From c2b26da9fc5677e09c04511678cee3581bfc15f6 Mon Sep 17 00:00:00 2001 From: vilmibm Date: Sun, 24 Apr 2022 12:09:56 -0500 Subject: [PATCH] finish check_auth --- .gitignore | 2 ++ server/cmd/main.go | 55 ++++++++++++++++++++++++++++++++++--------- server/cmd/schema.sql | 11 +++++++++ 3 files changed, 57 insertions(+), 11 deletions(-) diff --git a/.gitignore b/.gitignore index 9044d39..a744914 100644 --- a/.gitignore +++ b/.gitignore @@ -1,3 +1,5 @@ +*.sqlite3 + *.swp # # ---> Go diff --git a/server/cmd/main.go b/server/cmd/main.go index 695ce55..0ba45d6 100644 --- a/server/cmd/main.go +++ b/server/cmd/main.go @@ -172,14 +172,22 @@ type BBJResponse struct { } func writeResponse(w http.ResponseWriter, resp BBJResponse) { + w.WriteHeader(http.StatusOK) + w.Header().Set("Content-Type", "application/json") json.NewEncoder(w).Encode(resp) } +func writeErrorResponse(w http.ResponseWriter, code int, resp BBJResponse) { + w.WriteHeader(code) + w.Header().Set("Content-Type", "application/json") + json.NewEncoder(w).Encode(resp) +} + +// NB breaking: i'm not just returning 200 always but using http status codes + func setupAPI(opts Opts) { http.HandleFunc("/instance", handler(opts, func(w http.ResponseWriter, req *http.Request) { - w.WriteHeader(http.StatusOK) - w.Header().Set("Content-Type", "application/json") writeResponse(w, BBJResponse{ Data: opts.Config.InstanceName, }) @@ -187,7 +195,10 @@ func setupAPI(opts Opts) { http.HandleFunc("/check_auth", handler(opts, func(w http.ResponseWriter, req *http.Request) { if req.Method != "POST" { - http.Error(w, "bad method", 400) + writeErrorResponse(w, 400, BBJResponse{ + Error: true, + Data: "bad method", + }) return } @@ -201,7 +212,11 @@ func setupAPI(opts Opts) { err := json.NewDecoder(req.Body).Decode(&a) if err != nil { - http.Error(w, "could not parse arguments", 400) + writeErrorResponse(w, 400, BBJResponse{ + Error: true, + Data: "invalid arguments", + }) + return } opts.Logf("got %s %s", a.TargetUser, a.TargetHash) @@ -210,7 +225,11 @@ func setupAPI(opts Opts) { serverErr := func(err error) { opts.Logf("check_auth error: %s", err.Error()) - http.Error(w, "database error", 500) + writeErrorResponse(w, 500, BBJResponse{ + Error: true, + Data: "server error", + }) + return } stmt, err := db.Prepare("select auth_hash from users where user_name = ?") @@ -223,21 +242,35 @@ func setupAPI(opts Opts) { var authHash string err = stmt.QueryRow(a.TargetUser).Scan(&authHash) if err != nil { - // TODO check if there were just no results and return 404 - serverErr(err) + if strings.Contains(err.Error(), "no rows in result") { + opts.Logf("user not found") + writeErrorResponse(w, 404, BBJResponse{ + Error: true, + Data: "user not found", + }) + } else { + opts.Logf("check_auth error: %s", err.Error()) + writeErrorResponse(w, 500, BBJResponse{ + Error: true, + Data: "server error", + }) + } return } // TODO unique constraint on user_name if authHash != a.TargetHash { - // TODO 403 probably + http.Error(w, "incorrect password", 403) + writeErrorResponse(w, 403, BBJResponse{ + Error: true, + Data: "incorrect password", + }) + return } - w.WriteHeader(http.StatusOK) - w.Header().Set("Content-Type", "application/json") writeResponse(w, BBJResponse{ - Data: result, + Data: true, }) })) } diff --git a/server/cmd/schema.sql b/server/cmd/schema.sql index 7499342..1737e9e 100644 --- a/server/cmd/schema.sql +++ b/server/cmd/schema.sql @@ -15,6 +15,17 @@ create table users ( created real -- floating point unix timestamp (when this user registered) ); +insert into users values ( + "123", -- TODO replace UUID with incrementing int + "anon", + "8e97c0b197816a652fb489b21e63f664863daa991e2f8fd56e2df71593c2793f", + "", + "", + 0, + 0, + 1650819851 +); + -- TODO unique constraint on user_name?