From dacbef54e48d03db1dd23483fe85f0358fc5d652 Mon Sep 17 00:00:00 2001 From: Suraj Patil Date: Mon, 9 May 2016 23:06:35 +0530 Subject: [PATCH] app redirects to login page is user isn't authenticated --- views/addViews.go | 283 ++++++++++++++++++++++--------------------- views/deleteViews.go | 182 +++++++++++++++------------- views/otherViews.go | 124 ++++++++++--------- views/views.go | 119 +++++++++--------- 4 files changed, 370 insertions(+), 338 deletions(-) diff --git a/views/addViews.go b/views/addViews.go index 9ccb8d3..a8f54e2 100644 --- a/views/addViews.go +++ b/views/addViews.go @@ -22,178 +22,187 @@ import ( // UploadedFileHandler is used to handle the uploaded file related requests func UploadedFileHandler(w http.ResponseWriter, r *http.Request) { - if r.Method == "GET" && sessions.IsLoggedIn(r) { - token := r.URL.Path[len("/files/"):] + if sessions.IsLoggedIn(r) { + if r.Method == "GET" { + token := r.URL.Path[len("/files/"):] - //file, err := db.GetFileName(token) - //if err != nil { - log.Println("serving file ./files/" + token) - http.ServeFile(w, r, "./files/"+token) - //} + //file, err := db.GetFileName(token) + //if err != nil { + log.Println("serving file ./files/" + token) + http.ServeFile(w, r, "./files/"+token) + //} + } } } //AddTaskFunc is used to handle the addition of new task, "/add" URL func AddTaskFunc(w http.ResponseWriter, r *http.Request) { - if r.Method == "POST" && sessions.IsLoggedIn(r) { // Will work only for POST requests, will redirect to home - var filelink string // will store the html when we have files to be uploaded, appened to the note content - r.ParseForm() - file, handler, err := r.FormFile("uploadfile") - if err != nil && handler != nil { - //Case executed when file is uploaded and yet an error occurs - log.Println(err) - message = "Error uploading file" - http.Redirect(w, r, "/", http.StatusInternalServerError) - } - - taskPriority, priorityErr := strconv.Atoi(r.FormValue("priority")) - - if priorityErr != nil { - log.Print(priorityErr) - message = "Bad task priority" - http.Redirect(w, r, "/", http.StatusInternalServerError) - } - priorityList := []int{1, 2, 3} - found := false - for _, priority := range priorityList { - if taskPriority == priority { - found = true - } - } - //If someone gives us incorrect priority number, we give the priority - //to that task as 1 i.e. Low - if !found { - taskPriority = 1 - } - - category := r.FormValue("category") - title := template.HTMLEscapeString(r.Form.Get("title")) - content := template.HTMLEscapeString(r.Form.Get("content")) - formToken := template.HTMLEscapeString(r.Form.Get("CSRFToken")) - - cookie, _ := r.Cookie("csrftoken") - if formToken == cookie.Value { - if handler != nil { - // this will be executed whenever a file is uploaded - r.ParseMultipartForm(32 << 20) //defined maximum size of file - defer file.Close() - randomFileName := md5.New() - io.WriteString(randomFileName, strconv.FormatInt(time.Now().Unix(), 10)) - io.WriteString(randomFileName, handler.Filename) - token := fmt.Sprintf("%x", randomFileName.Sum(nil)) - f, err := os.OpenFile("./files/"+token, os.O_WRONLY|os.O_CREATE, 0666) - if err != nil { - log.Println(err) - return - } - defer f.Close() - io.Copy(f, file) - - if strings.HasSuffix(handler.Filename, ".png") || strings.HasSuffix(handler.Filename, ".jpg") { - filelink = "
" - } else { - filelink = "
