You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 
 

375 lines
7.6 KiB

package Webserver
import (
"fmt"
"log"
"mime/multipart"
"net/http"
"strconv"
"time"
"PersonalWebsite/Database"
"PersonalWebsite/Helper"
"PersonalWebsite/Variables"
"github.com/gorilla/mux"
"github.com/gorilla/sessions"
"golang.org/x/crypto/bcrypt"
)
func CheckAuth(w http.ResponseWriter, r *http.Request) bool {
var (
session *sessions.Session
lastActiveUnix int64
lastActive time.Time
auth bool
exists bool
e error
)
session, e = Variables.CookieStore.Get(r, Variables.CookieName)
if e != nil {
return false
}
auth, exists = session.Values["authenticated"].(bool)
if !(auth && exists) {
return false
}
lastActiveUnix, exists = session.Values["lastActive"].(int64)
if !exists {
return false
}
lastActive = time.Unix(lastActiveUnix, 0)
lastActive.Add(12 * time.Hour)
if time.Now().Before(lastActive) {
session.Values = make(map[interface{}]interface{})
session.Values["authenticated"] = false
session.AddFlash("Login Expired")
e = session.Save(r, w)
if e != nil {
log.Println(e.Error())
}
return false
}
session.Values["lastLogin"] = time.Now().Unix()
e = session.Save(r, w)
if e != nil {
log.Println(e.Error())
return false
}
return true
}
func AdminView(w http.ResponseWriter, r *http.Request) {
var (
v = make(map[string]interface{})
urlParams map[string]string
page string
pageInt int
pageOffset int
posts []Database.Post
exists bool
e error
)
if !CheckAuth(w, r) {
http.Redirect(w, r, "/admin/login", 302)
return
}
switch r.Method {
case http.MethodGet:
urlParams = mux.Vars(r)
page, exists = urlParams["page"]
if exists {
pageInt, e = strconv.Atoi(page)
if e != nil {
log.Fatal("Url Parameter page cannot be converted to an int")
}
} else {
pageInt = 0
}
pageOffset = pageInt * 10
posts, e = Database.GetPostsList(10, pageOffset)
v["Posts"] = posts
ServeTemplate(w, r, "html/admin/admin-index.gohtml", v)
return
}
}
func comparePasswords(hashedPwd, plainPwd string) bool {
var (
e error
)
e = bcrypt.CompareHashAndPassword(
[]byte(hashedPwd),
[]byte(plainPwd),
)
if e != nil {
return false
}
return true
}
func AdminLogin(w http.ResponseWriter, r *http.Request) {
var (
session *sessions.Session
v = make(map[string]interface{})
flashes []interface{}
username string
password string
e error
)
if CheckAuth(w, r) {
http.Redirect(w, r, "/admin", 302)
return
}
session, e = Variables.CookieStore.Get(r, Variables.CookieName)
if e != nil {
log.Println("Could not get session cookie")
http.Error(w, "Error", http.StatusInternalServerError)
return
}
switch r.Method {
case http.MethodGet:
flashes = session.Flashes()
e = session.Save(r, w)
if e != nil {
log.Println(e.Error())
return
}
if len(flashes) > 0 {
v["FlashMsg"] = flashes[0].(string)
}
ServeTemplate(w, r, "html/admin/admin-login.gohtml", v)
return
case http.MethodPost:
e = r.ParseForm()
if e != nil {
log.Println(e.Error())
http.Redirect(w, r, "/login", 302)
}
username = r.FormValue("username")
password = r.FormValue("password")
if username != Variables.AdminPassword && !comparePasswords(Variables.AdminPassword, password) {
session.AddFlash("Invalid Username or Password")
e = session.Save(r, w)
if e != nil {
log.Println(e.Error())
}
http.Redirect(w, r, "/admin/login", 302)
return
}
session.Values["authenticated"] = true
session.Values["lastActive"] = time.Now().Unix()
session.Save(r, w)
http.Redirect(w, r, "/admin", 302)
return
}
}
