add user row to request context
This commit is contained in:
sentriz
@@ -25,15 +25,17 @@ func (c *Controller) ServeLoginDo(w http.ResponseWriter, r *http.Request) {
|
|||||||
http.Redirect(w, r, r.Header.Get("Referer"), 302)
|
http.Redirect(w, r, r.Header.Get("Referer"), 302)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
var user db.User
|
user := c.GetUserFromName(username)
|
||||||
c.DB.Where("name = ?", username).First(&user)
|
|
||||||
if !(username == user.Name && password == user.Password) {
|
if !(username == user.Name && password == user.Password) {
|
||||||
session.AddFlash("invalid username / password")
|
session.AddFlash("invalid username / password")
|
||||||
session.Save(r, w)
|
session.Save(r, w)
|
||||||
http.Redirect(w, r, r.Header.Get("Referer"), 302)
|
http.Redirect(w, r, r.Header.Get("Referer"), 302)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
session.Values["user"] = user
|
// put the user name into the session. future endpoints after this one
|
||||||
|
// are wrapped with WithUserSession() which will get the name from the
|
||||||
|
// session and put the row into the request context.
|
||||||
|
session.Values["user"] = user.Name
|
||||||
session.Save(r, w)
|
session.Save(r, w)
|
||||||
http.Redirect(w, r, "/admin/home", 303)
|
http.Redirect(w, r, "/admin/home", 303)
|
||||||
}
|
}
|
||||||
@@ -72,7 +74,7 @@ func (c *Controller) ServeChangeOwnPasswordDo(w http.ResponseWriter, r *http.Req
|
|||||||
http.Redirect(w, r, r.Header.Get("Referer"), 302)
|
http.Redirect(w, r, r.Header.Get("Referer"), 302)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
user, _ := session.Values["user"].(*db.User)
|
user := r.Context().Value("user").(*db.User)
|
||||||
user.Password = passwordOne
|
user.Password = passwordOne
|
||||||
c.DB.Save(user)
|
c.DB.Save(user)
|
||||||
http.Redirect(w, r, "/admin/home", 303)
|
http.Redirect(w, r, "/admin/home", 303)
|
||||||
@@ -100,7 +102,7 @@ func (c *Controller) ServeLinkLastFMCallback(w http.ResponseWriter, r *http.Requ
|
|||||||
http.Redirect(w, r, "/admin/home", 302)
|
http.Redirect(w, r, "/admin/home", 302)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
user, _ := session.Values["user"].(*db.User)
|
user := r.Context().Value("user").(*db.User)
|
||||||
user.LastFMSession = sessionKey
|
user.LastFMSession = sessionKey
|
||||||
c.DB.Save(&user)
|
c.DB.Save(&user)
|
||||||
http.Redirect(w, r, "/admin/home", 302)
|
http.Redirect(w, r, "/admin/home", 302)
|
||||||
@@ -183,12 +185,8 @@ func (c *Controller) ServeCreateUserDo(w http.ResponseWriter, r *http.Request) {
|
|||||||
|
|
||||||
func (c *Controller) ServeUpdateLastFMAPIKey(w http.ResponseWriter, r *http.Request) {
|
func (c *Controller) ServeUpdateLastFMAPIKey(w http.ResponseWriter, r *http.Request) {
|
||||||
var data templateData
|
var data templateData
|
||||||
var apiKey db.Setting
|
data.CurrentLastFMAPIKey = c.GetSetting("lastfm_api_key")
|
||||||
c.DB.Where("key = ?", "lastfm_api_key").First(&apiKey)
|
data.CurrentLastFMAPISecret = c.GetSetting("lastfm_secret")
|
||||||
data.CurrentLastFMAPIKey = apiKey.Value
|
|
||||||
var secret db.Setting
|
|
||||||
c.DB.Where("key = ?", "lastfm_secret").First(&secret)
|
|
||||||
data.CurrentLastFMAPISecret = secret.Value
|
|
||||||
renderTemplate(w, r, "update_lastfm_api_key", &data)
|
renderTemplate(w, r, "update_lastfm_api_key", &data)
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -203,13 +201,7 @@ func (c *Controller) ServeUpdateLastFMAPIKeyDo(w http.ResponseWriter, r *http.Re
|
|||||||
http.Redirect(w, r, r.Header.Get("Referer"), 302)
|
http.Redirect(w, r, r.Header.Get("Referer"), 302)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
c.DB.
|
c.SetSetting("lastfm_api_key", apiKey)
|
||||||
Where(db.Setting{Key: "lastfm_api_key"}).