" + handler.Filename + "" - } - content = content + filelink - - fileTruth := db.AddFile(handler.Filename, token) - if fileTruth != nil { - message = "Error adding filename in db" - log.Println("error adding task to db") - } - } - - taskTruth := db.AddTask(title, content, category, taskPriority) - - if taskTruth != nil { - message = "Error adding task" - log.Println("error adding task to db") + if sessions.IsLoggedIn(r) { + if r.Method == "POST" { // Will work only for POST requests, will redirect to home + var filelink string // will store the html when we have files to be uploaded, appened to the note content + r.ParseForm() + file, handler, err := r.FormFile("uploadfile") + if err != nil && handler != nil { + //Case executed when file is uploaded and yet an error occurs + log.Println(err) + message = "Error uploading file" http.Redirect(w, r, "/", http.StatusInternalServerError) - } else { - message = "Task added" - log.Println("added task to db") - http.Redirect(w, r, "/", http.StatusFound) } - } else { - log.Println("CSRF mismatch") - message = "Server Error" - http.Redirect(w, r, "/", http.StatusInternalServerError) - } + taskPriority, priorityErr := strconv.Atoi(r.FormValue("priority")) + + if priorityErr != nil { + log.Print(priorityErr) + message = "Bad task priority" + http.Redirect(w, r, "/", http.StatusInternalServerError) + } + priorityList := []int{1, 2, 3} + found := false + for _, priority := range priorityList { + if taskPriority == priority { + found = true + } + } + //If someone gives us incorrect priority number, we give the priority + //to that task as 1 i.e. Low + if !found { + taskPriority = 1 + } + + category := r.FormValue("category") + title := template.HTMLEscapeString(r.Form.Get("title")) + content := template.HTMLEscapeString(r.Form.Get("content")) + formToken := template.HTMLEscapeString(r.Form.Get("CSRFToken")) + + cookie, _ := r.Cookie("csrftoken") + if formToken == cookie.Value { + if handler != nil { + // this will be executed whenever a file is uploaded + r.ParseMultipartForm(32 << 20) //defined maximum size of file + defer file.Close() + randomFileName := md5.New() + io.WriteString(randomFileName, strconv.FormatInt(time.Now().Unix(), 10)) + io.WriteString(randomFileName, handler.Filename) + token := fmt.Sprintf("%x", randomFileName.Sum(nil)) + f, err := os.OpenFile("./files/"+token, os.O_WRONLY|os.O_CREATE, 0666) + if err != nil { + log.Println(err) + return + } + defer f.Close() + io.Copy(f, file) + + if strings.HasSuffix(handler.Filename, ".png") || strings.HasSuffix(handler.Filename, ".jpg") { + filelink = "
" + } else { + filelink = "
" + handler.Filename + "" + } + content = content + filelink + + fileTruth := db.AddFile(handler.Filename, token) + if fileTruth != nil { + message = "Error adding filename in db" + log.Println("error adding task to db") + } + } + + taskTruth := db.AddTask(title, content, category, taskPriority) + + if taskTruth != nil { + message = "Error adding task" + log.Println("error adding task to db") + http.Redirect(w, r, "/", http.StatusInternalServerError) + } else { + message = "Task added" + log.Println("added task to db") + http.Redirect(w, r, "/", http.StatusFound) + } + } else { + log.Println("CSRF mismatch") + message = "Server Error" + http.Redirect(w, r, "/", http.StatusInternalServerError) + } + + } } else { - message = "Method not allowed" - http.Redirect(w, r, "/", http.StatusFound) + http.Redirect(w, r, "/login/", 302) } } //AddCategoryFunc used to add new categories to the database func AddCategoryFunc(w http.ResponseWriter, r *http.Request) { - r.ParseForm() - category := r.Form.Get("category") - if strings.Trim(category, " ") != "" { - err := db.AddCategory(category) - if err != nil { - message = "Error adding category" - http.Redirect(w, r, "/", http.StatusBadRequest) - } else { - message = "Added category" - http.Redirect(w, r, "/", http.StatusFound) + if sessions.IsLoggedIn(r) { + r.ParseForm() + category := r.Form.Get("category") + if strings.Trim(category, " ") != "" { + err := db.AddCategory(category) + if err != nil { + message = "Error adding category" + http.Redirect(w, r, "/", http.StatusBadRequest) + } else { + message = "Added