1
0
mirror of https://github.com/aclindsa/moneygo.git synced 2024-11-01 00:10:06 -04:00
moneygo/internal/handlers/users.go

153 lines
3.3 KiB
Go
Raw Normal View History

package handlers
2015-06-25 22:36:58 -04:00
import (
2017-06-21 21:25:38 -04:00
"errors"
"github.com/aclindsa/moneygo/internal/models"
2017-12-07 20:08:43 -05:00
"github.com/aclindsa/moneygo/internal/store"
2015-06-25 22:36:58 -04:00
"log"
"net/http"
)
type UserExistsError struct{}
func (ueu UserExistsError) Error() string {
return "User exists"
}
2017-12-07 20:08:43 -05:00
func InsertUser(tx store.Tx, u *models.User) error {
2017-06-21 21:25:38 -04:00
security_template := FindCurrencyTemplate(u.DefaultCurrency)
if security_template == nil {
return errors.New("Invalid ISO4217 Default Currency")
}
2017-12-07 20:08:43 -05:00
exists, err := tx.UsernameExists(u.Username)
2015-06-25 22:36:58 -04:00
if err != nil {
return err
}
2017-12-07 20:08:43 -05:00
if exists {
2015-06-25 22:36:58 -04:00
return UserExistsError{}
}
2017-12-07 20:08:43 -05:00
err = tx.InsertUser(u)
2015-06-25 22:36:58 -04:00
if err != nil {
return err
}
2017-06-21 21:25:38 -04:00
// Copy the security template and give it our new UserId
2017-12-03 06:38:22 -05:00
var security models.Security
2017-06-21 21:25:38 -04:00
security = *security_template
security.UserId = u.UserId
2017-12-07 20:08:43 -05:00
err = tx.InsertSecurity(&security)
2017-06-21 21:25:38 -04:00
if err != nil {
return err
}
// Update the user's DefaultCurrency to our new SecurityId
u.DefaultCurrency = security.SecurityId
2017-12-07 20:08:43 -05:00
err = tx.UpdateUser(u)
2017-06-21 21:25:38 -04:00
if err != nil {
return err
}
2015-06-25 22:36:58 -04:00
return nil
}
2017-12-07 20:08:43 -05:00
func GetUserFromSession(tx store.Tx, r *http.Request) (*models.User, error) {
s, err := GetSession(tx, r)
2015-06-25 22:36:58 -04:00
if err != nil {
return nil, err
}
2017-12-07 20:08:43 -05:00
return tx.GetUser(s.UserId)
2015-06-25 22:36:58 -04:00
}
2017-12-07 20:08:43 -05:00
func UpdateUser(tx store.Tx, u *models.User) error {
security, err := tx.GetSecurity(u.DefaultCurrency, u.UserId)
2017-06-21 21:25:38 -04:00
if err != nil {
return err
} else if security.UserId != u.UserId || security.SecurityId != u.DefaultCurrency {
return errors.New("UserId and DefaultCurrency don't match the fetched security")
2017-12-03 06:38:22 -05:00
} else if security.Type != models.Currency {
2017-06-21 21:25:38 -04:00
return errors.New("New DefaultCurrency security is not a currency")
}
2017-12-07 20:08:43 -05:00
err = tx.UpdateUser(u)
if err != nil {
return err
}
return nil
}
func UserHandler(r *http.Request, context *Context) ResponseWriterWriter {
2015-06-25 22:36:58 -04:00
if r.Method == "POST" {
var user models.User
if err := ReadJSON(r, &user); err != nil {
return NewError(3 /*Invalid Request*/)
2015-06-25 22:36:58 -04:00
}
user.UserId = -1
user.HashPassword()
err := InsertUser(context.Tx, &user)
2015-06-25 22:36:58 -04:00
if err != nil {
if _, ok := err.(UserExistsError); ok {
return NewError(4 /*User Exists*/)
2015-06-25 22:36:58 -04:00
} else {
log.Print(err)
return NewError(999 /*Internal Error*/)
2015-06-25 22:36:58 -04:00
}
}
return ResponseWrapper{201, &user}
2015-06-25 22:36:58 -04:00
} else {
user, err := GetUserFromSession(context.Tx, r)
2015-06-25 22:36:58 -04:00
if err != nil {
return NewError(1 /*Not Signed In*/)
2015-06-25 22:36:58 -04:00
}
userid, err := context.NextID()
2015-06-25 22:36:58 -04:00
if err != nil {
return NewError(3 /*Invalid Request*/)
2015-06-25 22:36:58 -04:00
}
if userid != user.UserId {
return NewError(2 /*Unauthorized Access*/)
2015-06-25 22:36:58 -04:00
}
if r.Method == "GET" {
return user
2015-06-25 22:36:58 -04:00
} else if r.Method == "PUT" {
// Save old PWHash in case the new password is bogus
old_pwhash := user.PasswordHash
if err := ReadJSON(r, &user); err != nil || user.UserId != userid {
return NewError(3 /*Invalid Request*/)
2015-06-25 22:36:58 -04:00
}
// If the user didn't create a new password, keep their old one
if user.Password != models.BogusPassword {
2015-06-25 22:36:58 -04:00
user.HashPassword()
} else {
user.Password = ""
user.PasswordHash = old_pwhash
}
err = UpdateUser(context.Tx, user)
2017-06-21 21:25:38 -04:00
if err != nil {
2015-06-25 22:36:58 -04:00
log.Print(err)
return NewError(999 /*Internal Error*/)
2015-06-25 22:36:58 -04:00
}
return user
2015-06-25 22:36:58 -04:00
} else if r.Method == "DELETE" {
2017-12-07 20:08:43 -05:00
err := context.StoreTx.DeleteUser(user)
if err != nil {
2015-06-25 22:36:58 -04:00
log.Print(err)
return NewError(999 /*Internal Error*/)
2015-06-25 22:36:58 -04:00
}
return SuccessWriter{}
2015-06-25 22:36:58 -04:00
}
}
return NewError(3 /*Invalid Request*/)
2015-06-25 22:36:58 -04:00
}