func AdminNewPost(w http.ResponseWriter, r *http.Request) {
var (
session *sessions.Session
v = make(map[string]interface{})
flashes []interface{}
title, subject, intro, body string
bodyPath string
mainFilePath string = ""
fileUpload []*multipart.FileHeader
//otherImgs string
e error
)
if !CheckAuth(w, r) {
http.Redirect(w, r, "/admin/login", 302)
return
}
session, e = Variables.CookieStore.Get(r, Variables.CookieName)
if e != nil {
log.Println("Could not get session cookie")
http.Error(w, "Error", http.StatusInternalServerError)
return
}
switch r.Method {
case http.MethodGet:
flashes = session.Flashes()
e = session.Save(r, w)
if e != nil {
log.Println(e.Error())
return
}
if len(flashes) > 0 {
v["FlashMsg"] = flashes[0].(string)
}
ServeTemplate(w, r, "html/admin/admin-new-post.gohtml", v)
return
case http.MethodPost:
title = r.FormValue("title")
subject = r.FormValue("subject")
intro = r.FormValue("intro")
body = r.FormValue("body")
bodyPath, e = Helper.WriteBody(title, body)
if e != nil {
log.Fatal(e)
}
r.ParseMultipartForm(32 << 20) // 32MB is the default used by FormFile
fileUpload = r.MultipartForm.File["img"]
Helper.UploadFiles(fileUpload)
if len(fileUpload) == 1 {
mainFilePath = fileUpload[0].Filename
}
fileUpload = r.MultipartForm.File["files"]
Helper.UploadFiles(fileUpload)
Database.CreatePost(
Database.Post{
Title: title,
Subject: subject,
Intro: intro,
HtmlPath: bodyPath,
MainImage: mainFilePath,
},
)
http.Redirect(w, r, "/admin", 302)
return
}
}
func AdminEditPost(w http.ResponseWriter, r *http.Request) {
var (
session *sessions.Session
v = make(map[string]interface{})
urlParams map[string]string
flashes []interface{}
title, subject, intro, body string
bodyPath string
post Database.Post
fileUpload []*multipart.FileHeader
e error
)
if !CheckAuth(w, r) {
http.Redirect(w, r, "/admin/login", 302)
return
}
session, e = Variables.CookieStore.Get(r, Variables.CookieName)
if e != nil {
log.Println("Could not get session cookie")
http.Error(w, "Error", http.StatusInternalServerError)
return
}
switch r.Method {
case http.MethodGet:
flashes = session.Flashes()
e = session.Save(r, w)
if e != nil {
log.Println(e.Error())
return
}
if len(flashes) > 0 {
v["FlashMsg"] = flashes[0].(string)
}
urlParams = mux.Vars(r)
post, e = Database.GetPostById(urlParams["id"])
if e != nil {
log.Fatal("Cannot get Post by id")
}
post.Body, e = Helper.GetFileContents(post.HtmlPath)
if e != nil {
log.Fatal("Cannot read body file")
}
v["Post"] = post
ServeTemplate(w, r, "html/admin/admin-update-post.gohtml", v)
return
case http.MethodPost:
urlParams = mux.Vars(r)
post, e = Database.GetPostById(urlParams["id"])
if e != nil {
log.Fatal("Cannot get Post by id")
}
title = r.FormValue("title")
subject = r.FormValue("subject")
intro = r.FormValue("intro")
body = r.FormValue("body")
if title != post.Title {
defer Helper.DeleteOldPostFile(post.Title)
}
bodyPath, e = Helper.WriteBody(title, body)
if e != nil {
log.Fatal(e)
}
r.ParseMultipartForm(32 << 20) // 32MB is the default used by FormFile
fileUpload = r.MultipartForm.File["img"]
Helper.UploadFiles(fileUpload)
if len(fileUpload) == 1 {
post.MainImage = fileUpload[0].Filename
}
fileUpload = r.MultipartForm.File["files"]
Helper.UploadFiles(fileUpload)
post.Title = title
post.Subject = subject
post.Intro = intro
post.HtmlPath = bodyPath
Database.UpdatePost(
post,
)
http.Redirect(w, r, fmt.Sprintf("/admin/post/%s/edit", post.ID), 302)
return
}
}