refactor validation and add admin system
This commit is contained in:
sentriz
@@ -197,10 +197,11 @@ func main() {
|
||||
orm.FirstOrCreate(&db.User{}, db.User{
|
||||
Name: "admin",
|
||||
Password: "admin",
|
||||
IsAdmin: true,
|
||||
})
|
||||
orm.FirstOrCreate(&db.User{}, db.User{
|
||||
Name: "senan",
|
||||
Password: "password",
|
||||
Name: "stephen",
|
||||
Password: "stephen",
|
||||
})
|
||||
startTime := time.Now()
|
||||
tx = orm.Begin()
|
||||
|
||||
@@ -65,25 +65,32 @@ func setSubsonicRoutes(mux *http.ServeMux) {
|
||||
func setAdminRoutes(mux *http.ServeMux) {
|
||||
cont := handler.Controller{
|
||||
DB: dbCon,
|
||||
SStore: gormstore.New(dbCon, []byte("saynothinboys")),
|
||||
SStore: gormstore.New(dbCon, []byte("saynothinboys")), // TODO: not this
|
||||
}
|
||||
withBaseWare := newChain(
|
||||
withPublicWare := newChain(
|
||||
cont.WithLogging,
|
||||
cont.WithSession,
|
||||
)
|
||||
withAuthWare := newChain(
|
||||
withBaseWare,
|
||||
cont.WithValidSession,
|
||||
withUserWare := newChain(
|
||||
withPublicWare,
|
||||
cont.WithUserSession,
|
||||
)
|
||||
withAdminWare := newChain(
|
||||
withUserWare,
|
||||
cont.WithAdminSession,
|
||||
)
|
||||
server := http.FileServer(http.Dir("static"))
|
||||
mux.Handle("/admin/static/", http.StripPrefix("/admin/static/", server))
|
||||
mux.HandleFunc("/admin/login", withBaseWare(cont.ServeLogin))
|
||||
mux.HandleFunc("/admin/login_do", withBaseWare(cont.ServeLoginDo))
|
||||
mux.HandleFunc("/admin/logout", withAuthWare(cont.ServeLogout))
|
||||
mux.HandleFunc("/admin/home", withAuthWare(cont.ServeHome))
|
||||
mux.HandleFunc("/admin/change_password", withAuthWare(cont.ServeChangePassword))
|
||||
mux.HandleFunc("/admin/change_password_do", withBaseWare(cont.ServeChangePasswordDo))
|
||||
mux.HandleFunc("/admin/create_user", withAuthWare(cont.ServeCreateUser))
|
||||
mux.HandleFunc("/admin/create_user_do", withBaseWare(cont.ServeCreateUserDo))
|
||||
mux.HandleFunc("/admin/login", withPublicWare(cont.ServeLogin))
|
||||
mux.HandleFunc("/admin/login_do", withPublicWare(cont.ServeLoginDo))
|
||||
mux.HandleFunc("/admin/logout", withUserWare(cont.ServeLogout))
|
||||
mux.HandleFunc("/admin/home", withUserWare(cont.ServeHome))
|
||||
mux.HandleFunc("/admin/change_own_password", withUserWare(cont.ServeChangeOwnPassword))
|
||||
mux.HandleFunc("/admin/change_own_password_do", withUserWare(cont.ServeChangeOwnPasswordDo))
|
||||
mux.HandleFunc("/admin/change_password", withAdminWare(cont.ServeChangePassword))
|
||||
mux.HandleFunc("/admin/change_password_do", withAdminWare(cont.ServeChangePasswordDo))
|
||||
mux.HandleFunc("/admin/create_user", withAdminWare(cont.ServeCreateUser))
|
||||
mux.HandleFunc("/admin/create_user_do", withAdminWare(cont.ServeCreateUserDo))
|
||||
}
|
||||
|
||||
func main() {
|
||||
|
||||
@@ -53,4 +53,5 @@ type User struct {
|
||||
Base
|
||||
Name string `gorm:"not null;unique_index"`
|
||||
Password string
|
||||
IsAdmin bool
|
||||
}
|
||||
|
||||
@@ -4,17 +4,18 @@ import (
|
||||
"fmt"
|
||||
"net/http"
|
||||
|
||||
"github.com/gorilla/sessions"
|
||||
"github.com/jinzhu/gorm"
|
||||
"github.com/sentriz/gonic/db"
|
||||
"github.com/sentriz/gonic/handler/utilities"
|
||||
)
|
||||
|
||||
