some golfing, start on registration
parent
c2b26da9fc
commit
44343a429e
|
|
@ -193,33 +193,54 @@ func setupAPI(opts Opts) {
|
|||
})
|
||||
}))
|
||||
|
||||
badMethod := func(w http.ResponseWriter) {
|
||||
writeErrorResponse(w, 400, BBJResponse{
|
||||
Error: true,
|
||||
Data: "bad method",
|
||||
})
|
||||
}
|
||||
|
||||
invalidArgs := func(w http.ResponseWriter) {
|
||||
writeErrorResponse(w, 400, BBJResponse{
|
||||
Error: true,
|
||||
Data: "invalid args",
|
||||
})
|
||||
}
|
||||
|
||||
type AuthArgs struct {
|
||||
Username string `json:"target_user"`
|
||||
AuthHash string `json:"target_hash"`
|
||||
}
|
||||
|
||||
http.HandleFunc("/user_register", handler(opts, func(w http.ResponseWriter, req *http.Request) {
|
||||
if req.Method != "POST" {
|
||||
badMethod(w)
|
||||
return
|
||||
}
|
||||
|
||||
var args AuthArgs
|
||||
if err := json.NewDecoder(req.Body).Decode(&args); err != nil {
|
||||
invalidArgs(w)
|
||||
return
|
||||
}
|
||||
|
||||
// TODO check if user exists
|
||||
// TODO compare hash
|
||||
}))
|
||||
|
||||
http.HandleFunc("/check_auth", handler(opts, func(w http.ResponseWriter, req *http.Request) {
|
||||
if req.Method != "POST" {
|
||||
writeErrorResponse(w, 400, BBJResponse{
|
||||
Error: true,
|
||||
Data: "bad method",
|
||||
})
|
||||
badMethod(w)
|
||||
return
|
||||
}
|
||||
|
||||
type args struct {
|
||||
TargetUser string `json:"target_user"`
|
||||
TargetHash string `json:"target_hash"`
|
||||
}
|
||||
|
||||
var a args
|
||||
|
||||
err := json.NewDecoder(req.Body).Decode(&a)
|
||||
|
||||
if err != nil {
|
||||
writeErrorResponse(w, 400, BBJResponse{
|
||||
Error: true,
|
||||
Data: "invalid arguments",
|
||||
})
|
||||
var args AuthArgs
|
||||
if err := json.NewDecoder(req.Body).Decode(&args); err != nil {
|
||||
invalidArgs(w)
|
||||
return
|
||||
}
|
||||
|
||||
opts.Logf("got %s %s", a.TargetUser, a.TargetHash)
|
||||
opts.Logf("got %s %s", args.Username, args.AuthHash)
|
||||
|
||||
db := opts.DB
|
||||
|
||||
|
|
@ -240,7 +261,7 @@ func setupAPI(opts Opts) {
|
|||
defer stmt.Close()
|
||||
|
||||
var authHash string
|
||||
err = stmt.QueryRow(a.TargetUser).Scan(&authHash)
|
||||
err = stmt.QueryRow(args.Username).Scan(&authHash)
|
||||
if err != nil {
|
||||
if strings.Contains(err.Error(), "no rows in result") {
|
||||
opts.Logf("user not found")
|
||||
|
|
@ -260,7 +281,7 @@ func setupAPI(opts Opts) {
|
|||
|
||||
// TODO unique constraint on user_name
|
||||
|
||||
if authHash != a.TargetHash {
|
||||
if authHash != args.AuthHash {
|
||||
http.Error(w, "incorrect password", 403)
|
||||
writeErrorResponse(w, 403, BBJResponse{
|
||||
Error: true,
|
||||
|
|
|
|||
Loading…
Reference in New Issue