|
|
|
@ -172,14 +172,22 @@ type BBJResponse struct {
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func writeResponse(w http.ResponseWriter, resp BBJResponse) {
|
|
|
|
|
w.WriteHeader(http.StatusOK)
|
|
|
|
|
w.Header().Set("Content-Type", "application/json")
|
|
|
|
|
json.NewEncoder(w).Encode(resp)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func writeErrorResponse(w http.ResponseWriter, code int, resp BBJResponse) {
|
|
|
|
|
w.WriteHeader(code)
|
|
|
|
|
w.Header().Set("Content-Type", "application/json")
|
|
|
|
|
json.NewEncoder(w).Encode(resp)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// NB breaking: i'm not just returning 200 always but using http status codes
|
|
|
|
|
|
|
|
|
|
func setupAPI(opts Opts) {
|
|
|
|
|
|
|
|
|
|
http.HandleFunc("/instance", handler(opts, func(w http.ResponseWriter, req *http.Request) {
|
|
|
|
|
w.WriteHeader(http.StatusOK)
|
|
|
|
|
w.Header().Set("Content-Type", "application/json")
|
|
|
|
|
writeResponse(w, BBJResponse{
|
|
|
|
|
Data: opts.Config.InstanceName,
|
|
|
|
|
})
|
|
|
|
@ -187,7 +195,10 @@ func setupAPI(opts Opts) {
|
|
|
|
|
|
|
|
|
|
http.HandleFunc("/check_auth", handler(opts, func(w http.ResponseWriter, req *http.Request) {
|
|
|
|
|
if req.Method != "POST" {
|
|
|
|
|
http.Error(w, "bad method", 400)
|
|
|
|
|
writeErrorResponse(w, 400, BBJResponse{
|
|
|
|
|
Error: true,
|
|
|
|
|
Data: "bad method",
|
|
|
|
|
})
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
@ -201,7 +212,11 @@ func setupAPI(opts Opts) {
|
|
|
|
|
err := json.NewDecoder(req.Body).Decode(&a)
|
|
|
|
|
|
|
|
|
|
if err != nil {
|
|
|
|
|
http.Error(w, "could not parse arguments", 400)
|
|
|
|
|
writeErrorResponse(w, 400, BBJResponse{
|
|
|
|
|
Error: true,
|
|
|
|
|
Data: "invalid arguments",
|
|
|
|
|
})
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
opts.Logf("got %s %s", a.TargetUser, a.TargetHash)
|
|
|
|
@ -210,7 +225,11 @@ func setupAPI(opts Opts) {
|
|
|
|
|
|
|
|
|
|
serverErr := func(err error) {
|
|
|
|
|
opts.Logf("check_auth error: %s", err.Error())
|
|
|
|
|
http.Error(w, "database error", 500)
|
|
|
|
|
writeErrorResponse(w, 500, BBJResponse{
|
|
|
|
|
Error: true,
|
|
|
|
|
Data: "server error",
|
|
|
|
|
})
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
stmt, err := db.Prepare("select auth_hash from users where user_name = ?")
|
|
|
|
@ -223,21 +242,35 @@ func setupAPI(opts Opts) {
|
|
|
|
|
var authHash string
|
|
|
|
|
err = stmt.QueryRow(a.TargetUser).Scan(&authHash)
|
|
|
|
|
if err != nil {
|
|
|
|
|
// TODO check if there were just no results and return 404
|
|
|
|
|
serverErr(err)
|
|
|
|
|
if strings.Contains(err.Error(), "no rows in result") {
|
|
|
|
|
opts.Logf("user not found")
|
|
|
|
|
writeErrorResponse(w, 404, BBJResponse{
|
|
|
|
|
Error: true,
|
|
|
|
|
Data: "user not found",
|
|
|
|
|
})
|
|
|
|
|
} else {
|
|
|
|
|
opts.Logf("check_auth error: %s", err.Error())
|
|
|
|
|
writeErrorResponse(w, 500, BBJResponse{
|
|
|
|
|
Error: true,
|
|
|
|
|
Data: "server error",
|
|
|
|
|
})
|
|
|
|
|
}
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// TODO unique constraint on user_name
|
|
|
|
|
|
|
|
|
|
if authHash != a.TargetHash {
|
|
|
|
|
// TODO 403 probably
|
|
|
|
|
http.Error(w, "incorrect password", 403)
|
|
|
|
|
writeErrorResponse(w, 403, BBJResponse{
|
|
|
|
|
Error: true,
|
|
|
|
|
Data: "incorrect password",
|
|
|
|
|
})
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
w.WriteHeader(http.StatusOK)
|
|
|
|
|
w.Header().Set("Content-Type", "application/json")
|
|
|
|
|
writeResponse(w, BBJResponse{
|
|
|
|
|
Data: result,
|
|
|
|
|
Data: true,
|
|
|
|
|
})
|
|
|
|
|
}))
|
|
|
|
|
}
|
|
|
|
|