warehost/system/api.go

package system

import (
	"encoding/json"
	"net/http"
	"strconv"
	"strings"
	"time"

	"github.com/astaxie/session"
	"github.com/jinzhu/gorm"
	"github.com/julienschmidt/httprouter"

	libconfig "dev.sum7.de/sum7/warehost/config"
	libapi "dev.sum7.de/sum7/warehost/lib/api"
	log "dev.sum7.de/sum7/warehost/lib/log"
	libpassword "dev.sum7.de/sum7/warehost/lib/password"
)

//MODULNAME to get global name for the modul
const MODULNAME = "system"

//API keep data in module global
type API struct {
	config       *libconfig.Config
	sessions     *session.Manager
	dbconnection *gorm.DB
	log          *log.ModulLog
}

// NewAPI sets the routes to the api functions
func NewAPI(config *libconfig.Config, sessions *session.Manager, dbconnection *gorm.DB, router *httprouter.Router, prefix string) {
	api := &API{
		config:       config,
		sessions:     sessions,
		dbconnection: dbconnection,
		log:          log.NewModulLog(MODULNAME),
	}
	router.GET(prefix+"/status", libapi.SessionHandler(api.Status, sessions))
	router.POST(prefix+"/login", libapi.SessionHandler(api.Login, sessions))
	router.GET(prefix+"/logout", LoginHandler(api.Logout, sessions))
	router.POST(prefix+"/password", LoginHandler(api.Password, sessions))
	router.GET(prefix+"/delete", LoginHandler(api.Delete, sessions))
	router.GET(prefix+"/invite", LoginHandler(api.InviteList, sessions))
	router.POST(prefix+"/invite", LoginHandler(api.InviteAdd, sessions))
	router.GET(prefix+"/user", LoginHandler(api.LoginList, sessions))
	router.POST(prefix+"/user", LoginHandler(api.LoginAdd, sessions))
	router.PUT(prefix+"/user/:id", LoginHandler(api.LoginEdit, sessions))
	router.DELETE(prefix+"/user/:id", LoginHandler(api.LoginDelete, sessions))
	router.GET(prefix+"/invitor", LoginHandler(api.Invitor, sessions))
	router.PUT(prefix+"/invitor", LoginHandler(api.InvitorAdminToggle, sessions))
}

// Status to get Login and Server status
func (api *API) Status(w http.ResponseWriter, r *http.Request, _ httprouter.Params, sess session.Session) (returndata interface{}, returnerr *libapi.ErrorResult) {
	returndata = false
	logger := api.log.GetLog(r, "status")
	var result int64
	api.dbconnection.Model(&Login{}).Count(&result)
	if result > 0 {
		returndata = true
	}
	logger.Info("done")
	return
}

// Logout current user
func (api *API) Logout(w http.ResponseWriter, r *http.Request, _ httprouter.Params, sess session.Session, _ *Login) (returndata interface{}, returnerr *libapi.ErrorResult) {
	api.sessions.SessionDestroy(w, r)
	logger := api.log.GetLog(r, "logout")
	if login := sess.Get("login"); login != nil {
		logger = logger.WithField("user", login.(Login).Username)
	}
	sess.Delete("login")
	sess.Delete("profil")
	logger.Info("done")
	returndata = true
	return
}

// Login of system
func (api *API) Login(w http.ResponseWriter, r *http.Request, _ httprouter.Params, sess session.Session) (returndata interface{}, returnerr *libapi.ErrorResult) {
	returndata = false
	logger := api.log.GetLog(r, "login")
	var requestlogin RequestLogin
	err := json.NewDecoder(r.Body).Decode(&requestlogin)
	if err != nil {
		logger.Error("fetch request")
		http.Error(w, err.Error(), http.StatusInternalServerError)
		returnerr = &libapi.ErrorResult{
			Message: "Internal Request Error",
		}
		return
	}
	logger = logger.WithField("user", requestlogin.Username)
	var login = Login{Username: requestlogin.Username}
	api.dbconnection.Where("mail = ?", requestlogin.Username).First(&login)
	if login.ID <= 0 {
		logger.Warn("user not found")
		returnerr = &libapi.ErrorResult{Fields: []string{"username"}, Message: "User not Found"}
		return
	}
	if login.Active {
		output, _ := libpassword.Validate(login.Password, requestlogin.Password)
		if output {
			returndata = true
			api.dbconnection.Model(&login).Update("LastLoginAt", time.Now())
			sess.Set("login", login)
			logger.Info("done")
		} else {
			logger.Warn("wrong password")
			returnerr = &libapi.ErrorResult{Fields: []string{"password"}, Message: "Wrong Password"}
		}
	} else {
		logger.Warn("not active")
		returnerr = &libapi.ErrorResult{Fields: []string{"active"}, Message: "Not a active User"}
	}

