heimoshuiyu/gonic
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity

remove response writer from most admin handlers

Browse Source
This commit is contained in:
sentriz
2019-08-07 13:53:02 +01:00
parent 6d0fe80608
commit 9c2f2e381b
7 changed files with 128 additions and 97 deletions
Download Patch File Download Diff File Expand all files Collapse all files

42
server/ctrladmin/ctrl.go
View File

@@ -103,7 +103,7 @@ type templateData struct {
SelectedUser *model.User SelectedUser *model.User
} }
type adminHandler func(w http.ResponseWriter, r *http.Request) *Response type adminHandler func(r *http.Request) *Response
type Response struct { type Response struct {
// code is 200 // code is 200
@@ -111,6 +111,8 @@ type Response struct {
data *templateData data *templateData
// code is 303 // code is 303
redirect string redirect string
flashN string // normal
flashW string // warning
// code is >= 400 // code is >= 400
code int code int
err string err string
@@ -118,7 +120,16 @@ type Response struct {
func (c *Controller) H(h adminHandler) http.Handler { func (c *Controller) H(h adminHandler) http.Handler {
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
resp := h(w, r) resp := h(r)
session, ok := r.Context().Value(key.Session).(*sessions.Session)
if ok {
sessAddFlashN(session, resp.flashN)
sessAddFlashW(session, resp.flashW)
if err := session.Save(r, w); err != nil {
http.Error(w, fmt.Sprint("error saving session: %v", err), 500)
return
}
}
if resp.redirect != "" { if resp.redirect != "" {
http.Redirect(w, r, resp.redirect, http.StatusSeeOther) http.Redirect(w, r, resp.redirect, http.StatusSeeOther)
return return
@@ -134,9 +145,12 @@ func (c *Controller) H(h adminHandler) http.Handler {
if resp.data == nil { if resp.data == nil {
resp.data = &templateData{} resp.data = &templateData{}
} }
if session, ok := r.Context().Value(key.Session).(*sessions.Session); ok { if session != nil {
resp.data.Flashes = session.Flashes() resp.data.Flashes = session.Flashes()
sessLogSave(w, r, session) if err := session.Save(r, w); err != nil {
http.Error(w, fmt.Sprint("error saving session: %v", err), 500)
return
}
} }
if user, ok := r.Context().Value(key.User).(*model.User); ok { if user, ok := r.Context().Value(key.User).(*model.User); ok {
resp.data.User = user resp.data.User = user
@@ -172,7 +186,7 @@ func firstExisting(or string, strings ...string) string {
return or return or
} }
func sessLogSave(w http.ResponseWriter, r *http.Request, s *sessions.Session) { func sessLogSave(s *sessions.Session, w http.ResponseWriter, r *http.Request) {
if err := s.Save(r, w); err != nil { if err := s.Save(r, w); err != nil {
log.Printf("error saving session: %v\n", err) log.Printf("error saving session: %v\n", err)
} }
@@ -183,26 +197,32 @@ type Flash struct {
Type string Type string
} }
func sessAddFlashW(message string, s *sessions.Session) { func sessAddFlashW(s *sessions.Session, message string) {
if message == "" {
return
}
s.AddFlash(Flash{ s.AddFlash(Flash{
Message: message, Message: message,
Type: "warning", Type: "warning",
}) })
} }
func sessAddFlashWf(message string, s *sessions.Session, a ...interface{}) { func sessAddFlashWf(s *sessions.Session, message string, a ...interface{}) {
sessAddFlashW(fmt.Sprintf(message, a...), s) sessAddFlashW(s, fmt.Sprintf(message, a...))
} }
func sessAddFlashN(message string, s *sessions.Session) { func sessAddFlashN(s *sessions.Session, message string) {
if message == "" {
return
}
s.AddFlash(Flash{ s.AddFlash(Flash{
Message: message, Message: message,
Type: "normal", Type: "normal",
}) })
} }
func sessAddFlashNf(message string, s *sessions.Session, a ...interface{}) { func sessAddFlashNf(s *sessions.Session, message string, a ...interface{}) {
sessAddFlashN(fmt.Sprintf(message, a...), s) sessAddFlashN(s, fmt.Sprintf(message, a...))
} }
// ## begin validation // ## begin validation