category" + http.Redirect(w, r, "/", http.StatusFound) + } } } else { - message = "Invalid Category Name" - http.Redirect(w, r, "/", http.StatusBadRequest) + http.Redirect(w, r, "/login/", 302) } } //EditTaskFunc is used to edit tasks, handles "/edit/" URL func EditTaskFunc(w http.ResponseWriter, r *http.Request) { - if r.Method == "GET" && sessions.IsLoggedIn(r) { - id, err := strconv.Atoi(r.URL.Path[len("/edit/"):]) - if err != nil { - log.Println(err) - http.Redirect(w, r, "/", http.StatusBadRequest) - } else { - redirectUrl := utils.GetRedirectUrl(r.Referer()) - task, err := db.GetTaskByID(id) - categories := db.GetCategories() - task.Categories = categories - task.Referer = redirectUrl - + if sessions.IsLoggedIn(r) { + if r.Method == "GET" { + id, err := strconv.Atoi(r.URL.Path[len("/edit/"):]) if err != nil { - task.Message = "Error fetching Tasks" + log.Println(err) + http.Redirect(w, r, "/", http.StatusBadRequest) + } else { + redirectURL := utils.GetRedirectUrl(r.Referer()) + task, err := db.GetTaskByID(id) + categories := db.GetCategories() + task.Categories = categories + task.Referer = redirectURL + + if err != nil { + task.Message = "Error fetching Tasks" + } + editTemplate.Execute(w, task) } - editTemplate.Execute(w, task) } } else { - message = "Method not allowed" - http.Redirect(w, r, "/", http.StatusFound) + http.Redirect(w, r, "/login/", http.StatusFound) } } //AddCommentFunc will be used func AddCommentFunc(w http.ResponseWriter, r *http.Request) { - if r.Method == "POST" && sessions.IsLoggedIn(r) { - r.ParseForm() - text := r.Form.Get("commentText") - id := r.Form.Get("taskID") + if sessions.IsLoggedIn(r) { + if r.Method == "POST" { + r.ParseForm() + text := r.Form.Get("commentText") + id := r.Form.Get("taskID") - idInt, err := strconv.Atoi(id) + idInt, err := strconv.Atoi(id) - if (err != nil) || (text == "") { - log.Println("unable to convert into integer") - message = "Error adding comment" - } else { - err = db.AddComments(idInt, text) - - if err != nil { - log.Println("unable to insert into db") - message = "Comment not added" + if (err != nil) || (text == "") { + log.Println("unable to convert into integer") + message = "Error adding comment" } else { - message = "Comment added" + err = db.AddComments(idInt, text) + + if err != nil { + log.Println("unable to insert into db") + message = "Comment not added" + } else { + message = "Comment added" + } } + + http.Redirect(w, r, "/", http.StatusFound) + } - - http.Redirect(w, r, "/", http.StatusFound) - + } else { + http.Redirect(w, r, "/login", 302) } } diff --git a/views/deleteViews.go b/views/deleteViews.go index 5f41c99..3304ce7 100644 --- a/views/deleteViews.go +++ b/views/deleteViews.go @@ -18,138 +18,150 @@ import ( func TrashTaskFunc(w http.ResponseWriter, r *http.Request) { //for best UX we want the user to be returned to the page making //the delete transaction, we use the r.Referer() function to get the link - redirectUrl := utils.GetRedirectUrl(r.Referer()) + redirectURL := utils.GetRedirectUrl(r.Referer()) - if r.Method == "GET" && sessions.IsLoggedIn(r) { - id, err := strconv.Atoi(r.URL.Path[len("/trash/"):]) - if err != nil { - log.Println("TrashTaskFunc", err) - message = "Incorrect command" - http.Redirect(w, r, redirectUrl, http.StatusFound) - } else { - err = db.TrashTask(id) + if sessions.IsLoggedIn(r) { + if r.Method == "GET" { + id, err := strconv.Atoi(r.URL.Path[len("/trash/"):]) if err != nil { - message = "Error trashing task" + log.Println("TrashTaskFunc", err) + message = "Incorrect command" + http.Redirect(w, r, redirectURL, http.StatusFound) } else { - message = "Task trashed" + err = db.TrashTask(id) + if err != nil { + message = "Error trashing task" + } else { + message = "Task