	return
}

//Password to change the password
func (api *API) Password(w http.ResponseWriter, r *http.Request, _ httprouter.Params, sess session.Session, login *Login) (returndata interface{}, returnerr *libapi.ErrorResult) {
	returndata = false
	logger := api.log.GetLog(r, "password")
	var changePasswordRequest ChangePasswordRequest

	err := json.NewDecoder(r.Body).Decode(&changePasswordRequest)
	if err != nil {
		logger.Error("fetch request")
		http.Error(w, err.Error(), http.StatusInternalServerError)
		returnerr = &libapi.ErrorResult{Message: "Internal Request Error"}
		return
	}
	output, _ := libpassword.Validate(login.Password, changePasswordRequest.CurrentPassword)
	if !output {
		logger.Warn("wrong current password")
		returnerr = &libapi.ErrorResult{Fields: []string{"currentpassword"}, Message: "Wrong CurrentPassword"}
		return
	}

	if len(changePasswordRequest.NewPassword) < MINPASSWORDLENTH {
		logger.Warn("wrong new password")
		returnerr = &libapi.ErrorResult{Fields: []string{"newpassword"}, Message: "Wrong NewPassword"}
		return
	}
	login.Password = libpassword.NewHash(changePasswordRequest.NewPassword)
	if err := api.dbconnection.Save(login).Error; err != nil {
		logger.Warn("error save new password to database")
		returnerr = &libapi.ErrorResult{Message: "Error save new password"}
		return
	}
	sess.Set("login", *login)
	logger.Info("done")
	returndata = true
	return
}

//Delete of login on warehost
func (api *API) Delete(w http.ResponseWriter, r *http.Request, _ httprouter.Params, sess session.Session, login *Login) (returndata interface{}, returnerr *libapi.ErrorResult) {
	returndata = false
	logger := api.log.GetLog(r, "delete")
	sess.Delete("login")
	if err := api.dbconnection.Unscoped().Delete(login).Error; err != nil {
		logger.Warn("error detete login")
		returnerr = &libapi.ErrorResult{Message: "Error delete login"}
		return
	}
	logger.Warn("done")
	returndata = true
	return
}

// InviteList list all of your invites
func (api *API) InviteList(w http.ResponseWriter, r *http.Request, _ httprouter.Params, sess session.Session, login *Login) (returndata interface{}, returnerr *libapi.ErrorResult) {
	returndata = false
	logger := api.log.GetLog(r, "invitelist")
	if err := api.dbconnection.Model(login).Preload("Invites.Invited").First(login).Error; err != nil {
		logger.Warn("error load own invites")
		returnerr = &libapi.ErrorResult{Message: "Could not load invites!"}
		return
	}
	logger.Info("done")
	returndata = login.Invites
	return
}

// InviteAdd invite a new user to warehost
func (api *API) InviteAdd(w http.ResponseWriter, r *http.Request, _ httprouter.Params, sess session.Session, login *Login) (returndata interface{}, returnerr *libapi.ErrorResult) {
	returndata = false
	logger := api.log.GetLog(r, "inviteadd")
	var newLogin RequestLogin
	err := json.NewDecoder(r.Body).Decode(&newLogin)
	if err != nil {
		logger.Error("fetch request")
		http.Error(w, err.Error(), http.StatusInternalServerError)
		returnerr = &libapi.ErrorResult{Message: "Internal Request Error"}
		return
	}
	invite := &Invite{
		Login: *login,
		Invited: Login{
			Username: strings.ToLower(newLogin.Username),
			Password: libpassword.NewHash(newLogin.Password),
			Active:   true,
		},
	}
	if err := api.dbconnection.Create(invite).Error; err != nil {
		logger.Warn("error create invite")
		returnerr = &libapi.ErrorResult{Message: "Username exists already"}
		return
	}
	logger.Info("done")
	returndata = true
	return
}

// LoginList list all users in system
func (api *API) LoginList(w http.ResponseWriter, r *http.Request, ps httprouter.Params, sess session.Session, login *Login) (returndata interface{}, returnerr *libapi.ErrorResult) {
	returndata = false
	logger := api.log.GetLog(r, "loginlist")
	var logins []Login
	selectfield := "ID, mail"
	if login.Superadmin {
		selectfield = "ID, mail, superadmin"
	}
	if err := api.dbconnection.Select(selectfield).Find(&logins).Error; err != nil {
		logger.Warn("sql edit login")
		returnerr = &libapi.ErrorResult{Message: "Error during edit login"}
		return
	}
	logger.Info("done")
	returndata = logins
	return
}

