Add password changes

oauth2
maru 2024-04-28 17:27:58 -04:00
parent 4ce5a0198d
commit cbcc68f8e4
No known key found for this signature in database
GPG Key ID: 37689350E9CD0F0D
4 changed files with 59 additions and 0 deletions

27
api/account/changepw.go Normal file
View File

@ -0,0 +1,27 @@
package account
import (
"crypto/rand"
"fmt"
"github.com/pagefaultgames/pokerogue-server/db"
)
func ChangePW(uuid []byte, password string) error {
if len(password) < 6 {
return fmt.Errorf("invalid password")
}
salt := make([]byte, ArgonSaltSize)
_, err := rand.Read(salt)
if err != nil {
return fmt.Errorf(fmt.Sprintf("failed to generate salt: %s", err))
}
err = db.UpdateAccountPassword(uuid, deriveArgon2IDKey([]byte(password), salt), salt)
if err != nil {
return fmt.Errorf("failed to add account record: %s", err)
}
return nil
}

View File

@ -19,6 +19,7 @@ func Init(mux *http.ServeMux) {
mux.HandleFunc("GET /account/info", handleAccountInfo)
mux.HandleFunc("POST /account/register", handleAccountRegister)
mux.HandleFunc("POST /account/login", handleAccountLogin)
mux.HandleFunc("POST /account/changepw", handleAccountChangePW)
mux.HandleFunc("GET /account/logout", handleAccountLogout)
// game

View File

@ -87,6 +87,28 @@ func handleAccountLogin(w http.ResponseWriter, r *http.Request) {
w.Header().Set("Content-Type", "application/json")
}
func handleAccountChangePW(w http.ResponseWriter, r *http.Request) {
err := r.ParseForm()
if err != nil {
httpError(w, r, fmt.Errorf("failed to parse request form: %s", err), http.StatusBadRequest)
return
}
uuid, err := uuidFromRequest(r)
if err != nil {
httpError(w, r, err, http.StatusBadRequest)
return
}
err = account.ChangePW(uuid, r.Form.Get("password"))
if err != nil {
httpError(w, r, err, http.StatusInternalServerError)
return
}
w.WriteHeader(http.StatusOK)
}
func handleAccountLogout(w http.ResponseWriter, r *http.Request) {
token, err := tokenFromRequest(r)
if err != nil {

View File

@ -32,6 +32,15 @@ func AddAccountSession(username string, token []byte) error {
return nil
}
func UpdateAccountPassword(uuid, key, salt []byte) error {
_, err := handle.Exec("UPDATE accounts SET (hash, salt) VALUES (?, ?) WHERE uuid = ?", key, salt, uuid)
if err != nil {
return err
}
return nil
}
func UpdateAccountLastActivity(uuid []byte) error {
_, err := handle.Exec("UPDATE accounts SET lastActivity = UTC_TIMESTAMP() WHERE uuid = ?", uuid)
if err != nil {