126
server/ctrladmin/handlers.go
View File

@@ -7,53 +7,21 @@ import (
"strconv" "strconv"
"time" "time"
"github.com/gorilla/sessions"
"senan.xyz/g/gonic/model" "senan.xyz/g/gonic/model"
"senan.xyz/g/gonic/scanner" "senan.xyz/g/gonic/scanner"
"senan.xyz/g/gonic/server/key" "senan.xyz/g/gonic/server/key"
"senan.xyz/g/gonic/server/lastfm" "senan.xyz/g/gonic/server/lastfm"
) )
func (c *Controller) ServeNotFound(w http.ResponseWriter, r *http.Request) *Response { func (c *Controller) ServeNotFound(r *http.Request) *Response {
return &Response{template: "not_found.tmpl"} return &Response{template: "not_found.tmpl"}
} }
func (c *Controller) ServeLogin(w http.ResponseWriter, r *http.Request) *Response { func (c *Controller) ServeLogin(r *http.Request) *Response {
return &Response{template: "login.tmpl"} return &Response{template: "login.tmpl"}
} }
func (c *Controller) ServeLoginDo(w http.ResponseWriter, r *http.Request) *Response { func (c *Controller) ServeHome(r *http.Request) *Response {
session := r.Context().Value(key.Session).(*sessions.Session)
username := r.FormValue("username")
password := r.FormValue("password")
if username == "" || password == "" {
sessAddFlashW("please provide both a username and password", session)
sessLogSave(w, r, session)
return &Response{redirect: r.Referer()}
}
user := c.DB.GetUserFromName(username)
if user == nil || password != user.Password {
sessAddFlashW("invalid username / password", session)
sessLogSave(w, r, session)
return &Response{redirect: r.Referer()}
}
// put the user name into the session. future endpoints after this one
// are wrapped with WithUserSession() which will get the name from the
// session and put the row into the request context
session.Values["user"] = user.Name
sessLogSave(w, r, session)
return &Response{redirect: "/admin/home"}
}
func (c *Controller) ServeLogout(w http.ResponseWriter, r *http.Request) *Response {
session := r.Context().Value(key.Session).(*sessions.Session)
session.Options.MaxAge = -1
sessLogSave(w, r, session)
return &Response{redirect: "/admin/login"}
}
func (c *Controller) ServeHome(w http.ResponseWriter, r *http.Request) *Response {
data := &templateData{} data := &templateData{}
// //
// stats box // stats box
@@ -97,19 +65,19 @@ func (c *Controller) ServeHome(w http.ResponseWriter, r *http.Request) *Response
} }
} }
func (c *Controller) ServeChangeOwnPassword(w http.ResponseWriter, r *http.Request) *Response { func (c *Controller) ServeChangeOwnPassword(r *http.Request) *Response {
return &Response{template: "change_own_password.tmpl"} return &Response{template: "change_own_password.tmpl"}
} }
func (c *Controller) ServeChangeOwnPasswordDo(w http.ResponseWriter, r *http.Request) *Response { func (c *Controller) ServeChangeOwnPasswordDo(r *http.Request) *Response {
session := r.Context().Value(key.Session).(*sessions.Session)
passwordOne := r.FormValue("password_one") passwordOne := r.FormValue("password_one")
passwordTwo := r.FormValue("password_two") passwordTwo := r.FormValue("password_two")
err := validatePasswords(passwordOne, passwordTwo) err := validatePasswords(passwordOne, passwordTwo)
if err != nil { if err != nil {
sessAddFlashW(err.Error(), session) return &Response{
sessLogSave(w, r, session) redirect: r.Referer(),
return &Response{redirect: r.Referer()} flashW: err.Error(),
}
} }
user := r.Context().Value(key.User).(*model.User) user := r.Context().Value(key.User).(*model.User)
user.Password = passwordOne user.Password = passwordOne
@@ -117,7 +85,7 @@ func (c *Controller) ServeChangeOwnPasswordDo(w http.ResponseWriter, r *http.Req
return &Response{redirect: "/admin/home"} return &Response{redirect: "/admin/home"}
} }
func (c *Controller) ServeLinkLastFMDo(w http.ResponseWriter, r *http.Request) *Response { func (c *Controller) ServeLinkLastFMDo(r *http.Request) *Response {
