// Copyright © 2016 Abcum Ltd // // Licensed under the Apache License, Version 2.0 (the "License"); // you may not use this file except in compliance with the License. // You may obtain a copy of the License at // // http://www.apache.org/licenses/LICENSE-2.0 // // Unless required by applicable law or agreed to in writing, software // distributed under the License is distributed on an "AS IS" BASIS, // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. // See the License for the specific language governing permissions and // limitations under the License. package web import ( "github.com/abcum/fibre" "github.com/abcum/surreal/cnf" "github.com/abcum/surreal/db" "github.com/abcum/surreal/kvs" "github.com/abcum/surreal/mem" "github.com/abcum/surreal/sql" "github.com/abcum/surreal/util/data" ) func signup(c *fibre.Context) (err error) { var vars map[string]interface{} c.Bind(&vars) n, nok := vars[varKeyNs].(string) d, dok := vars[varKeyDb].(string) s, sok := vars[varKeySc].(string) // Ensure that the IP address of the // user signing up is available so that // it can be used within signup queries. vars[varKeyIp] = c.IP().String() // Ensure that the website origin of the // user signing up is available so that // it can be used within signup queries. vars[varKeyOrigin] = c.Origin() // If we have a namespace, database, and // scope defined, then we are logging in // to the scope level. if nok && len(n) > 0 && dok && len(d) > 0 && sok && len(s) > 0 { var ok bool var txn kvs.TX var res []*db.Response var exp *sql.SubExpression var scp *sql.DefineScopeStatement // Start a new read transaction. if txn, err = db.Begin(false); err != nil { return fibre.NewHTTPError(500) } // Ensure the transaction closes. defer txn.Cancel() // Get the specified signin scope. if scp, err = mem.NewWithTX(txn).GetSC(n, d, s); err != nil { return fibre.NewHTTPError(403).WithFields(map[string]interface{}{ "ns": n, "db": d, "sc": s, }).WithMessage("Authentication scope does not exist") } // Check that the scope allows signup. if exp, ok = scp.Signup.(*sql.SubExpression); !ok { return fibre.NewHTTPError(403).WithFields(map[string]interface{}{ "ns": n, "db": d, "sc": s, }).WithMessage("Authentication scope signup was unsuccessful") } // Process the scope signup statement. c.Set(varKeyAuth, &cnf.Auth{Kind: cnf.AuthDB}) query := &sql.Query{Statements: []sql.Statement{exp.Expr}} // If the query fails then return a 501 error. if res, err = db.Process(c, query, vars); err != nil { return fibre.NewHTTPError(501).WithFields(map[string]interface{}{ "ns": n, "db": d, "sc": s, }).WithMessage("Authentication scope signup was unsuccessful") } // If the response is not 1 record then return a 403 error. if len(res) != 1 || len(res[0].Result) != 1 { return fibre.NewHTTPError(403).WithFields(map[string]interface{}{ "ns": n, "db": d, "sc": s, }).WithMessage("Authentication scope signup was unsuccessful") } // If the query does not return an id field then return a 403 error. if _, ok = data.Consume(res[0].Result[0]).Get("id").Data().(*sql.Thing); !ok { return fibre.NewHTTPError(403).WithFields(map[string]interface{}{ "ns": n, "db": d, "sc": s, }).WithMessage("Authentication scope signup was unsuccessful") } return c.Code(204) } return fibre.NewHTTPError(403) }