func (c *Controller) ServeLogin(w http.ResponseWriter, r *http.Request) {
|
||||
session, _ := c.SStore.Get(r, "gonic")
|
||||
renderTemplate(w, r, session, "login", &templateData{})
|
||||
renderTemplate(w, r, "login", nil)
|
||||
}
|
||||
|
||||
func (c *Controller) ServeLoginDo(w http.ResponseWriter, r *http.Request) {
|
||||
session, _ := c.SStore.Get(r, "gonic")
|
||||
session := r.Context().Value("session").(*sessions.Session)
|
||||
username := r.FormValue("username")
|
||||
password := r.FormValue("password")
|
||||
if username == "" || password == "" {
|
||||
@@ -37,24 +38,43 @@ func (c *Controller) ServeLoginDo(w http.ResponseWriter, r *http.Request) {
|
||||
}
|
||||
|
||||
func (c *Controller) ServeLogout(w http.ResponseWriter, r *http.Request) {
|
||||
session, _ := c.SStore.Get(r, "gonic")
|
||||
session := r.Context().Value("session").(*sessions.Session)
|
||||
delete(session.Values, "user")
|
||||
session.Save(r, w)
|
||||
http.Redirect(w, r, "/admin/login", 303)
|
||||
}
|
||||
|
||||
func (c *Controller) ServeHome(w http.ResponseWriter, r *http.Request) {
|
||||
session, _ := c.SStore.Get(r, "gonic")
|
||||
var data templateData
|
||||
c.DB.Table("album_artists").Count(&data.ArtistCount)
|
||||
c.DB.Table("albums").Count(&data.AlbumCount)
|
||||
c.DB.Table("tracks").Count(&data.TrackCount)
|
||||
c.DB.Find(&data.AllUsers)
|
||||
renderTemplate(w, r, session, "home", &data)
|
||||
renderTemplate(w, r, "home", &data)
|
||||
}
|
||||
|
||||
func (c *Controller) ServeChangeOwnPassword(w http.ResponseWriter, r *http.Request) {
|
||||
renderTemplate(w, r, "change_own_password", nil)
|
||||
}
|
||||
|
||||
func (c *Controller) ServeChangeOwnPasswordDo(w http.ResponseWriter, r *http.Request) {
|
||||
session := r.Context().Value("session").(*sessions.Session)
|
||||
passwordOne := r.FormValue("password_one")
|
||||
passwordTwo := r.FormValue("password_two")
|
||||
err := utilities.ValidatePasswords(passwordOne, passwordTwo)
|
||||
if err != nil {
|
||||
session.AddFlash(err.Error())
|
||||
session.Save(r, w)
|
||||
http.Redirect(w, r, r.Header.Get("Referer"), 302)
|
||||
return
|
||||
}
|
||||
user, _ := session.Values["user"].(*db.User)
|
||||
user.Password = passwordOne
|
||||
c.DB.Save(user)
|
||||
http.Redirect(w, r, "/admin/home", 303)
|
||||
}
|
||||
|
||||
func (c *Controller) ServeChangePassword(w http.ResponseWriter, r *http.Request) {
|
||||
session, _ := c.SStore.Get(r, "gonic")
|
||||
username := r.URL.Query().Get("user")
|
||||
if username == "" {
|
||||
http.Error(w, "please provide a username", 400)
|
||||
@@ -68,60 +88,56 @@ func (c *Controller) ServeChangePassword(w http.ResponseWriter, r *http.Request)
|
||||
}
|
||||
var data templateData
|
||||
data.SelectedUser = &user
|
||||
renderTemplate(w, r, session, "change_password", &data)
|
||||
renderTemplate(w, r, "change_password", &data)
|
||||
}
|
||||
|
||||
func (c *Controller) ServeChangePasswordDo(w http.ResponseWriter, r *http.Request) {
|
||||
session, _ := c.SStore.Get(r, "gonic")
|
||||
session := r.Context().Value("session").(*sessions.Session)
|
||||
username := r.URL.Query().Get("user")
|
||||
var user db.User
|
||||
c.DB.Where("name = ?", username).First(&user)
|
||||
password_one := r.FormValue("password_one")
