backup/http.go

package main

import (
	"net/http"

	"github.com/gin-gonic/gin"
	log "github.com/sirupsen/logrus"
)

func HttpAuth() gin.HandlerFunc {
	log.WithFields(log.Fields{}).Debugf("starting")
	defer log.WithFields(log.Fields{}).Debugf("done")

	return func(c *gin.Context) {
		// Search signed-in userID
		userID := 0
		if userID == 0 {
			// Return 404 and abort handlers chain.
			c.String(http.StatusNotFound, "404 page not found")
			c.AbortWithStatus(http.StatusNotFound)
		}
	}
}

func HttpNoAuth() gin.HandlerFunc {
	log.WithFields(log.Fields{}).Debugf("starting")
	defer log.WithFields(log.Fields{}).Debugf("done")

	return func(c *gin.Context) {
	}
}

func HttpPostSubmit(c *gin.Context) {
	log.WithFields(log.Fields{}).Debugf("starting")
	defer log.WithFields(log.Fields{}).Debugf("done")

	t, err := GetCSRFToken(c)

	if err != nil {
		c.String(http.StatusBadRequest, "bad token")
		return
	}

	if !t.Valid() {
		c.String(http.StatusBadRequest, "expired token")
		return
	}

	switch t.GetPath() {
	case "signin":
		log.WithFields(log.Fields{"call": "Context.Request.ParseForm", "err": err}).Debugf("submit signin")
		HttpSubmitSignIn(c)
		HttpAnyIndex(c)
	default:
		log.WithFields(log.Fields{"call": "Context.Request.ParseForm", "err": err}).Debugf("submit %s", t.GetPath())
		c.String(http.StatusBadRequest, "")
	}

	if GetWebSessionUserID(c) > 0 {
		c.Redirect(http.StatusTemporaryRedirect, "/p/home")
	} else {
		SetCSRFToken(c)
		warning, _ := c.Cookie("warning")
		c.SetCookie("warning", "", -1, "/", cfg.Admin.Addr, false, true)
		c.HTML(http.StatusOK, "page-signin.html", gin.H{
			"Error": warning,
		})
	}
}

func HttpGetRecover(c *gin.Context) {
	log.WithFields(log.Fields{}).Debugf("starting")
	defer log.WithFields(log.Fields{}).Debugf("done")

	c.HTML(http.StatusOK, "page-recover.html", gin.H{})
}

func HttpAnyIndex(c *gin.Context) {
	log.WithFields(log.Fields{}).Debugf("starting")
	defer log.WithFields(log.Fields{}).Debugf("done")

	if GetWebSessionUserID(c) > 0 {
		c.Redirect(http.StatusTemporaryRedirect, "/p/home")
	} else {
		c.Redirect(http.StatusTemporaryRedirect, "/u/signin")
	}
}

func HttpAnyHome(c *gin.Context) {
	log.WithFields(log.Fields{}).Debugf("starting")
	defer log.WithFields(log.Fields{}).Debugf("done")

	if GetWebSessionUserID(c) == 0 {
		c.Redirect(http.StatusTemporaryRedirect, "/u/signin")
	} else {
		SetCSRFToken(c)
		c.HTML(http.StatusOK, "page-home.html", gin.H{})
	}
}

func GetWebSessionUserID(c *gin.Context) uint64 {
	log.WithFields(log.Fields{}).Debugf("starting")
	defer log.WithFields(log.Fields{}).Debugf("done")

	return 0
}

func HttpSubmitSignIn(c *gin.Context) {
	log.WithFields(log.Fields{}).Debugf("starting")
	defer log.WithFields(log.Fields{}).Debugf("done")

	err := c.Request.ParseForm()
	if err != nil {
		c.SetCookie("warning", "Unable to parse form", 0, "/", cfg.Admin.URL, false, true)
		log.WithFields(log.Fields{"call": "Context.Request.ParseForm", "err": err}).Debugf("")
		return
	}

	username := c.Request.FormValue("username")
	password := c.Request.FormValue("password")

	userID, err := FindUserID(username)
	if err != nil {
		c.SetCookie("warning", "Invalid user or password", 0, "/", cfg.Admin.URL, false, true)
		log.WithFields(log.Fields{"call": "FindUserID", "attr": username, "err": err}).Debugf("")
		return
	}

	if !VerifyUserPassword(userID, password) {
		c.SetCookie("warning", "Invalid user or password", 0, "/", cfg.Admin.URL, false, true)
		log.WithFields(log.Fields{"call": "VerifyUserPassword", "attr": "***"}).Debugf("auth not ok")
		return
	}

	t := NewSessionToken(userID)

	c.SetCookie("session", t.Encode(), 9999999999, "/", cfg.Admin.URL, false, true)
	c.SetCookie("warning", "", -1, "/", cfg.Admin.URL, false, true)
}