~evanj/cms

ref: 7c487cb4cca6290eae5f854300d6e9c78f81ea25 cms/internal/c/invite/invite.go -rw-r--r-- 3.2 KiB
7c487cb4Evan J Feat(dynamic): Dynamic content pages have been added (rather than 9 months ago
                                                                                
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
package invite

import (
	"context"
	"errors"
	"fmt"
	"log"
	"net/http"
	"strings"

	"git.sr.ht/~evanj/cms/internal/c"
	"git.sr.ht/~evanj/cms/internal/m/invite"
	"git.sr.ht/~evanj/cms/internal/m/org"
	"git.sr.ht/~evanj/cms/internal/m/role"
	"git.sr.ht/~evanj/cms/internal/m/user"
	"git.sr.ht/~evanj/cms/internal/v"
)

var (
	inviteHTML = v.MustParse("html/invite.html")

	ErrLoggedIn = errors.New("you cannot use this invite")
	ErrNoInvite = errors.New("no invite found")
)

type Invite struct {
	*c.Controller
	log *log.Logger
	db  dber
}

type dber interface {
	InviteNew(ctx context.Context, u user.User, o org.Org, r role.Role) (invite.Invite, error)
	InviteGetByToken(ctx context.Context, tok string) (invite.Invite, error)
	InviteAccept(ctx context.Context, i invite.Invite, u, p, v string) (user.User, invite.Invite, error)
	InviteList(ctx context.Context, u user.User, o org.Org) (r []invite.Invite, err error)
}

func New(c *c.Controller, log *log.Logger, db dber) Invite {
	return Invite{c, log, db}
}

func (i Invite) ServeHTTP(w http.ResponseWriter, r *http.Request) {
	switch i.Method(r) {
	case "GET":
		user, err := i.GetCookieUser(w, r)
		if err != nil {
			// This is the logged out user.
			tok := strings.Trim(r.URL.Path, "/")
			if tok == "" {
				i.Error(w, r, http.StatusBadRequest, ErrNoInvite)
				return
			}
			i.HTML(w, r, inviteHTML, map[string]interface{}{"Invite": tok})
			return
		}

		invites, err := i.db.InviteList(r.Context(), user, user.Org())
		if err != nil {
			i.Error(w, r, http.StatusInternalServerError, err)
			return
		}

		// Show the user that created the invite a list of current invites.
		i.HTML(w, r, inviteHTML, map[string]interface{}{
			"User":    user,
			"Invites": invites,
		})
		return

	case "POST":
		user, err := i.GetCookieUser(w, r)
		if err != nil {
			i.Error(w, r, http.StatusBadRequest, c.ErrNoLogin)
			return
		}

		role, ok := role.ByName(r.FormValue("role"))
		if !ok {
			i.Error(w, r, http.StatusBadRequest, errors.New("invalid role suppplied for invite"))
			return
		}

		_, err = i.db.InviteNew(r.Context(), user, user.Org(), role)
		if errors.Is(err, invite.ErrExpired) || errors.Is(err, invite.ErrUsed) {
			i.Error(w, r, http.StatusBadRequest, err)
			return
		}
		if err != nil {
			i.Error(w, r, http.StatusInternalServerError, fmt.Errorf("failed to create invite: %w", err))
			return
		}

		i.Redirect(w, r, "/invite")
		return

	case "PATCH":
		// Can't be logged in.
		_, err := i.GetCookieUser(w, r)
		if err == nil {
			i.Error(w, r, http.StatusBadRequest, ErrLoggedIn)
			return
		}

		inv, err := i.db.InviteGetByToken(r.Context(), r.FormValue("invite"))
		if err != nil {
			i.Error(w, r, http.StatusBadRequest, err)
			return
		}

		// Accept invite and create new user.
		user, _, err := i.db.InviteAccept(r.Context(), inv, r.FormValue("username"), r.FormValue("password"), r.FormValue("verify"))
		if errors.Is(err, invite.ErrExpired) || errors.Is(err, invite.ErrUsed) {
			i.Error(w, r, http.StatusBadRequest, err)
			return
		}
		if err != nil {
			i.Error(w, r, http.StatusInternalServerError, fmt.Errorf("failed to create invite: %w", err))
			return
		}

		i.SetCookieUser(w, r, user)
		i.Redirect(w, r, "/")
		return

	}

	http.NotFound(w, r)

}