some golfing, start on registration
parent
c2b26da9fc
commit
44343a429e
|
|
@ -193,33 +193,54 @@ func setupAPI(opts Opts) {
|
||||||
})
|
})
|
||||||
}))
|
}))
|
||||||
|
|
||||||
|
badMethod := func(w http.ResponseWriter) {
|
||||||
|
writeErrorResponse(w, 400, BBJResponse{
|
||||||
|
Error: true,
|
||||||
|
Data: "bad method",
|
||||||
|
})
|
||||||
|
}
|
||||||
|
|
||||||
|
invalidArgs := func(w http.ResponseWriter) {
|
||||||
|
writeErrorResponse(w, 400, BBJResponse{
|
||||||
|
Error: true,
|
||||||
|
Data: "invalid args",
|
||||||
|
})
|
||||||
|
}
|
||||||
|
|
||||||
|
type AuthArgs struct {
|
||||||
|
Username string `json:"target_user"`
|
||||||
|
AuthHash string `json:"target_hash"`
|
||||||
|
}
|
||||||
|
|
||||||
|
http.HandleFunc("/user_register", handler(opts, func(w http.ResponseWriter, req *http.Request) {
|
||||||
|
if req.Method != "POST" {
|
||||||
|
badMethod(w)
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
|
var args AuthArgs
|
||||||
|
if err := json.NewDecoder(req.Body).Decode(&args); err != nil {
|
||||||
|
invalidArgs(w)
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
|
// TODO check if user exists
|
||||||
|
// TODO compare hash
|
||||||
|
}))
|
||||||
|
|
||||||
http.HandleFunc("/check_auth", handler(opts, func(w http.ResponseWriter, req *http.Request) {
|
http.HandleFunc("/check_auth", handler(opts, func(w http.ResponseWriter, req *http.Request) {
|
||||||
if req.Method != "POST" {
|
if req.Method != "POST" {
|
||||||
writeErrorResponse(w, 400, BBJResponse{
|
badMethod(w)
|
||||||
Error: true,
|
|
||||||
Data: "bad method",
|
|
||||||
})
|
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
type args struct {
|
var args AuthArgs
|
||||||
TargetUser string `json:"target_user"`
|
if err := json.NewDecoder(req.Body).Decode(&args); err != nil {
|
||||||
TargetHash string `json:"target_hash"`
|
invalidArgs(w)
|
||||||
}
|
|
||||||
|
|
||||||
var a args
|
|
||||||
|
|
||||||
err := json.NewDecoder(req.Body).Decode(&a)
|
|
||||||
|
|
||||||
if err != nil {
|
|
||||||
writeErrorResponse(w, 400, BBJResponse{
|
|
||||||
Error: true,
|
|
||||||
Data: "invalid arguments",
|
|
||||||
})
|
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
opts.Logf("got %s %s", a.TargetUser, a.TargetHash)
|
opts.Logf("got %s %s", args.Username, args.AuthHash)
|
||||||
|
|
||||||
db := opts.DB
|
db := opts.DB
|
||||||
|
|
||||||
|
|
@ -240,7 +261,7 @@ func setupAPI(opts Opts) {
|
||||||
defer stmt.Close()
|
defer stmt.Close()
|
||||||
|
|
||||||
var authHash string
|
var authHash string
|
||||||
err = stmt.QueryRow(a.TargetUser).Scan(&authHash)
|
err = stmt.QueryRow(args.Username).Scan(&authHash)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
if strings.Contains(err.Error(), "no rows in result") {
|
if strings.Contains(err.Error(), "no rows in result") {
|
||||||
opts.Logf("user not found")
|
opts.Logf("user not found")
|
||||||
|
|
@ -260,7 +281,7 @@ func setupAPI(opts Opts) {
|
||||||
|
|
||||||
// TODO unique constraint on user_name
|
// TODO unique constraint on user_name
|
||||||
|
|
||||||
if authHash != a.TargetHash {
|
if authHash != args.AuthHash {
|
||||||
http.Error(w, "incorrect password", 403)
|
http.Error(w, "incorrect password", 403)
|
||||||
writeErrorResponse(w, 403, BBJResponse{
|
writeErrorResponse(w, 403, BBJResponse{
|
||||||
Error: true,
|
Error: true,
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue