semlanik
/
gostfix


			
				
					
						
						
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990
							/*
 * MIT License
 *
 * Copyright (c) 2020 Alexey Edelev <semlanik@gmail.com>
 *
 * This file is part of gostfix project https://git.semlanik.org/semlanik/gostfix
 *
 * Permission is hereby granted, free of charge, to any person obtaining a copy of this
 * software and associated documentation files (the "Software"), to deal in the Software
 * without restriction, including without limitation the rights to use, copy, modify,
 * merge, publish, distribute, sublicense, and/or sell copies of the Software, and
 * to permit persons to whom the Software is furnished to do so, subject to the following
 * conditions:
 *
 * The above copyright notice and this permission notice shall be included in all copies
 * or substantial portions of the Software.
 *
 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED,
 * INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
 * PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE
 * FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR
 * OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
 * DEALINGS IN THE SOFTWARE.
 */

package web

import (
	"fmt"
	"log"
	"net/http"

	"git.semlanik.org/semlanik/gostfix/common"
)

func (s *Server) handleSecureZone(w http.ResponseWriter, r *http.Request) {
	user, token := s.extractAuth(w, r)
	if !s.authenticator.Verify(user, token) {
		s.error(http.StatusUnauthorized, "You are not allowed to access this function", w)
		return
	}
	s.error(http.StatusNotImplemented, "Admin panel is not implemented", w)
}

func (s *Server) handleSettings(w http.ResponseWriter, r *http.Request) {
	user, token := s.extractAuth(w, r)
	if !s.authenticator.Verify(user, token) {
		s.error(http.StatusUnauthorized, "You are not allowed to access this function", w)
		return
	}

	switch r.Method {
	case "GET":
		info, err := s.storage.GetUserInfo(user)
		if err != nil {
			s.error(http.StatusInternalServerError, "Unable to obtain user information", w)
			return
		}
		fmt.Fprintf(w, s.templater.ExecuteSettings(&struct {
			Version  string
			FullName string
		}{common.Version, info.FullName}))
	case "PATCH":
		s.handleSettingsUpdate(w, r, user)
	}
}

func (s *Server) handleSettingsUpdate(w http.ResponseWriter, r *http.Request, user string) {
	if err := r.ParseForm(); err != nil {
		s.error(http.StatusUnauthorized, "Password entered is invalid", w)
		return
	}

	oldPassword := r.FormValue("oldPassword")
	if err := s.authenticator.CheckUser(user, oldPassword); err != nil {
		s.error(http.StatusUnauthorized, "Password entered is invalid", w)
		return
	}

	password := r.FormValue("password")
	fullName := r.FormValue("fullName")

	err := s.storage.UpdateUser(user, password, fullName)
	if err != nil {
		log.Println(err.Error())
		s.error(http.StatusInternalServerError, "Unable to update user data", w)
		return
	}
	w.Write([]byte{0})
}