diff --git a/views/addViews.go b/views/addViews.go
index ee609a8..977f198 100644
--- a/views/addViews.go
+++ b/views/addViews.go
@@ -22,116 +22,125 @@ import (
// UploadedFileHandler is used to handle the uploaded file related requests
func UploadedFileHandler(w http.ResponseWriter, r *http.Request) {
- if r.Method == "GET" {
- token := r.URL.Path[len("/files/"):]
-
- //file, err := db.GetFileName(token)
- //if err != nil {
- log.Println("serving file ./files/" + token)
- http.ServeFile(w, r, "./files/"+token)
- //}
+ if r.Method != "GET" {
+ http.Redirect(w, r, "/", http.StatusBadRequest)
+ return
}
+ token := r.URL.Path[len("/files/"):]
+
+ //file, err := db.GetFileName(token)
+ //if err != nil {
+ log.Println("serving file ./files/" + token)
+ http.ServeFile(w, r, "./files/"+token)
+ //}
}
//AddTaskFunc is used to handle the addition of new task, "/add" URL
func AddTaskFunc(w http.ResponseWriter, r *http.Request) {
- if r.Method == "POST" { // Will work only for POST requests, will redirect to home
- var filelink string // will store the html when we have files to be uploaded, appened to the note content
- r.ParseForm()
- file, handler, err := r.FormFile("uploadfile")
- if err != nil && handler != nil {
- //Case executed when file is uploaded and yet an error occurs
- log.Println(err)
- message = "Error uploading file"
- http.Redirect(w, r, "/", http.StatusInternalServerError)
- }
+ if r.Method != "POST" { // Will work only for POST requests, will redirect to home
+ http.Redirect(w, r, "/", http.StatusBadRequest)
+ return
+ }
- taskPriority, priorityErr := strconv.Atoi(r.FormValue("priority"))
+ var filelink string // will store the html when we have files to be uploaded, appened to the note content
+ r.ParseForm()
+ file, handler, err := r.FormFile("uploadfile")
+ if err != nil && handler != nil {
+ //Case executed when file is uploaded and yet an error occurs
+ log.Println(err)
+ message = "Error uploading file"
+ http.Redirect(w, r, "/", http.StatusInternalServerError)
+ }
- if priorityErr != nil {
- log.Print(priorityErr)
- message = "Bad task priority"
+ taskPriority, priorityErr := strconv.Atoi(r.FormValue("priority"))
+
+ if priorityErr != nil {
+ log.Print(priorityErr)
+ message = "Bad task priority"
+ }
+ priorityList := []int{1, 2, 3}
+ found := false
+ for _, priority := range priorityList {
+ if taskPriority == priority {
+ found = true
}
- priorityList := []int{1, 2, 3}
- found := false
- for _, priority := range priorityList {
- if taskPriority == priority {
- found = true
+ }
+ //If someone gives us incorrect priority number, we give the priority
+ //to that task as 1 i.e. Low
+ if !found {
+ taskPriority = 1
+ }
+ var hidden int
+ hideTimeline := r.FormValue("hide")
+ if hideTimeline != "" {
+ hidden = 1
+ } else {
+ hidden = 0
+ }
+ // dueDate := r.FormValue("dueDate")
+ category := r.FormValue("category")
+ title := template.HTMLEscapeString(r.Form.Get("title"))
+ content := template.HTMLEscapeString(r.Form.Get("content"))
+ formToken := template.HTMLEscapeString(r.Form.Get("CSRFToken"))
+
+ cookie, _ := r.Cookie("csrftoken")
+ if formToken == cookie.Value {
+ username := sessions.GetCurrentUserName(r)
+ if handler != nil {
+ // this will be executed whenever a file is uploaded
+ r.ParseMultipartForm(32 << 20) //defined maximum size of file
+ defer file.Close()
+ randomFileName := md5.New()
+ io.WriteString(randomFileName, strconv.FormatInt(time.Now().Unix(), 10))
+ io.WriteString(randomFileName, handler.Filename)
+ token := fmt.Sprintf("%x", randomFileName.Sum(nil))
+ f, err := os.OpenFile("./files/"+token, os.O_WRONLY|os.O_CREATE, 0666)
+ if err != nil {
+ log.Println(err)
+ return
}
- }
- //If someone gives us incorrect priority number, we give the priority
- //to that task as 1 i.e. Low
- if !found {
- taskPriority = 1
- }
- var hidden int
- hideTimeline := r.FormValue("hide")
- if hideTimeline != "" {
- hidden = 1
- } else {
- hidden = 0
- }
- // dueDate := r.FormValue("dueDate")
- category := r.FormValue("category")
- title := template.HTMLEscapeString(r.Form.Get("title"))
- content := template.HTMLEscapeString(r.Form.Get("content"))
- formToken := template.HTMLEscapeString(r.Form.Get("CSRFToken"))
+ defer f.Close()
+ io.Copy(f, file)
- cookie, _ := r.Cookie("csrftoken")
- if formToken == cookie.Value {
- username := sessions.GetCurrentUserName(r)
- if handler != nil {
- // this will be executed whenever a file is uploaded
- r.ParseMultipartForm(32 << 20) //defined maximum size of file
- defer file.Close()
- randomFileName := md5.New()
- io.WriteString(randomFileName, strconv.FormatInt(time.Now().Unix(), 10))
- io.WriteString(randomFileName, handler.Filename)
- token := fmt.Sprintf("%x", randomFileName.Sum(nil))
- f, err := os.OpenFile("./files/"+token, os.O_WRONLY|os.O_CREATE, 0666)
- if err != nil {
- log.Println(err)
- return
- }
- defer f.Close()
- io.Copy(f, file)
-
- if strings.HasSuffix(handler.Filename, ".png") || strings.HasSuffix(handler.Filename, ".jpg") {
- filelink = "
![](/files/" + token + ")
"
- } else {
- filelink = "
" + handler.Filename + ""
- }
- content = content + filelink
-
- fileTruth := db.AddFile(handler.Filename, token, username)
- if fileTruth != nil {
- message = "Error adding filename in db"
- log.Println("error adding task to db")
- }
- }
- //taskTruth := db.AddTask(title, content, category, taskPriority, username, dueDate)
- taskTruth := db.AddTask(title, content, category, taskPriority, username, hidden)
- if taskTruth != nil {
- message = "Error adding task"
- log.Println("error adding task to db")
- http.Redirect(w, r, "/", http.StatusInternalServerError)
+ if strings.HasSuffix(handler.Filename, ".png") || strings.HasSuffix(handler.Filename, ".jpg") {
+ filelink = "
"
} else {
- message = "Task added"
- log.Println("added task to db")
- http.Redirect(w, r, "/", http.StatusFound)
+ filelink = "
" + handler.Filename + ""
}
- } else {
- log.Println("CSRF mismatch")
- message = "Server Error"
- http.Redirect(w, r, "/", http.StatusInternalServerError)
- }
+ content = content + filelink
+ fileTruth := db.AddFile(handler.Filename, token, username)
+ if fileTruth != nil {
+ message = "Error adding filename in db"
+ log.Println("error adding task to db")
+ }
+ }
+ //taskTruth := db.AddTask(title, content, category, taskPriority, username, dueDate)
+ taskTruth := db.AddTask(title, content, category, taskPriority, username, hidden)
+ if taskTruth != nil {
+ message = "Error adding task"
+ log.Println("error adding task to db")
+ http.Redirect(w, r, "/", http.StatusInternalServerError)
+ } else {
+ message = "Task added"
+ log.Println("added task to db")
+ http.Redirect(w, r, "/", http.StatusFound)
+ }
+ } else {
+ log.Println("CSRF mismatch")
+ message = "Server Error"
+ http.Redirect(w, r, "/", http.StatusInternalServerError)
}
}
//AddCategoryFunc used to add new categories to the database
func AddCategoryFunc(w http.ResponseWriter, r *http.Request) {
+ if r.Method != "POST" { // We respond only to POST requests, redirect to home for others
+ http.Redirect(w, r, "/", http.StatusBadRequest)
+ return
+ }
+
r.ParseForm()
category := r.Form.Get("category")
