diff --git a/server/cmd/main.go b/server/cmd/main.go index ff9dd9b..695ce55 100644 --- a/server/cmd/main.go +++ b/server/cmd/main.go @@ -124,7 +124,7 @@ func ensureSchema(opts Opts) error { } rows, err := db.Query("select version from meta") if err == nil { - //defer rows.Close() + defer rows.Close() rows.Next() var version string err = rows.Scan(&version) @@ -206,8 +206,33 @@ func setupAPI(opts Opts) { opts.Logf("got %s %s", a.TargetUser, a.TargetHash) - // TODO - result := false + db := opts.DB + + serverErr := func(err error) { + opts.Logf("check_auth error: %s", err.Error()) + http.Error(w, "database error", 500) + } + + stmt, err := db.Prepare("select auth_hash from users where user_name = ?") + if err != nil { + serverErr(err) + return + } + defer stmt.Close() + + var authHash string + err = stmt.QueryRow(a.TargetUser).Scan(&authHash) + if err != nil { + // TODO check if there were just no results and return 404 + serverErr(err) + return + } + + // TODO unique constraint on user_name + + if authHash != a.TargetHash { + // TODO 403 probably + } w.WriteHeader(http.StatusOK) w.Header().Set("Content-Type", "application/json") diff --git a/server/cmd/schema.sql b/server/cmd/schema.sql index b93a2a2..7499342 100644 --- a/server/cmd/schema.sql +++ b/server/cmd/schema.sql @@ -15,6 +15,8 @@ create table users ( created real -- floating point unix timestamp (when this user registered) ); +-- TODO unique constraint on user_name? + create table threads ( thread_id text, -- uuid string