user route added and coded

can now hit user route (get, post, delete). Coded in some checks to see
if user is admin and has privledge. Currently turned off to allow work
from curl

api.go

@@ -28,7 +28,7 @@ func (s *Server) category(w http.ResponseWriter, req *http.Request) {
 		if err != nil {
 			log.Printf("%+v", err)
 			b, _ := json.Marshal(NewFailure(err.Error()))
-			http.Error(w, string(b), http.StatusBadRequest)
+			http.Error(w, string(b), http.StatusInternalServerError)
 			return
 		}
 		json.NewEncoder(w).Encode(categories)
@@ -50,7 +50,7 @@ func (s *Server) category(w http.ResponseWriter, req *http.Request) {
 		if err != nil {
 			log.Printf("%+v", err)
 			b, _ := json.Marshal(NewFailure(err.Error()))
-			http.Error(w, string(b), http.StatusBadRequest)
+			http.Error(w, string(b), http.StatusInternalServerError)
 			return
 		}
 	case "DELETE":
@@ -77,3 +77,113 @@ func (s *Server) category(w http.ResponseWriter, req *http.Request) {
 		}
 	}
 }
+
+func (s *Server) user(w http.ResponseWriter, req *http.Request) {
+	// TODO add back in
+	//w.Header().Set("Content-Type", "application/json")
+	//session, err := store.Get(r, "creds")
+	//if err != nil {
+	//	http.Error(w, err.Error(), http.StatusInternalServerError)
+	//	return
+	//}
+	//if loggedIn := session.Values["authenticated"]; loggedIn != true {
+	//	http.Redirect(w, r, "/", http.StatusTemporaryRedirect)
+	//	return
+	//}
+	switch req.Method {
+	default:
+		b, _ := json.Marshal(NewFailure("Allowed methods: GET, POST, DELETE"))
+		http.Error(w, string(b), http.StatusBadRequest)
+		return
+	case "GET":
+		users, err := s.db.getUsers()
+		if err != nil {
+			log.Printf("%+v", err)
+			b, _ := json.Marshal(NewFailure(err.Error()))
+			http.Error(w, string(b), http.StatusInternalServerError)
+			return
+		}
+		json.NewEncoder(w).Encode(users)
+	case "POST":
+		u := user{}
+		err := json.NewDecoder(req.Body).Decode(&u)
+		req.Body.Close()
+		if err != nil {
+			log.Printf("%+v", err)
+			b, _ := json.Marshal(NewFailure(err.Error()))
+			http.Error(w, string(b), http.StatusBadRequest)
+			return
+		}
+
+		// TODO add back in
+		//// verify current user is an admin
+		//session, err := store.Get(req, "creds")
+		//if err != nil {
+		//	http.Error(w, err.Error(), http.StatusInternalServerError)
+		//	return
+		//}
+		//email := ""
+		//if session.Values["uname"] != nil {
+		//	email = session.Values["uname"].(string)
+		//}
+		//if !s.db.adminUser(email) {
+		//	log.Printf("user is not admin")
+		//	b, _ := json.Marshal(NewFailure("not admin"))
+		//	http.Error(w, string(b), http.StatusForbidden)
+		//	return
+		//}
+
+		_, err = s.db.db.Exec(
+			`INSERT INTO users (email, admin) VALUES ($1, $2)`,
+			u.Email,
+			u.Admin,
+		)
+		if err != nil {
+			log.Printf("%+v", err)
+			b, _ := json.Marshal(NewFailure(err.Error()))
+			http.Error(w, string(b), http.StatusBadRequest)
+			return
+		}
+	case "DELETE":
+		u := user{}
+		err := json.NewDecoder(req.Body).Decode(&u)
+		req.Body.Close()
+		if err != nil {
+			b, _ := json.Marshal(NewFailure(err.Error()))
+			http.Error(w, string(b), http.StatusBadRequest)
+			return
+		}
+
+		// TODO add back in
+		//// verify current user is an admin
+		//session, err := store.Get(req, "creds")
+		//if err != nil {
+		//	http.Error(w, err.Error(), http.StatusInternalServerError)
+		//	return
+		//}
+		//email := ""
+		//if session.Values["uname"] != nil {
+		//	email = session.Values["uname"].(string)
+		//}
+		//if !s.db.adminUser(email) {
+		//	log.Printf("user is not admin")
+		//	b, _ := json.Marshal(NewFailure("not admin"))
+		//	http.Error(w, string(b), http.StatusForbidden)
+		//	return
+		//}
+
+		_, err = s.db.db.Exec("DELETE FROM users WHERE email = $1", u.Email)
+		if err != nil {
+			log.Printf("%+v", err)
+			b, _ := json.Marshal(NewFailure(err.Error()))
+			http.Error(w, string(b), http.StatusInternalServerError)
+			return
+		}
+		if err != nil {
+			log.Printf("%+v", err)
+			b, _ := json.Marshal(NewFailure(err.Error()))
+			http.Error(w, string(b), http.StatusBadRequest)
+			return
+		}
+	}
+}

