlash("Username or password", flash_err) session.Save(r, w) http.Redirect(w, r, "/login?"+r.URL.RawQuery, http.StatusFound) } } // ?url= func addFormHandler(w http.ResponseWriter, r *http.Request, user *user.User) { tags.LoadTags(db) session, _ := store.Get(r, "c_user") flashes := GetFlashes(session) title := session.Values["title"] delete(session.Values, "title") link := session.Values["link"] delete(session.Values, "link") description := session.Values["description"] delete(session.Values, "description") session.Save(r, w) if link != "" { //TODO tag_id ShowTemplate("add", w, map[string]interface{}{"user": user, "flashes": flashes, "tags": tags.TagsTree, "link": link, "title": title, "description": description}) return } var url = r.URL.Query().Get("url") reHttp := regexp.MustCompile("^http://") if ! reHttp.Match([]byte(url)) { url = "http://" + url } resp, err := http.Get(url) if err != nil { fmt.Println("Error looking up link", url, ":", err) } else { body, err := ioutil.ReadAll(resp.Body) if err != nil { fmt.Println("Error reading link", url, ":", err) } else { re := regexp.MustCompile("< *[Tt][Ii][Tt][Ll][Ee] *>(.*)") title := re.FindStringSubmatch(string(body)) if title != nil { ShowTemplate("add", w, map[string]interface{}{"user": user, "flashes": flashes, "link": url, "tags": tags.TagsTree, "title": strings.TrimSpace(title[1])}) return } } } ShowTemplate("add", w, map[string]interface{}{"user": user, "link": url, "tags": tags.TagsTree, "flashes": flashes}) } func addPostHandler(w http.ResponseWriter, r *http.Request, user *user.User) { session, _ := store.Get(r, "c_user") var news news.News news.Title = r.FormValue("title") news.Description = r.FormValue("description") news.Url = r.FormValue("link") tag_id, err := strconv.Atoi(r.FormValue("tag")) if err != nil { tag_id = -1 } news.Tag_id = tag_id err = (&news).Insert(db) if err != nil { session.AddFlash("Error saving news: " + err.Error(), flash_err) session.Values["title"] = news.Title session.Values["link"] = news.Url session.Values["description"] = news.Description session.Save(r, w) http.Redirect(w, r, "/add", http.StatusFound) } else { // TODO auto close? redirect session.AddFlash("Added news \""+news.Title+"\"", flash_info) session.Save(r, w) http.Redirect(w, r, "/", http.StatusFound) } } func templateFormHandler(w http.ResponseWriter, r *http.Request, user *user.User) { ShowTemplate("list", w, map[string]interface{}{"user": user}) } func templatePostHandler(w http.ResponseWriter, r *http.Request, user *user.User) { } func init_route_handlers() { http.Handle("/js/", http.StripPrefix("/js/", http.FileServer(http.Dir("js/")))) http.Handle("/css/", http.StripPrefix("/css/", http.FileServer(http.Dir("css/")))) http.Handle("/fonts/", http.StripPrefix("/fonts", http.FileServer(http.Dir("fonts/")))) r := mux.NewRouter() r.HandleFunc("/login", getPostHandler(LoginFormHandler, LoginPostHandler)) r.HandleFunc("/add", getPostHandler(userHandler(addFormHandler), userHandler(addPostHandler))) r.HandleFunc("/", getPostHandler(userHandler(templateFormHandler), userHandler(templatePostHandler))) http.Handle("/", r) }