if strings.Trim(category, " ") != "" {
@@ -160,19 +169,19 @@ func EditTaskFunc(w http.ResponseWriter, r *http.Request) {
log.Println(err)
http.Redirect(w, r, "/", http.StatusBadRequest)
return
- } else {
- redirectURL := utils.GetRedirectUrl(r.Referer())
- username := sessions.GetCurrentUserName(r)
- task, err := db.GetTaskByID(username, id)
- categories := db.GetCategories(username)
- task.Categories = categories
- task.Referer = redirectURL
-
- if err != nil {
- task.Message = "Error fetching Tasks"
- }
- editTemplate.Execute(w, task)
}
+ redirectURL := utils.GetRedirectUrl(r.Referer())
+ username := sessions.GetCurrentUserName(r)
+ task, err := db.GetTaskByID(username, id)
+ categories := db.GetCategories(username)
+ task.Categories = categories
+ task.Referer = redirectURL
+
+ if err != nil {
+ task.Message = "Error fetching Tasks"
+ }
+ editTemplate.Execute(w, task)
+
}
//AddCommentFunc will be used
diff --git a/views/deleteViews.go b/views/deleteViews.go
index be2b108..60173a2 100644
--- a/views/deleteViews.go
+++ b/views/deleteViews.go
@@ -19,130 +19,154 @@ func TrashTaskFunc(w http.ResponseWriter, r *http.Request) {
//for best UX we want the user to be returned to the page making
//the delete transaction, we use the r.Referer() function to get the link
redirectURL := utils.GetRedirectUrl(r.Referer())
- if r.Method == "GET" {
- id, err := strconv.Atoi(r.URL.Path[len("/trash/"):])
+
+ if r.Method != "GET" {
+ http.Redirect(w, r, "/", http.StatusBadRequest)
+ return
+ }
+
+ id, err := strconv.Atoi(r.URL.Path[len("/trash/"):])
+ if err != nil {
+ log.Println("TrashTaskFunc", err)
+ message = "Incorrect command"
+ http.Redirect(w, r, redirectURL, http.StatusFound)
+ } else {
+ username := sessions.GetCurrentUserName(r)
+ err = db.TrashTask(username, id)
if err != nil {
- log.Println("TrashTaskFunc", err)
- message = "Incorrect command"
- http.Redirect(w, r, redirectURL, http.StatusFound)
+ message = "Error trashing task"
} else {
- username := sessions.GetCurrentUserName(r)
- err = db.TrashTask(username, id)
- if err != nil {
- message = "Error trashing task"
- } else {
- message = "Task trashed"
- }
- http.Redirect(w, r, redirectURL, http.StatusFound)
+ message = "Task trashed"
}
+ http.Redirect(w, r, redirectURL, http.StatusFound)
+
}
}
//RestoreTaskFunc is used to restore task from trash, handles "/restore/" URL
func RestoreTaskFunc(w http.ResponseWriter, r *http.Request) {
- if r.Method == "GET" {
- id, err := strconv.Atoi(r.URL.Path[len("/restore/"):])
- if err != nil {
- log.Println(err)
- http.Redirect(w, r, "/deleted", http.StatusBadRequest)
- } else {
- username := sessions.GetCurrentUserName(r)
- err = db.RestoreTask(username, id)
- if err != nil {
- message = "Restore failed"
- } else {
- message = "Task restored"
- }
- http.Redirect(w, r, "/deleted/", http.StatusFound)
- }
+ if r.Method != "GET" {
+ http.Redirect(w, r, "/", http.StatusBadRequest)
+ return
}
+
+ id, err := strconv.Atoi(r.URL.Path[len("/restore/"):])
+ if err != nil {
+ log.Println(err)
+ http.Redirect(w, r, "/deleted", http.StatusBadRequest)
+ } else {
+ username := sessions.GetCurrentUserName(r)
+ err = db.RestoreTask(username, id)
+ if err != nil {
+ message = "Restore failed"
+ } else {
+ message = "Task restored"
+ }
+ http.Redirect(w, r, "/deleted/", http.StatusFound)
+ }
+
}
//DeleteTaskFunc is used to delete a task, trash = move to recycle bin, delete = permanent delete
func DeleteTaskFunc(w http.ResponseWriter, r *http.Request) {
username := sessions.GetCurrentUserName(r)
- if r.Method == "GET" {
- id := r.URL.Path[len("/delete/"):]
