1
0
mirror of https://github.com/muety/wakapi.git synced 2023-08-10 21:12:56 +03:00
wakapi/routes/settings.go

137 lines
3.9 KiB
Go
Raw Normal View History

package routes
import (
"fmt"
"github.com/gorilla/schema"
2020-10-09 22:37:16 +03:00
conf "github.com/muety/wakapi/config"
"github.com/muety/wakapi/models"
"github.com/muety/wakapi/services"
"github.com/muety/wakapi/utils"
"net/http"
"net/url"
)
type SettingsHandler struct {
2020-10-09 22:37:16 +03:00
config *conf.Config
userSrvc *services.UserService
}
var credentialsDecoder = schema.NewDecoder()
func NewSettingsHandler(userService *services.UserService) *SettingsHandler {
return &SettingsHandler{
2020-10-09 22:37:16 +03:00
config: conf.Get(),
userSrvc: userService,
}
}
func (h *SettingsHandler) GetIndex(w http.ResponseWriter, r *http.Request) {
if h.config.IsDev() {
loadTemplates()
}
user := r.Context().Value(models.UserKey).(*models.User)
data := map[string]interface{}{
"User": user,
}
// TODO: when alerts are present, other data will not be passed to the template
2020-10-09 22:37:16 +03:00
if handleAlerts(w, r, conf.SettingsTemplate) {
return
}
2020-10-09 22:37:16 +03:00
templates[conf.SettingsTemplate].Execute(w, data)
}
func (h *SettingsHandler) PostCredentials(w http.ResponseWriter, r *http.Request) {
if h.config.IsDev() {
loadTemplates()
}
user := r.Context().Value(models.UserKey).(*models.User)
var credentials models.CredentialsReset
if err := r.ParseForm(); err != nil {
2020-10-09 22:37:16 +03:00
respondAlert(w, "missing parameters", "", conf.SettingsTemplate, http.StatusBadRequest)
return
}
if err := credentialsDecoder.Decode(&credentials, r.PostForm); err != nil {
2020-10-09 22:37:16 +03:00
respondAlert(w, "missing parameters", "", conf.SettingsTemplate, http.StatusBadRequest)
return
}
2020-10-16 17:11:14 +03:00
if !utils.CompareBcrypt(user.Password, credentials.PasswordOld, h.config.Security.PasswordSalt) {
2020-10-09 22:37:16 +03:00
respondAlert(w, "invalid credentials", "", conf.SettingsTemplate, http.StatusUnauthorized)
return
}
if !credentials.IsValid() {
2020-10-09 22:37:16 +03:00
respondAlert(w, "invalid parameters", "", conf.SettingsTemplate, http.StatusBadRequest)
return
}
user.Password = credentials.PasswordNew
2020-10-16 17:11:14 +03:00
if hash, err := utils.HashBcrypt(user.Password, h.config.Security.PasswordSalt); err != nil {
2020-10-09 22:37:16 +03:00
respondAlert(w, "internal server error", "", conf.SettingsTemplate, http.StatusInternalServerError)
return
2020-10-16 17:11:14 +03:00
} else {
user.Password = hash
}
if _, err := h.userSrvc.Update(user); err != nil {
2020-10-09 22:37:16 +03:00
respondAlert(w, "internal server error", "", conf.SettingsTemplate, http.StatusInternalServerError)
return
}
login := &models.Login{
Username: user.ID,
Password: user.Password,
}
encoded, err := h.config.Security.SecureCookie.Encode(models.AuthCookieKey, login)
if err != nil {
2020-10-09 22:37:16 +03:00
respondAlert(w, "internal server error", "", conf.SettingsTemplate, http.StatusInternalServerError)
return
}
cookie := &http.Cookie{
Name: models.AuthCookieKey,
Value: encoded,
Path: "/",
Secure: !h.config.Security.InsecureCookies,
HttpOnly: true,
}
http.SetCookie(w, cookie)
msg := url.QueryEscape("password was updated successfully")
http.Redirect(w, r, fmt.Sprintf("%s/settings?success=%s", h.config.Server.BasePath, msg), http.StatusFound)
}
func (h *SettingsHandler) PostResetApiKey(w http.ResponseWriter, r *http.Request) {
if h.config.IsDev() {
loadTemplates()
}
user := r.Context().Value(models.UserKey).(*models.User)
if _, err := h.userSrvc.ResetApiKey(user); err != nil {
2020-10-09 22:37:16 +03:00
respondAlert(w, "internal server error", "", conf.SettingsTemplate, http.StatusInternalServerError)
return
}
msg := url.QueryEscape(fmt.Sprintf("your new api key is: %s", user.ApiKey))
http.Redirect(w, r, fmt.Sprintf("%s/settings?success=%s", h.config.Server.BasePath, msg), http.StatusFound)
}
func (h *SettingsHandler) PostToggleBadges(w http.ResponseWriter, r *http.Request) {
if h.config.IsDev() {
loadTemplates()
}
user := r.Context().Value(models.UserKey).(*models.User)
if _, err := h.userSrvc.ToggleBadges(user); err != nil {
2020-10-09 22:37:16 +03:00
respondAlert(w, "internal server error", "", conf.SettingsTemplate, http.StatusInternalServerError)
return
}
http.Redirect(w, r, fmt.Sprintf("%s/settings", h.config.Server.BasePath), http.StatusFound)
}