forked from tildetown/bbj2
WIP making check_auth real
parent
a7b7670d5f
commit
12feb93428
|
@ -124,7 +124,7 @@ func ensureSchema(opts Opts) error {
|
|||
}
|
||||
rows, err := db.Query("select version from meta")
|
||||
if err == nil {
|
||||
//defer rows.Close()
|
||||
defer rows.Close()
|
||||
rows.Next()
|
||||
var version string
|
||||
err = rows.Scan(&version)
|
||||
|
@ -206,8 +206,33 @@ func setupAPI(opts Opts) {
|
|||
|
||||
opts.Logf("got %s %s", a.TargetUser, a.TargetHash)
|
||||
|
||||
// TODO
|
||||
result := false
|
||||
db := opts.DB
|
||||
|
||||
serverErr := func(err error) {
|
||||
opts.Logf("check_auth error: %s", err.Error())
|
||||
http.Error(w, "database error", 500)
|
||||
}
|
||||
|
||||
stmt, err := db.Prepare("select auth_hash from users where user_name = ?")
|
||||
if err != nil {
|
||||
serverErr(err)
|
||||
return
|
||||
}
|
||||
defer stmt.Close()
|
||||
|
||||
var authHash string
|
||||
err = stmt.QueryRow(a.TargetUser).Scan(&authHash)
|
||||
if err != nil {
|
||||
// TODO check if there were just no results and return 404
|
||||
serverErr(err)
|
||||
return
|
||||
}
|
||||
|
||||
// TODO unique constraint on user_name
|
||||
|
||||
if authHash != a.TargetHash {
|
||||
// TODO 403 probably
|
||||
}
|
||||
|
||||
w.WriteHeader(http.StatusOK)
|
||||
w.Header().Set("Content-Type", "application/json")
|
||||
|
|
|
@ -15,6 +15,8 @@ create table users (
|
|||
created real -- floating point unix timestamp (when this user registered)
|
||||
);
|
||||
|
||||
-- TODO unique constraint on user_name?
|
||||
|
||||
|
||||
create table threads (
|
||||
thread_id text, -- uuid string
|
||||
|
|
Loading…
Reference in New Issue