package Webserver
|
|
|
|
import (
|
|
"fmt"
|
|
"log"
|
|
"mime/multipart"
|
|
"net/http"
|
|
"strconv"
|
|
"time"
|
|
|
|
"PersonalWebsite/Database"
|
|
"PersonalWebsite/Helper"
|
|
"PersonalWebsite/Variables"
|
|
|
|
"github.com/gorilla/mux"
|
|
"github.com/gorilla/sessions"
|
|
"golang.org/x/crypto/bcrypt"
|
|
)
|
|
|
|
func CheckAuth(w http.ResponseWriter, r *http.Request) bool {
|
|
var (
|
|
session *sessions.Session
|
|
lastActiveUnix int64
|
|
lastActive time.Time
|
|
auth bool
|
|
exists bool
|
|
e error
|
|
)
|
|
session, e = Variables.CookieStore.Get(r, Variables.CookieName)
|
|
if e != nil {
|
|
return false
|
|
}
|
|
|
|
auth, exists = session.Values["authenticated"].(bool)
|
|
if !(auth && exists) {
|
|
return false
|
|
}
|
|
|
|
lastActiveUnix, exists = session.Values["lastActive"].(int64)
|
|
if !exists {
|
|
return false
|
|
}
|
|
lastActive = time.Unix(lastActiveUnix, 0)
|
|
|
|
lastActive.Add(12 * time.Hour)
|
|
if time.Now().Before(lastActive) {
|
|
session.Values = make(map[interface{}]interface{})
|
|
session.Values["authenticated"] = false
|
|
session.AddFlash("Login Expired")
|
|
e = session.Save(r, w)
|
|
if e != nil {
|
|
log.Println(e.Error())
|
|
}
|
|
|
|
return false
|
|
}
|
|
|
|
session.Values["lastLogin"] = time.Now().Unix()
|
|
e = session.Save(r, w)
|
|
if e != nil {
|
|
log.Println(e.Error())
|
|
return false
|
|
}
|
|
|
|
return true
|
|
}
|
|
|
|
func AdminView(w http.ResponseWriter, r *http.Request) {
|
|
var (
|
|
v = make(map[string]interface{})
|
|
urlParams map[string]string
|
|
page string
|
|
pageInt int
|
|
pageOffset int
|
|
posts []Database.Post
|
|
exists bool
|
|
e error
|
|
)
|
|
|
|
if !CheckAuth(w, r) {
|
|
http.Redirect(w, r, "/admin/login", 302)
|
|
return
|
|
}
|
|
|
|
switch r.Method {
|
|
case http.MethodGet:
|
|
|
|
urlParams = mux.Vars(r)
|
|
|
|
page, exists = urlParams["page"]
|
|
if exists {
|
|
pageInt, e = strconv.Atoi(page)
|
|
if e != nil {
|
|
log.Fatal("Url Parameter page cannot be converted to an int")
|
|
}
|
|
} else {
|
|
pageInt = 0
|
|
}
|
|
|
|
pageOffset = pageInt * 10
|
|
|
|
posts, e = Database.GetPostsList(10, pageOffset)
|
|
|
|
v["Posts"] = posts
|
|
|
|
ServeTemplate(w, r, "html/admin/admin-index.gohtml", v)
|
|
return
|
|
}
|
|
}
|
|
|
|
func comparePasswords(hashedPwd, plainPwd string) bool {
|
|
var (
|
|
e error
|
|
)
|
|
e = bcrypt.CompareHashAndPassword(
|
|
[]byte(hashedPwd),
|
|
[]byte(plainPwd),
|
|
)
|
|
if e != nil {
|
|
return false
|
|
}
|
|
|
|
return true
|
|
}
|
|
|
|
func AdminLogin(w http.ResponseWriter, r *http.Request) {
|
|
var (
|
|
session *sessions.Session
|
|
v = make(map[string]interface{})
|
|
flashes []interface{}
|
|
username string
|
|
password string
|
|
e error
|
|
)
|
|
|
|