db.go

@@ -54,6 +54,36 @@ func (d *DB) getCategories() ([]category, error) {
 	return results, nil
 }
 
+func (d *DB) getUsers() ([]user, error) {
+	results := []user{}
+	rows, err := d.db.Queryx("SELECT id, email, admin FROM users")
+	if err != nil {
+		return nil, err
+	}
+	for rows.Next() {
+		var result user
+		err := rows.StructScan(&result)
+		if err != nil {
+			return nil, err
+		}
+		results = append(results, result)
+	}
+	return results, nil
+}
+
+func (d *DB) adminUser(e string) bool {
+	result := user{}
+	row := d.db.QueryRow("SELECT admin FROM users WHERE email = $1",
+		e,
+	)
+	err := row.Scan(&result)
+	if err != nil {
+		return false
+	}
+
+	return result.Admin
+}
+
 //func (d *DB) checkOwner(filename, client string) error {
 //	row := d.db.QueryRowx("SELECT client FROM pics WHERE filename = $1", filename)
 //	var owner string

routes.go

@@ -22,10 +22,9 @@ func addRoutes(sm *http.ServeMux, server *Server, staticFiles string) {
 		"oauth":     "/api/v0/oauth_cb/",
 		"auth":      "/api/v0/auth/",
 		"health":    "/healthz",
-		"list":      "/api/v0/list/",
 		"category":  "/api/v0/category/",
 		"tranx":     "/api/v0/tranx/",
-		"cost":      "/api/v0/costpermonth/",
+		"user":      "/api/v0/user/",
 
 		"fake": "/fake/",
 	}
@@ -70,16 +69,15 @@ func addRoutes(sm *http.ServeMux, server *Server, staticFiles string) {
 	}
 
 	store = sessions.NewCookieStore([]byte(server.cookieSecret))
-	//sm.HandleFunc(prefix["list"], server.listUsers)
 	//sm.HandleFunc(prefix["tranx"], server.tranx)
-	//sm.HandleFunc(prefix["cost"], server.costPerMonth)
+	sm.HandleFunc(prefix["fake"], server.fakeSetup)
 	sm.HandleFunc(prefix["category"], server.category)
+	sm.HandleFunc(prefix["user"], server.user)
 	sm.HandleFunc(prefix["protected"], server.plist)
 	sm.HandleFunc(prefix["info"], server.serverInfo)
 	sm.HandleFunc(prefix["login"], server.login)
 	sm.HandleFunc(prefix["logout"], server.logout)
 	sm.HandleFunc(prefix["oauth"], server.oauthCallback)
 	sm.HandleFunc(prefix["auth"], server.auth)
-	sm.HandleFunc(prefix["fake"], server.fakeSetup)
 	sm.HandleFunc(prefix["health"], server.health)
 }

server.go

@@ -77,10 +77,10 @@ func NewServer(sm *http.ServeMux, clientId, clientSecret, cookieSecret, dbhost,
 }
 
 func (s *Server) fakeSetup(w http.ResponseWriter, r *http.Request) {
-	u := userInfo{
+	//u := userInfo{
-		Email: "derekmcquay@gmail.com",
+	//	Email: "derekmcquay@gmail.com",
-	}
+	//}
-	addUser(u)
+	//addUser(u)
 }
 
 //func (s *Server) tranx(w http.ResponseWriter, r *http.Request) {
@@ -265,7 +265,8 @@ func (s *Server) oauthCallback(w http.ResponseWriter, r *http.Request) {
 		if err := session.Save(r, w); err != nil {
 			http.Redirect(w, r, "/", http.StatusTemporaryRedirect)
 		}
-		addUser(u)
+		// TODO add psql user here
+		//addUser(u)
 		http.Redirect(w, r, "/static/", http.StatusTemporaryRedirect)
 		return
 	}