src/turbine/router/accesshandlers.go
package router
import (
"net/http"
"strconv"
"time"
"github.com/binhonglee/GlobeTrotte/src/turbine/access"
"github.com/binhonglee/GlobeTrotte/src/turbine/config"
"github.com/binhonglee/GlobeTrotte/src/turbine/flags"
"github.com/binhonglee/GlobeTrotte/src/turbine/logger"
"github.com/binhonglee/GlobeTrotte/src/turbine/nonprod"
"github.com/binhonglee/GlobeTrotte/src/turbine/user"
"github.com/gorilla/mux"
"github.com/gorilla/sessions"
)
var store *sessions.CookieStore
func init() {
key := config.GetConfigStringMap("access")["key"]
store = sessions.NewCookieStore([]byte(key))
}
func login(res http.ResponseWriter, req *http.Request) {
var item *access.LoginCredential
var ok bool
unpackJSON(&res, req, &item)
dummyUser := user.DummyUserObj()
if item == nil {
respond(res, dummyUser)
return
}
item.Email, ok = handleEmails(item.Email)
if !ok {
respond(res, dummyUser)
return
}
user, success := access.Login(*item)
if success {
newCookie(res, req, user.ID)
}
respond(res, user)
}
func logout(res http.ResponseWriter, req *http.Request) {
session, _ := store.Get(req, "logged-in")
id, _ := session.Values["userid"].(int)
session.Values["authenticated"] = false
session.Save(req, res)
logger.Print(
logger.Router,
"Session deletion successful for "+strconv.Itoa(id),
)
allowCORS(&res)
}
func newCookie(
res http.ResponseWriter,
req *http.Request,
userID int,
) {
session, _ := store.Get(req, "logged-in")
session.Values["authenticated"] = true
session.Values["userid"] = userID
session.Values["startTime"] = time.Now().Unix()
session.Save(req, res)
}
func sendResetEmail(res http.ResponseWriter, req *http.Request) {
var email string
var ok bool
unpackJSON(&res, req, &email)
email, ok = handleEmails(email)
if !ok {
logger.Failure(logger.Router, "Invalid email")
respond(res, false)
return
}
respond(res, access.SendPasswordResetEmail(email))
}
func resetPassword(res http.ResponseWriter, req *http.Request) {
var item access.ResetPassword
var ok bool
unpackJSON(&res, req, &item)
item.Email, ok = handleEmails(item.Email)
if !ok {
logger.Failure(logger.Router, "Invalid email")
respond(res, false)
return
}
respond(res, access.TriggerResetPassword(item))
}
func whoamiV2(
res http.ResponseWriter, req *http.Request) {
session, _ := store.Get(req, "logged-in")
var val int
if auth, ok := session.Values["authenticated"].(bool); !ok || !auth {
val = -1
} else if id, ok := session.Values["userid"].(int); ok {
refreshSession := true
if startTime, ok := session.Values["startTime"].(int64); ok {
if time.Now().Unix()-startTime <= (86400 * 30 / 2) {
refreshSession = false
}
}
if refreshSession {
logout(res, req)
newCookie(res, req, id)
}
val = id
} else {
val = -1
}
respond(res, user.GetUserObj(val, val))
}
func whoamiV3(
res http.ResponseWriter, req *http.Request) {
session, _ := store.Get(req, "logged-in")
var val int
if auth, ok := session.Values["authenticated"].(bool); !ok || !auth {
val = -1
} else if id, ok := session.Values["userid"].(int); ok {
refreshSession := true
if startTime, ok := session.Values["startTime"].(int64); ok {
if time.Now().Unix()-startTime <= (86400 * 30 / 2) {
refreshSession = false
}
}
if refreshSession {
logout(res, req)
newCookie(res, req, id)
}
val = id
} else {
val = -1
}
respond(res, access.GetAuth(val))
}
// Non-prod functions below this line
// -----------------------------------------------------------------------------
func forceConfirmEmail(res http.ResponseWriter, req *http.Request) {
if flags.ProdServer() {
logger.Failure(logger.Router, "Force confirm email attempted on prod.")
respond(res, false)
return
}
vars := mux.Vars(req)
var id int
var err error
if id, err = strconv.Atoi(vars["id"]); err != nil {
logger.Err(logger.Router, err, "")
respond(res, false)
return
}
if verifyUser(req, id) {
if nonprod.ForceConfirm(id) {
respond(res, true)
return
}
}
respond(res, false)
}
func testGetConfirmCode(res http.ResponseWriter, req *http.Request) {
if flags.ProdServer() {
logger.Failure(logger.Router, "Get confirm email code attempted on prod.")
respond(res, false)
return
}
var email string
var ok bool
unpackJSON(&res, req, &email)
email, ok = handleEmails(email)
if !ok {
logger.Failure(logger.Router, "Invalid email")
respond(res, false)
return
}
respond(res, nonprod.GetConfirmEmailCode(email, getUserID(req)))
}