commento/api/owner_confirm_hex.go

package main

import (
	"fmt"
	"net/http"
	"os"
)

func ownerConfirmHex(confirmHex string) error {
	if confirmHex == "" {
		return errorMissingField
	}

	statement := `
		UPDATE owners
		SET confirmedEmail=true
		WHERE ownerHex IN (
			SELECT ownerHex FROM ownerConfirmHexes
			WHERE confirmHex=$1
		);
	`
	res, err := db.Exec(statement, confirmHex)
	if err != nil {
		logger.Errorf("cannot mark user's confirmedEmail as true: %v\n", err)
		return errorInternal
	}

	count, err := res.RowsAffected()
	if err != nil {
		logger.Errorf("cannot count rows affected: %v\n", err)
		return errorInternal
	}

	if count == 0 {
		return errorNoSuchConfirmationToken
	}

	statement = `
		DELETE FROM ownerConfirmHexes
		WHERE confirmHex=$1;
	`
	_, err = db.Exec(statement, confirmHex)
	if err != nil {
		logger.Warningf("cannot remove confirmation token: %v\n", err)
		// Don't return an error because this is not critical.
	}

	return nil
}

func ownerConfirmHexHandler(w http.ResponseWriter, r *http.Request) {
	if confirmHex := r.FormValue("confirmHex"); confirmHex != "" {
		if err := ownerConfirmHex(confirmHex); err == nil {
			http.Redirect(w, r, fmt.Sprintf("%s/login?confirmed=true", os.Getenv("ORIGIN")), http.StatusTemporaryRedirect)
			return
		}
	}

	// TODO: include error message in the URL
	http.Redirect(w, r, fmt.Sprintf("%s/login?confirmed=false", os.Getenv("ORIGIN")), http.StatusTemporaryRedirect)
}