|
c.SetSetting("lastfm_secret", secret)
|
||||||
Assign(db.Setting{Value: apiKey}).
|
|
||||||
FirstOrCreate(&db.Setting{})
|
|
||||||
c.DB.
|
|
||||||
Where(db.Setting{Key: "lastfm_secret"}).
|
|
||||||
Assign(db.Setting{Value: secret}).
|
|
||||||
FirstOrCreate(&db.Setting{})
|
|
||||||
http.Redirect(w, r, "/admin/home", 303)
|
http.Redirect(w, r, "/admin/home", 303)
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -60,6 +60,25 @@ type Controller struct {
|
|||||||
SStore *gormstore.Store
|
SStore *gormstore.Store
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func (c *Controller) GetSetting(key string) string {
|
||||||
|
var setting db.Setting
|
||||||
|
c.DB.Where("key = ?", key).First(&setting)
|
||||||
|
return setting.Value
|
||||||
|
}
|
||||||
|
|
||||||
|
func (c *Controller) SetSetting(key, value string) {
|
||||||
|
c.DB.
|
||||||
|
Where(db.Setting{Key: key}).
|
||||||
|
Assign(db.Setting{Value: value}).
|
||||||
|
FirstOrCreate(&db.Setting{})
|
||||||
|
}
|
||||||
|
|
||||||
|
func (c *Controller) GetUserFromName(name string) *db.User {
|
||||||
|
var user db.User
|
||||||
|
c.DB.Where("name = ?", name).First(&user)
|
||||||
|
return &user
|
||||||
|
}
|
||||||
|
|
||||||
type templateData struct {
|
type templateData struct {
|
||||||
Flashes []interface{}
|
Flashes []interface{}
|
||||||
User *db.User
|
User *db.User
|
||||||
@@ -151,7 +170,7 @@ func renderTemplate(w http.ResponseWriter, r *http.Request,
|
|||||||
}
|
}
|
||||||
data.Flashes = session.Flashes()
|
data.Flashes = session.Flashes()
|
||||||
session.Save(r, w)
|
session.Save(r, w)
|
||||||
user, ok := session.Values["user"].(*db.User)
|
user, ok := r.Context().Value("user").(*db.User)
|
||||||
if ok {
|
if ok {
|
||||||
data.User = user
|
data.User = user
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -113,15 +113,17 @@ func (c *Controller) WithUserSession(next http.HandlerFunc) http.HandlerFunc {
|
|||||||
return func(w http.ResponseWriter, r *http.Request) {
|
return func(w http.ResponseWriter, r *http.Request) {
|
||||||
// session exists at this point
|
// session exists at this point
|
||||||
session := r.Context().Value("session").(*sessions.Session)
|
session := r.Context().Value("session").(*sessions.Session)
|
||||||
_, ok := session.Values["user"]
|
username, ok := session.Values["user"].(string)
|
||||||
if !ok {
|
if !ok {
|
||||||
session.AddFlash("you are not authenticated")
|
session.AddFlash("you are not authenticated")
|
||||||
session.Save(r, w)
|
session.Save(r, w)
|
||||||
http.Redirect(w, r, "/admin/login", 303)
|
http.Redirect(w, r, "/admin/login", 303)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
withSession := context.WithValue(r.Context(), "session", session)
|
// take username from sesion and add the user row
|
||||||
next.ServeHTTP(w, r.WithContext(withSession))
|
user := c.GetUserFromName(username)
|
||||||
|
withUser := context.WithValue(r.Context(), "user", user)
|
||||||
|
next.ServeHTTP(w, r.WithContext(withUser))
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -129,7 +131,7 @@ func (c *Controller) WithAdminSession(next http.HandlerFunc) http.HandlerFunc {
|
|||||||
return func(w http.ResponseWriter, r *http.Request) {
|
return func(w http.ResponseWriter, r *http.Request) {
|
||||||
// session and user exist at this point
|
// session and user exist at this point
|
||||||
session := r.Context().Value("session").(*sessions.Session)
|
session := r.Context().Value("session").(*sessions.Session)
|
||||||
user := session.Values["user"].(*db.User)
|
user := r.Context().Value("user").(*db.User)
|
||||||
if !user.IsAdmin {
|
if !user.IsAdmin {
|
||||||
session.AddFlash("you are not an admin")
|
session.AddFlash("you are not an admin")
|
||||||
session.Save(r, w)
|
session.Save(r, w)
|
||||||
|
|||||||
Reference in New Issue
Block a user