gochan/pkg/manage/util.go

package manage

import (
	"net/http"
	"time"

	"github.com/gochan-org/gochan/pkg/gclog"
	"github.com/gochan-org/gochan/pkg/gcsql"
	"github.com/gochan-org/gochan/pkg/serverutil"
	"golang.org/x/crypto/bcrypt"
)

const (
	sSuccess = iota
	sInvalidPassword
	sOtherError
)

func createSession(key, username, password string, request *http.Request, writer http.ResponseWriter) int {
	//returns 0 for successful, 1 for password mismatch, and 2 for other
	domain := request.Host
	var err error
	domain = chopPortNumRegex.Split(domain, -1)[0]

	if !serverutil.ValidReferer(request) {
		gclog.Print(gclog.LStaffLog, "Rejected login from possible spambot @ "+request.RemoteAddr)
		return sOtherError
	}
	staff, err := gcsql.GetStaffByName(username)
	if err != nil {
		gclog.Print(gclog.LErrorLog, err.Error())
		return sInvalidPassword
	}

	success := bcrypt.CompareHashAndPassword([]byte(staff.PasswordChecksum), []byte(password))
	if success == bcrypt.ErrMismatchedHashAndPassword {
		// password mismatch
		gclog.Print(gclog.LStaffLog, "Failed login (password mismatch) from "+request.RemoteAddr+" at "+time.Now().Format(gcsql.MySQLDatetimeFormat))
		return sInvalidPassword
	}

	// successful login, add cookie that expires in one month
	http.SetCookie(writer, &http.Cookie{
		Name:   "sessiondata",
		Value:  key,
		Path:   "/",
		Domain: domain,
		MaxAge: 60 * 60 * 24 * 7,
	})

	if err = gcsql.CreateSession(key, username); err != nil {
		gclog.Print(gclog.LErrorLog, "Error creating new staff session: ", err.Error())
		return sOtherError
	}

	return sSuccess
}

func getCurrentStaff(request *http.Request) (string, error) { //TODO after refactor, check if still used
	sessionCookie, err := request.Cookie("sessiondata")
	if err != nil {
		return "", err
	}
	name, err := gcsql.GetStaffName(sessionCookie.Value)
	if err == nil {
		return "", err
	}
	return name, nil
}

func getCurrentFullStaff(request *http.Request) (*gcsql.Staff, error) {
	sessionCookie, err := request.Cookie("sessiondata")
	if err != nil {
		return nil, err
	}
	return gcsql.GetStaffBySession(sessionCookie.Value)
}

// GetStaffRank returns the rank number of the staff referenced in the request
func GetStaffRank(request *http.Request) int {
	staff, err := getCurrentFullStaff(request)
	if err != nil {
		return NoPerms
	}
	return staff.Rank
}

func getStaffMenu(writer http.ResponseWriter, request *http.Request) (string, error) {
	var links string
	rank := GetStaffRank(request)
	for f, mf := range actions {
		if rank < mf.Permissions || mf.Permissions == NoPerms {
			continue
		}
		links += `<a href="manage?action=` + f + `" id="` + f + `">` + mf.Title + `</a></br />`
	}
	return links, nil
}
refactor/reorganize gochan's source code into subpackages Also use Go version 1.11 in vagrant for module support 2020-04-29 17:44:29 -07:00			`package manage`

			`import (`
			`"net/http"`
			`"time"`

			`"github.com/gochan-org/gochan/pkg/gclog"`
			`"github.com/gochan-org/gochan/pkg/gcsql"`
			`"github.com/gochan-org/gochan/pkg/serverutil"`
			`"golang.org/x/crypto/bcrypt"`
			`)`

			`const (`
replace (most) uses of builtin error with *gcutil.GcError 2020-05-28 12:49:41 -07:00			`sSuccess = iota`
refactor/reorganize gochan's source code into subpackages Also use Go version 1.11 in vagrant for module support 2020-04-29 17:44:29 -07:00			`sInvalidPassword`
			`sOtherError`
			`)`

Fix anti-patterns pointed out by DeepSource But not the switch fallthroughs/expression lists, there's no benefit 2020-07-09 15:54:31 -07:00			`func createSession(key, username, password string, request *http.Request, writer http.ResponseWriter) int {`
refactor/reorganize gochan's source code into subpackages Also use Go version 1.11 in vagrant for module support 2020-04-29 17:44:29 -07:00			`//returns 0 for successful, 1 for password mismatch, and 2 for other`
			`domain := request.Host`
Replace GcError struct usage with builtin error Creating it was probably a bad idea and not worth the trouble. 2020-06-06 09:28:45 -07:00			`var err error`
refactor/reorganize gochan's source code into subpackages Also use Go version 1.11 in vagrant for module support 2020-04-29 17:44:29 -07:00			`domain = chopPortNumRegex.Split(domain, -1)[0]`

			`if !serverutil.ValidReferer(request) {`
			`gclog.Print(gclog.LStaffLog, "Rejected login from possible spambot @ "+request.RemoteAddr)`
replace (most) uses of builtin error with *gcutil.GcError 2020-05-28 12:49:41 -07:00			`return sOtherError`
refactor/reorganize gochan's source code into subpackages Also use Go version 1.11 in vagrant for module support 2020-04-29 17:44:29 -07:00			`}`
			`staff, err := gcsql.GetStaffByName(username)`
			`if err != nil {`
			`gclog.Print(gclog.LErrorLog, err.Error())`
replace (most) uses of builtin error with *gcutil.GcError 2020-05-28 12:49:41 -07:00			`return sInvalidPassword`
refactor/reorganize gochan's source code into subpackages Also use Go version 1.11 in vagrant for module support 2020-04-29 17:44:29 -07:00			`}`

