commento/api/commenter_new.go

package main

import (
	"golang.org/x/crypto/bcrypt"
	"net/http"
	"time"
)

func commenterNew(email string, name string, link string, photo string, provider string, password string) (string, error) {
	if email == "" || name == "" || link == "" || photo == "" || provider == "" {
		return "", errorMissingField
	}

	if provider == "commento" && password == "" {
		return "", errorMissingField
	}

	// See utils_sanitise.go's documentation on isHttpsUrl. This is not a URL
	// validator, just an XSS preventor.
	// TODO: reject URLs instead of malforming them.
	if !isHttpsUrl(link) {
		link = "https://" + link
	}

	if _, err := commenterGetByEmail(provider, email); err == nil {
		return "", errorEmailAlreadyExists
	}

	commenterHex, err := randomHex(32)
	if err != nil {
		return "", errorInternal
	}

	passwordHash := []byte{}
	if (password != "") {
		passwordHash, err = bcrypt.GenerateFromPassword([]byte(password), bcrypt.DefaultCost)
		if err != nil {
			logger.Errorf("cannot generate hash from password: %v\n", err)
			return "", errorInternal
		}
	}

	statement := `
		INSERT INTO
		commenters (commenterHex, email, name, link, photo, provider, passwordHash, joinDate)
		VALUES     ($1,           $2,    $3,   $4,   $5,    $6,       $7,           $8      );
	`
	_, err = db.Exec(statement, commenterHex, email, name, link, photo, provider, string(passwordHash), time.Now().UTC())
	if err != nil {
		logger.Errorf("cannot insert commenter: %v", err)
		return "", errorInternal
	}

	return commenterHex, nil
}


func commenterNewHandler(w http.ResponseWriter, r *http.Request) {
	type request struct {
		Email    *string `json:"email"`
		Name     *string `json:"name"`
		Website  *string `json:"website"`
		Password *string `json:"password"`
	}

	var x request
	if err := unmarshalBody(r, &x); err != nil {
		writeBody(w, response{"success": false, "message": err.Error()})
		return
	}

	// TODO: add gravatar?
	// TODO: email confirmation if provider = commento?
	// TODO: email confirmation if provider = commento?
	if _, err := commenterNew(*x.Email, *x.Name, *x.Website, "undefined", "commento", *x.Password); err != nil {
		writeBody(w, response{"success": false, "message": err.Error()})
		return
	}

	writeBody(w, response{"success": true, "confirmEmail": smtpConfigured})
}
api: Add go files I know this is a huge commit, but I can't be bothered to check this in part by part. 2018-05-27 22:40:42 +08:00			`package main`

			`import (`
frontend, api: allow custom emails as commenters I'm really sorry this came out as one huge commit, but I'm afraid I can't split this up. Closes https://gitlab.com/commento/commento-ce/issues/9 2018-06-11 01:15:56 +08:00			`"golang.org/x/crypto/bcrypt"`
			`"net/http"`
api: Add go files I know this is a huge commit, but I can't be bothered to check this in part by part. 2018-05-27 22:40:42 +08:00			`"time"`
			`)`

frontend, api: allow custom emails as commenters I'm really sorry this came out as one huge commit, but I'm afraid I can't split this up. Closes https://gitlab.com/commento/commento-ce/issues/9 2018-06-11 01:15:56 +08:00			`func commenterNew(email string, name string, link string, photo string, provider string, password string) (string, error) {`
api: Add go files I know this is a huge commit, but I can't be bothered to check this in part by part. 2018-05-27 22:40:42 +08:00			`if email == "" \|\| name == "" \|\| link == "" \|\| photo == "" \|\| provider == "" {`
			`return "", errorMissingField`
			`}`

frontend, api: allow custom emails as commenters I'm really sorry this came out as one huge commit, but I'm afraid I can't split this up. Closes https://gitlab.com/commento/commento-ce/issues/9 2018-06-11 01:15:56 +08:00			`if provider == "commento" && password == "" {`
			`return "", errorMissingField`
			`}`