token := r.URL.Query().Get("token") token := r.URL.Query().Get("token")
if token == "" { if token == "" {
return &Response{ return &Response{
@@ -131,10 +99,10 @@ func (c *Controller) ServeLinkLastFMDo(w http.ResponseWriter, r *http.Request) *
token, token,
) )
if err != nil { if err != nil {
session := r.Context().Value(key.Session).(*sessions.Session) return &Response{
sessAddFlashW(err.Error(), session) redirect: "/admin/home",
sessLogSave(w, r, session) flashW: err.Error(),
return &Response{redirect: "/admin/home"} }
} }
user := r.Context().Value(key.User).(*model.User) user := r.Context().Value(key.User).(*model.User)
user.LastFMSession = sessionKey user.LastFMSession = sessionKey
@@ -142,14 +110,14 @@ func (c *Controller) ServeLinkLastFMDo(w http.ResponseWriter, r *http.Request) *
return &Response{redirect: "/admin/home"} return &Response{redirect: "/admin/home"}
} }
func (c *Controller) ServeUnlinkLastFMDo(w http.ResponseWriter, r *http.Request) *Response { func (c *Controller) ServeUnlinkLastFMDo(r *http.Request) *Response {
user := r.Context().Value(key.User).(*model.User) user := r.Context().Value(key.User).(*model.User)
user.LastFMSession = "" user.LastFMSession = ""
c.DB.Save(&user) c.DB.Save(&user)
return &Response{redirect: "/admin/home"} return &Response{redirect: "/admin/home"}
} }
func (c *Controller) ServeChangePassword(w http.ResponseWriter, r *http.Request) *Response { func (c *Controller) ServeChangePassword(r *http.Request) *Response {
username := r.URL.Query().Get("user") username := r.URL.Query().Get("user")
if username == "" { if username == "" {
return &Response{ return &Response{
@@ -172,16 +140,16 @@ func (c *Controller) ServeChangePassword(w http.ResponseWriter, r *http.Request)
} }
} }
func (c *Controller) ServeChangePasswordDo(w http.ResponseWriter, r *http.Request) *Response { func (c *Controller) ServeChangePasswordDo(r *http.Request) *Response {
session := r.Context().Value(key.Session).(*sessions.Session)
username := r.URL.Query().Get("user") username := r.URL.Query().Get("user")
passwordOne := r.FormValue("password_one") passwordOne := r.FormValue("password_one")
passwordTwo := r.FormValue("password_two") passwordTwo := r.FormValue("password_two")
err := validatePasswords(passwordOne, passwordTwo) err := validatePasswords(passwordOne, passwordTwo)
if err != nil { if err != nil {
sessAddFlashW(err.Error(), session) return &Response{
sessLogSave(w, r, session) redirect: r.Referer(),
return &Response{redirect: r.Referer()} flashW: err.Error(),
}
} }
user := c.DB.GetUserFromName(username) user := c.DB.GetUserFromName(username)
user.Password = passwordOne user.Password = passwordOne
@@ -189,7 +157,7 @@ func (c *Controller) ServeChangePasswordDo(w http.ResponseWriter, r *http.Reques
return &Response{redirect: "/admin/home"} return &Response{redirect: "/admin/home"}
} }
func (c *Controller) ServeDeleteUser(w http.ResponseWriter, r *http.Request) *Response { func (c *Controller) ServeDeleteUser(r *http.Request) *Response {
username := r.URL.Query().Get("user") username := r.URL.Query().Get("user")
if username == "" { if username == "" {
return &Response{ return &Response{
@@ -212,33 +180,34 @@ func (c *Controller) ServeDeleteUser(w http.ResponseWriter, r *http.Request) *Re
} }
} }
func (c *Controller) ServeDeleteUserDo(w http.ResponseWriter, r *http.Request) *Response { func (c *Controller) ServeDeleteUserDo(r *http.Request) *Response {
username := r.URL.Query().Get("user") username := r.URL.Query().Get("user")
user := c.DB.GetUserFromName(username) user := c.DB.GetUserFromName(username)
c.DB.Delete(user) c.DB.Delete(user)
return &Response{redirect: "/admin/home"} return &Response{redirect: "/admin/home"}
} }
func (c *Controller) ServeCreateUser(w http.ResponseWriter, r *http.Request) *Response { func (c *Controller) ServeCreateUser(r *http.Request) *Response {