			`success := bcrypt.CompareHashAndPassword([]byte(staff.PasswordChecksum), []byte(password))`
			`if success == bcrypt.ErrMismatchedHashAndPassword {`
			`// password mismatch`
			`gclog.Print(gclog.LStaffLog, "Failed login (password mismatch) from "+request.RemoteAddr+" at "+time.Now().Format(gcsql.MySQLDatetimeFormat))`
replace (most) uses of builtin error with *gcutil.GcError 2020-05-28 12:49:41 -07:00			`return sInvalidPassword`
refactor/reorganize gochan's source code into subpackages Also use Go version 1.11 in vagrant for module support 2020-04-29 17:44:29 -07:00			`}`

			`// successful login, add cookie that expires in one month`
			`http.SetCookie(writer, &http.Cookie{`
			`Name: "sessiondata",`
			`Value: key,`
			`Path: "/",`
			`Domain: domain,`
			`MaxAge: 60 * 60 * 24 * 7,`
			`})`

			`if err = gcsql.CreateSession(key, username); err != nil {`
			`gclog.Print(gclog.LErrorLog, "Error creating new staff session: ", err.Error())`
replace (most) uses of builtin error with *gcutil.GcError 2020-05-28 12:49:41 -07:00			`return sOtherError`
refactor/reorganize gochan's source code into subpackages Also use Go version 1.11 in vagrant for module support 2020-04-29 17:44:29 -07:00			`}`

replace (most) uses of builtin error with *gcutil.GcError 2020-05-28 12:49:41 -07:00			`return sSuccess`
refactor/reorganize gochan's source code into subpackages Also use Go version 1.11 in vagrant for module support 2020-04-29 17:44:29 -07:00			`}`

Replace GcError struct usage with builtin error Creating it was probably a bad idea and not worth the trouble. 2020-06-06 09:28:45 -07:00			`func getCurrentStaff(request *http.Request) (string, error) { //TODO after refactor, check if still used`
refactor/reorganize gochan's source code into subpackages Also use Go version 1.11 in vagrant for module support 2020-04-29 17:44:29 -07:00			`sessionCookie, err := request.Cookie("sessiondata")`
			`if err != nil {`
Replace GcError struct usage with builtin error Creating it was probably a bad idea and not worth the trouble. 2020-06-06 09:28:45 -07:00			`return "", err`
refactor/reorganize gochan's source code into subpackages Also use Go version 1.11 in vagrant for module support 2020-04-29 17:44:29 -07:00			`}`
			`name, err := gcsql.GetStaffName(sessionCookie.Value)`
			`if err == nil {`
Replace GcError struct usage with builtin error Creating it was probably a bad idea and not worth the trouble. 2020-06-06 09:28:45 -07:00			`return "", err`
refactor/reorganize gochan's source code into subpackages Also use Go version 1.11 in vagrant for module support 2020-04-29 17:44:29 -07:00			`}`
			`return name, nil`
			`}`

Replace GcError struct usage with builtin error Creating it was probably a bad idea and not worth the trouble. 2020-06-06 09:28:45 -07:00			`func getCurrentFullStaff(request http.Request) (gcsql.Staff, error) {`
refactor/reorganize gochan's source code into subpackages Also use Go version 1.11 in vagrant for module support 2020-04-29 17:44:29 -07:00			`sessionCookie, err := request.Cookie("sessiondata")`
			`if err != nil {`
Replace GcError struct usage with builtin error Creating it was probably a bad idea and not worth the trouble. 2020-06-06 09:28:45 -07:00			`return nil, err`
refactor/reorganize gochan's source code into subpackages Also use Go version 1.11 in vagrant for module support 2020-04-29 17:44:29 -07:00			`}`
			`return gcsql.GetStaffBySession(sessionCookie.Value)`
			`}`

			`// GetStaffRank returns the rank number of the staff referenced in the request`
			`func GetStaffRank(request *http.Request) int {`
			`staff, err := getCurrentFullStaff(request)`
			`if err != nil {`
Clean up /manage handler, refer to manage functions as actions 2020-10-10 16:17:36 -07:00			`return NoPerms`
refactor/reorganize gochan's source code into subpackages Also use Go version 1.11 in vagrant for module support 2020-04-29 17:44:29 -07:00			`}`
			`return staff.Rank`
			`}`
Add option lister to manage endpoint 2020-05-22 18:06:15 +02:00
Clean up /manage handler, refer to manage functions as actions 2020-10-10 16:17:36 -07:00			`func getStaffMenu(writer http.ResponseWriter, request *http.Request) (string, error) {`
			`var links string`
			`rank := GetStaffRank(request)`
			`for f, mf := range actions {`
			`if rank < mf.Permissions \|\| mf.Permissions == NoPerms {`
			`continue`
Add option lister to manage endpoint 2020-05-22 18:06:15 +02:00			`}`
Clean up /manage handler, refer to manage functions as actions 2020-10-10 16:17:36 -07:00			links += `<a href="manage?action=` + f + `" id="` + f + `">` + mf.Title + `</a></br />`
Add option lister to manage endpoint 2020-05-22 18:06:15 +02:00			`}`
Clean up /manage handler, refer to manage functions as actions 2020-10-10 16:17:36 -07:00			`return links, nil`
Add option lister to manage endpoint 2020-05-22 18:06:15 +02:00			`}`