// LoginAdd add a new Login
func (api *API) LoginAdd(w http.ResponseWriter, r *http.Request, ps httprouter.Params, sess session.Session, login *Login) (returndata interface{}, returnerr *libapi.ErrorResult) {
	returndata = false
	logger := api.log.GetLog(r, "loginadd")
	if !login.Superadmin {
		logger.Error("no superadmin")
		returnerr = &libapi.ErrorResult{Message: "Error no permission to edit this invite"}
		return
	}
	var newLogin RequestLogin
	err := json.NewDecoder(r.Body).Decode(&newLogin)
	if err != nil {
		logger.Error("fetch request")
		http.Error(w, err.Error(), http.StatusInternalServerError)
		returnerr = &libapi.ErrorResult{Message: "Internal Request Error"}
		return
	}
	loginObj := Login{
		Username: strings.ToLower(newLogin.Username),
		Password: libpassword.NewHash(newLogin.Password),
		Active:   true,
	}
	if err := api.dbconnection.Create(loginObj).Error; err != nil {
		logger.Warn("error create login")
		returnerr = &libapi.ErrorResult{Message: "Username exists already"}
		return
	}
	logger.Info("done")
	returndata = true
	return
}

// LoginEdit edit a login by invite or superadmin
func (api *API) LoginEdit(w http.ResponseWriter, r *http.Request, ps httprouter.Params, sess session.Session, login *Login) (returndata interface{}, returnerr *libapi.ErrorResult) {
	returndata = false
	logger := api.log.GetLog(r, "loginedit")
	id, err := strconv.ParseInt(ps.ByName("id"), 10, 64)
	if err != nil {
		returnerr = &libapi.ErrorResult{Message: "Error invalid input"}
		logger.Warn("invalid userinput, no integer")
		return
	}
	logger = logger.WithField("id", id)
	var invitedLogin = Login{ID: id}
	var changeLogin RequestLogin
	err = json.NewDecoder(r.Body).Decode(&changeLogin)
	if err != nil {
		logger.Error("fetch request")
		http.Error(w, err.Error(), http.StatusInternalServerError)
		returnerr = &libapi.ErrorResult{Message: "Internal Request Error"}
		return
	}

	api.dbconnection.Where("id = ?", invitedLogin.ID).First(&invitedLogin)
	invite := invitedLogin.GetInvitedby(api.dbconnection)
	if !login.Superadmin && !invite.Admin && invitedLogin.CreateAt.Before(invitedLogin.LastLoginAt) {
		logger.Warn("no permission")
		returnerr = &libapi.ErrorResult{Message: "Error no permission to edit this login"}
		return
	}
	if len(changeLogin.Password) > 0 {
		invitedLogin.Password = libpassword.NewHash(changeLogin.Password)
	}
	if login.Superadmin {
		invitedLogin.Username = changeLogin.Username
		invitedLogin.Superadmin = changeLogin.Superadmin
	}
	if err := api.dbconnection.Save(invitedLogin).Error; err != nil {
		logger.Warn("sql edit login")
		returnerr = &libapi.ErrorResult{Message: "Error during edit login"}
		return
	}
	logger.Info("done")
	returndata = true
	return
}

// LoginDelete delete a login by invite or superadmin
func (api *API) LoginDelete(w http.ResponseWriter, r *http.Request, ps httprouter.Params, sess session.Session, login *Login) (returndata interface{}, returnerr *libapi.ErrorResult) {
	returndata = false
	logger := api.log.GetLog(r, "logindelete")
	id, err := strconv.ParseInt(ps.ByName("id"), 10, 64)
	if err != nil {
		returnerr = &libapi.ErrorResult{Message: "Error invalid input"}
		logger.Warn("invalid userinput, no integer")
		return
	}
	logger = logger.WithField("id", id)
	var invitedLogin = Login{ID: id}
	api.dbconnection.Where("id = ?", invitedLogin.ID).First(&invitedLogin)
	invite := invitedLogin.GetInvitedby(api.dbconnection)
	if !login.Superadmin && !invite.Admin && invitedLogin.CreateAt.Before(invitedLogin.LastLoginAt) {
		logger.Warn("no permission")
		returnerr = &libapi.ErrorResult{Message: "Error no permission to delete this login"}
		return
	}
	if err := api.dbconnection.Unscoped().Delete(invitedLogin).Error; err != nil {
		logger.Warn("sql detete login")
		returnerr = &libapi.ErrorResult{Message: "Error during delete login"}
		return
	}
	logger.Info("done")
	returndata = true
	return
}

// Invitor get Invite of current login
func (api *API) Invitor(w http.ResponseWriter, r *http.Request, ps httprouter.Params, sess session.Session, login *Login) (returndata interface{}, returnerr *libapi.ErrorResult) {
	returndata = false
	logger := api.log.GetLog(r, "invitor")
	invite := login.GetInvitedby(api.dbconnection)
	logger.Info("done")
	returndata = invite
	return
}

// InvitorAdminToggle toggle admin of current login
func (api *API) InvitorAdminToggle(w http.ResponseWriter, r *http.Request, ps httprouter.Params, sess session.Session, login *Login) (returndata interface{}, returnerr *libapi.ErrorResult) {
	returndata = false
	logger := api.log.GetLog(r, "invitoradmintoggle")
	invite := login.GetInvitedby(api.dbconnection)
	invite.Admin = !invite.Admin
	api.dbconnection.Model(invite).Save(&invite)
	logger.Info("done")
	returndata = true
	return
}
add Login to API 2016-08-13 11:03:03 +02:00			`package system`

