WIP making check_auth real

trunk
vilmibm 2022-04-22 15:23:12 -05:00
parent a7b7670d5f
commit 12feb93428
2 changed files with 30 additions and 3 deletions

View File

@ -124,7 +124,7 @@ func ensureSchema(opts Opts) error {
} }
rows, err := db.Query("select version from meta") rows, err := db.Query("select version from meta")
if err == nil { if err == nil {
//defer rows.Close() defer rows.Close()
rows.Next() rows.Next()
var version string var version string
err = rows.Scan(&version) err = rows.Scan(&version)
@ -206,8 +206,33 @@ func setupAPI(opts Opts) {
opts.Logf("got %s %s", a.TargetUser, a.TargetHash) opts.Logf("got %s %s", a.TargetUser, a.TargetHash)
// TODO db := opts.DB
result := false
serverErr := func(err error) {
opts.Logf("check_auth error: %s", err.Error())
http.Error(w, "database error", 500)
}
stmt, err := db.Prepare("select auth_hash from users where user_name = ?")
if err != nil {
serverErr(err)
return
}
defer stmt.Close()
var authHash string
err = stmt.QueryRow(a.TargetUser).Scan(&authHash)
if err != nil {
// TODO check if there were just no results and return 404
serverErr(err)
return
}
// TODO unique constraint on user_name
if authHash != a.TargetHash {
// TODO 403 probably
}
w.WriteHeader(http.StatusOK) w.WriteHeader(http.StatusOK)
w.Header().Set("Content-Type", "application/json") w.Header().Set("Content-Type", "application/json")

View File

@ -15,6 +15,8 @@ create table users (
created real -- floating point unix timestamp (when this user registered) created real -- floating point unix timestamp (when this user registered)
); );
-- TODO unique constraint on user_name?
create table threads ( create table threads (
thread_id text, -- uuid string thread_id text, -- uuid string