|
||||
password_two := r.FormValue("password_two")
|
||||
if password_one == "" || password_two == "" {
|
||||
session.AddFlash("please provide both passwords")
|
||||
passwordOne := r.FormValue("password_one")
|
||||
passwordTwo := r.FormValue("password_two")
|
||||
err := utilities.ValidatePasswords(passwordOne, passwordTwo)
|
||||
if err != nil {
|
||||
session.AddFlash(err.Error())
|
||||
session.Save(r, w)
|
||||
http.Redirect(w, r, r.Header.Get("Referer"), 302)
|
||||
return
|
||||
}
|
||||
if !(password_one == password_two) {
|
||||
session.AddFlash("the two passwords entered were not the same")
|
||||
session.Save(r, w)
|
||||
http.Redirect(w, r, r.Header.Get("Referer"), 302)
|
||||
return
|
||||
}
|
||||
user.Password = password_one
|
||||
user.Password = passwordOne
|
||||
c.DB.Save(&user)
|
||||
http.Redirect(w, r, "/admin/home", 303)
|
||||
}
|
||||
|
||||
func (c *Controller) ServeCreateUser(w http.ResponseWriter, r *http.Request) {
|
||||
session, _ := c.SStore.Get(r, "gonic")
|
||||
renderTemplate(w, r, session, "create_user", &templateData{})
|
||||
renderTemplate(w, r, "create_user", nil)
|
||||
}
|
||||
|
||||
func (c *Controller) ServeCreateUserDo(w http.ResponseWriter, r *http.Request) {
|
||||
session, _ := c.SStore.Get(r, "gonic")
|
||||
session := r.Context().Value("session").(*sessions.Session)
|
||||
username := r.FormValue("username")
|
||||
password_one := r.FormValue("password_one")
|
||||
password_two := r.FormValue("password_two")
|
||||
if username == "" || password_one == "" || password_two == "" {
|
||||
session.AddFlash("please fill out all fields")
|
||||
err := utilities.ValidateUsername(username)
|
||||
if err != nil {
|
||||
session.AddFlash(err.Error())
|
||||
session.Save(r, w)
|
||||
http.Redirect(w, r, r.Header.Get("Referer"), 302)
|
||||
return
|
||||
}
|
||||
if !(password_one == password_two) {
|
||||
session.AddFlash("the two passwords entered were not the same")
|
||||
passwordOne := r.FormValue("password_one")
|
||||
passwordTwo := r.FormValue("password_two")
|
||||
err = utilities.ValidatePasswords(passwordOne, passwordTwo)
|
||||
if err != nil {
|
||||
session.AddFlash(err.Error())
|
||||
session.Save(r, w)
|
||||
http.Redirect(w, r, r.Header.Get("Referer"), 302)
|
||||
return
|
||||
}
|
||||
user := db.User{
|
||||
Name: username,
|
||||
Password: password_one,
|
||||
Password: passwordOne,
|
||||
}
|
||||
err := c.DB.Create(&user).Error
|
||||
err = c.DB.Create(&user).Error
|
||||
if err != nil {
|
||||
session.AddFlash(fmt.Sprintf(
|
||||
"could not create user `%s`: %v", username, err,
|
||||
|
||||
@@ -32,22 +32,26 @@ func init() {
|
||||
filepath.Join("templates", "user.tmpl"),
|
||||
filepath.Join("templates", "pages", "home.tmpl"),
|
||||
))
|
||||
templates["create_user"] = template.Must(template.ParseFiles(
|
||||
filepath.Join("templates", "layout.tmpl"),
|
||||
filepath.Join("templates", "user.tmpl"),
|
||||
filepath.Join("templates", "pages", "create_user.tmpl"),
|
||||
))
|
||||
templates["change_password"] = template.Must(template.ParseFiles(
|
||||
filepath.Join("templates", "layout.tmpl"),
|
||||
filepath.Join("templates", "user.tmpl"),
|
||||
filepath.Join("templates", "pages", "change_password.tmpl"),