			`import (`
			`"encoding/json"`
			`"net/http"`
improve invite (with all function) 2016-08-24 23:02:25 +02:00			`"strconv"`
system invite + improve schema 2016-08-23 22:56:12 +02:00			`"strings"`
improve invite (with all function) 2016-08-24 23:02:25 +02:00			`"time"`
add Login to API 2016-08-13 11:03:03 +02:00
			`"github.com/astaxie/session"`
update schema 2016-08-20 01:17:08 +02:00			`"github.com/jinzhu/gorm"`
add Login to API 2016-08-13 11:03:03 +02:00			`"github.com/julienschmidt/httprouter"`

			`libconfig "dev.sum7.de/sum7/warehost/config"`
			`libapi "dev.sum7.de/sum7/warehost/lib/api"`
add logging 2016-08-14 15:29:54 +02:00			`log "dev.sum7.de/sum7/warehost/lib/log"`
add Login to API 2016-08-13 11:03:03 +02:00			`libpassword "dev.sum7.de/sum7/warehost/lib/password"`
			`)`

improve loggin 2016-08-14 18:29:25 +02:00			`//MODULNAME to get global name for the modul`
			`const MODULNAME = "system"`

add Login to API 2016-08-13 11:03:03 +02:00			`//API keep data in module global`
			`type API struct {`
			`config *libconfig.Config`
			`sessions *session.Manager`
update schema 2016-08-20 01:17:08 +02:00			`dbconnection *gorm.DB`
improve loggin 2016-08-14 18:29:25 +02:00			`log *log.ModulLog`
add Login to API 2016-08-13 11:03:03 +02:00			`}`

			`// NewAPI sets the routes to the api functions`
update schema 2016-08-20 01:17:08 +02:00			`func NewAPI(config libconfig.Config, sessions session.Manager, dbconnection gorm.DB, router httprouter.Router, prefix string) {`
improve loggin 2016-08-14 18:29:25 +02:00			`api := &API{`
			`config: config,`
			`sessions: sessions,`
			`dbconnection: dbconnection,`
			`log: log.NewModulLog(MODULNAME),`
			`}`
new api structur 2016-08-16 08:30:02 +02:00			`router.GET(prefix+"/status", libapi.SessionHandler(api.Status, sessions))`
			`router.POST(prefix+"/login", libapi.SessionHandler(api.Login, sessions))`
improve login + add system-password and system-delete 2016-08-17 22:31:58 +02:00			`router.GET(prefix+"/logout", LoginHandler(api.Logout, sessions))`
			`router.POST(prefix+"/password", LoginHandler(api.Password, sessions))`
			`router.GET(prefix+"/delete", LoginHandler(api.Delete, sessions))`
update schema 2016-08-20 01:17:08 +02:00			`router.GET(prefix+"/invite", LoginHandler(api.InviteList, sessions))`
			`router.POST(prefix+"/invite", LoginHandler(api.InviteAdd, sessions))`
[web] permissions added 2016-09-11 18:40:33 +02:00			`router.GET(prefix+"/user", LoginHandler(api.LoginList, sessions))`
			`router.POST(prefix+"/user", LoginHandler(api.LoginAdd, sessions))`
			`router.PUT(prefix+"/user/:id", LoginHandler(api.LoginEdit, sessions))`
			`router.DELETE(prefix+"/user/:id", LoginHandler(api.LoginDelete, sessions))`
improve invite (with all function) 2016-08-24 23:02:25 +02:00			`router.GET(prefix+"/invitor", LoginHandler(api.Invitor, sessions))`
			`router.PUT(prefix+"/invitor", LoginHandler(api.InvitorAdminToggle, sessions))`
add Login to API 2016-08-13 11:03:03 +02:00			`}`

			`// Status to get Login and Server status`
new api structur 2016-08-16 08:30:02 +02:00			`func (api API) Status(w http.ResponseWriter, r http.Request, _ httprouter.Params, sess session.Session) (returndata interface{}, returnerr *libapi.ErrorResult) {`
			`returndata = false`
improve loggin 2016-08-14 18:29:25 +02:00			`logger := api.log.GetLog(r, "status")`
update schema 2016-08-20 01:17:08 +02:00			`var result int64`
			`api.dbconnection.Model(&Login{}).Count(&result)`
			`if result > 0 {`
			`returndata = true`
add Login to API 2016-08-13 11:03:03 +02:00			`}`
[web] permissions added 2016-09-11 18:40:33 +02:00			`logger.Info("done")`
new api structur 2016-08-16 08:30:02 +02:00			`return`
add Login to API 2016-08-13 11:03:03 +02:00			`}`

