Browse Source

Add password protection to new entry endpoint

master
NGnius 4 years ago
parent
commit
049346ab54
3 changed files with 9 additions and 1 deletions
  1. +1
    -0
      config.go
  2. +6
    -0
      handlers.go
  3. +2
    -1
      json_structs.go

+ 1
- 0
config.go View File

@@ -27,6 +27,7 @@ func initArgs() {
flag.BoolVar(&populateTables, "populate-db", false, "Populate database with test data")
flag.BoolVar(&randomizeTokens, "random-tokens", false, "Generate tokens with some random bytes")
flag.StringVar(&corsHeader, "cors-header", defaultCorsHeader, "Access-Control-Allow-Origin HTTP request header")
flag.StringVar(&password, "entry-pwd", defaultPassword, "Password provided in POST JSON to authenticate")
}

func parseArgs() {


+ 6
- 0
handlers.go View File

@@ -14,10 +14,12 @@ import (

const (
defaultCorsHeader = "*"
defaultPassword = ""
)

var (
corsHeader string
password string
)

func boardHandler(w http.ResponseWriter, r *http.Request) {
@@ -174,6 +176,10 @@ func newEntryHandler(w http.ResponseWriter, r *http.Request) {
errorResponse(400, "Unable to convert request to JSON: "+jsonErr.Error(), w, r)
return
}
if password != "" && newEntry.Password != password {
errorResponse(403, "Invalid password", w, r)
return
}
if newEntry.PlayerID != key.Player && !key.IsMultiuser() {
errorResponse(403, "Invalid authorization for player", w, r)
return


+ 2
- 1
json_structs.go View File

@@ -35,6 +35,7 @@ type NewEntryJSON struct {
Score int64
PlayerID int64
BoardID int64
Password string
}

func UnmarshalNewEntryJSON(data []byte) (NewEntryJSON, error) {
@@ -48,7 +49,7 @@ func UnmarshalNewEntryJSON(data []byte) (NewEntryJSON, error) {

// KeyJSON an API key for making new entry requests
type KeyJSON struct {
Token string
Token string
PlayerID int64
}