return &Response{template: "create_user.tmpl"} return &Response{template: "create_user.tmpl"}
} }
func (c *Controller) ServeCreateUserDo(w http.ResponseWriter, r *http.Request) *Response { func (c *Controller) ServeCreateUserDo(r *http.Request) *Response {
session := r.Context().Value(key.Session).(*sessions.Session)
username := r.FormValue("username") username := r.FormValue("username")
err := validateUsername(username) err := validateUsername(username)
if err != nil { if err != nil {
sessAddFlashW(err.Error(), session) return &Response{
sessLogSave(w, r, session) redirect: r.Referer(),
return &Response{redirect: r.Referer()} flashW: err.Error(),
}
} }
passwordOne := r.FormValue("password_one") passwordOne := r.FormValue("password_one")
passwordTwo := r.FormValue("password_two") passwordTwo := r.FormValue("password_two")
err = validatePasswords(passwordOne, passwordTwo) err = validatePasswords(passwordOne, passwordTwo)
if err != nil { if err != nil {
sessAddFlashW(err.Error(), session) return &Response{
sessLogSave(w, r, session) redirect: r.Referer(),
return &Response{redirect: r.Referer()} flashW: err.Error(),
}
} }
user := model.User{ user := model.User{
Name: username, Name: username,
@@ -246,14 +215,15 @@ func (c *Controller) ServeCreateUserDo(w http.ResponseWriter, r *http.Request) *
} }
err = c.DB.Create(&user).Error err = c.DB.Create(&user).Error
if err != nil { if err != nil {
sessAddFlashWf("could not create user `%s`: %v", session, username, err) return &Response{
sessLogSave(w, r, session) redirect: r.Referer(),
return &Response{redirect: r.Referer()} flashW: fmt.Sprintf("could not create user `%s`: %v", username, err),
}
} }
return &Response{redirect: "/admin/home"} return &Response{redirect: "/admin/home"}
} }
func (c *Controller) ServeUpdateLastFMAPIKey(w http.ResponseWriter, r *http.Request) *Response { func (c *Controller) ServeUpdateLastFMAPIKey(r *http.Request) *Response {
data := &templateData{} data := &templateData{}
data.CurrentLastFMAPIKey = c.DB.GetSetting("lastfm_api_key") data.CurrentLastFMAPIKey = c.DB.GetSetting("lastfm_api_key")
data.CurrentLastFMAPISecret = c.DB.GetSetting("lastfm_secret") data.CurrentLastFMAPISecret = c.DB.GetSetting("lastfm_secret")
@@ -263,21 +233,21 @@ func (c *Controller) ServeUpdateLastFMAPIKey(w http.ResponseWriter, r *http.Requ
} }
} }
func (c *Controller) ServeUpdateLastFMAPIKeyDo(w http.ResponseWriter, r *http.Request) *Response { func (c *Controller) ServeUpdateLastFMAPIKeyDo(r *http.Request) *Response {
session := r.Context().Value(key.Session).(*sessions.Session)
apiKey := r.FormValue("api_key") apiKey := r.FormValue("api_key")
secret := r.FormValue("secret") secret := r.FormValue("secret")
if err := validateAPIKey(apiKey, secret); err != nil { if err := validateAPIKey(apiKey, secret); err != nil {
sessAddFlashW(err.Error(), session) return &Response{
sessLogSave(w, r, session) redirect: r.Referer(),
return &Response{redirect: r.Referer()} flashW: err.Error(),
}
} }
c.DB.SetSetting("lastfm_api_key", apiKey) c.DB.SetSetting("lastfm_api_key", apiKey)
c.DB.SetSetting("lastfm_secret", secret) c.DB.SetSetting("lastfm_secret", secret)
return &Response{redirect: "/admin/home"} return &Response{redirect: "/admin/home"}
} }
func (c *Controller) ServeStartScanDo(w http.ResponseWriter, r *http.Request) *Response { func (c *Controller) ServeStartScanDo(r *http.Request) *Response {
defer func() { defer func() {
go func() { go func() {
err := scanner. err := scanner.
@@ -288,8 +258,8 @@ func (c *Controller) ServeStartScanDo(w http.ResponseWriter, r *http.Request) *R
} }
}() }()
}() }()
session := r.Context().Value(key.Session).(*sessions.Session) return &Response{
sessAddFlashN("scan started. refresh for results", session) redirect: "/admin/home",
sessLogSave(w, r, session) flashN: "scan started. refresh for results",
return &Response{redirect: "/admin/home"} }
} }