- if id == "all" {
- err := db.DeleteAll(username)
- if err != nil {
- message = "Error deleting tasks"
- http.Redirect(w, r, "/", http.StatusInternalServerError)
- }
- http.Redirect(w, r, "/", http.StatusFound)
+ if r.Method != "GET" {
+ http.Redirect(w, r, "/", http.StatusBadRequest)
+ return
+ }
+
+ id := r.URL.Path[len("/delete/"):]
+ if id == "all" {
+ err := db.DeleteAll(username)
+ if err != nil {
+ message = "Error deleting tasks"
+ http.Redirect(w, r, "/", http.StatusInternalServerError)
+ }
+ http.Redirect(w, r, "/", http.StatusFound)
+ } else {
+ id, err := strconv.Atoi(id)
+ if err != nil {
+ log.Println(err)
+ http.Redirect(w, r, "/", http.StatusBadRequest)
} else {
- id, err := strconv.Atoi(id)
+ err = db.DeleteTask(username, id)
if err != nil {
- log.Println(err)
- http.Redirect(w, r, "/", http.StatusBadRequest)
+ message = "Error deleting task"
} else {
- err = db.DeleteTask(username, id)
- if err != nil {
- message = "Error deleting task"
- } else {
- message = "Task deleted"
- }
- http.Redirect(w, r, "/deleted", http.StatusFound)
+ message = "Task deleted"
}
+ http.Redirect(w, r, "/deleted", http.StatusFound)
}
}
+
}
//RestoreFromCompleteFunc restores the task from complete to pending
func RestoreFromCompleteFunc(w http.ResponseWriter, r *http.Request) {
- if r.Method == "GET" {
- id, err := strconv.Atoi(r.URL.Path[len("/incomplete/"):])
- if err != nil {
- log.Println(err)
- http.Redirect(w, r, "/completed", http.StatusBadRequest)
- } else {
- username := sessions.GetCurrentUserName(r)
- err = db.RestoreTaskFromComplete(username, id)
- if err != nil {
- message = "Restore failed"
- } else {
- message = "Task restored"
- }
- http.Redirect(w, r, "/completed", http.StatusFound)
- }
+ if r.Method != "GET" {
+ http.Redirect(w, r, "/", http.StatusBadRequest)
+ return
}
+
+ id, err := strconv.Atoi(r.URL.Path[len("/incomplete/"):])
+ if err != nil {
+ log.Println(err)
+ http.Redirect(w, r, "/completed", http.StatusBadRequest)
+ } else {
+ username := sessions.GetCurrentUserName(r)
+ err = db.RestoreTaskFromComplete(username, id)
+ if err != nil {
+ message = "Restore failed"
+ } else {
+ message = "Task restored"
+ }
+ http.Redirect(w, r, "/completed", http.StatusFound)
+ }
+
}
//DeleteCategoryFunc will delete any category
func DeleteCategoryFunc(w http.ResponseWriter, r *http.Request) {
- if r.Method == "GET" {
- categoryName := r.URL.Path[len("/del-category/"):]
- username := sessions.GetCurrentUserName(r)
- err := db.DeleteCategoryByName(username, categoryName)
- if err != nil {
- message = "error deleting category"
- } else {
- message = "Category " + categoryName + " deleted"
- }
-
- http.Redirect(w, r, "/", http.StatusFound)
+ if r.Method != "GET" {
+ http.Redirect(w, r, "/", http.StatusBadRequest)
+ return
}
+
+ categoryName := r.URL.Path[len("/del-category/"):]
+ username := sessions.GetCurrentUserName(r)
+ err := db.DeleteCategoryByName(username, categoryName)
+ if err != nil {
+ message = "error deleting category"
+ } else {
+ message = "Category " + categoryName + " deleted"
+ }
+
+ http.Redirect(w, r, "/", http.StatusFound)
+
}
//DeleteCommentFunc will delete any category
func DeleteCommentFunc(w http.ResponseWriter, r *http.Request) {
- if r.Method == "GET" {
- id := r.URL.Path[len("/del-comment/"):]
- commentID, err := strconv.Atoi(id)
- if err != nil {
- http.Redirect(w, r, "/", http.StatusBadRequest)
- return
- }
- username := sessions.GetCurrentUserName(r)
-
- err = db.DeleteCommentByID(username, commentID)
-
- if err != nil {
- message = "comment not deleted"