api: sanitise new commenters' links 2018-06-11 01:43:18 +08:00			`// See utils_sanitise.go's documentation on isHttpsUrl. This is not a URL`
			`// validator, just an XSS preventor.`
			`// TODO: reject URLs instead of malforming them.`
			`if !isHttpsUrl(link) {`
			`link = "https://" + link`
			`}`

frontend, api: allow custom emails as commenters I'm really sorry this came out as one huge commit, but I'm afraid I can't split this up. Closes https://gitlab.com/commento/commento-ce/issues/9 2018-06-11 01:15:56 +08:00			`if _, err := commenterGetByEmail(provider, email); err == nil {`
			`return "", errorEmailAlreadyExists`
			`}`

api: Add go files I know this is a huge commit, but I can't be bothered to check this in part by part. 2018-05-27 22:40:42 +08:00			`commenterHex, err := randomHex(32)`
			`if err != nil {`
			`return "", errorInternal`
			`}`

frontend, api: allow custom emails as commenters I'm really sorry this came out as one huge commit, but I'm afraid I can't split this up. Closes https://gitlab.com/commento/commento-ce/issues/9 2018-06-11 01:15:56 +08:00			`passwordHash := []byte{}`
			`if (password != "") {`
			`passwordHash, err = bcrypt.GenerateFromPassword([]byte(password), bcrypt.DefaultCost)`
			`if err != nil {`
			`logger.Errorf("cannot generate hash from password: %v\n", err)`
			`return "", errorInternal`
			`}`
			`}`

api: Add go files I know this is a huge commit, but I can't be bothered to check this in part by part. 2018-05-27 22:40:42 +08:00			statement := `
			`INSERT INTO`
frontend, api: allow custom emails as commenters I'm really sorry this came out as one huge commit, but I'm afraid I can't split this up. Closes https://gitlab.com/commento/commento-ce/issues/9 2018-06-11 01:15:56 +08:00			`commenters (commenterHex, email, name, link, photo, provider, passwordHash, joinDate)`
			`VALUES ($1, $2, $3, $4, $5, $6, $7, $8 );`
api: Add go files I know this is a huge commit, but I can't be bothered to check this in part by part. 2018-05-27 22:40:42 +08:00			`
frontend, api: allow custom emails as commenters I'm really sorry this came out as one huge commit, but I'm afraid I can't split this up. Closes https://gitlab.com/commento/commento-ce/issues/9 2018-06-11 01:15:56 +08:00			`_, err = db.Exec(statement, commenterHex, email, name, link, photo, provider, string(passwordHash), time.Now().UTC())`
api: Add go files I know this is a huge commit, but I can't be bothered to check this in part by part. 2018-05-27 22:40:42 +08:00			`if err != nil {`
frontend, api: allow custom emails as commenters I'm really sorry this came out as one huge commit, but I'm afraid I can't split this up. Closes https://gitlab.com/commento/commento-ce/issues/9 2018-06-11 01:15:56 +08:00			`logger.Errorf("cannot insert commenter: %v", err)`
api: Add go files I know this is a huge commit, but I can't be bothered to check this in part by part. 2018-05-27 22:40:42 +08:00			`return "", errorInternal`
			`}`

			`return commenterHex, nil`
			`}`
frontend, api: allow custom emails as commenters I'm really sorry this came out as one huge commit, but I'm afraid I can't split this up. Closes https://gitlab.com/commento/commento-ce/issues/9 2018-06-11 01:15:56 +08:00

			`func commenterNewHandler(w http.ResponseWriter, r *http.Request) {`
			`type request struct {`
			Email *string `json:"email"`
			Name *string `json:"name"`
			Website *string `json:"website"`
			Password *string `json:"password"`
			`}`

			`var x request`
			`if err := unmarshalBody(r, &x); err != nil {`
			`writeBody(w, response{"success": false, "message": err.Error()})`
			`return`
			`}`

			`// TODO: add gravatar?`
			`// TODO: email confirmation if provider = commento?`
			`// TODO: email confirmation if provider = commento?`
			`if _, err := commenterNew(x.Email, x.Name, x.Website, "undefined", "commento", x.Password); err != nil {`
			`writeBody(w, response{"success": false, "message": err.Error()})`
			`return`
			`}`

			`writeBody(w, response{"success": true, "confirmEmail": smtpConfigured})`
			`}`