moneygo/internal/handlers/users.go

package handlers

import (
	"errors"
	"github.com/aclindsa/moneygo/internal/models"
	"github.com/aclindsa/moneygo/internal/store"
	"log"
	"net/http"
)

type UserExistsError struct{}

func (ueu UserExistsError) Error() string {
	return "User exists"
}

func InsertUser(tx store.Tx, u *models.User) error {
	security_template := FindCurrencyTemplate(u.DefaultCurrency)
	if security_template == nil {
		return errors.New("Invalid ISO4217 Default Currency")
	}

	exists, err := tx.UsernameExists(u.Username)
	if err != nil {
		return err
	}
	if exists {
		return UserExistsError{}
	}

	err = tx.InsertUser(u)
	if err != nil {
		return err
	}

	// Copy the security template and give it our new UserId
	var security models.Security
	security = *security_template
	security.UserId = u.UserId

	err = tx.InsertSecurity(&security)
	if err != nil {
		return err
	}

	// Update the user's DefaultCurrency to our new SecurityId
	u.DefaultCurrency = security.SecurityId
	err = tx.UpdateUser(u)
	if err != nil {
		return err
	}

	return nil
}

func GetUserFromSession(tx store.Tx, r *http.Request) (*models.User, error) {
	s, err := GetSession(tx, r)
	if err != nil {
		return nil, err
	}
	return tx.GetUser(s.UserId)
}

func UpdateUser(tx store.Tx, u *models.User) error {
	security, err := tx.GetSecurity(u.DefaultCurrency, u.UserId)
	if err != nil {
		return err
	} else if security.UserId != u.UserId || security.SecurityId != u.DefaultCurrency {
		return errors.New("UserId and DefaultCurrency don't match the fetched security")
	} else if security.Type != models.Currency {
		return errors.New("New DefaultCurrency security is not a currency")
	}

	err = tx.UpdateUser(u)
	if err != nil {
		return err
	}

	return nil
}

func UserHandler(r *http.Request, context *Context) ResponseWriterWriter {
	if r.Method == "POST" {
		var user models.User
		if err := ReadJSON(r, &user); err != nil {
			return NewError(3 /*Invalid Request*/)
		}
		user.UserId = -1
		user.HashPassword()

		err := InsertUser(context.Tx, &user)
		if err != nil {
			if _, ok := err.(UserExistsError); ok {
				return NewError(4 /*User Exists*/)
			} else {
				log.Print(err)
				return NewError(999 /*Internal Error*/)
			}
		}

		return ResponseWrapper{201, &user}
	} else {
		user, err := GetUserFromSession(context.Tx, r)
		if err != nil {
			return NewError(1 /*Not Signed In*/)
		}

		userid, err := context.NextID()
		if err != nil {
			return NewError(3 /*Invalid Request*/)
		}

		if userid != user.UserId {
			return NewError(2 /*Unauthorized Access*/)
		}

		if r.Method == "GET" {
			return user
		} else if r.Method == "PUT" {
			// Save old PWHash in case the new password is bogus
			old_pwhash := user.PasswordHash

			if err := ReadJSON(r, &user); err != nil || user.UserId != userid {
				return NewError(3 /*Invalid Request*/)
			}

			// If the user didn't create a new password, keep their old one
			if user.Password != models.BogusPassword {
				user.HashPassword()
			} else {
				user.Password = ""
				user.PasswordHash = old_pwhash
			}

			err = UpdateUser(context.Tx, user)
			if err != nil {
				log.Print(err)
				return NewError(999 /*Internal Error*/)
			}

			return user
		} else if r.Method == "DELETE" {
			err := context.Tx.DeleteUser(user)
			if err != nil {
				log.Print(err)
				return NewError(999 /*Internal Error*/)
			}
			return SuccessWriter{}
		}
	}
	return NewError(3 /*Invalid Request*/)
}
First pass at reorganizing go code into sub-packages 2017-10-04 19:35:59 -04:00			`package handlers`
Initial commit 2015-06-25 22:36:58 -04:00
			`import (`
Add per-user default currency 2017-06-21 21:25:38 -04:00			`"errors"`
Begin splitting models from handlers with User 2017-12-02 06:14:47 -05:00			`"github.com/aclindsa/moneygo/internal/models"`
Move users and securities to store 2017-12-07 20:08:43 -05:00			`"github.com/aclindsa/moneygo/internal/store"`
Initial commit 2015-06-25 22:36:58 -04:00			`"log"`
			`"net/http"`
			`)`