trashed" + } + http.Redirect(w, r, redirectURL, http.StatusFound) } - http.Redirect(w, r, redirectUrl, http.StatusFound) } } else { - message = "Method not allowed" - http.Redirect(w, r, redirectUrl, http.StatusFound) + http.Redirect(w, r, "/login/", 302) } } //RestoreTaskFunc is used to restore task from trash, handles "/restore/" URL func RestoreTaskFunc(w http.ResponseWriter, r *http.Request) { - if r.Method == "GET" && sessions.IsLoggedIn(r) { - id, err := strconv.Atoi(r.URL.Path[len("/restore/"):]) - if err != nil { - log.Println(err) - http.Redirect(w, r, "/deleted", http.StatusBadRequest) - } else { - err = db.RestoreTask(id) + if sessions.IsLoggedIn(r) { + if r.Method == "GET" { + id, err := strconv.Atoi(r.URL.Path[len("/restore/"):]) if err != nil { - message = "Restore failed" + log.Println(err) + http.Redirect(w, r, "/deleted", http.StatusBadRequest) } else { - message = "Task restored" + err = db.RestoreTask(id) + if err != nil { + message = "Restore failed" + } else { + message = "Task restored" + } + http.Redirect(w, r, "/deleted/", http.StatusFound) } - http.Redirect(w, r, "/deleted/", http.StatusFound) } } else { - message = "Method not allowed" - http.Redirect(w, r, "/", http.StatusFound) + http.Redirect(w, r, "/login/", 302) } } //DeleteTaskFunc is used to delete a task, trash = move to recycle bin, delete = permanent delete func DeleteTaskFunc(w http.ResponseWriter, r *http.Request) { - if r.Method == "GET" && sessions.IsLoggedIn(r) { - id := r.URL.Path[len("/delete/"):] - if id == "all" { - err := db.DeleteAll() - if err != nil { - message = "Error deleting tasks" - http.Redirect(w, r, "/", http.StatusInternalServerError) - } - http.Redirect(w, r, "/", http.StatusFound) - } else { - id, err := strconv.Atoi(id) - if err != nil { - log.Println(err) - http.Redirect(w, r, "/", http.StatusBadRequest) - } else { - err = db.DeleteTask(id) + if sessions.IsLoggedIn(r) { + if r.Method == "GET" { + id := r.URL.Path[len("/delete/"):] + if id == "all" { + err := db.DeleteAll() if err != nil { - message = "Error deleting task" - } else { - message = "Task deleted" + message = "Error deleting tasks" + http.Redirect(w, r, "/", http.StatusInternalServerError) + } + http.Redirect(w, r, "/", http.StatusFound) + } else { + id, err := strconv.Atoi(id) + if err != nil { + log.Println(err) + http.Redirect(w, r, "/", http.StatusBadRequest) + } else { + err = db.DeleteTask(id) + if err != nil { + message = "Error deleting task" + } else { + message = "Task deleted" + } + http.Redirect(w, r, "/deleted", http.StatusFound) } - http.Redirect(w, r, "/deleted", http.StatusFound) } } } else { - message = "Method not allowed" - http.Redirect(w, r, "/", http.StatusFound) + http.Redirect(w, r, "/login/", 302) } } //RestoreFromCompleteFunc restores the task from complete to pending func RestoreFromCompleteFunc(w http.ResponseWriter, r *http.Request) { - if r.Method == "GET" && sessions.IsLoggedIn(r) { - id, err := strconv.Atoi(r.URL.Path[len("/incomplete/"):]) - if err != nil { - log.Println(err) - http.Redirect(w, r, "/completed", http.StatusBadRequest) - } else { - err = db.RestoreTaskFromComplete(id) + if sessions.IsLoggedIn(r) { + if r.Method == "GET" { + id, err := strconv.Atoi(r.URL.Path[len("/incomplete/"):]) if err != nil { - message = "Restore failed" + log.Println(err) + http.Redirect(w, r, "/completed", http.StatusBadRequest) } else { - message = "Task restored" + err = db.RestoreTaskFromComplete(id) + if err != nil { + message = "Restore failed" + } else { + message = "Task restored" + } + http.Redirect(w, r, "/completed", http.StatusFound) } - http.Redirect(w, r, "/completed", http.StatusFound) } } else { - message = "Method not allowed" - http.Redirect(w, r, "/completed", http.StatusFound) + http.Redirect(w, r, "/login/", 302) } } //DeleteCategoryFunc will delete any