From a6a19dad6e67076223f51cc9d604be2e65159cc8 Mon Sep 17 00:00:00 2001 From: gitGnome Date: Fri, 27 Mar 2026 12:27:05 +0100 Subject: [PATCH] fix bugs from todo except first critical --- database.go | 2 +- http.go | 15 +++++++++++++-- wsServer.go | 14 +++++++++----- 3 files changed, 23 insertions(+), 8 deletions(-) diff --git a/database.go b/database.go index c75265e..f798dbe 100644 --- a/database.go +++ b/database.go @@ -84,7 +84,7 @@ func DbGetIdByClientName(ctx context.Context, name string) (uint32, error) { func DbSetClientByName(ctx context.Context, client *Client) error { err := dbConn.QueryRow(ctx, ` SELECT name, pass_hash, color_red, color_green, color_blue, created_at FROM clients WHERE name = $1 - `, client.Name).Scan(&client.Name, &client.PasswordHash, client.Pronouns, client.Color[0], client.Color[1], client.Color[2], client.CreatedAt) + `, client.Name).Scan(&client.Name, &client.PasswordHash, &client.Pronouns, &client.Color[0], &client.Color[1], &client.Color[2], &client.CreatedAt) return err } diff --git a/http.go b/http.go index 73d240c..ae0e7e4 100644 --- a/http.go +++ b/http.go @@ -7,6 +7,8 @@ import ( "strconv" "strings" "time" + + "golang.org/x/crypto/bcrypt" ) func isMethodAllowed(response *http.ResponseWriter, request *http.Request) bool { @@ -53,6 +55,7 @@ func HttpHandleNewUser(response http.ResponseWriter, request *http.Request) { color, err := parseRgb(request.FormValue("color")) if err != nil { http.Error(response, "bad color", http.StatusBadRequest) + return } hashedPassword, err := PasswordHash(password) @@ -95,7 +98,9 @@ func HttpHandleLogin(response http.ResponseWriter, request *http.Request) { return } - if len(username) < 8 { + password := request.FormValue("password") + + if len(password) < 8 { http.Error(response, "no or short password", http.StatusBadRequest) return } @@ -110,12 +115,18 @@ func HttpHandleLogin(response http.ResponseWriter, request *http.Request) { if err != nil { err := DbSetClientByName(ctx, client) if err != nil { - http.Error(response, "bad login", http.StatusBadRequest) + http.Error(response, "bad login", http.StatusUnauthorized) return } CacheSetClient(client) } + err = bcrypt.CompareHashAndPassword([]byte(client.PasswordHash), []byte(password)) + if err != nil { + http.Error(response, "bad login", http.StatusUnauthorized) + return + } + token, err := TokenCreate(client.Id) if err != nil { http.Error(response, "internal server error", http.StatusInternalServerError) diff --git a/wsServer.go b/wsServer.go index a8e207e..cfd0914 100644 --- a/wsServer.go +++ b/wsServer.go @@ -20,13 +20,14 @@ func ServeWsConnection(responseWriter http.ResponseWriter, request *http.Request return } - ctx, cancel := context.WithTimeout(context.Background(), time.Second*30) + ctx, cancel := context.WithCancel(context.Background()) defer cancel() var client = Client{WsConn: connection} var isAuthenticated bool + var ignoreCache bool - defer closeConnection(&client) + defer closeConnection(&client, ignoreCache) for { var clientMessage map[string]any err := wsjson.Read(ctx, connection, &clientMessage) @@ -42,6 +43,7 @@ func ServeWsConnection(responseWriter http.ResponseWriter, request *http.Request } } else { if !handleUnauthenticatedMessage(&client, &clientMessage) { + ignoreCache = true return } isAuthenticated = true @@ -57,7 +59,7 @@ func sendMessageCloseIfTimeout(client *Client, message *map[string]any) { err := wsjson.Write(ctx, client.WsConn, message) if err != nil { if errors.Is(err, context.DeadlineExceeded) { - closeConnection(client) + closeConnection(client, false) } log.Printf("write error: %v", err) } @@ -111,7 +113,9 @@ func handleUnauthenticatedMessage(client *Client, clientMessage *map[string]any) return true } -func closeConnection(client *Client) { - CacheDeleteClient(client.Id) +func closeConnection(client *Client, ignoreCache bool) { + if !ignoreCache { + CacheDeleteClient(client.Id) + } client.WsConn.CloseNow() }