			`// Logout current user`
improve login + add system-password and system-delete 2016-08-17 22:31:58 +02:00			`func (api API) Logout(w http.ResponseWriter, r http.Request, _ httprouter.Params, sess session.Session, _ Login) (returndata interface{}, returnerr libapi.ErrorResult) {`
add Login to API 2016-08-13 11:03:03 +02:00			`api.sessions.SessionDestroy(w, r)`
improve loggin 2016-08-14 18:29:25 +02:00			`logger := api.log.GetLog(r, "logout")`
add logging 2016-08-14 15:29:54 +02:00			`if login := sess.Get("login"); login != nil {`
			`logger = logger.WithField("user", login.(Login).Username)`
			`}`
			`sess.Delete("login")`
			`sess.Delete("profil")`
[web] permissions added 2016-09-11 18:40:33 +02:00			`logger.Info("done")`
new api structur 2016-08-16 08:30:02 +02:00			`returndata = true`
			`return`
add Login to API 2016-08-13 11:03:03 +02:00			`}`

			`// Login of system`
new api structur 2016-08-16 08:30:02 +02:00			`func (api API) Login(w http.ResponseWriter, r http.Request, _ httprouter.Params, sess session.Session) (returndata interface{}, returnerr *libapi.ErrorResult) {`
improve invite (with all function) 2016-08-24 23:02:25 +02:00			`returndata = false`
improve loggin 2016-08-14 18:29:25 +02:00			`logger := api.log.GetLog(r, "login")`
add Login to API 2016-08-13 11:03:03 +02:00			`var requestlogin RequestLogin`
			`err := json.NewDecoder(r.Body).Decode(&requestlogin)`
			`if err != nil {`
add logging 2016-08-14 15:29:54 +02:00			`logger.Error("fetch request")`
system login,logout 2016-08-14 13:33:53 +02:00			`http.Error(w, err.Error(), http.StatusInternalServerError)`
improve login + add system-password and system-delete 2016-08-17 22:31:58 +02:00			`returnerr = &libapi.ErrorResult{`
			`Message: "Internal Request Error",`
			`}`
add Login to API 2016-08-13 11:03:03 +02:00			`return`
			`}`
add logging 2016-08-14 15:29:54 +02:00			`logger = logger.WithField("user", requestlogin.Username)`
add Login to API 2016-08-13 11:03:03 +02:00			`var login = Login{Username: requestlogin.Username}`
update schema 2016-08-20 01:17:08 +02:00			`api.dbconnection.Where("mail = ?", requestlogin.Username).First(&login)`
improve login + add system-password and system-delete 2016-08-17 22:31:58 +02:00			`if login.ID <= 0 {`
add logging 2016-08-14 15:29:54 +02:00			`logger.Warn("user not found")`
improve login + add system-password and system-delete 2016-08-17 22:31:58 +02:00			`returnerr = &libapi.ErrorResult{Fields: []string{"username"}, Message: "User not Found"}`
system login,logout 2016-08-14 13:33:53 +02:00			`return`
add Login to API 2016-08-13 11:03:03 +02:00			`}`
system login,logout 2016-08-14 13:33:53 +02:00			`if login.Active {`
			`output, _ := libpassword.Validate(login.Password, requestlogin.Password)`
			`if output {`
new api structur 2016-08-16 08:30:02 +02:00			`returndata = true`
warehost_web 2016-08-27 02:18:41 +02:00			`api.dbconnection.Model(&login).Update("LastLoginAt", time.Now())`
system login,logout 2016-08-14 13:33:53 +02:00			`sess.Set("login", login)`
[web] permissions added 2016-09-11 18:40:33 +02:00			`logger.Info("done")`
add logging 2016-08-14 15:29:54 +02:00			`} else {`
			`logger.Warn("wrong password")`
improve login + add system-password and system-delete 2016-08-17 22:31:58 +02:00			`returnerr = &libapi.ErrorResult{Fields: []string{"password"}, Message: "Wrong Password"}`
system login,logout 2016-08-14 13:33:53 +02:00			`}`
add logging 2016-08-14 15:29:54 +02:00			`} else {`
			`logger.Warn("not active")`
fix system-login active 2016-08-17 22:55:20 +02:00			`returnerr = &libapi.ErrorResult{Fields: []string{"active"}, Message: "Not a active User"}`
add Login to API 2016-08-13 11:03:03 +02:00			`}`
add logging 2016-08-14 15:29:54 +02:00
new api structur 2016-08-16 08:30:02 +02:00			`return`
			`}`
improve login + add system-password and system-delete 2016-08-17 22:31:58 +02:00
			`//Password to change the password`
			`func (api API) Password(w http.ResponseWriter, r http.Request, _ httprouter.Params, sess session.Session, login Login) (returndata interface{}, returnerr libapi.ErrorResult) {`
new api structur 2016-08-16 08:30:02 +02:00			`returndata = false`
improve invite (with all function) 2016-08-24 23:02:25 +02:00			`logger := api.log.GetLog(r, "password")`
improve login + add system-password and system-delete 2016-08-17 22:31:58 +02:00			`var changePasswordRequest ChangePasswordRequest`

