Albirew/nyaa-pantsu
Archivé
1
0
Bifurcation 0
Ce dépôt a été archivé le 2022-05-07. Vous pouvez voir ses fichiers ou le cloner, mais pas ouvrir de ticket ou de demandes d'ajout, ni soumettre de changements.
nyaa-pantsu/router/user_handler.go
tomleb 7eee47b0d3 Fix bug, remove literals (#629)
* Use ModeratorDir variable

* Rename cookieHelper to cookie_helper for consistency

* Use named constant instead of literals

* Fix ability to upload when uploads are disabled

The old code let people upload under the right conditions when uploads
were disabled. (ie: User is banned and config.AdminAreStillAllowedTo is
false)

* Increase timeout (fixes #517)

* Fix inconsistent indentation *.{js, css} (fix #583)

* Fix negative page

Temporary fix. The issue was that going to a negative page caused the
sql query to have a negative offset. This caused an error in the
database query.

We need to cleanup this code, but this will work for now.

* Fix wrong PG_DATA directory due to upgrade to 9.6

* Add server status link to FAQ

* Fix failing tests

* Clarify group_vars/all and hosts doc

* Add a wrapper to protect /mod route

* Fix login page not showing form errors
2017-05-20 09:10:16 +10:00

324 lignes
12 Kio
Go

package router
import (
"fmt"
"net/http"
"strconv"
"github.com/NyaaPantsu/nyaa/model"
"github.com/NyaaPantsu/nyaa/service/captcha"
"github.com/NyaaPantsu/nyaa/service/user"
"github.com/NyaaPantsu/nyaa/service/user/form"
"github.com/NyaaPantsu/nyaa/service/user/permission"
"github.com/NyaaPantsu/nyaa/util/languages"
"github.com/NyaaPantsu/nyaa/util/modelHelper"
"github.com/gorilla/mux"
)
// Getting View User Registration
func UserRegisterFormHandler(w http.ResponseWriter, r *http.Request) {
_, errorUser := userService.CurrentUser(r)
// User is already connected, redirect to home
if errorUser == nil {
HomeHandler(w, r)
return
}
registrationForm := form.RegistrationForm{}
modelHelper.BindValueForm(&registrationForm, r)
registrationForm.CaptchaID = captcha.GetID()
languages.SetTranslationFromRequest(viewRegisterTemplate, r)
urtv := UserRegisterTemplateVariables{
RegistrationForm: registrationForm,
FormErrors: form.NewErrors(),
Search: NewSearchForm(),
Navigation: NewNavigation(),
User: GetUser(r),
URL: r.URL,
Route: mux.CurrentRoute(r),
}
err := viewRegisterTemplate.ExecuteTemplate(w, "index.html", urtv)
if err != nil {
http.Error(w, err.Error(), http.StatusInternalServerError)
}
}
// Getting View User Login
func UserLoginFormHandler(w http.ResponseWriter, r *http.Request) {
loginForm := form.LoginForm{}
modelHelper.BindValueForm(&loginForm, r)
languages.SetTranslationFromRequest(viewLoginTemplate, r)
ulfv := UserLoginFormVariables{
LoginForm: loginForm,
FormErrors: form.NewErrors(),
Search: NewSearchForm(),
Navigation: NewNavigation(),
User: GetUser(r),
URL: r.URL,
Route: mux.CurrentRoute(r),
}
err := viewLoginTemplate.ExecuteTemplate(w, "index.html", ulfv)
if err != nil {
http.Error(w, err.Error(), http.StatusInternalServerError)
}
}
// Getting User Profile
func UserProfileHandler(w http.ResponseWriter, r *http.Request) {
vars := mux.Vars(r)
id := vars["id"]
userProfile, _, errorUser := userService.RetrieveUserForAdmin(id)
if errorUser == nil {
currentUser := GetUser(r)
follow := r.URL.Query()["followed"]
unfollow := r.URL.Query()["unfollowed"]
infosForm := form.NewInfos()
deleteVar := r.URL.Query()["delete"]
if (deleteVar != nil) && (userPermission.CurrentOrAdmin(currentUser, userProfile.ID)) {
err := form.NewErrors()
_, errUser := userService.DeleteUser(w, currentUser, id)
if errUser != nil {
err["errors"] = append(err["errors"], errUser.Error())
}
languages.SetTranslationFromRequest(viewUserDeleteTemplate, r)
htv := UserVerifyTemplateVariables{err, NewSearchForm(), NewNavigation(), GetUser(r), r.URL, mux.CurrentRoute(r)}
errorTmpl := viewUserDeleteTemplate.ExecuteTemplate(w, "index.html", htv)
if errorTmpl != nil {
http.Error(w, errorTmpl.Error(), http.StatusInternalServerError)
}
} else {
T := languages.SetTranslationFromRequest(viewProfileTemplate, r)
if follow != nil {
infosForm["infos"] = append(infosForm["infos"], fmt.Sprintf(T("user_followed_msg"), userProfile.Username))