- } else {
- message = "comment deleted"
- }
-
- http.Redirect(w, r, "/", http.StatusFound)
+ if r.Method != "GET" {
+ http.Redirect(w, r, "/", http.StatusBadRequest)
+ return
}
+
+ id := r.URL.Path[len("/del-comment/"):]
+ commentID, err := strconv.Atoi(id)
+ if err != nil {
+ http.Redirect(w, r, "/", http.StatusBadRequest)
+ return
+ }
+ username := sessions.GetCurrentUserName(r)
+
+ err = db.DeleteCommentByID(username, commentID)
+
+ if err != nil {
+ message = "comment not deleted"
+ } else {
+ message = "comment deleted"
+ }
+
+ http.Redirect(w, r, "/", http.StatusFound)
}
diff --git a/views/otherViews.go b/views/otherViews.go
index cc339f4..ce0b6b9 100644
--- a/views/otherViews.go
+++ b/views/otherViews.go
@@ -56,117 +56,132 @@ func PopulateTemplates() {
//CompleteTaskFunc is used to show the complete tasks, handles "/completed/" url
func CompleteTaskFunc(w http.ResponseWriter, r *http.Request) {
- if r.Method == "GET" {
- redirectURL := utils.GetRedirectUrl(r.Referer())
- id, err := strconv.Atoi(r.URL.Path[len("/complete/"):])
- if err != nil {
- log.Println(err)
- } else {
- username := sessions.GetCurrentUserName(r)
- err = db.CompleteTask(username, id)
- if err != nil {
- message = "Complete task failed"
- } else {
- message = "Task marked complete"
- }
- http.Redirect(w, r, redirectURL, http.StatusFound)
- }
+ if r.Method != "GET" {
+ http.Redirect(w, r, "/", http.StatusBadRequest)
+ return
}
+
+ redirectURL := utils.GetRedirectUrl(r.Referer())
+ id, err := strconv.Atoi(r.URL.Path[len("/complete/"):])
+ if err != nil {
+ log.Println(err)
+ } else {
+ username := sessions.GetCurrentUserName(r)
+ err = db.CompleteTask(username, id)
+ if err != nil {
+ message = "Complete task failed"
+ } else {
+ message = "Task marked complete"
+ }
+ http.Redirect(w, r, redirectURL, http.StatusFound)
+ }
+
}
//SearchTaskFunc is used to handle the /search/ url, handles the search function
func SearchTaskFunc(w http.ResponseWriter, r *http.Request) {
- if r.Method == "POST" {
- r.ParseForm()
- query := r.Form.Get("query")
-
- username := sessions.GetCurrentUserName(r)
- context, err := db.SearchTask(username, query)
- if err != nil {
- log.Println("error fetching search results")
- }
-
- categories := db.GetCategories(username)
- context.Categories = categories
-
- searchTemplate.Execute(w, context)
+ if r.Method != "POST" {
+ http.Redirect(w, r, "/", http.StatusBadRequest)
+ return
}
+ r.ParseForm()
+ query := r.Form.Get("query")
+
+ username := sessions.GetCurrentUserName(r)
+ context, err := db.SearchTask(username, query)
+ if err != nil {
+ log.Println("error fetching search results")
+ }
+
+ categories := db.GetCategories(username)
+ context.Categories = categories
+
+ searchTemplate.Execute(w, context)
+
}
//UpdateTaskFunc is used to update a task, handes "/update/" URL
func UpdateTaskFunc(w http.ResponseWriter, r *http.Request) {
- if r.Method == "POST" {
- r.ParseForm()
- id, err := strconv.Atoi(r.Form.Get("id"))
- if err != nil {
- log.Println(err)
- }
- category := r.Form.Get("category")
- title := r.Form.Get("title")
- content := r.Form.Get("content")
- priority, err := strconv.Atoi(r.Form.Get("priority"))
- if err != nil {
- log.Println(err)
- }
- username := sessions.GetCurrentUserName(r)
-
- var hidden int
- hideTimeline := r.FormValue("hide")
- if hideTimeline != "" {
- hidden = 1
- } else {
- hidden = 0
- }
-
- err = db.UpdateTask(id, title, content, category, priority, username, hidden)
- if err != nil {
- message = "Error updating task"
- } else {
- message = "Task updated"
- log.Println(message)
- }
