fix bugs from todo except first critical

2026-03-27 12:27:05 +01:00
parent 04da887e4d
commit a6a19dad6e
3 changed files with 23 additions and 8 deletions
@@ -84,7 +84,7 @@ func DbGetIdByClientName(ctx context.Context, name string) (uint32, error) {
 func DbSetClientByName(ctx context.Context, client *Client) error {
 	err := dbConn.QueryRow(ctx, `
 		SELECT name, pass_hash, color_red, color_green, color_blue, created_at FROM clients WHERE name = $1
-	`, client.Name).Scan(&client.Name, &client.PasswordHash, client.Pronouns, client.Color[0], client.Color[1], client.Color[2], client.CreatedAt)
+	`, client.Name).Scan(&client.Name, &client.PasswordHash, &client.Pronouns, &client.Color[0], &client.Color[1], &client.Color[2], &client.CreatedAt)
 	return err
 }

@@ -7,6 +7,8 @@ import (
 	"strconv"
 	"strings"
 	"time"
+
+	"golang.org/x/crypto/bcrypt"
 )

 func isMethodAllowed(response *http.ResponseWriter, request *http.Request) bool {
@@ -53,6 +55,7 @@ func HttpHandleNewUser(response http.ResponseWriter, request *http.Request) {
 	color, err := parseRgb(request.FormValue("color"))
 	if err != nil {
 		http.Error(response, "bad color", http.StatusBadRequest)
+		return
 	}

 	hashedPassword, err := PasswordHash(password)
@@ -95,7 +98,9 @@ func HttpHandleLogin(response http.ResponseWriter, request *http.Request) {
 		return
 	}

-	if len(username) < 8 {
+	password := request.FormValue("password")
+
+	if len(password) < 8 {
 		http.Error(response, "no or short password", http.StatusBadRequest)
 		return
 	}
@@ -110,12 +115,18 @@ func HttpHandleLogin(response http.ResponseWriter, request *http.Request) {
 	if err != nil {
 		err := DbSetClientByName(ctx, client)
 		if err != nil {
-			http.Error(response, "bad login", http.StatusBadRequest)
+			http.Error(response, "bad login", http.StatusUnauthorized)
 			return
 		}
 		CacheSetClient(client)
 	}

+	err = bcrypt.CompareHashAndPassword([]byte(client.PasswordHash), []byte(password))
+	if err != nil {
+		http.Error(response, "bad login", http.StatusUnauthorized)
+		return
+	}
+
 	token, err := TokenCreate(client.Id)
 	if err != nil {
 		http.Error(response, "internal server error", http.StatusInternalServerError)
@@ -20,13 +20,14 @@ func ServeWsConnection(responseWriter http.ResponseWriter, request *http.Request
 		return
 	}

-	ctx, cancel := context.WithTimeout(context.Background(), time.Second*30)
+	ctx, cancel := context.WithCancel(context.Background())
 	defer cancel()

 	var client = Client{WsConn: connection}
 	var isAuthenticated bool
+	var ignoreCache bool

-	defer closeConnection(&client)
+	defer closeConnection(&client, ignoreCache)
 	for {
 		var clientMessage map[string]any
 		err := wsjson.Read(ctx, connection, &clientMessage)
@@ -42,6 +43,7 @@ func ServeWsConnection(responseWriter http.ResponseWriter, request *http.Request
 				}
 			} else {
 				if !handleUnauthenticatedMessage(&client, &clientMessage) {
+					ignoreCache = true
 					return
 				}
 				isAuthenticated = true
@@ -57,7 +59,7 @@ func sendMessageCloseIfTimeout(client *Client, message *map[string]any) {
 	err := wsjson.Write(ctx, client.WsConn, message)
 	if err != nil {
 		if errors.Is(err, context.DeadlineExceeded) {
-			closeConnection(client)
+			closeConnection(client, false)
 		}
 		log.Printf("write error: %v", err)
 	}
@@ -111,7 +113,9 @@ func handleUnauthenticatedMessage(client *Client, clientMessage *map[string]any)
 	return true
 }

-func closeConnection(client *Client) {
+func closeConnection(client *Client, ignoreCache bool) {
+	if !ignoreCache {
 		CacheDeleteClient(client.Id)
+	}
 	client.WsConn.CloseNow()
 }