Add password changes

2024-04-28 17:27:58 -04:00 · 2024-04-28 17:27:58 -04:00 · cbcc68f8e4
parent 4ce5a0198d
commit cbcc68f8e4
4 changed files with 59 additions and 0 deletions
--- a/api/account/changepw.go
+++ b/api/account/changepw.go
@ -0,0 +1,27 @@
+package account
+
+import (
+	"crypto/rand"
+	"fmt"
+
+	"github.com/pagefaultgames/pokerogue-server/db"
+)
+
+func ChangePW(uuid []byte, password string) error {
+	if len(password) < 6 {
+		return fmt.Errorf("invalid password")
+	}
+
+	salt := make([]byte, ArgonSaltSize)
+	_, err := rand.Read(salt)
+	if err != nil {
+		return fmt.Errorf(fmt.Sprintf("failed to generate salt: %s", err))
+	}
+
+	err = db.UpdateAccountPassword(uuid, deriveArgon2IDKey([]byte(password), salt), salt)
+	if err != nil {
+		return fmt.Errorf("failed to add account record: %s", err)
+	}
+
+	return nil
+}
--- a/api/common.go
+++ b/api/common.go
@ -19,6 +19,7 @@ func Init(mux *http.ServeMux) {
 	mux.HandleFunc("GET /account/info", handleAccountInfo)
 	mux.HandleFunc("POST /account/register", handleAccountRegister)
 	mux.HandleFunc("POST /account/login", handleAccountLogin)
+	mux.HandleFunc("POST /account/changepw", handleAccountChangePW)
 	mux.HandleFunc("GET /account/logout", handleAccountLogout)

 	// game
--- a/api/endpoints.go
+++ b/api/endpoints.go
@ -87,6 +87,28 @@ func handleAccountLogin(w http.ResponseWriter, r *http.Request) {
 	w.Header().Set("Content-Type", "application/json")
 }

+func handleAccountChangePW(w http.ResponseWriter, r *http.Request) {
+	err := r.ParseForm()
+	if err != nil {
+		httpError(w, r, fmt.Errorf("failed to parse request form: %s", err), http.StatusBadRequest)
+		return
+	}
+
+	uuid, err := uuidFromRequest(r)
+	if err != nil {
+		httpError(w, r, err, http.StatusBadRequest)
+		return
+	}
+
+	err = account.ChangePW(uuid, r.Form.Get("password"))
+	if err != nil {
+		httpError(w, r, err, http.StatusInternalServerError)
+		return
+	}
+
+	w.WriteHeader(http.StatusOK)
+}
+
 func handleAccountLogout(w http.ResponseWriter, r *http.Request) {
 	token, err := tokenFromRequest(r)
 	if err != nil {
--- a/db/account.go
+++ b/db/account.go
@ -32,6 +32,15 @@ func AddAccountSession(username string, token []byte) error {
 	return nil
 }

+func UpdateAccountPassword(uuid, key, salt []byte) error {
+	_, err := handle.Exec("UPDATE accounts SET (hash, salt) VALUES (?, ?) WHERE uuid = ?", key, salt, uuid)
+	if err != nil {
+		return err
+	}
+
+	return nil
+}
+
 func UpdateAccountLastActivity(uuid []byte) error {
 	_, err := handle.Exec("UPDATE accounts SET lastActivity = UTC_TIMESTAMP() WHERE uuid = ?", uuid)
 	if err != nil {