category func DeleteCategoryFunc(w http.ResponseWriter, r *http.Request) { - if r.Method == "GET" && sessions.IsLoggedIn(r) { - categoryName := r.URL.Path[len("/del-category/"):] - err := db.DeleteCategoryByName(categoryName) - if err != nil { - message = "error deleting category" - } else { - message = "Category " + categoryName + " deleted" - } + if sessions.IsLoggedIn(r) { + if r.Method == "GET" { + categoryName := r.URL.Path[len("/del-category/"):] + err := db.DeleteCategoryByName(categoryName) + if err != nil { + message = "error deleting category" + } else { + message = "Category " + categoryName + " deleted" + } - http.Redirect(w, r, "/", http.StatusFound) + http.Redirect(w, r, "/", http.StatusFound) + } + } else { + http.Redirect(w, r, "/login/", 302) } } //DeleteCommentFunc will delete any category func DeleteCommentFunc(w http.ResponseWriter, r *http.Request) { - if r.Method == "GET" && sessions.IsLoggedIn(r) { - id := r.URL.Path[len("/del-comment/"):] - commentID, err := strconv.Atoi(id) - if err != nil { - http.Redirect(w, r, "/", http.StatusBadRequest) - return + if sessions.IsLoggedIn(r) { + if r.Method == "GET" { + id := r.URL.Path[len("/del-comment/"):] + commentID, err := strconv.Atoi(id) + if err != nil { + http.Redirect(w, r, "/", http.StatusBadRequest) + return + } + + err = db.DeleteCommentByID(commentID) + + if err != nil { + message = "comment not deleted" + } else { + message = "comment deleted" + } + + http.Redirect(w, r, "/", http.StatusFound) } - - err = db.DeleteCommentByID(commentID) - - if err != nil { - message = "comment not deleted" - } else { - message = "comment deleted" - } - - http.Redirect(w, r, "/", http.StatusFound) + } else { + http.Redirect(w, r, "/login/", 302) } } diff --git a/views/otherViews.go b/views/otherViews.go index a265d91..53285c5 100644 --- a/views/otherViews.go +++ b/views/otherViews.go @@ -56,92 +56,98 @@ func PopulateTemplates() { //CompleteTaskFunc is used to show the complete tasks, handles "/completed/" url func CompleteTaskFunc(w http.ResponseWriter, r *http.Request) { - if r.Method == "GET" && sessions.IsLoggedIn(r) { - redirectURL := utils.GetRedirectUrl(r.Referer()) - id, err := strconv.Atoi(r.URL.Path[len("/complete/"):]) - if err != nil { - log.Println(err) - } else { - err = db.CompleteTask(id) + if sessions.IsLoggedIn(r) { + if r.Method == "GET" { + redirectURL := utils.GetRedirectUrl(r.Referer()) + id, err := strconv.Atoi(r.URL.Path[len("/complete/"):]) if err != nil { - message = "Complete task failed" + log.Println(err) } else { - message = "Task marked complete" + err = db.CompleteTask(id) + if err != nil { + message = "Complete task failed" + } else { + message = "Task marked complete" + } + http.Redirect(w, r, redirectURL, http.StatusFound) } - http.Redirect(w, r, redirectURL, http.StatusFound) } } else { - message = "Method not allowed" - http.Redirect(w, r, "/", http.StatusFound) + http.Redirect(w, r, "/login/", 302) } } //SearchTaskFunc is used to handle the /search/ url, handles the search function func SearchTaskFunc(w http.ResponseWriter, r *http.Request) { - if r.Method == "POST" && sessions.IsLoggedIn(r) { - r.ParseForm() - query := r.Form.Get("query") + if sessions.IsLoggedIn(r) { + if r.Method == "POST" { + r.ParseForm() + query := r.Form.Get("query") - context := db.SearchTask(query) + context := db.SearchTask(query) - categories := db.GetCategories() - context.Categories = categories + categories := db.GetCategories() + context.Categories = categories - searchTemplate.Execute(w, context) + searchTemplate.Execute(w, context) + } } else { - message = "Method not allowed" - http.Redirect(w, r, "/", http.StatusFound) + http.Redirect(w, r, "/login/", 302) } } //UpdateTaskFunc is used to update a task, handes "/update/" URL func UpdateTaskFunc(w