WIP making check_auth real

2022-04-22 15:23:12 -05:00 · 2022-04-22 15:23:12 -05:00 · 12feb93428
commit 12feb93428
parent a7b7670d5f
2 changed files with 30 additions and 3 deletions
--- a/server/cmd/main.go
+++ b/server/cmd/main.go
@ -124,7 +124,7 @@ func ensureSchema(opts Opts) error {
 	}
 	rows, err := db.Query("select version from meta")
 	if err == nil {
-		//defer rows.Close()
+		defer rows.Close()
 		rows.Next()
 		var version string
 		err = rows.Scan(&version)
@ -206,8 +206,33 @@ func setupAPI(opts Opts) {

 		opts.Logf("got %s %s", a.TargetUser, a.TargetHash)

-		// TODO
-		result := false
+		db := opts.DB
+
+		serverErr := func(err error) {
+			opts.Logf("check_auth error: %s", err.Error())
+			http.Error(w, "database error", 500)
+		}
+
+		stmt, err := db.Prepare("select auth_hash from users where user_name = ?")
+		if err != nil {
+			serverErr(err)
+			return
+		}
+		defer stmt.Close()
+
+		var authHash string
+		err = stmt.QueryRow(a.TargetUser).Scan(&authHash)
+		if err != nil {
+			// TODO check if there were just no results and return 404
+			serverErr(err)
+			return
+		}
+
+		// TODO unique constraint on user_name
+
+		if authHash != a.TargetHash {
+			// TODO 403 probably
+		}

 		w.WriteHeader(http.StatusOK)
 		w.Header().Set("Content-Type", "application/json")
--- a/server/cmd/schema.sql
+++ b/server/cmd/schema.sql
@ -15,6 +15,8 @@ create table users (
  created real      -- floating point unix timestamp (when this user registered)
 );

+-- TODO unique constraint on user_name?
+

 create table threads (
  thread_id text,   -- uuid string