Use forms instead of JSON for login/register requests

pull/4/head
maru 8 months ago
parent beb829d20f
commit 62102ab4fd
No known key found for this signature in database
GPG Key ID: 37689350E9CD0F0D

@ -6,11 +6,6 @@ import (
"golang.org/x/crypto/argon2"
)
type GenericAuthRequest struct {
Username string `json:"username"`
Password string `json:"password"`
}
type GenericAuthResponse struct {
Token string `json:"token"`
}

@ -10,22 +10,21 @@ import (
"github.com/pagefaultgames/pokerogue-server/db"
)
type LoginRequest GenericAuthRequest
type LoginResponse GenericAuthResponse
// /account/login - log into account
func Login(request LoginRequest) (LoginResponse, error) {
func Login(username, password string) (LoginResponse, error) {
var response LoginResponse
if !isValidUsername(request.Username) {
if !isValidUsername(username) {
return response, fmt.Errorf("invalid username")
}
if len(request.Password) < 6 {
if len(password) < 6 {
return response, fmt.Errorf("invalid password")
}
key, salt, err := db.FetchAccountKeySaltFromUsername(request.Username)
key, salt, err := db.FetchAccountKeySaltFromUsername(username)
if err != nil {
if err == sql.ErrNoRows {
return response, fmt.Errorf("account doesn't exist")
@ -34,7 +33,7 @@ func Login(request LoginRequest) (LoginResponse, error) {
return response, err
}
if !bytes.Equal(key, deriveArgon2IDKey([]byte(request.Password), salt)) {
if !bytes.Equal(key, deriveArgon2IDKey([]byte(password), salt)) {
return response, fmt.Errorf("password doesn't match")
}
@ -44,7 +43,7 @@ func Login(request LoginRequest) (LoginResponse, error) {
return response, fmt.Errorf("failed to generate token: %s", err)
}
err = db.AddAccountSession(request.Username, token)
err = db.AddAccountSession(username, token)
if err != nil {
return response, fmt.Errorf("failed to add account session")
}

@ -7,15 +7,13 @@ import (
"github.com/pagefaultgames/pokerogue-server/db"
)
type RegisterRequest GenericAuthRequest
// /account/register - register account
func Register(request RegisterRequest) error {
if !isValidUsername(request.Username) {
func Register(username, password string) error {
if !isValidUsername(username) {
return fmt.Errorf("invalid username")
}
if len(request.Password) < 6 {
if len(password) < 6 {
return fmt.Errorf("invalid password")
}
@ -31,7 +29,7 @@ func Register(request RegisterRequest) error {
return fmt.Errorf(fmt.Sprintf("failed to generate salt: %s", err))
}
err = db.AddAccountRecord(uuid, request.Username, deriveArgon2IDKey([]byte(request.Password), salt), salt)
err = db.AddAccountRecord(uuid, username, deriveArgon2IDKey([]byte(password), salt), salt)
if err != nil {
return fmt.Errorf("failed to add account record: %s", err)
}

@ -69,14 +69,13 @@ func (s *Server) ServeHTTP(w http.ResponseWriter, r *http.Request) {
return
}
case "/account/register":
var request account.RegisterRequest
err := json.NewDecoder(r.Body).Decode(&request)
err := r.ParseForm()
if err != nil {
httpError(w, r, fmt.Errorf("failed to decode request body: %s", err), http.StatusBadRequest)
httpError(w, r, fmt.Errorf("failed to parse request form: %s", err), http.StatusBadRequest)
return
}
err = account.Register(request)
err = account.Register(r.Form.Get("username"), r.Form.Get("password"))
if err != nil {
httpError(w, r, err, http.StatusInternalServerError)
return
@ -84,14 +83,13 @@ func (s *Server) ServeHTTP(w http.ResponseWriter, r *http.Request) {
w.WriteHeader(http.StatusOK)
case "/account/login":
var request account.LoginRequest
err := json.NewDecoder(r.Body).Decode(&request)
err := r.ParseForm()
if err != nil {
httpError(w, r, fmt.Errorf("failed to decode request body: %s", err), http.StatusBadRequest)
httpError(w, r, fmt.Errorf("failed to parse request form: %s", err), http.StatusBadRequest)
return
}
response, err := account.Login(request)
response, err := account.Login(r.Form.Get("username"), r.Form.Get("password"))
if err != nil {
httpError(w, r, err, http.StatusInternalServerError)
return

Loading…
Cancel
Save