Use forms instead of JSON for login/register requests
maru
parent
beb829d20f
commit
62102ab4fd
|
|
@ -6,11 +6,6 @@ import (
|
|||
"golang.org/x/crypto/argon2"
|
||||
)
|
||||
|
||||
type GenericAuthRequest struct {
|
||||
Username string `json:"username"`
|
||||
Password string `json:"password"`
|
||||
}
|
||||
|
||||
type GenericAuthResponse struct {
|
||||
Token string `json:"token"`
|
||||
}
|
||||
|
|
|
|||
|
|
@ -10,22 +10,21 @@ import (
|
|||
"github.com/pagefaultgames/pokerogue-server/db"
|
||||
)
|
||||
|
||||
type LoginRequest GenericAuthRequest
|
||||
type LoginResponse GenericAuthResponse
|
||||
|
||||
// /account/login - log into account
|
||||
func Login(request LoginRequest) (LoginResponse, error) {
|
||||
func Login(username, password string) (LoginResponse, error) {
|
||||
var response LoginResponse
|
||||
|
||||
if !isValidUsername(request.Username) {
|
||||
if !isValidUsername(username) {
|
||||
return response, fmt.Errorf("invalid username")
|
||||
}
|
||||
|
||||
if len(request.Password) < 6 {
|
||||
if len(password) < 6 {
|
||||
return response, fmt.Errorf("invalid password")
|
||||
}
|
||||
|
||||
key, salt, err := db.FetchAccountKeySaltFromUsername(request.Username)
|
||||
key, salt, err := db.FetchAccountKeySaltFromUsername(username)
|
||||
if err != nil {
|
||||
if err == sql.ErrNoRows {
|
||||
return response, fmt.Errorf("account doesn't exist")
|
||||
|
|
@ -34,7 +33,7 @@ func Login(request LoginRequest) (LoginResponse, error) {
|
|||
return response, err
|
||||
}
|
||||
|
||||
if !bytes.Equal(key, deriveArgon2IDKey([]byte(request.Password), salt)) {
|
||||
if !bytes.Equal(key, deriveArgon2IDKey([]byte(password), salt)) {
|
||||
return response, fmt.Errorf("password doesn't match")
|
||||
}
|
||||
|
||||
|
|
@ -44,7 +43,7 @@ func Login(request LoginRequest) (LoginResponse, error) {
|
|||
return response, fmt.Errorf("failed to generate token: %s", err)
|
||||
}
|
||||
|
||||
err = db.AddAccountSession(request.Username, token)
|
||||
err = db.AddAccountSession(username, token)
|
||||
if err != nil {
|
||||
return response, fmt.Errorf("failed to add account session")
|
||||
}
|
||||
|
|
|
|||
|
|
@ -7,15 +7,13 @@ import (
|
|||
"github.com/pagefaultgames/pokerogue-server/db"
|
||||
)
|
||||
|
||||
type RegisterRequest GenericAuthRequest
|
||||
|
||||
// /account/register - register account
|
||||
func Register(request RegisterRequest) error {
|
||||
if !isValidUsername(request.Username) {
|
||||
func Register(username, password string) error {
|
||||
if !isValidUsername(username) {
|
||||
return fmt.Errorf("invalid username")
|
||||
}
|
||||
|
||||
if len(request.Password) < 6 {
|
||||
if len(password) < 6 {
|
||||
return fmt.Errorf("invalid password")
|
||||
}
|
||||
|
||||
|
|
@ -31,7 +29,7 @@ func Register(request RegisterRequest) error {
|
|||
return fmt.Errorf(fmt.Sprintf("failed to generate salt: %s", err))
|
||||
}
|
||||
|
||||
err = db.AddAccountRecord(uuid, request.Username, deriveArgon2IDKey([]byte(request.Password), salt), salt)
|
||||
err = db.AddAccountRecord(uuid, username, deriveArgon2IDKey([]byte(password), salt), salt)
|
||||
if err != nil {
|
||||
return fmt.Errorf("failed to add account record: %s", err)
|
||||
}
|
||||
|
|
|
|||
|
|
@ -69,14 +69,13 @@ func (s *Server) ServeHTTP(w http.ResponseWriter, r *http.Request) {
|
|||
return
|
||||
}
|
||||
case "/account/register":
|
||||
var request account.RegisterRequest
|
||||
err := json.NewDecoder(r.Body).Decode(&request)
|
||||
err := r.ParseForm()
|
||||
if err != nil {
|
||||
httpError(w, r, fmt.Errorf("failed to decode request body: %s", err), http.StatusBadRequest)
|
||||
httpError(w, r, fmt.Errorf("failed to parse request form: %s", err), http.StatusBadRequest)
|
||||
return
|
||||
}
|
||||
|
||||
err = account.Register(request)
|
||||
err = account.Register(r.Form.Get("username"), r.Form.Get("password"))
|
||||
if err != nil {
|
||||
httpError(w, r, err, http.StatusInternalServerError)
|
||||
return
|
||||
|
|
@ -84,14 +83,13 @@ func (s *Server) ServeHTTP(w http.ResponseWriter, r *http.Request) {
|
|||
|
||||
w.WriteHeader(http.StatusOK)
|
||||
case "/account/login":
|
||||
var request account.LoginRequest
|
||||
err := json.NewDecoder(r.Body).Decode(&request)
|
||||
err := r.ParseForm()
|
||||
if err != nil {
|
||||
httpError(w, r, fmt.Errorf("failed to decode request body: %s", err), http.StatusBadRequest)
|
||||
httpError(w, r, fmt.Errorf("failed to parse request form: %s", err), http.StatusBadRequest)
|
||||
return
|
||||
}
|
||||
|
||||
response, err := account.Login(request)
|
||||
response, err := account.Login(r.Form.Get("username"), r.Form.Get("password"))
|
||||
if err != nil {
|
||||
httpError(w, r, err, http.StatusInternalServerError)
|
||||
return
|
||||
|
|
|
|||
Loading…
Reference in New Issue