package middleware import ( "net/http" "time" "git.kirsle.net/apps/gosocial/pkg/config" "git.kirsle.net/apps/gosocial/pkg/controller/photo" "git.kirsle.net/apps/gosocial/pkg/log" "git.kirsle.net/apps/gosocial/pkg/models" "git.kirsle.net/apps/gosocial/pkg/session" "git.kirsle.net/apps/gosocial/pkg/templates" ) // LoginRequired middleware. func LoginRequired(handler http.Handler) http.Handler { return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { // User must be logged in. user, err := session.CurrentUser(r) if err != nil { log.Error("LoginRequired: %s", err) errhandler := templates.MakeErrorPage("Login Required", "You must be signed in to view this page.", http.StatusForbidden) errhandler.ServeHTTP(w, r) return } // Are they banned or disabled? if user.Status == models.UserStatusDisabled { session.LogoutUser(w, r) session.FlashError(w, r, "Your account has been disabled and you are now logged out.") templates.Redirect(w, "/") return } else if user.Status == models.UserStatusBanned { session.LogoutUser(w, r) session.FlashError(w, r, "Your account has been banned and you are now logged out.") templates.Redirect(w, "/") return } // Ping LastLoginAt for long lived sessions. if time.Since(user.LastLoginAt) > config.LastLoginAtCooldown { user.LastLoginAt = time.Now() if err := user.Save(); err != nil { log.Error("LoginRequired: couldn't refresh LastLoginAt for user %s: %s", user.Username, err) } } handler.ServeHTTP(w, r) }) } // AdminRequired middleware. func AdminRequired(handler http.Handler) http.Handler { return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { // User must be logged in. if currentUser, err := session.CurrentUser(r); err != nil { log.Error("AdminRequired: %s", err) errhandler := templates.MakeErrorPage("Login Required", "You must be signed in to view this page.", http.StatusForbidden) errhandler.ServeHTTP(w, r) return } else if !currentUser.IsAdmin { log.Error("AdminRequired: %s", err) errhandler := templates.MakeErrorPage("Admin Required", "You do not have permission for this page.", http.StatusForbidden) errhandler.ServeHTTP(w, r) return } handler.ServeHTTP(w, r) }) } // CertRequired middleware: like LoginRequired but user must also have their verification pic certified. func CertRequired(handler http.Handler) http.Handler { return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { // User must be logged in. currentUser, err := session.CurrentUser(r) if err != nil { log.Error("LoginRequired: %s", err) errhandler := templates.MakeErrorPage("Login Required", "You must be signed in to view this page.", http.StatusForbidden) errhandler.ServeHTTP(w, r) return } // User must be certified. if !currentUser.Certified || currentUser.ProfilePhoto.ID == 0 { log.Error("CertRequired: user is not certified") photo.CertificationRequiredError().ServeHTTP(w, r) return } handler.ServeHTTP(w, r) }) }