http.ResponseWriter, r *http.Request) { - if r.Method == "POST" && sessions.IsLoggedIn(r) { - r.ParseForm() - id, err := strconv.Atoi(r.Form.Get("id")) - if err != nil { - log.Println(err) + if sessions.IsLoggedIn(r) { + if r.Method == "POST" { + r.ParseForm() + id, err := strconv.Atoi(r.Form.Get("id")) + if err != nil { + log.Println(err) + } + category := r.Form.Get("category") + title := r.Form.Get("title") + content := r.Form.Get("content") + priority, err := strconv.Atoi(r.Form.Get("priority")) + if err != nil { + log.Println(err) + } + err = db.UpdateTask(id, title, content, category, priority) + if err != nil { + message = "Error updating task" + } else { + message = "Task updated" + log.Println(message) + } + http.Redirect(w, r, "/", http.StatusFound) } - category := r.Form.Get("category") - title := r.Form.Get("title") - content := r.Form.Get("content") - priority, err := strconv.Atoi(r.Form.Get("priority")) - if err != nil { - log.Println(err) - } - err = db.UpdateTask(id, title, content, category, priority) - if err != nil { - message = "Error updating task" - } else { - message = "Task updated" - log.Println(message) - } - http.Redirect(w, r, "/", http.StatusFound) - } else { - message = "Method not allowed" - http.Redirect(w, r, "/", http.StatusFound) + http.Redirect(w, r, "/login/", 302) } } //UpdateCategoryFunc is used to update a task, handes "/upd-category/" URL func UpdateCategoryFunc(w http.ResponseWriter, r *http.Request) { - if r.Method == "POST" && sessions.IsLoggedIn(r) { - var redirectURL string - r.ParseForm() - oldName := r.URL.Path[len("/upd-category/"):] - newName := r.Form.Get("catname") + if sessions.IsLoggedIn(r) { + if r.Method == "POST" { + var redirectURL string + r.ParseForm() + oldName := r.URL.Path[len("/upd-category/"):] + newName := r.Form.Get("catname") - err := db.UpdateCategoryByName(oldName, newName) - if err != nil { - message = "error updating category" - log.Println("not updated category " + oldName) - redirectURL = "/category/" + oldName - } else { - message = "cat " + oldName + " -> " + newName - redirectURL = "/category/" + newName + err := db.UpdateCategoryByName(oldName, newName) + if err != nil { + message = "error updating category" + log.Println("not updated category " + oldName) + redirectURL = "/category/" + oldName + } else { + message = "cat " + oldName + " -> " + newName + redirectURL = "/category/" + newName + } + log.Println("redirecting to " + redirectURL) + http.Redirect(w, r, redirectURL, http.StatusFound) } - log.Println("redirecting to " + redirectURL) - http.Redirect(w, r, redirectURL, http.StatusFound) + } else { + http.Redirect(w, r, "/login/", 302) } } diff --git a/views/views.go b/views/views.go index 44d7258..1139fc9 100644 --- a/views/views.go +++ b/views/views.go @@ -25,87 +25,92 @@ var err error //ShowAllTasksFunc is used to handle the "/" URL which is the default ons //TODO add http404 error func ShowAllTasksFunc(w http.ResponseWriter, r *http.Request) { - if r.Method == "GET" && sessions.IsLoggedIn(r) { - context, err := db.GetTasks("pending", "") - categories := db.GetCategories() - if err != nil { - http.Redirect(w, r, "/", http.StatusInternalServerError) + if sessions.IsLoggedIn(r) == true { + if r.Method == "GET" { + context, err := db.GetTasks("pending", "") + categories := db.GetCategories() + if err != nil { + http.Redirect(w, r, "/", http.StatusInternalServerError) + } else { + if message != "" { + context.Message = message + } + context.CSRFToken = "abcd" + context.Categories = categories + message = "" + expiration := time.Now().Add(365 * 24 * time.Hour) + cookie := http.Cookie{Name: "csrftoken", Value: "abcd", Expires: expiration} + http.SetCookie(w, &cookie) + homeTemplate.Execute(w, context) + } } - if message != "" { - context.Message = message - } - context.CSRFToken = "abcd" - context.Categories = categories - message = "" - expiration := time.Now().Add(365 * 24 * time.Hour) - cookie := http.Cookie{Name: "csrftoken", Value: "abcd", Expires: expiration} - http.SetCookie(w, &cookie) - homeTemplate.Execute(w, context) } else { - message = "Method not allowed" - http.Redirect(w, r, "/", http.StatusFound) + http.Redirect(w, r, "/login/", 302) } } //ShowTrashTaskFunc is used to handle the "/trash" URL which is used to show the deleted tasks func ShowTrashTaskFunc(w http.ResponseWriter, r *http.Request) { - if r.Method == "GET" && sessions.IsLoggedIn(r) { - context, err := db.GetTasks("deleted", "") - categories := db.GetCategories() - context.Categories = categories - if err != nil { - http.Redirect(w, r, "/trash", http.StatusInternalServerError) + if sessions.IsLoggedIn(r) { + if r.Method == "GET" { + context, err := db.GetTasks("deleted", "") + categories := db.GetCategories() + context.Categories = categories + if err != nil { + http.Redirect(w, r, "/trash", http.StatusInternalServerError) + } + if message != "" { + context.Message = message + message = "" + } + deletedTemplate.Execute(w, context) } - if message != "" { - context.Message = message - message = "" - } - deletedTemplate.Execute(w, context) } else { - message = "Method not allowed" - http.Redirect(w, r, "/", http.StatusFound) + http.Redirect(w, r, "/login/", 302) } } //ShowCompleteTasksFunc is used to populate the "/completed/" URL func ShowCompleteTasksFunc(w http.ResponseWriter, r *http.Request) { - if r.Method == "GET" && sessions.IsLoggedIn(r) { - context, err := db.GetTasks("completed", "") - categories := db.GetCategories() - context.Categories = categories - if err != nil { - http.Redirect(w, r, "/completed", http.StatusInternalServerError) + if sessions.IsLoggedIn(r) { + if r.Method == "GET" { + context, err := db.GetTasks("completed", "") + categories := db.GetCategories() + context.Categories = categories + if err != nil { + http.Redirect(w, r, "/completed", http.StatusInternalServerError) + } + completedTemplate.Execute(w, context) } - completedTemplate.Execute(w, context) } else { - message = "Method not allowed" - http.Redirect(w, r, "/", http.StatusFound) + http.Redirect(w, r, "/login/", 302) } } //ShowCategoryFunc will populate the /category/ URL which shows all the tasks related // to that particular category func ShowCategoryFunc(w http.ResponseWriter, r *http.Request) { - if r.Method == "GET" && sessions.IsLoggedIn(r) { - category := r.URL.Path[len("/category/"):] - context, err := db.GetTasks("", category) - categories := db.GetCategories() + if sessions.IsLoggedIn(r) { + if r.Method == "GET" && sessions.IsLoggedIn(r) { + category := r.URL.Path[len("/category/"):] + context, err := db.GetTasks("", category) + categories := db.GetCategories() - if err != nil { - http.Redirect(w, r, "/", http.StatusInternalServerError) + if err != nil { + http.Redirect(w, r, "/", http.StatusInternalServerError) + } + if message != "" { + context.Message = message + } + context.CSRFToken = "abcd" + context.Categories = categories + message = "" + expiration := time.Now().Add(365 * 24 * time.Hour) + cookie := http.Cookie{Name: "csrftoken", Value: "abcd", Expires: expiration} + http.SetCookie(w, &cookie) + homeTemplate.Execute(w, context) } - if message != "" { - context.Message = message - } - context.CSRFToken = "abcd" - context.Categories = categories - message = "" - expiration := time.Now().Add(365 * 24 * time.Hour) - cookie := http.Cookie{Name: "csrftoken", Value: "abcd", Expires: expiration} - http.SetCookie(w, &cookie) - homeTemplate.Execute(w, context) } else { - message = "Method not allowed" - http.Redirect(w, r, "/", http.StatusFound) + http.Redirect(w, r, "/login/", 302) } }