|
||||
))
|
||||
templates["change_own_password"] = template.Must(template.ParseFiles(
|
||||
filepath.Join("templates", "layout.tmpl"),
|
||||
filepath.Join("templates", "user.tmpl"),
|
||||
filepath.Join("templates", "pages", "change_own_password.tmpl"),
|
||||
))
|
||||
templates["create_user"] = template.Must(template.ParseFiles(
|
||||
filepath.Join("templates", "layout.tmpl"),
|
||||
filepath.Join("templates", "user.tmpl"),
|
||||
filepath.Join("templates", "pages", "create_user.tmpl"),
|
||||
))
|
||||
}
|
||||
|
||||
type Controller struct {
|
||||
DB *gorm.DB
|
||||
SStore *gormstore.Store
|
||||
Templates map[string]*template.Template
|
||||
}
|
||||
|
||||
type templateData struct {
|
||||
@@ -131,15 +135,16 @@ func respondError(w http.ResponseWriter, r *http.Request,
|
||||
}
|
||||
|
||||
func renderTemplate(w http.ResponseWriter, r *http.Request,
|
||||
s *sessions.Session, name string, data *templateData) {
|
||||
// take the flashes from the session and add to template
|
||||
data.Flashes = s.Flashes()
|
||||
s.Save(r, w)
|
||||
// take the user gob from the session (if we're logged in and
|
||||
// it's there) cast to a user and add to the template
|
||||
userIntf := s.Values["user"]
|
||||
if userIntf != nil {
|
||||
data.User = s.Values["user"].(*db.User)
|
||||
name string, data *templateData) {
|
||||
session := r.Context().Value("session").(*sessions.Session)
|
||||
if data == nil {
|
||||
data = &templateData{}
|
||||
}
|
||||
data.Flashes = session.Flashes()
|
||||
session.Save(r, w)
|
||||
user, ok := session.Values["user"].(*db.User)
|
||||
if ok {
|
||||
data.User = user
|
||||
}
|
||||
err := templates[name].ExecuteTemplate(w, "layout", data)
|
||||
if err != nil {
|
||||
|
||||
@@ -1,12 +1,14 @@
|
||||
package handler
|
||||
|
||||
import (
|
||||
"context"
|
||||
"crypto/md5"
|
||||
"encoding/hex"
|
||||
"fmt"
|
||||
"log"
|
||||
"net/http"
|
||||
|
||||
"github.com/gorilla/sessions"
|
||||
"github.com/jinzhu/gorm"
|
||||
"github.com/sentriz/gonic/db"
|
||||
)
|
||||
@@ -99,16 +101,41 @@ func (c *Controller) WithCORS(next http.HandlerFunc) http.HandlerFunc {
|
||||
}
|
||||
}
|
||||
|
||||
func (c *Controller) WithValidSession(next http.HandlerFunc) http.HandlerFunc {
|
||||
func (c *Controller) WithSession(next http.HandlerFunc) http.HandlerFunc {
|
||||
return func(w http.ResponseWriter, r *http.Request) {
|
||||
session, _ := c.SStore.Get(r, "gonic")
|
||||
user, _ := session.Values["user"]
|
||||
if user == nil {
|
||||
withSession := context.WithValue(r.Context(), "session", session)
|
||||
next.ServeHTTP(w, r.WithContext(withSession))
|
||||
}
|
||||
}
|
||||
|
||||
func (c *Controller) WithUserSession(next http.HandlerFunc) http.HandlerFunc {
|
||||
return func(w http.ResponseWriter, r *http.Request) {
|
||||
// session exists at this point
|
||||
session := r.Context().Value("session").(*sessions.Session)
|
||||
_, ok := session.Values["user"]
|
||||
if !ok {
|
||||
session.AddFlash("you are not authenticated")
|
||||
session.Save(r, w)
|
||||
http.Redirect(w, r, "/admin/login", 303)
|
||||
return
|
||||
}
|
||||
withSession := context.WithValue(r.Context(), "session", session)
|
||||
next.ServeHTTP(w, r.WithContext(withSession))
|
||||
}
|
||||
