finish check_auth

trunk
vilmibm 2022-04-24 12:09:56 -05:00
parent 12feb93428
commit c2b26da9fc
3 changed files with 57 additions and 11 deletions

2
.gitignore vendored
View File

@ -1,3 +1,5 @@
*.sqlite3
*.swp *.swp
# #
# ---> Go # ---> Go

View File

@ -172,14 +172,22 @@ type BBJResponse struct {
} }
func writeResponse(w http.ResponseWriter, resp BBJResponse) { func writeResponse(w http.ResponseWriter, resp BBJResponse) {
w.WriteHeader(http.StatusOK)
w.Header().Set("Content-Type", "application/json")
json.NewEncoder(w).Encode(resp) json.NewEncoder(w).Encode(resp)
} }
func writeErrorResponse(w http.ResponseWriter, code int, resp BBJResponse) {
w.WriteHeader(code)
w.Header().Set("Content-Type", "application/json")
json.NewEncoder(w).Encode(resp)
}
// NB breaking: i'm not just returning 200 always but using http status codes
func setupAPI(opts Opts) { func setupAPI(opts Opts) {
http.HandleFunc("/instance", handler(opts, func(w http.ResponseWriter, req *http.Request) { http.HandleFunc("/instance", handler(opts, func(w http.ResponseWriter, req *http.Request) {
w.WriteHeader(http.StatusOK)
w.Header().Set("Content-Type", "application/json")
writeResponse(w, BBJResponse{ writeResponse(w, BBJResponse{
Data: opts.Config.InstanceName, Data: opts.Config.InstanceName,
}) })
@ -187,7 +195,10 @@ func setupAPI(opts Opts) {
http.HandleFunc("/check_auth", handler(opts, func(w http.ResponseWriter, req *http.Request) { http.HandleFunc("/check_auth", handler(opts, func(w http.ResponseWriter, req *http.Request) {
if req.Method != "POST" { if req.Method != "POST" {
http.Error(w, "bad method", 400) writeErrorResponse(w, 400, BBJResponse{
Error: true,
Data: "bad method",
})
return return
} }
@ -201,7 +212,11 @@ func setupAPI(opts Opts) {
err := json.NewDecoder(req.Body).Decode(&a) err := json.NewDecoder(req.Body).Decode(&a)
if err != nil { if err != nil {
http.Error(w, "could not parse arguments", 400) writeErrorResponse(w, 400, BBJResponse{
Error: true,
Data: "invalid arguments",
})
return
} }
opts.Logf("got %s %s", a.TargetUser, a.TargetHash) opts.Logf("got %s %s", a.TargetUser, a.TargetHash)
@ -210,7 +225,11 @@ func setupAPI(opts Opts) {
serverErr := func(err error) { serverErr := func(err error) {
opts.Logf("check_auth error: %s", err.Error()) opts.Logf("check_auth error: %s", err.Error())
http.Error(w, "database error", 500) writeErrorResponse(w, 500, BBJResponse{
Error: true,
Data: "server error",
})
return
} }
stmt, err := db.Prepare("select auth_hash from users where user_name = ?") stmt, err := db.Prepare("select auth_hash from users where user_name = ?")
@ -223,21 +242,35 @@ func setupAPI(opts Opts) {
var authHash string var authHash string
err = stmt.QueryRow(a.TargetUser).Scan(&authHash) err = stmt.QueryRow(a.TargetUser).Scan(&authHash)
if err != nil { if err != nil {
// TODO check if there were just no results and return 404 if strings.Contains(err.Error(), "no rows in result") {
serverErr(err) opts.Logf("user not found")
writeErrorResponse(w, 404, BBJResponse{
Error: true,
Data: "user not found",
})
} else {
opts.Logf("check_auth error: %s", err.Error())
writeErrorResponse(w, 500, BBJResponse{
Error: true,
Data: "server error",
})
}
return return
} }
// TODO unique constraint on user_name // TODO unique constraint on user_name
if authHash != a.TargetHash { if authHash != a.TargetHash {
// TODO 403 probably http.Error(w, "incorrect password", 403)
writeErrorResponse(w, 403, BBJResponse{
Error: true,
Data: "incorrect password",
})
return
} }
w.WriteHeader(http.StatusOK)
w.Header().Set("Content-Type", "application/json")
writeResponse(w, BBJResponse{ writeResponse(w, BBJResponse{
Data: result, Data: true,
}) })
})) }))
} }

View File

@ -15,6 +15,17 @@ create table users (
created real -- floating point unix timestamp (when this user registered) created real -- floating point unix timestamp (when this user registered)
); );
insert into users values (
"123", -- TODO replace UUID with incrementing int
"anon",
"8e97c0b197816a652fb489b21e63f664863daa991e2f8fd56e2df71593c2793f",
"",
"",
0,
0,
1650819851
);
-- TODO unique constraint on user_name? -- TODO unique constraint on user_name?