if CheckAuth(w, r) {
|
|
http.Redirect(w, r, "/admin", 302)
|
|
return
|
|
}
|
|
|
|
session, e = Variables.CookieStore.Get(r, Variables.CookieName)
|
|
if e != nil {
|
|
log.Println("Could not get session cookie")
|
|
http.Error(w, "Error", http.StatusInternalServerError)
|
|
return
|
|
}
|
|
|
|
switch r.Method {
|
|
case http.MethodGet:
|
|
flashes = session.Flashes()
|
|
e = session.Save(r, w)
|
|
if e != nil {
|
|
log.Println(e.Error())
|
|
return
|
|
}
|
|
if len(flashes) > 0 {
|
|
v["FlashMsg"] = flashes[0].(string)
|
|
}
|
|
|
|
ServeTemplate(w, r, "html/admin/admin-login.gohtml", v)
|
|
return
|
|
|
|
case http.MethodPost:
|
|
e = r.ParseForm()
|
|
if e != nil {
|
|
log.Println(e.Error())
|
|
http.Redirect(w, r, "/login", 302)
|
|
}
|
|
|
|
username = r.FormValue("username")
|
|
password = r.FormValue("password")
|
|
|
|
if username != Variables.AdminPassword && !comparePasswords(Variables.AdminPassword, password) {
|
|
session.AddFlash("Invalid Username or Password")
|
|
e = session.Save(r, w)
|
|
if e != nil {
|
|
log.Println(e.Error())
|
|
}
|
|
http.Redirect(w, r, "/admin/login", 302)
|
|
return
|
|
|
|
}
|
|
|
|
session.Values["authenticated"] = true
|
|
session.Values["lastActive"] = time.Now().Unix()
|
|
session.Save(r, w)
|
|
|
|
http.Redirect(w, r, "/admin", 302)
|
|
return
|
|
}
|
|
}
|
|
|
|
func AdminNewPost(w http.ResponseWriter, r *http.Request) {
|
|
var (
|
|
session *sessions.Session
|
|
v = make(map[string]interface{})
|
|
flashes []interface{}
|
|
title, subject, intro, body string
|
|
bodyPath string
|
|
mainFilePath string = ""
|
|
fileUpload []*multipart.FileHeader
|
|
//otherImgs string
|
|
e error
|
|
)
|
|
|
|
if !CheckAuth(w, r) {
|
|
http.Redirect(w, r, "/admin/login", 302)
|
|
return
|
|
}
|
|
|
|
session, e = Variables.CookieStore.Get(r, Variables.CookieName)
|
|
if e != nil {
|
|
log.Println("Could not get session cookie")
|
|
http.Error(w, "Error", http.StatusInternalServerError)
|
|
return
|
|
}
|
|
|
|
switch r.Method {
|
|
case http.MethodGet:
|
|
flashes = session.Flashes()
|
|
e = session.Save(r, w)
|
|
if e != nil {
|
|
log.Println(e.Error())
|
|
return
|
|
}
|
|
if len(flashes) > 0 {
|
|
v["FlashMsg"] = flashes[0].(string)
|
|
}
|
|
|
|
ServeTemplate(w, r, "html/admin/admin-new-post.gohtml", v)
|
|
return
|
|
|
|
case http.MethodPost:
|
|
|
|
title = r.FormValue("title")
|
|
subject = r.FormValue("subject")
|
|
intro = r.FormValue("intro")
|
|
body = r.FormValue("body")
|
|
|
|
bodyPath, e = Helper.WriteBody(title, body)
|
|
if e != nil {
|
|
log.Fatal(e)
|
|
}
|
|
|
|
r.ParseMultipartForm(32 << 20) // 32MB is the default used by FormFile
|
|
fileUpload = r.MultipartForm.File["img"]
|
|
|
|
Helper.UploadFiles(fileUpload)
|
|
|
|
if len(fileUpload) == 1 {