}
|
||||
|
||||
func (c *Controller) WithAdminSession(next http.HandlerFunc) http.HandlerFunc {
|
||||
return func(w http.ResponseWriter, r *http.Request) {
|
||||
// session and user exist at this point
|
||||
session := r.Context().Value("session").(*sessions.Session)
|
||||
user := session.Values["user"].(*db.User)
|
||||
if !user.IsAdmin {
|
||||
session.AddFlash("you are not an admin")
|
||||
session.Save(r, w)
|
||||
http.Redirect(w, r, "/admin/login", 303)
|
||||
return
|
||||
}
|
||||
next.ServeHTTP(w, r)
|
||||
}
|
||||
}
|
||||
|
||||
20
handler/utilities/utilities.go
Normal file
20
handler/utilities/utilities.go
Normal file
@@ -0,0 +1,20 @@
|
||||
package utilities
|
||||
|
||||
import "fmt"
|
||||
|
||||
func ValidateUsername(username string) error {
|
||||
if username == "" {
|
||||
return fmt.Errorf("please enter the username")
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
func ValidatePasswords(pOne, pTwo string) error {
|
||||
if pOne == "" || pTwo == "" {
|
||||
return fmt.Errorf("please enter the password twice")
|
||||
}
|
||||
if !(pOne == pTwo) {
|
||||
return fmt.Errorf("the two passwords entered were not the same")
|
||||
}
|
||||
return nil
|
||||
}
|
||||
@@ -73,7 +73,6 @@ form input[type=password], form input[type=text] {
|
||||
}
|
||||
|
||||
#footer {
|
||||
background-color: #fdad1b0d;
|
||||
border-top: 1px solid;
|
||||
text-align: right;
|
||||
}
|
||||
|
||||
14
templates/pages/change_own_password.tmpl
Normal file
14
templates/pages/change_own_password.tmpl
Normal file
@@ -0,0 +1,14 @@
|
||||
{{ define "title" }}home{{ end }}
|
||||
|
||||
{{ define "user" }}
|
||||
<div class="padded box mono">
|
||||
<div class="box-title">
|
||||
<span><u>changing account password</u></span>
|
||||
</div>
|
||||
<form id="login-form" action="/admin/change_own_password_do" method="post">
|
||||
<input type="password" id="password_one" name="password_one" placeholder="new password">
|
||||
<input type="password" id="password_two" name="password_two" placeholder="verify new password">
|
||||
<input type="submit" value="change">
|
||||
</form>
|
||||
</div>
|
||||
{{ end }}
|
||||
@@ -20,6 +20,8 @@
|
||||
</div>
|
||||
</div>
|
||||
<div class="padded box mono">
|
||||
{{ if .User.IsAdmin }}
|
||||
{{/* admin panel to manage all users */}}
|
||||
<div class="box-title">
|
||||
<span><u>users</u></span>
|
||||
</div>
|
||||
@@ -30,5 +32,14 @@
|
||||
<br>
|
||||
<a href="/admin/create_user" class="button">create new</a>
|
||||
</div>
|
||||
{{ else }}
|
||||
{{/* user panel to manage themselves */}}
|
||||
<div class="box-title">
|
||||
<span><u>your account</u></span>
|
||||
</div>
|
||||
<div class="right">
|
||||
<a href="/admin/change_own_password" class="button">change password</a>
|
||||
</div>
|
||||
{{ end }}
|
||||
</div>
|
||||
{{ end }}
|
||||
|
||||
@@ -2,7 +2,7 @@
|
||||
|
||||
{{ define "content" }}
|
||||
<div class="light right">
|
||||
<span>welcome <u>{{ .User.Name }}</u> | <a href="/admin/logout">logout</a></span>
|
||||
<span>welcome <u>{{ .User.Name }}</u> | <a href="/admin/home">home</a> | <a href="/admin/logout">logout</a></span>
|
||||
</div>
|
||||
{{ template "user" . }}
|
||||
{{ end }}
|
||||
|
||||
Reference in New Issue
Block a user