}
if unfollow != nil {
infosForm["infos"] = append(infosForm["infos"], fmt.Sprintf(T("user_unfollowed_msg"), userProfile.Username))
}
htv := UserProfileVariables{&userProfile, infosForm, NewSearchForm(), NewNavigation(), currentUser, r.URL, mux.CurrentRoute(r)}
err := viewProfileTemplate.ExecuteTemplate(w, "index.html", htv)
if err != nil {
http.Error(w, err.Error(), http.StatusInternalServerError)
}
}
} else {
languages.SetTranslationFromRequest(notFoundTemplate, r)
err := notFoundTemplate.ExecuteTemplate(w, "index.html", NotFoundTemplateVariables{NewNavigation(), NewSearchForm(), GetUser(r), r.URL, mux.CurrentRoute(r)})
if err != nil {
http.Error(w, err.Error(), http.StatusInternalServerError)
}
}
}
//Getting User Profile Details View
func UserDetailsHandler(w http.ResponseWriter, r *http.Request) {
vars := mux.Vars(r)
id := vars["id"]
currentUser := GetUser(r)
userProfile, _, errorUser := userService.RetrieveUserForAdmin(id)
if errorUser == nil && userPermission.CurrentOrAdmin(currentUser, userProfile.ID) {
if userPermission.CurrentOrAdmin(currentUser, userProfile.ID) {
b := form.UserForm{}
modelHelper.BindValueForm(&b, r)
languages.SetTranslationFromRequest(viewProfileEditTemplate, r)
availableLanguages := languages.GetAvailableLanguages()
htv := UserProfileEditVariables{&userProfile, b, form.NewErrors(), form.NewInfos(), availableLanguages, NewSearchForm(), NewNavigation(), currentUser, r.URL, mux.CurrentRoute(r)}
err := viewProfileEditTemplate.ExecuteTemplate(w, "index.html", htv)
if err != nil {
http.Error(w, err.Error(), http.StatusInternalServerError)
}
}
} else {
languages.SetTranslationFromRequest(notFoundTemplate, r)
err := notFoundTemplate.ExecuteTemplate(w, "index.html", NotFoundTemplateVariables{NewNavigation(), NewSearchForm(), GetUser(r), r.URL, mux.CurrentRoute(r)})
if err != nil {
http.Error(w, err.Error(), http.StatusInternalServerError)
}
}
}
// Getting View User Profile Update
func UserProfileFormHandler(w http.ResponseWriter, r *http.Request) {
vars := mux.Vars(r)
id := vars["id"]
currentUser := GetUser(r)
userProfile, _, errorUser := userService.RetrieveUserForAdmin(id)
if errorUser != nil || !userPermission.CurrentOrAdmin(currentUser, userProfile.ID) {
NotFoundHandler(w, r)
return
}
userForm := form.UserForm{}
err := form.NewErrors()
infos := form.NewInfos()
T := languages.SetTranslationFromRequest(viewProfileEditTemplate, r)
if len(r.PostFormValue("email")) > 0 {
_, err = form.EmailValidation(r.PostFormValue("email"), err)
}
if len(r.PostFormValue("username")) > 0 {
_, err = form.ValidateUsername(r.PostFormValue("username"), err)
}
if len(err) == 0 {
modelHelper.BindValueForm(&userForm, r)
if !userPermission.HasAdmin(currentUser) {
userForm.Username = userProfile.Username
userForm.Status = userProfile.Status
} else {
if userProfile.Status != userForm.Status && userForm.Status == 2 {
err["errors"] = append(err["errors"], "Elevating status to moderator is prohibited")
}
}
err = modelHelper.ValidateForm(&userForm, err)
if len(err) == 0 {
if userForm.Email != userProfile.Email {
userService.SendVerificationToUser(*currentUser, userForm.Email)
infos["infos"] = append(infos["infos"], fmt.Sprintf(T("email_changed"), userForm.Email))
userForm.Email = userProfile.Email // reset, it will be set when user clicks verification
}
userProfile, _, errorUser = userService.UpdateUser(w, &userForm, currentUser, id)
if errorUser != nil {
err["errors"] = append(err["errors"], errorUser.Error())
} else {
infos["infos"] = append(infos["infos"], T("profile_updated"))
}
}
}
availableLanguages := languages.GetAvailableLanguages()
upev := UserProfileEditVariables{
UserProfile: &userProfile,
UserForm: userForm,
FormErrors: err,
FormInfos: infos,
Languages: availableLanguages,
Search: NewSearchForm(),
Navigation: NewNavigation(),
User: currentUser,
URL: r.URL,
Route: mux.CurrentRoute(r),
}
errorTmpl := viewProfileEditTemplate.ExecuteTemplate(w, "index.html", upev)
if errorTmpl != nil {
http.Error(w, errorTmpl.Error(), http.StatusInternalServerError)
}
}
// Post Registration controller, we do some check on the form here, the rest on user service
