finish check_auth

2022-04-24 12:09:56 -05:00 · 2022-04-24 12:09:56 -05:00 · c2b26da9fc
parent 12feb93428
commit c2b26da9fc
3 changed files with 57 additions and 11 deletions
--- a/.gitignore
+++ b/.gitignore
@ -1,3 +1,5 @@
+*.sqlite3
+
 *.swp
 #
 # ---> Go
--- a/server/cmd/main.go
+++ b/server/cmd/main.go
@ -172,14 +172,22 @@ type BBJResponse struct {
 }

 func writeResponse(w http.ResponseWriter, resp BBJResponse) {
+	w.WriteHeader(http.StatusOK)
+	w.Header().Set("Content-Type", "application/json")
 	json.NewEncoder(w).Encode(resp)
 }

+func writeErrorResponse(w http.ResponseWriter, code int, resp BBJResponse) {
+	w.WriteHeader(code)
+	w.Header().Set("Content-Type", "application/json")
+	json.NewEncoder(w).Encode(resp)
+}
+
+// NB breaking: i'm not just returning 200 always but using http status codes
+
 func setupAPI(opts Opts) {

 	http.HandleFunc("/instance", handler(opts, func(w http.ResponseWriter, req *http.Request) {
-		w.WriteHeader(http.StatusOK)
-		w.Header().Set("Content-Type", "application/json")
 		writeResponse(w, BBJResponse{
 			Data: opts.Config.InstanceName,
 		})
@ -187,7 +195,10 @@ func setupAPI(opts Opts) {

 	http.HandleFunc("/check_auth", handler(opts, func(w http.ResponseWriter, req *http.Request) {
 		if req.Method != "POST" {
-			http.Error(w, "bad method", 400)
+			writeErrorResponse(w, 400, BBJResponse{
+				Error: true,
+				Data:  "bad method",
+			})
 			return
 		}

@ -201,7 +212,11 @@ func setupAPI(opts Opts) {
 		err := json.NewDecoder(req.Body).Decode(&a)

 		if err != nil {
-			http.Error(w, "could not parse arguments", 400)
+			writeErrorResponse(w, 400, BBJResponse{
+				Error: true,
+				Data:  "invalid arguments",
+			})
+			return
 		}

 		opts.Logf("got %s %s", a.TargetUser, a.TargetHash)
@ -210,7 +225,11 @@ func setupAPI(opts Opts) {

 		serverErr := func(err error) {
 			opts.Logf("check_auth error: %s", err.Error())
-			http.Error(w, "database error", 500)
+			writeErrorResponse(w, 500, BBJResponse{
+				Error: true,
+				Data:  "server error",
+			})
+			return
 		}

 		stmt, err := db.Prepare("select auth_hash from users where user_name = ?")
@ -223,21 +242,35 @@ func setupAPI(opts Opts) {
 		var authHash string
 		err = stmt.QueryRow(a.TargetUser).Scan(&authHash)
 		if err != nil {
-			// TODO check if there were just no results and return 404
-			serverErr(err)
+			if strings.Contains(err.Error(), "no rows in result") {
+				opts.Logf("user not found")
+				writeErrorResponse(w, 404, BBJResponse{
+					Error: true,
+					Data:  "user not found",
+				})
+			} else {
+				opts.Logf("check_auth error: %s", err.Error())
+				writeErrorResponse(w, 500, BBJResponse{
+					Error: true,
+					Data:  "server error",
+				})
+			}
 			return
 		}

 		// TODO unique constraint on user_name

 		if authHash != a.TargetHash {
-			// TODO 403 probably
+			http.Error(w, "incorrect password", 403)
+			writeErrorResponse(w, 403, BBJResponse{
+				Error: true,
+				Data:  "incorrect password",
+			})
+			return
 		}

-		w.WriteHeader(http.StatusOK)
-		w.Header().Set("Content-Type", "application/json")
 		writeResponse(w, BBJResponse{
-			Data: result,
+			Data: true,
 		})
 	}))
 }
--- a/server/cmd/schema.sql
+++ b/server/cmd/schema.sql
@ -15,6 +15,17 @@ create table users (
  created real      -- floating point unix timestamp (when this user registered)
 );

+insert into users values (
+  "123", -- TODO replace UUID with incrementing int
+  "anon",
+  "8e97c0b197816a652fb489b21e63f664863daa991e2f8fd56e2df71593c2793f",
+  "",
+  "",
+  0,
+  0,
+  1650819851
+);
+
 -- TODO unique constraint on user_name?