41
server/ctrladmin/handlers_raw.go Normal file
View File

@@ -0,0 +1,41 @@
package ctrladmin
import (
"net/http"
"github.com/gorilla/sessions"
"senan.xyz/g/gonic/server/key"
)
func (c *Controller) ServeLoginDo(w http.ResponseWriter, r *http.Request) {
session := r.Context().Value(key.Session).(*sessions.Session)
username := r.FormValue("username")
password := r.FormValue("password")
if username == "" || password == "" {
sessAddFlashW(session, "please provide both a username and password")
sessLogSave(session, w, r)
http.Redirect(w, r, r.Referer(), http.StatusSeeOther)
return
}
user := c.DB.GetUserFromName(username)
if user == nil || password != user.Password {
sessAddFlashW(session, "invalid username / password")
sessLogSave(session, w, r)
http.Redirect(w, r, r.Referer(), http.StatusSeeOther)
return
}
// put the user name into the session. future endpoints after this one
// are wrapped with WithUserSession() which will get the name from the
// session and put the row into the request context
session.Values["user"] = user.Name
sessLogSave(session, w, r)
http.Redirect(w, r, "/admin/home", http.StatusSeeOther)
}
func (c *Controller) ServeLogout(w http.ResponseWriter, r *http.Request) {
session := r.Context().Value(key.Session).(*sessions.Session)
session.Options.MaxAge = -1
sessLogSave(session, w, r)
http.Redirect(w, r, "/admin/login", http.StatusSeeOther)
}