func UserRegisterPostHandler(w http.ResponseWriter, r *http.Request) {
b := form.RegistrationForm{}
err := form.NewErrors()
if !captcha.Authenticate(captcha.Extract(r)) {
err["errors"] = append(err["errors"], "Wrong captcha!")
}
if len(err) == 0 {
if len(r.PostFormValue("email")) > 0 {
_, err = form.EmailValidation(r.PostFormValue("email"), err)
}
_, err = form.ValidateUsername(r.PostFormValue("username"), err)
if len(err) == 0 {
modelHelper.BindValueForm(&b, r)
err = modelHelper.ValidateForm(&b, err)
if len(err) == 0 {
_, errorUser := userService.CreateUser(w, r)
if errorUser != nil {
err["errors"] = append(err["errors"], errorUser.Error())
}
if len(err) == 0 {
languages.SetTranslationFromRequest(viewRegisterSuccessTemplate, r)
u := model.User{
Email: r.PostFormValue("email"), // indicate whether user had email set
}
htv := UserRegisterTemplateVariables{b, err, NewSearchForm(), NewNavigation(), &u, r.URL, mux.CurrentRoute(r)}
errorTmpl := viewRegisterSuccessTemplate.ExecuteTemplate(w, "index.html", htv)
if errorTmpl != nil {
http.Error(w, errorTmpl.Error(), http.StatusInternalServerError)
}
}
}
}
}
if len(err) > 0 {
b.CaptchaID = captcha.GetID()
languages.SetTranslationFromRequest(viewRegisterTemplate, r)
htv := UserRegisterTemplateVariables{b, err, NewSearchForm(), NewNavigation(), GetUser(r), r.URL, mux.CurrentRoute(r)}
errorTmpl := viewRegisterTemplate.ExecuteTemplate(w, "index.html", htv)
if errorTmpl != nil {
http.Error(w, errorTmpl.Error(), http.StatusInternalServerError)
}
}
}
func UserVerifyEmailHandler(w http.ResponseWriter, r *http.Request) {
vars := mux.Vars(r)
token := vars["token"]
err := form.NewErrors()
_, errEmail := userService.EmailVerification(token, w)
if errEmail != nil {
err["errors"] = append(err["errors"], errEmail.Error())
}
languages.SetTranslationFromRequest(viewVerifySuccessTemplate, r)
htv := UserVerifyTemplateVariables{err, NewSearchForm(), NewNavigation(), GetUser(r), r.URL, mux.CurrentRoute(r)}
errorTmpl := viewVerifySuccessTemplate.ExecuteTemplate(w, "index.html", htv)
if errorTmpl != nil {
http.Error(w, errorTmpl.Error(), http.StatusInternalServerError)
}
}
// Post Login controller
func UserLoginPostHandler(w http.ResponseWriter, r *http.Request) {
b := form.LoginForm{}
modelHelper.BindValueForm(&b, r)
err := form.NewErrors()
err = modelHelper.ValidateForm(&b, err)
if len(err) == 0 {
_, errorUser := userService.CreateUserAuthentication(w, r)
if errorUser != nil {
err["errors"] = append(err["errors"], errorUser.Error())
languages.SetTranslationFromRequest(viewLoginTemplate, r)
htv := UserLoginFormVariables{b, err, NewSearchForm(), NewNavigation(), GetUser(r), r.URL, mux.CurrentRoute(r)}
errorTmpl := viewLoginTemplate.ExecuteTemplate(w, "index.html", htv)
if errorTmpl != nil {
http.Error(w, errorTmpl.Error(), http.StatusInternalServerError)
}
} else {
url, _ := Router.Get("home").URL()
http.Redirect(w, r, url.String(), http.StatusSeeOther)
}
}
if len(err) > 0 {
languages.SetTranslationFromRequest(viewRegisterTemplate, r)
htv := UserLoginFormVariables{b, err, NewSearchForm(), NewNavigation(), GetUser(r), r.URL, mux.CurrentRoute(r)}
errorTmpl := viewLoginTemplate.ExecuteTemplate(w, "index.html", htv)
if errorTmpl != nil {
http.Error(w, errorTmpl.Error(), http.StatusInternalServerError)
}
}
}
// Logout
func UserLogoutHandler(w http.ResponseWriter, r *http.Request) {
_, _ = userService.ClearCookie(w)
url, _ := Router.Get("home").URL()
http.Redirect(w, r, url.String(), http.StatusSeeOther)
}
func UserFollowHandler(w http.ResponseWriter, r *http.Request) {
var followAction string
vars := mux.Vars(r)
id := vars["id"]
currentUser := GetUser(r)
user, _, errorUser := userService.RetrieveUserForAdmin(id)
if errorUser == nil {
if !userPermission.IsFollower(&user, currentUser) {
followAction = "followed"
userService.SetFollow(&user, currentUser)
} else {
followAction = "unfollowed"
userService.RemoveFollow(&user, currentUser)
}
}
url, _ := Router.Get("user_profile").URL("id", strconv.Itoa(int(user.ID)), "username", user.Username)
http.Redirect(w, r, url.String()+"?"+followAction, http.StatusSeeOther)
}