|
|
mainFilePath = fileUpload[0].Filename
|
|
}
|
|
|
|
fileUpload = r.MultipartForm.File["files"]
|
|
|
|
Helper.UploadFiles(fileUpload)
|
|
|
|
Database.CreatePost(
|
|
Database.Post{
|
|
Title: title,
|
|
Subject: subject,
|
|
Intro: intro,
|
|
HtmlPath: bodyPath,
|
|
MainImage: mainFilePath,
|
|
},
|
|
)
|
|
|
|
http.Redirect(w, r, "/admin", 302)
|
|
return
|
|
}
|
|
}
|
|
|
|
func AdminEditPost(w http.ResponseWriter, r *http.Request) {
|
|
var (
|
|
session *sessions.Session
|
|
v = make(map[string]interface{})
|
|
urlParams map[string]string
|
|
flashes []interface{}
|
|
title, subject, intro, body string
|
|
bodyPath string
|
|
post Database.Post
|
|
fileUpload []*multipart.FileHeader
|
|
e error
|
|
)
|
|
|
|
if !CheckAuth(w, r) {
|
|
http.Redirect(w, r, "/admin/login", 302)
|
|
return
|
|
}
|
|
|
|
session, e = Variables.CookieStore.Get(r, Variables.CookieName)
|
|
if e != nil {
|
|
log.Println("Could not get session cookie")
|
|
http.Error(w, "Error", http.StatusInternalServerError)
|
|
return
|
|
}
|
|
|
|
switch r.Method {
|
|
case http.MethodGet:
|
|
flashes = session.Flashes()
|
|
e = session.Save(r, w)
|
|
if e != nil {
|
|
log.Println(e.Error())
|
|
return
|
|
}
|
|
if len(flashes) > 0 {
|
|
v["FlashMsg"] = flashes[0].(string)
|
|
}
|
|
|
|
urlParams = mux.Vars(r)
|
|
|
|
post, e = Database.GetPostById(urlParams["id"])
|
|
if e != nil {
|
|
log.Fatal("Cannot get Post by id")
|
|
}
|
|
|
|
post.Body, e = Helper.GetFileContents(post.HtmlPath)
|
|
if e != nil {
|
|
log.Fatal("Cannot read body file")
|
|
}
|
|
|
|
v["Post"] = post
|
|
|
|
ServeTemplate(w, r, "html/admin/admin-update-post.gohtml", v)
|
|
return
|
|
|
|
case http.MethodPost:
|
|
|
|
urlParams = mux.Vars(r)
|
|
|
|
post, e = Database.GetPostById(urlParams["id"])
|
|
if e != nil {
|
|
log.Fatal("Cannot get Post by id")
|
|
}
|
|
|
|
title = r.FormValue("title")
|
|
subject = r.FormValue("subject")
|
|
intro = r.FormValue("intro")
|
|
body = r.FormValue("body")
|
|
|
|
if title != post.Title {
|
|
defer Helper.DeleteOldPostFile(post.Title)
|
|
}
|
|
|
|
bodyPath, e = Helper.WriteBody(title, body)
|
|
if e != nil {
|
|
log.Fatal(e)
|
|
}
|
|
|
|
r.ParseMultipartForm(32 << 20) // 32MB is the default used by FormFile
|
|
fileUpload = r.MultipartForm.File["img"]
|
|
|
|
Helper.UploadFiles(fileUpload)
|
|
|
|
if len(fileUpload) == 1 {
|
|
post.MainImage = fileUpload[0].Filename
|
|
}
|
|
|
|
fileUpload = r.MultipartForm.File["files"]
|
|
|
|
Helper.UploadFiles(fileUpload)
|
|
|
|
post.Title = title
|
|
post.Subject = subject
|
|
post.Intro = intro
|
|
post.HtmlPath = bodyPath
|
|
|
|
Database.UpdatePost(
|
|
post,
|
|
)
|
|
|
|
http.Redirect(w, r, fmt.Sprintf("/admin/post/%s/edit", post.ID), 302)
|
|
return
|
|
}
|
|
}
|