finish check_auth

.gitignore

@@ -1,3 +1,5 @@
+*.sqlite3
+
 *.swp
 #
 # ---> Go

server/cmd/main.go

@@ -172,14 +172,22 @@ type BBJResponse struct {
 }
 
 func writeResponse(w http.ResponseWriter, resp BBJResponse) {
+	w.WriteHeader(http.StatusOK)
+	w.Header().Set("Content-Type", "application/json")
 	json.NewEncoder(w).Encode(resp)
 }
 
+func writeErrorResponse(w http.ResponseWriter, code int, resp BBJResponse) {
+	w.WriteHeader(code)
+	w.Header().Set("Content-Type", "application/json")
+	json.NewEncoder(w).Encode(resp)
+}
+
+// NB breaking: i'm not just returning 200 always but using http status codes
+
 func setupAPI(opts Opts) {
 
 	http.HandleFunc("/instance", handler(opts, func(w http.ResponseWriter, req *http.Request) {
-		w.WriteHeader(http.StatusOK)
-		w.Header().Set("Content-Type", "application/json")
 		writeResponse(w, BBJResponse{
 			Data: opts.Config.InstanceName,
 		})
@@ -187,7 +195,10 @@ func setupAPI(opts Opts) {
 
 	http.HandleFunc("/check_auth", handler(opts, func(w http.ResponseWriter, req *http.Request) {
 		if req.Method != "POST" {
-			http.Error(w, "bad method", 400)
+			writeErrorResponse(w, 400, BBJResponse{
+				Error: true,
+				Data:  "bad method",
+			})
 			return
 		}
 
@@ -201,7 +212,11 @@ func setupAPI(opts Opts) {
 		err := json.NewDecoder(req.Body).Decode(&a)
 
 		if err != nil {
-			http.Error(w, "could not parse arguments", 400)
+			writeErrorResponse(w, 400, BBJResponse{
+				Error: true,
+				Data:  "invalid arguments",
+			})
+			return
 		}
 
 		opts.Logf("got %s %s", a.TargetUser, a.TargetHash)
@@ -210,7 +225,11 @@ func setupAPI(opts Opts) {
 
 		serverErr := func(err error) {
 			opts.Logf("check_auth error: %s", err.Error())
-			http.Error(w, "database error", 500)
+			writeErrorResponse(w, 500, BBJResponse{
+				Error: true,
+				Data:  "server error",
+			})
+			return
 		}
 
 		stmt, err := db.Prepare("select auth_hash from users where user_name = ?")
@@ -223,21 +242,35 @@ func setupAPI(opts Opts) {
 		var authHash string
 		err = stmt.QueryRow(a.TargetUser).Scan(&authHash)
 		if err != nil {
-			// TODO check if there were just no results and return 404
-			serverErr(err)
+			if strings.Contains(err.Error(), "no rows in result") {
+				opts.Logf("user not found")
+				writeErrorResponse(w, 404, BBJResponse{
+					Error: true,
+					Data:  "user not found",
+				})
+			} else {
+				opts.Logf("check_auth error: %s", err.Error())
+				writeErrorResponse(w, 500, BBJResponse{
+					Error: true,
+					Data:  "server error",
+				})
+			}
 			return
 		}
 
 		// TODO unique constraint on user_name
 
 		if authHash != a.TargetHash {
-			// TODO 403 probably
+			http.Error(w, "incorrect password", 403)
+			writeErrorResponse(w, 403, BBJResponse{
+				Error: true,
+				Data:  "incorrect password",
+			})
+			return
 		}
 
-		w.WriteHeader(http.StatusOK)
-		w.Header().Set("Content-Type", "application/json")
 		writeResponse(w, BBJResponse{
-			Data: result,
+			Data: true,
 		})
 	}))
 }

server/cmd/schema.sql

@@ -15,6 +15,17 @@ create table users (
   created real      -- floating point unix timestamp (when this user registered)
 );
 
+insert into users values (
+  "123", -- TODO replace UUID with incrementing int
+  "anon",
+  "8e97c0b197816a652fb489b21e63f664863daa991e2f8fd56e2df71593c2793f",
+  "",
+  "",
+  0,
+  0,
+  1650819851
+);
+
 -- TODO unique constraint on user_name?