			`err := json.NewDecoder(r.Body).Decode(&changePasswordRequest)`
			`if err != nil {`
			`logger.Error("fetch request")`
			`http.Error(w, err.Error(), http.StatusInternalServerError)`
			`returnerr = &libapi.ErrorResult{Message: "Internal Request Error"}`
			`return`
			`}`
			`output, _ := libpassword.Validate(login.Password, changePasswordRequest.CurrentPassword)`
			`if !output {`
			`logger.Warn("wrong current password")`
			`returnerr = &libapi.ErrorResult{Fields: []string{"currentpassword"}, Message: "Wrong CurrentPassword"}`
			`return`
			`}`

			`if len(changePasswordRequest.NewPassword) < MINPASSWORDLENTH {`
			`logger.Warn("wrong new password")`
			`returnerr = &libapi.ErrorResult{Fields: []string{"newpassword"}, Message: "Wrong NewPassword"}`
			`return`
			`}`
improve invite (with all function) 2016-08-24 23:02:25 +02:00			`login.Password = libpassword.NewHash(changePasswordRequest.NewPassword)`
system invite + improve schema 2016-08-23 22:56:12 +02:00			`if err := api.dbconnection.Save(login).Error; err != nil {`
			`logger.Warn("error save new password to database")`
			`returnerr = &libapi.ErrorResult{Message: "Error save new password"}`
			`return`
			`}`
improve login + add system-password and system-delete 2016-08-17 22:31:58 +02:00			`sess.Set("login", *login)`
[web] permissions added 2016-09-11 18:40:33 +02:00			`logger.Info("done")`
improve invite (with all function) 2016-08-24 23:02:25 +02:00			`returndata = true`
new api structur 2016-08-16 08:30:02 +02:00			`return`
			`}`
improve login + add system-password and system-delete 2016-08-17 22:31:58 +02:00
			`//Delete of login on warehost`
			`func (api API) Delete(w http.ResponseWriter, r http.Request, _ httprouter.Params, sess session.Session, login Login) (returndata interface{}, returnerr libapi.ErrorResult) {`
improve invite (with all function) 2016-08-24 23:02:25 +02:00			`returndata = false`
new api structur 2016-08-16 08:30:02 +02:00			`logger := api.log.GetLog(r, "delete")`
improve login + add system-password and system-delete 2016-08-17 22:31:58 +02:00			`sess.Delete("login")`
system invite + improve schema 2016-08-23 22:56:12 +02:00			`if err := api.dbconnection.Unscoped().Delete(login).Error; err != nil {`
			`logger.Warn("error detete login")`
			`returnerr = &libapi.ErrorResult{Message: "Error delete login"}`
			`return`
			`}`
[web] permissions added 2016-09-11 18:40:33 +02:00			`logger.Warn("done")`
improve login + add system-password and system-delete 2016-08-17 22:31:58 +02:00			`returndata = true`
new api structur 2016-08-16 08:30:02 +02:00			`return`
add Login to API 2016-08-13 11:03:03 +02:00			`}`
update schema 2016-08-20 01:17:08 +02:00
system invite + improve schema 2016-08-23 22:56:12 +02:00			`// InviteList list all of your invites`
update schema 2016-08-20 01:17:08 +02:00			`func (api API) InviteList(w http.ResponseWriter, r http.Request, _ httprouter.Params, sess session.Session, login Login) (returndata interface{}, returnerr libapi.ErrorResult) {`
improve invite (with all function) 2016-08-24 23:02:25 +02:00			`returndata = false`
update schema 2016-08-20 01:17:08 +02:00			`logger := api.log.GetLog(r, "invitelist")`
system invite + improve schema 2016-08-23 22:56:12 +02:00			`if err := api.dbconnection.Model(login).Preload("Invites.Invited").First(login).Error; err != nil {`
			`logger.Warn("error load own invites")`
			`returnerr = &libapi.ErrorResult{Message: "Could not load invites!"}`
			`return`
			`}`
[web] permissions added 2016-09-11 18:40:33 +02:00			`logger.Info("done")`
update schema 2016-08-20 01:17:08 +02:00			`returndata = login.Invites`
			`return`
			`}`

system invite + improve schema 2016-08-23 22:56:12 +02:00			`// InviteAdd invite a new user to warehost`
update schema 2016-08-20 01:17:08 +02:00			`func (api API) InviteAdd(w http.ResponseWriter, r http.Request, _ httprouter.Params, sess session.Session, login Login) (returndata interface{}, returnerr libapi.ErrorResult) {`
			`returndata = false`
improve invite (with all function) 2016-08-24 23:02:25 +02:00			`logger := api.log.GetLog(r, "inviteadd")`
system invite + improve schema 2016-08-23 22:56:12 +02:00			`var newLogin RequestLogin`
			`err := json.NewDecoder(r.Body).Decode(&newLogin)`
			`if err != nil {`
			`logger.Error("fetch request")`
			`http.Error(w, err.Error(), http.StatusInternalServerError)`
			`returnerr = &libapi.ErrorResult{Message: "Internal Request Error"}`
			`return`
			`}`
			`invite := &Invite{`
			`Login: *login,`
			`Invited: Login{`
			`Username: strings.ToLower(newLogin.Username),`
improve invite (with all function) 2016-08-24 23:02:25 +02:00			`Password: libpassword.NewHash(newLogin.Password),`
system invite + improve schema 2016-08-23 22:56:12 +02:00			`Active: true,`
			`},`
			`}`
			`if err := api.dbconnection.Create(invite).Error; err != nil {`
			`logger.Warn("error create invite")`
			`returnerr = &libapi.ErrorResult{Message: "Username exists already"}`
			`return`
			`}`
[web] permissions added 2016-09-11 18:40:33 +02:00			`logger.Info("done")`
			`returndata = true`
			`return`
			`}`

			`// LoginList list all users in system`
			`func (api API) LoginList(w http.ResponseWriter, r http.Request, ps httprouter.Params, sess session.Session, login Login) (returndata interface{}, returnerr libapi.ErrorResult) {`
			`returndata = false`
			`logger := api.log.GetLog(r, "loginlist")`
			`var logins []Login`
			`selectfield := "ID, mail"`
			`if login.Superadmin {`
			`selectfield = "ID, mail, superadmin"`
			`}`
			`if err := api.dbconnection.Select(selectfield).Find(&logins).Error; err != nil {`
			`logger.Warn("sql edit login")`
			`returnerr = &libapi.ErrorResult{Message: "Error during edit login"}`
			`return`
			`}`
			`logger.Info("done")`
			`returndata = logins`
			`return`
			`}`

			`// LoginAdd add a new Login`
			`func (api API) LoginAdd(w http.ResponseWriter, r http.Request, ps httprouter.Params, sess session.Session, login Login) (returndata interface{}, returnerr libapi.ErrorResult) {`
			`returndata = false`
			`logger := api.log.GetLog(r, "loginadd")`
			`if !login.Superadmin {`
			`logger.Error("no superadmin")`
			`returnerr = &libapi.ErrorResult{Message: "Error no permission to edit this invite"}`
			`return`
			`}`
			`var newLogin RequestLogin`
			`err := json.NewDecoder(r.Body).Decode(&newLogin)`
			`if err != nil {`
			`logger.Error("fetch request")`
			`http.Error(w, err.Error(), http.StatusInternalServerError)`
			`returnerr = &libapi.ErrorResult{Message: "Internal Request Error"}`
			`return`
			`}`
			`loginObj := Login{`
			`Username: strings.ToLower(newLogin.Username),`
			`Password: libpassword.NewHash(newLogin.Password),`
			`Active: true,`
			`}`
			`if err := api.dbconnection.Create(loginObj).Error; err != nil {`
			`logger.Warn("error create login")`
			`returnerr = &libapi.ErrorResult{Message: "Username exists already"}`
			`return`
			`}`
			`logger.Info("done")`
system invite + improve schema 2016-08-23 22:56:12 +02:00			`returndata = true`
update schema 2016-08-20 01:17:08 +02:00			`return`
			`}`

improve invite (with all function) 2016-08-24 23:02:25 +02:00			`// LoginEdit edit a login by invite or superadmin`
			`func (api API) LoginEdit(w http.ResponseWriter, r http.Request, ps httprouter.Params, sess session.Session, login Login) (returndata interface{}, returnerr libapi.ErrorResult) {`
			`returndata = false`
			`logger := api.log.GetLog(r, "loginedit")`
[web] website crud 2016-09-03 16:30:48 +02:00			`id, err := strconv.ParseInt(ps.ByName("id"), 10, 64)`
improve invite (with all function) 2016-08-24 23:02:25 +02:00			`if err != nil {`
			`returnerr = &libapi.ErrorResult{Message: "Error invalid input"}`
			`logger.Warn("invalid userinput, no integer")`
			`return`
			`}`
			`logger = logger.WithField("id", id)`
			`var invitedLogin = Login{ID: id}`
			`var changeLogin RequestLogin`
			`err = json.NewDecoder(r.Body).Decode(&changeLogin)`
			`if err != nil {`
			`logger.Error("fetch request")`
			`http.Error(w, err.Error(), http.StatusInternalServerError)`
			`returnerr = &libapi.ErrorResult{Message: "Internal Request Error"}`
			`return`
			`}`

