From 049346ab540c24ae36b14d39d9b1963f3fafad81 Mon Sep 17 00:00:00 2001 From: NGnius Date: Thu, 27 Feb 2020 13:21:09 -0500 Subject: [PATCH] Add password protection to new entry endpoint --- config.go | 1 + handlers.go | 6 ++++++ json_structs.go | 3 ++- 3 files changed, 9 insertions(+), 1 deletion(-) diff --git a/config.go b/config.go index adf0739..5214296 100644 --- a/config.go +++ b/config.go @@ -27,6 +27,7 @@ func initArgs() { flag.BoolVar(&populateTables, "populate-db", false, "Populate database with test data") flag.BoolVar(&randomizeTokens, "random-tokens", false, "Generate tokens with some random bytes") flag.StringVar(&corsHeader, "cors-header", defaultCorsHeader, "Access-Control-Allow-Origin HTTP request header") + flag.StringVar(&password, "entry-pwd", defaultPassword, "Password provided in POST JSON to authenticate") } func parseArgs() { diff --git a/handlers.go b/handlers.go index b471041..ca33237 100644 --- a/handlers.go +++ b/handlers.go @@ -14,10 +14,12 @@ import ( const ( defaultCorsHeader = "*" + defaultPassword = "" ) var ( corsHeader string + password string ) func boardHandler(w http.ResponseWriter, r *http.Request) { @@ -174,6 +176,10 @@ func newEntryHandler(w http.ResponseWriter, r *http.Request) { errorResponse(400, "Unable to convert request to JSON: "+jsonErr.Error(), w, r) return } + if password != "" && newEntry.Password != password { + errorResponse(403, "Invalid password", w, r) + return + } if newEntry.PlayerID != key.Player && !key.IsMultiuser() { errorResponse(403, "Invalid authorization for player", w, r) return diff --git a/json_structs.go b/json_structs.go index 38ba87a..16241ed 100644 --- a/json_structs.go +++ b/json_structs.go @@ -35,6 +35,7 @@ type NewEntryJSON struct { Score int64 PlayerID int64 BoardID int64 + Password string } func UnmarshalNewEntryJSON(data []byte) (NewEntryJSON, error) { @@ -48,7 +49,7 @@ func UnmarshalNewEntryJSON(data []byte) (NewEntryJSON, error) { // KeyJSON an API key for making new entry requests type KeyJSON struct { - Token string + Token string PlayerID int64 }