			`type UserExistsError struct{}`

			`func (ueu UserExistsError) Error() string {`
			`return "User exists"`
			`}`

Move users and securities to store 2017-12-07 20:08:43 -05:00			`func InsertUser(tx store.Tx, u *models.User) error {`
Add per-user default currency 2017-06-21 21:25:38 -04:00			`security_template := FindCurrencyTemplate(u.DefaultCurrency)`
			`if security_template == nil {`
			`return errors.New("Invalid ISO4217 Default Currency")`
			`}`

Move users and securities to store 2017-12-07 20:08:43 -05:00			`exists, err := tx.UsernameExists(u.Username)`
Initial commit 2015-06-25 22:36:58 -04:00			`if err != nil {`
			`return err`
			`}`
Move users and securities to store 2017-12-07 20:08:43 -05:00			`if exists {`
Initial commit 2015-06-25 22:36:58 -04:00			`return UserExistsError{}`
			`}`

Move users and securities to store 2017-12-07 20:08:43 -05:00			`err = tx.InsertUser(u)`
Initial commit 2015-06-25 22:36:58 -04:00			`if err != nil {`
			`return err`
			`}`

Add per-user default currency 2017-06-21 21:25:38 -04:00			`// Copy the security template and give it our new UserId`
Split securities into models 2017-12-03 06:38:22 -05:00			`var security models.Security`
Add per-user default currency 2017-06-21 21:25:38 -04:00			`security = *security_template`
			`security.UserId = u.UserId`

Move users and securities to store 2017-12-07 20:08:43 -05:00			`err = tx.InsertSecurity(&security)`
Add per-user default currency 2017-06-21 21:25:38 -04:00			`if err != nil {`
			`return err`
			`}`

			`// Update the user's DefaultCurrency to our new SecurityId`
			`u.DefaultCurrency = security.SecurityId`
Move users and securities to store 2017-12-07 20:08:43 -05:00			`err = tx.UpdateUser(u)`
Add per-user default currency 2017-06-21 21:25:38 -04:00			`if err != nil {`
			`return err`
			`}`

Initial commit 2015-06-25 22:36:58 -04:00			`return nil`
			`}`

Move users and securities to store 2017-12-07 20:08:43 -05:00			`func GetUserFromSession(tx store.Tx, r http.Request) (models.User, error) {`
Use SQL transactions for the entirety of every request 2017-10-14 14:20:50 -04:00			`s, err := GetSession(tx, r)`
Initial commit 2015-06-25 22:36:58 -04:00			`if err != nil {`
			`return nil, err`
			`}`
Move users and securities to store 2017-12-07 20:08:43 -05:00			`return tx.GetUser(s.UserId)`
Initial commit 2015-06-25 22:36:58 -04:00			`}`

Move users and securities to store 2017-12-07 20:08:43 -05:00			`func UpdateUser(tx store.Tx, u *models.User) error {`
			`security, err := tx.GetSecurity(u.DefaultCurrency, u.UserId)`
Add per-user default currency 2017-06-21 21:25:38 -04:00			`if err != nil {`
			`return err`
			`} else if security.UserId != u.UserId \|\| security.SecurityId != u.DefaultCurrency {`
			`return errors.New("UserId and DefaultCurrency don't match the fetched security")`
Split securities into models 2017-12-03 06:38:22 -05:00			`} else if security.Type != models.Currency {`
Add per-user default currency 2017-06-21 21:25:38 -04:00			`return errors.New("New DefaultCurrency security is not a currency")`
			`}`

Move users and securities to store 2017-12-07 20:08:43 -05:00			`err = tx.UpdateUser(u)`
Delete everything when we delete a user 2017-10-07 21:04:59 -04:00			`if err != nil {`
			`return err`
			`}`

			`return nil`
			`}`

Begin move away from using http.ServeMux 2017-11-12 20:17:27 -05:00			`func UserHandler(r http.Request, context Context) ResponseWriterWriter {`
Initial commit 2015-06-25 22:36:58 -04:00			`if r.Method == "POST" {`
Begin splitting models from handlers with User 2017-12-02 06:14:47 -05:00			`var user models.User`
Stop using form elements for API Just send the JSON as the request body 2017-11-13 20:48:19 -05:00			`if err := ReadJSON(r, &user); err != nil {`
Use SQL transactions for the entirety of every request 2017-10-14 14:20:50 -04:00			`return NewError(3 /Invalid Request/)`
Initial commit 2015-06-25 22:36:58 -04:00			`}`
			`user.UserId = -1`
			`user.HashPassword()`

