Use forms instead of JSON for login/register requests

pull/4/head
maru 7 months ago
parent beb829d20f
commit 62102ab4fd
No known key found for this signature in database
GPG Key ID: 37689350E9CD0F0D

@ -6,11 +6,6 @@ import (
"golang.org/x/crypto/argon2" "golang.org/x/crypto/argon2"
) )
type GenericAuthRequest struct {
Username string `json:"username"`
Password string `json:"password"`
}
type GenericAuthResponse struct { type GenericAuthResponse struct {
Token string `json:"token"` Token string `json:"token"`
} }

@ -10,22 +10,21 @@ import (
"github.com/pagefaultgames/pokerogue-server/db" "github.com/pagefaultgames/pokerogue-server/db"
) )
type LoginRequest GenericAuthRequest
type LoginResponse GenericAuthResponse type LoginResponse GenericAuthResponse
// /account/login - log into account // /account/login - log into account
func Login(request LoginRequest) (LoginResponse, error) { func Login(username, password string) (LoginResponse, error) {
var response LoginResponse var response LoginResponse
if !isValidUsername(request.Username) { if !isValidUsername(username) {
return response, fmt.Errorf("invalid username") return response, fmt.Errorf("invalid username")
} }
if len(request.Password) < 6 { if len(password) < 6 {
return response, fmt.Errorf("invalid password") return response, fmt.Errorf("invalid password")
} }
key, salt, err := db.FetchAccountKeySaltFromUsername(request.Username) key, salt, err := db.FetchAccountKeySaltFromUsername(username)
if err != nil { if err != nil {
if err == sql.ErrNoRows { if err == sql.ErrNoRows {
return response, fmt.Errorf("account doesn't exist") return response, fmt.Errorf("account doesn't exist")
@ -34,7 +33,7 @@ func Login(request LoginRequest) (LoginResponse, error) {
return response, err return response, err
} }
if !bytes.Equal(key, deriveArgon2IDKey([]byte(request.Password), salt)) { if !bytes.Equal(key, deriveArgon2IDKey([]byte(password), salt)) {
return response, fmt.Errorf("password doesn't match") return response, fmt.Errorf("password doesn't match")
} }
@ -44,7 +43,7 @@ func Login(request LoginRequest) (LoginResponse, error) {
return response, fmt.Errorf("failed to generate token: %s", err) return response, fmt.Errorf("failed to generate token: %s", err)
} }
err = db.AddAccountSession(request.Username, token) err = db.AddAccountSession(username, token)
if err != nil { if err != nil {
return response, fmt.Errorf("failed to add account session") return response, fmt.Errorf("failed to add account session")
} }

@ -7,15 +7,13 @@ import (
"github.com/pagefaultgames/pokerogue-server/db" "github.com/pagefaultgames/pokerogue-server/db"
) )
type RegisterRequest GenericAuthRequest
// /account/register - register account // /account/register - register account
func Register(request RegisterRequest) error { func Register(username, password string) error {
if !isValidUsername(request.Username) { if !isValidUsername(username) {
return fmt.Errorf("invalid username") return fmt.Errorf("invalid username")
} }
if len(request.Password) < 6 { if len(password) < 6 {
return fmt.Errorf("invalid password") return fmt.Errorf("invalid password")
} }
@ -31,7 +29,7 @@ func Register(request RegisterRequest) error {
return fmt.Errorf(fmt.Sprintf("failed to generate salt: %s", err)) return fmt.Errorf(fmt.Sprintf("failed to generate salt: %s", err))
} }
err = db.AddAccountRecord(uuid, request.Username, deriveArgon2IDKey([]byte(request.Password), salt), salt) err = db.AddAccountRecord(uuid, username, deriveArgon2IDKey([]byte(password), salt), salt)
if err != nil { if err != nil {
return fmt.Errorf("failed to add account record: %s", err) return fmt.Errorf("failed to add account record: %s", err)
} }

@ -69,14 +69,13 @@ func (s *Server) ServeHTTP(w http.ResponseWriter, r *http.Request) {
return return
} }
case "/account/register": case "/account/register":
var request account.RegisterRequest err := r.ParseForm()
err := json.NewDecoder(r.Body).Decode(&request)
if err != nil { if err != nil {
httpError(w, r, fmt.Errorf("failed to decode request body: %s", err), http.StatusBadRequest) httpError(w, r, fmt.Errorf("failed to parse request form: %s", err), http.StatusBadRequest)
return return
} }
err = account.Register(request) err = account.Register(r.Form.Get("username"), r.Form.Get("password"))
if err != nil { if err != nil {
httpError(w, r, err, http.StatusInternalServerError) httpError(w, r, err, http.StatusInternalServerError)
return return
@ -84,14 +83,13 @@ func (s *Server) ServeHTTP(w http.ResponseWriter, r *http.Request) {
w.WriteHeader(http.StatusOK) w.WriteHeader(http.StatusOK)
case "/account/login": case "/account/login":
var request account.LoginRequest err := r.ParseForm()
err := json.NewDecoder(r.Body).Decode(&request)
if err != nil { if err != nil {
httpError(w, r, fmt.Errorf("failed to decode request body: %s", err), http.StatusBadRequest) httpError(w, r, fmt.Errorf("failed to parse request form: %s", err), http.StatusBadRequest)
return return
} }
response, err := account.Login(request) response, err := account.Login(r.Form.Get("username"), r.Form.Get("password"))
if err != nil { if err != nil {
httpError(w, r, err, http.StatusInternalServerError) httpError(w, r, err, http.StatusInternalServerError)
return return

Loading…
Cancel
Save