10
server/ctrladmin/middleware.go
View File

@@ -24,8 +24,8 @@ func (c *Controller) WithUserSession(next http.Handler) http.Handler {
session := r.Context().Value(key.Session).(*sessions.Session) session := r.Context().Value(key.Session).(*sessions.Session)
username, ok := session.Values["user"].(string) username, ok := session.Values["user"].(string)
if !ok { if !ok {
sessAddFlashW("you are not authenticated", session) sessAddFlashW(session, "you are not authenticated")
sessLogSave(w, r, session) sessLogSave(session, w, r)
http.Redirect(w, r, "/admin/login", http.StatusSeeOther) http.Redirect(w, r, "/admin/login", http.StatusSeeOther)
return return
} }
@@ -35,7 +35,7 @@ func (c *Controller) WithUserSession(next http.Handler) http.Handler {
// the username in the client's session no longer relates to a // the username in the client's session no longer relates to a
// user in the database (maybe the user was deleted) // user in the database (maybe the user was deleted)
session.Options.MaxAge = -1 session.Options.MaxAge = -1
sessLogSave(w, r, session) sessLogSave(session, w, r)
http.Redirect(w, r, "/admin/login", http.StatusSeeOther) http.Redirect(w, r, "/admin/login", http.StatusSeeOther)
return return
} }
@@ -50,8 +50,8 @@ func (c *Controller) WithAdminSession(next http.Handler) http.Handler {
session := r.Context().Value(key.Session).(*sessions.Session) session := r.Context().Value(key.Session).(*sessions.Session)
user := r.Context().Value(key.User).(*model.User) user := r.Context().Value(key.User).(*model.User)
if !user.IsAdmin { if !user.IsAdmin {
sessAddFlashW("you are not an admin", session) sessAddFlashW(session, "you are not an admin")
sessLogSave(w, r, session) sessLogSave(session, w, r)
http.Redirect(w, r, "/admin/login", http.StatusSeeOther) http.Redirect(w, r, "/admin/login", http.StatusSeeOther)
return return
} }

2
server/ctrlsubsonic/ctrl.go
View File

@@ -84,7 +84,7 @@ func (c *Controller) H(h subsonicHandler) http.Handler {
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
response := h(r) response := h(r)
if response == nil { if response == nil {
log.Println("error: non raw subsonic handler returned a nil response\n") log.Println("error: non raw subsonic handler returned a nil response")
return return
} }
if err := writeResp(w, r, response); err != nil { if err := writeResp(w, r, response); err != nil {

BIN
server/ctrlsubsonic/testdata/db vendored
View File

Binary file not shown.

4
server/server.go
View File

@@ -65,7 +65,7 @@ func (s *Server) SetupAdmin() error {
routPublic.Use(ctrl.WithSession) routPublic.Use(ctrl.WithSession)
routPublic.NotFoundHandler = ctrl.H(ctrl.ServeNotFound) routPublic.NotFoundHandler = ctrl.H(ctrl.ServeNotFound)
routPublic.Handle("/login", ctrl.H(ctrl.ServeLogin)) routPublic.Handle("/login", ctrl.H(ctrl.ServeLogin))
routPublic.Handle("/login_do", ctrl.H(ctrl.ServeLoginDo)) routPublic.HandleFunc("/login_do", ctrl.ServeLoginDo) // "raw" handler, updates session
assets.PrefixDo("static", func(path string, asset *assets.EmbeddedAsset) { assets.PrefixDo("static", func(path string, asset *assets.EmbeddedAsset) {
_, name := filepath.Split(path) _, name := filepath.Split(path)
route := filepath.Join("/static", name) route := filepath.Join("/static", name)
@@ -78,7 +78,7 @@ func (s *Server) SetupAdmin() error {
// begin user routes (if session is valid) // begin user routes (if session is valid)
routUser := routPublic.NewRoute().Subrouter() routUser := routPublic.NewRoute().Subrouter()
routUser.Use(ctrl.WithUserSession) routUser.Use(ctrl.WithUserSession)
routUser.Handle("/logout", ctrl.H(ctrl.ServeLogout)) routUser.HandleFunc("/logout", ctrl.ServeLogout) // "raw" handler, updates session
routUser.Handle("/home", ctrl.H(ctrl.ServeHome)) routUser.Handle("/home", ctrl.H(ctrl.ServeHome))
routUser.Handle("/change_own_password", ctrl.H(ctrl.ServeChangeOwnPassword)) routUser.Handle("/change_own_password", ctrl.H(ctrl.ServeChangeOwnPassword))
routUser.Handle("/change_own_password_do", ctrl.H(ctrl.ServeChangeOwnPasswordDo)) routUser.Handle("/change_own_password_do", ctrl.H(ctrl.ServeChangeOwnPasswordDo))