Mercurial > gemma
view controllers/user.go @ 249:e0f47d9ebde0
Hotfix: changed login call back to GET from POST.
For some reason POST didn't work as intended: the credentials were not
send... This is only a workaround, as POST would still be the right
way to go...
author | Sascha Wilde <wilde@intevation.de> |
---|---|
date | Fri, 27 Jul 2018 11:04:20 +0200 |
parents | d39f897fae16 |
children | deabc2712634 |
line wrap: on
line source
package controllers import ( "database/sql" "database/sql/driver" "encoding/json" "errors" "net/http" "regexp" "strings" "github.com/gorilla/mux" "gemma.intevation.de/gemma/auth" ) type ( Email string Country string Role string BoundingBox struct { X1 float64 `json:"x1"` Y1 float64 `json:"y1"` X2 float64 `json:"x2"` Y2 float64 `json:"y2"` } User struct { User string `json:"user"` Role Role `json:"role"` Password string `json:"password"` Email Email `json:"email"` Country Country `json:"country"` Extent *BoundingBox `json:"extent"` } ) const ( createUserSQL = `SELECT sys_admin.create_user($1, $2, $3, $4, NULL, $5)` createUserExtentSQL = `SELECT sys_admin.create_user($1, $2, $3, $4, ST_MakeBox2D(ST_Point($5, $6), ST_Point($7, $8)), $9)` updateUserSQL = `SELECT sys_admin.update_user($1, $2, $3, $4, $5, NULL, $6)` updateUserExtentSQL = `SELECT sys_admin.update_user($1, $2, $3, $4, $5, ST_MakeBox2D(ST_Point($6, $7), ST_Point($8, $9)), $10)` deleteUserSQL = `SELECT sys_admin.delete_user($1)` ) var ( // https://stackoverflow.com/questions/201323/how-to-validate-an-email-address-using-a-regular-expression emailRe = regexp.MustCompile( `(?:[a-z0-9!#$%&'*+/=?^_` + "`" + `{|}~-]+(?:\.[a-z0-9!#$%&'*+/=?^_` + "`" + `{|}~-]+)*|"(?:[\x01-\x08\x0b\x0c\x0e-\x1f\x21\x23-\x5b\x5d-\x7f]` + `|\\[\x01-\x09\x0b\x0c\x0e-\x7f])*")` + `@(?:(?:[a-z0-9](?:[a-z0-9-]*[a-z0-9])?\.)+[a-z0-9](?:[a-z0-9-]*[a-z0-9])?` + `|\[(?:(?:(2(5[0-5]|[0-4][0-9])|1[0-9][0-9]|[1-9]?[0-9]))\.){3}` + `(?:(2(5[0-5]|[0-4][0-9])|1[0-9][0-9]|[1-9]?[0-9])|[a-z0-9-]*[a-z0-9]` + `:(?:[\x01-\x08\x0b\x0c\x0e-\x1f\x21-\x5a\x53-\x7f]` + `|\\[\x01-\x09\x0b\x0c\x0e-\x7f])+)\])`) errNoEmailAddress = errors.New("Not a valid email address") ) func (e *Email) UnmarshalJSON(data []byte) error { var s string if err := json.Unmarshal(data, &s); err != nil { return err } if !emailRe.MatchString(s) { return errNoEmailAddress } *e = Email(s) return nil } func (e Email) Value() (driver.Value, error) { return string(e), nil } var ( validCountries = []string{ "AT", "BG", "DE", "HU", "HR", "MD", "RO", "RS", "SK", "UA", } errNoValidCountry = errors.New("Not a valid country") ) func (c *Country) UnmarshalJSON(data []byte) error { var s string if err := json.Unmarshal(data, &s); err != nil { return err } s = strings.ToUpper(s) for _, v := range validCountries { if v == s { *c = Country(v) return nil } } return errNoValidCountry } func (c Country) Value() (driver.Value, error) { return string(c), nil } var ( validRoles = []string{ "waterway_user", "waterway_admin", "sys_admin", } errNoValidRole = errors.New("Not a valid role") ) func (r Role) Value() (driver.Value, error) { return string(r), nil } func (r *Role) UnmarshalJSON(data []byte) error { var s string if err := json.Unmarshal(data, &s); err != nil { return err } s = strings.ToLower(s) for _, v := range validRoles { if v == s { *r = Role(v) return nil } } return errNoValidRole } func deleteUser( rw http.ResponseWriter, req *http.Request, input interface{}, db *sql.DB, ) (jr JSONResult, err error) { user := mux.Vars(req)["user"] if user == "" { err = JSONError{http.StatusBadRequest, "error: user empty"} return } session, _ := auth.GetSession(req) if session.User == user { err = JSONError{http.StatusBadRequest, "error: cannot delete yourself"} return } if _, err = db.Exec(deleteUserSQL, user); err != nil { return } // Running in a go routine should not be necessary. go func() { auth.ConnPool.Logout(user) }() jr = JSONResult{Code: http.StatusNoContent} return } func updateUser( rw http.ResponseWriter, req *http.Request, input interface{}, db *sql.DB, ) (jr JSONResult, err error) { user := mux.Vars(req)["user"] if user == "" { err = JSONError{http.StatusBadRequest, "error: user empty"} return } newUser := input.(*User) if newUser.Extent == nil { _, err = db.Exec( updateUserSQL, user, newUser.Role, newUser.User, newUser.Password, newUser.Country, newUser.Email, ) } else { _, err = db.Exec( updateUserExtentSQL, user, newUser.Role, newUser.User, newUser.Password, newUser.Country, newUser.Extent.X1, newUser.Extent.Y1, newUser.Extent.X2, newUser.Extent.Y2, newUser.Email, ) } if err != nil { return } jr = JSONResult{ Code: http.StatusCreated, Result: struct { Result string `json:"result"` }{ Result: "success", }, } return } func createUser( rw http.ResponseWriter, req *http.Request, input interface{}, db *sql.DB, ) (jr JSONResult, err error) { user := input.(*User) if user.Extent == nil { _, err = db.Exec( createUserSQL, user.Role, user.User, user.Password, user.Country, user.Email, ) } else { _, err = db.Exec( createUserExtentSQL, user.Role, user.User, user.Password, user.Country, user.Extent.X1, user.Extent.Y1, user.Extent.X2, user.Extent.Y2, user.Email, ) } if err != nil { return } jr = JSONResult{ Code: http.StatusCreated, Result: struct { Result string `json:"result"` }{ Result: "success", }, } return }