			`api.dbconnection.Where("id = ?", invitedLogin.ID).First(&invitedLogin)`
[web] website crud 2016-09-03 16:30:48 +02:00			`invite := invitedLogin.GetInvitedby(api.dbconnection)`
improve invite (with all function) 2016-08-24 23:02:25 +02:00			`if !login.Superadmin && !invite.Admin && invitedLogin.CreateAt.Before(invitedLogin.LastLoginAt) {`
			`logger.Warn("no permission")`
[web] permissions added 2016-09-11 18:40:33 +02:00			`returnerr = &libapi.ErrorResult{Message: "Error no permission to edit this login"}`
improve invite (with all function) 2016-08-24 23:02:25 +02:00			`return`
			`}`
			`if len(changeLogin.Password) > 0 {`
			`invitedLogin.Password = libpassword.NewHash(changeLogin.Password)`
			`}`
			`if login.Superadmin {`
			`invitedLogin.Username = changeLogin.Username`
[web] permissions added 2016-09-11 18:40:33 +02:00			`invitedLogin.Superadmin = changeLogin.Superadmin`
improve invite (with all function) 2016-08-24 23:02:25 +02:00			`}`
			`if err := api.dbconnection.Save(invitedLogin).Error; err != nil {`
			`logger.Warn("sql edit login")`
			`returnerr = &libapi.ErrorResult{Message: "Error during edit login"}`
			`return`
			`}`
[web] permissions added 2016-09-11 18:40:33 +02:00			`logger.Info("done")`
improve invite (with all function) 2016-08-24 23:02:25 +02:00			`returndata = true`
			`return`
			`}`

			`// LoginDelete delete a login by invite or superadmin`
			`func (api API) LoginDelete(w http.ResponseWriter, r http.Request, ps httprouter.Params, sess session.Session, login Login) (returndata interface{}, returnerr libapi.ErrorResult) {`
			`returndata = false`
			`logger := api.log.GetLog(r, "logindelete")`
[web] website crud 2016-09-03 16:30:48 +02:00			`id, err := strconv.ParseInt(ps.ByName("id"), 10, 64)`
improve invite (with all function) 2016-08-24 23:02:25 +02:00			`if err != nil {`
			`returnerr = &libapi.ErrorResult{Message: "Error invalid input"}`
			`logger.Warn("invalid userinput, no integer")`
			`return`
			`}`
			`logger = logger.WithField("id", id)`
			`var invitedLogin = Login{ID: id}`
			`api.dbconnection.Where("id = ?", invitedLogin.ID).First(&invitedLogin)`
[web] website crud 2016-09-03 16:30:48 +02:00			`invite := invitedLogin.GetInvitedby(api.dbconnection)`
improve invite (with all function) 2016-08-24 23:02:25 +02:00			`if !login.Superadmin && !invite.Admin && invitedLogin.CreateAt.Before(invitedLogin.LastLoginAt) {`
			`logger.Warn("no permission")`
[web] permissions added 2016-09-11 18:40:33 +02:00			`returnerr = &libapi.ErrorResult{Message: "Error no permission to delete this login"}`
improve invite (with all function) 2016-08-24 23:02:25 +02:00			`return`
			`}`
			`if err := api.dbconnection.Unscoped().Delete(invitedLogin).Error; err != nil {`
			`logger.Warn("sql detete login")`
			`returnerr = &libapi.ErrorResult{Message: "Error during delete login"}`
			`return`
			`}`
[web] permissions added 2016-09-11 18:40:33 +02:00			`logger.Info("done")`
improve invite (with all function) 2016-08-24 23:02:25 +02:00			`returndata = true`
			`return`
			`}`

			`// Invitor get Invite of current login`
			`func (api API) Invitor(w http.ResponseWriter, r http.Request, ps httprouter.Params, sess session.Session, login Login) (returndata interface{}, returnerr libapi.ErrorResult) {`
update schema 2016-08-20 01:17:08 +02:00			`returndata = false`
improve invite (with all function) 2016-08-24 23:02:25 +02:00			`logger := api.log.GetLog(r, "invitor")`
			`invite := login.GetInvitedby(api.dbconnection)`
[web] permissions added 2016-09-11 18:40:33 +02:00			`logger.Info("done")`
improve invite (with all function) 2016-08-24 23:02:25 +02:00			`returndata = invite`
update schema 2016-08-20 01:17:08 +02:00			`return`
			`}`

sourcecode comments 2016-09-03 10:18:46 +02:00			`// InvitorAdminToggle toggle admin of current login`
improve invite (with all function) 2016-08-24 23:02:25 +02:00			`func (api API) InvitorAdminToggle(w http.ResponseWriter, r http.Request, ps httprouter.Params, sess session.Session, login Login) (returndata interface{}, returnerr libapi.ErrorResult) {`
update schema 2016-08-20 01:17:08 +02:00			`returndata = false`
improve invite (with all function) 2016-08-24 23:02:25 +02:00			`logger := api.log.GetLog(r, "invitoradmintoggle")`
			`invite := login.GetInvitedby(api.dbconnection)`
			`invite.Admin = !invite.Admin`
			`api.dbconnection.Model(invite).Save(&invite)`
[web] permissions added 2016-09-11 18:40:33 +02:00			`logger.Info("done")`
improve invite (with all function) 2016-08-24 23:02:25 +02:00			`returndata = true`
update schema 2016-08-20 01:17:08 +02:00			`return`
			`}`