- http.Redirect(w, r, "/", http.StatusFound)
+ if r.Method != "POST" {
+ http.Redirect(w, r, "/", http.StatusBadRequest)
+ return
}
+
+ r.ParseForm()
+ id, err := strconv.Atoi(r.Form.Get("id"))
+ if err != nil {
+ log.Println(err)
+ }
+ category := r.Form.Get("category")
+ title := r.Form.Get("title")
+ content := r.Form.Get("content")
+ priority, err := strconv.Atoi(r.Form.Get("priority"))
+ if err != nil {
+ log.Println(err)
+ }
+ username := sessions.GetCurrentUserName(r)
+
+ var hidden int
+ hideTimeline := r.FormValue("hide")
+ if hideTimeline != "" {
+ hidden = 1
+ } else {
+ hidden = 0
+ }
+
+ err = db.UpdateTask(id, title, content, category, priority, username, hidden)
+ if err != nil {
+ message = "Error updating task"
+ } else {
+ message = "Task updated"
+ log.Println(message)
+ }
+ http.Redirect(w, r, "/", http.StatusFound)
}
//UpdateCategoryFunc is used to update a task, handes "/upd-category/" URL
func UpdateCategoryFunc(w http.ResponseWriter, r *http.Request) {
- if r.Method == "POST" {
- var redirectURL string
- r.ParseForm()
- oldName := r.URL.Path[len("/upd-category/"):]
- newName := r.Form.Get("catname")
- username := sessions.GetCurrentUserName(r)
- err := db.UpdateCategoryByName(username, oldName, newName)
- if err != nil {
- message = "error updating category"
- log.Println("not updated category " + oldName)
- redirectURL = "/category/" + oldName
- } else {
- message = "cat " + oldName + " -> " + newName
- redirectURL = "/category/" + newName
- }
- log.Println("redirecting to " + redirectURL)
- http.Redirect(w, r, redirectURL, http.StatusFound)
+ if r.Method != "POST" {
+ http.Redirect(w, r, "/", http.StatusBadRequest)
+ return
}
+ var redirectURL string
+ r.ParseForm()
+ oldName := r.URL.Path[len("/upd-category/"):]
+ newName := r.Form.Get("catname")
+ username := sessions.GetCurrentUserName(r)
+ err := db.UpdateCategoryByName(username, oldName, newName)
+ if err != nil {
+ message = "error updating category"
+ log.Println("not updated category " + oldName)
+ redirectURL = "/category/" + oldName
+ } else {
+ message = "cat " + oldName + " -> " + newName
+ redirectURL = "/category/" + newName
+ }
+ log.Println("redirecting to " + redirectURL)
+ http.Redirect(w, r, redirectURL, http.StatusFound)
+
}
//SignUpFunc will enable new users to sign up to our service
func SignUpFunc(w http.ResponseWriter, r *http.Request) {
- if r.Method == "POST" {
- r.ParseForm()
+ if r.Method != "POST" {
+ http.Redirect(w, r, "/", http.StatusBadRequest)
+ return
+ }
+ r.ParseForm()
- username := r.Form.Get("username")
- password := r.Form.Get("password")
- email := r.Form.Get("email")
+ username := r.Form.Get("username")
+ password := r.Form.Get("password")
+ email := r.Form.Get("email")
- log.Println(username, password, email)
+ log.Println(username, password, email)
- err := db.CreateUser(username, password, email)
- if err != nil {
- http.Error(w, "Unable to sign user up", http.StatusInternalServerError)
- } else {
- http.Redirect(w, r, "/login/", 302)
- }
+ err := db.CreateUser(username, password, email)
+ if err != nil {
+ http.Error(w, "Unable to sign user up", http.StatusInternalServerError)
+ } else {
+ http.Redirect(w, r, "/login/", 302)
}
}
diff --git a/views/sessionViews.go b/views/sessionViews.go
index 57227b4..e14a518 100644
--- a/views/sessionViews.go
+++ b/views/sessionViews.go
@@ -60,5 +60,7 @@ func LoginFunc(w http.ResponseWriter, r *http.Request) {
}
log.Print("Invalid user " + username)
loginTemplate.Execute(w, nil)
+ default:
+ http.Redirect(w, r, "/login/", http.StatusUnauthorized)
}
}