finish check_auth
parent
12feb93428
commit
c2b26da9fc
|
@ -1,3 +1,5 @@
|
|||
*.sqlite3
|
||||
|
||||
*.swp
|
||||
#
|
||||
# ---> Go
|
||||
|
|
|
@ -172,14 +172,22 @@ type BBJResponse struct {
|
|||
}
|
||||
|
||||
func writeResponse(w http.ResponseWriter, resp BBJResponse) {
|
||||
w.WriteHeader(http.StatusOK)
|
||||
w.Header().Set("Content-Type", "application/json")
|
||||
json.NewEncoder(w).Encode(resp)
|
||||
}
|
||||
|
||||
func writeErrorResponse(w http.ResponseWriter, code int, resp BBJResponse) {
|
||||
w.WriteHeader(code)
|
||||
w.Header().Set("Content-Type", "application/json")
|
||||
json.NewEncoder(w).Encode(resp)
|
||||
}
|
||||
|
||||
// NB breaking: i'm not just returning 200 always but using http status codes
|
||||
|
||||
func setupAPI(opts Opts) {
|
||||
|
||||
http.HandleFunc("/instance", handler(opts, func(w http.ResponseWriter, req *http.Request) {
|
||||
w.WriteHeader(http.StatusOK)
|
||||
w.Header().Set("Content-Type", "application/json")
|
||||
writeResponse(w, BBJResponse{
|
||||
Data: opts.Config.InstanceName,
|
||||
})
|
||||
|
@ -187,7 +195,10 @@ func setupAPI(opts Opts) {
|
|||
|
||||
http.HandleFunc("/check_auth", handler(opts, func(w http.ResponseWriter, req *http.Request) {
|
||||
if req.Method != "POST" {
|
||||
http.Error(w, "bad method", 400)
|
||||
writeErrorResponse(w, 400, BBJResponse{
|
||||
Error: true,
|
||||
Data: "bad method",
|
||||
})
|
||||
return
|
||||
}
|
||||
|
||||
|
@ -201,7 +212,11 @@ func setupAPI(opts Opts) {
|
|||
err := json.NewDecoder(req.Body).Decode(&a)
|
||||
|
||||
if err != nil {
|
||||
http.Error(w, "could not parse arguments", 400)
|
||||
writeErrorResponse(w, 400, BBJResponse{
|
||||
Error: true,
|
||||
Data: "invalid arguments",
|
||||
})
|
||||
return
|
||||
}
|
||||
|
||||
opts.Logf("got %s %s", a.TargetUser, a.TargetHash)
|
||||
|
@ -210,7 +225,11 @@ func setupAPI(opts Opts) {
|
|||
|
||||
serverErr := func(err error) {
|
||||
opts.Logf("check_auth error: %s", err.Error())
|
||||
http.Error(w, "database error", 500)
|
||||
writeErrorResponse(w, 500, BBJResponse{
|
||||
Error: true,
|
||||
Data: "server error",
|
||||
})
|
||||
return
|
||||
}
|
||||
|
||||
stmt, err := db.Prepare("select auth_hash from users where user_name = ?")
|
||||
|
@ -223,21 +242,35 @@ func setupAPI(opts Opts) {
|
|||
var authHash string
|
||||
err = stmt.QueryRow(a.TargetUser).Scan(&authHash)
|
||||
if err != nil {
|
||||
// TODO check if there were just no results and return 404
|
||||
serverErr(err)
|
||||
if strings.Contains(err.Error(), "no rows in result") {
|
||||
opts.Logf("user not found")
|
||||
writeErrorResponse(w, 404, BBJResponse{
|
||||
Error: true,
|
||||
Data: "user not found",
|
||||
})
|
||||
} else {
|
||||
opts.Logf("check_auth error: %s", err.Error())
|
||||
writeErrorResponse(w, 500, BBJResponse{
|
||||
Error: true,
|
||||
Data: "server error",
|
||||
})
|
||||
}
|
||||
return
|
||||
}
|
||||
|
||||
// TODO unique constraint on user_name
|
||||
|
||||
if authHash != a.TargetHash {
|
||||
// TODO 403 probably
|
||||
http.Error(w, "incorrect password", 403)
|
||||
writeErrorResponse(w, 403, BBJResponse{
|
||||
Error: true,
|
||||
Data: "incorrect password",
|
||||
})
|
||||
return
|
||||
}
|
||||
|
||||
w.WriteHeader(http.StatusOK)
|
||||
w.Header().Set("Content-Type", "application/json")
|
||||
writeResponse(w, BBJResponse{
|
||||
Data: result,
|
||||
Data: true,
|
||||
})
|
||||
}))
|
||||
}
|
||||
|
|
|
@ -15,6 +15,17 @@ create table users (
|
|||
created real -- floating point unix timestamp (when this user registered)
|
||||
);
|
||||
|
||||
insert into users values (
|
||||
"123", -- TODO replace UUID with incrementing int
|
||||
"anon",
|
||||
"8e97c0b197816a652fb489b21e63f664863daa991e2f8fd56e2df71593c2793f",
|
||||
"",
|
||||
"",
|
||||
0,
|
||||
0,
|
||||
1650819851
|
||||
);
|
||||
|
||||
-- TODO unique constraint on user_name?
|
||||
|
||||
|
||||
|
|
Loading…
Reference in New Issue