Stop using form elements for API Just send the JSON as the request body 2017-11-13 20:48:19 -05:00			`err := InsertUser(context.Tx, &user)`
Initial commit 2015-06-25 22:36:58 -04:00			`if err != nil {`
			`if _, ok := err.(UserExistsError); ok {`
Use SQL transactions for the entirety of every request 2017-10-14 14:20:50 -04:00			`return NewError(4 /User Exists/)`
Initial commit 2015-06-25 22:36:58 -04:00			`} else {`
			`log.Print(err)`
Use SQL transactions for the entirety of every request 2017-10-14 14:20:50 -04:00			`return NewError(999 /Internal Error/)`
Initial commit 2015-06-25 22:36:58 -04:00			`}`
			`}`

Use SQL transactions for the entirety of every request 2017-10-14 14:20:50 -04:00			`return ResponseWrapper{201, &user}`
Initial commit 2015-06-25 22:36:58 -04:00			`} else {`
Begin move away from using http.ServeMux 2017-11-12 20:17:27 -05:00			`user, err := GetUserFromSession(context.Tx, r)`
Initial commit 2015-06-25 22:36:58 -04:00			`if err != nil {`
Use SQL transactions for the entirety of every request 2017-10-14 14:20:50 -04:00			`return NewError(1 /Not Signed In/)`
Initial commit 2015-06-25 22:36:58 -04:00			`}`

Move to a consistent way of handling IDs in URLs 2017-11-12 21:12:49 -05:00			`userid, err := context.NextID()`
Initial commit 2015-06-25 22:36:58 -04:00			`if err != nil {`
Use SQL transactions for the entirety of every request 2017-10-14 14:20:50 -04:00			`return NewError(3 /Invalid Request/)`
Initial commit 2015-06-25 22:36:58 -04:00			`}`

			`if userid != user.UserId {`
Use SQL transactions for the entirety of every request 2017-10-14 14:20:50 -04:00			`return NewError(2 /Unauthorized Access/)`
Initial commit 2015-06-25 22:36:58 -04:00			`}`

			`if r.Method == "GET" {`
Use SQL transactions for the entirety of every request 2017-10-14 14:20:50 -04:00			`return user`
Initial commit 2015-06-25 22:36:58 -04:00			`} else if r.Method == "PUT" {`
			`// Save old PWHash in case the new password is bogus`
			`old_pwhash := user.PasswordHash`

Stop using form elements for API Just send the JSON as the request body 2017-11-13 20:48:19 -05:00			`if err := ReadJSON(r, &user); err != nil \|\| user.UserId != userid {`
Use SQL transactions for the entirety of every request 2017-10-14 14:20:50 -04:00			`return NewError(3 /Invalid Request/)`
Initial commit 2015-06-25 22:36:58 -04:00			`}`

			`// If the user didn't create a new password, keep their old one`
Begin splitting models from handlers with User 2017-12-02 06:14:47 -05:00			`if user.Password != models.BogusPassword {`
Initial commit 2015-06-25 22:36:58 -04:00			`user.HashPassword()`
			`} else {`
			`user.Password = ""`
			`user.PasswordHash = old_pwhash`
			`}`

Begin move away from using http.ServeMux 2017-11-12 20:17:27 -05:00			`err = UpdateUser(context.Tx, user)`
Add per-user default currency 2017-06-21 21:25:38 -04:00			`if err != nil {`
Initial commit 2015-06-25 22:36:58 -04:00			`log.Print(err)`
Use SQL transactions for the entirety of every request 2017-10-14 14:20:50 -04:00			`return NewError(999 /Internal Error/)`
Initial commit 2015-06-25 22:36:58 -04:00			`}`

Use SQL transactions for the entirety of every request 2017-10-14 14:20:50 -04:00			`return user`
Initial commit 2015-06-25 22:36:58 -04:00			`} else if r.Method == "DELETE" {`
Finish 'store' separation 2017-12-09 05:56:45 -05:00			`err := context.Tx.DeleteUser(user)`
Delete everything when we delete a user 2017-10-07 21:04:59 -04:00			`if err != nil {`
Initial commit 2015-06-25 22:36:58 -04:00			`log.Print(err)`
Use SQL transactions for the entirety of every request 2017-10-14 14:20:50 -04:00			`return NewError(999 /Internal Error/)`
Initial commit 2015-06-25 22:36:58 -04:00			`}`
Use SQL transactions for the entirety of every request 2017-10-14 14:20:50 -04:00			`return SuccessWriter{}`
Initial commit 2015-06-25 22:36:58 -04:00			`}`
			`}`
Use SQL transactions for the entirety of every request 2017-10-14 14:20:50 -04:00			`return NewError(3 /Invalid Request/)`
Initial commit 2015-06-25 22:36:58 -04:00			`}`