aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJacky Zhao <[email protected]>2020-05-11 20:08:51 -0700
committerGitHub <[email protected]>2020-05-11 20:08:51 -0700
commit16bc33e7ac5298b2b3d72be32985dbab6d78db3f (patch)
tree8ecea62dff7644ec3cc4bde30d711f9204bf0b92
parentMerge pull request #15 from jackyzha0/readme (diff)
parentSimplify hashing comparison (diff)
downloadctrl-v-16bc33e7ac5298b2b3d72be32985dbab6d78db3f.tar.xz
ctrl-v-16bc33e7ac5298b2b3d72be32985dbab6d78db3f.zip
Merge pull request #16 from jackyzha0/password
Add password check on post hash
Diffstat
-rw-r--r--backend/api/api.go3
-rw-r--r--backend/api/routes.go17
-rw-r--r--backend/cache/cache.go10
-rw-r--r--backend/hashing/hash.go9
4 files changed, 33 insertions, 6 deletions
diff --git a/backend/api/api.go b/backend/api/api.go
index 59242ef..9dd68a9 100644
--- a/backend/api/api.go
+++ b/backend/api/api.go
@@ -31,7 +31,8 @@ func Serve(port int) {
r := mux.NewRouter()
r.HandleFunc("/health", healthCheckFunc)
r.HandleFunc("/api", insertFunc).Methods("POST", "OPTIONS")
- r.HandleFunc("/api/{hash}", getHashFunc).Methods("GET", "OPTIONS")
+ r.HandleFunc("/api/{hash}", getPasteFunc).Methods("GET", "OPTIONS")
+ r.HandleFunc("/api/{hash}", getPasteWithPasswordFunc).Methods("POST", "OPTIONS")
http.Handle("/", r)
diff --git a/backend/api/routes.go b/backend/api/routes.go
index 7fb2114..f8d2e4f 100644
--- a/backend/api/routes.go
+++ b/backend/api/routes.go
@@ -51,13 +51,26 @@ func insertFunc(w http.ResponseWriter, r *http.Request) {
fmt.Fprintf(w, "%+v", string(jsonData))
}
-func getHashFunc(w http.ResponseWriter, r *http.Request) {
+func getPasteFunc(w http.ResponseWriter, r *http.Request) {
+ // no password given for get
+ handleGetPaste(w, r, "")
+}
+
+func getPasteWithPasswordFunc(w http.ResponseWriter, r *http.Request) {
+ // get password from form
+ _ = r.ParseMultipartForm(0)
+ parsedPassword := r.FormValue("password")
+
+ handleGetPaste(w, r, parsedPassword)
+
+}
+func handleGetPaste(w http.ResponseWriter, r *http.Request, parsedPassword string) {
// Allow CORS
w.Header().Set("Access-Control-Allow-Origin", "*")
hash := mux.Vars(r)["hash"]
- paste, err := cache.C.Get(hash)
+ paste, err := cache.C.Get(hash, parsedPassword)
// if hash was not found
if err == cache.PasteNotFound {
diff --git a/backend/cache/cache.go b/backend/cache/cache.go
index 1a8a7a1..56581b8 100644
--- a/backend/cache/cache.go
+++ b/backend/cache/cache.go
@@ -2,6 +2,7 @@ package cache
import (
"errors"
+ "github.com/jackyzha0/ctrl-v/hashing"
"sync"
"github.com/jackyzha0/ctrl-v/db"
@@ -23,7 +24,7 @@ func init() {
}
}
-func (c *Cache) Get(hash string) (db.Paste, error) {
+func (c *Cache) Get(hash, userPassword string) (db.Paste, error) {
c.lock.RLock()
// check if hash in cache
@@ -40,9 +41,12 @@ func (c *Cache) Get(hash string) (db.Paste, error) {
return p, PasteNotFound
}
- // if there is a password
+ // if there is a password, check the provided one against it
if p.Password != "" {
- return db.Paste{}, UserUnauthorized
+ // if passwords do not match, the user is unauthorized
+ if !hashing.PasswordsEqual(p.Password, userPassword) {
+ return db.Paste{}, UserUnauthorized
+ }
}
c.add(p)
diff --git a/backend/hashing/hash.go b/backend/hashing/hash.go
index 93a9cf9..e944fbe 100644
--- a/backend/hashing/hash.go
+++ b/backend/hashing/hash.go
@@ -29,4 +29,13 @@ func hashString(text string) string {
func HashPassword(password string) (string, error) {
hashedPassword, err := bcrypt.GenerateFromPassword([]byte(password), bcrypt.DefaultCost)
return string(hashedPassword), err
+}
+
+func PasswordsEqual(dbPassword, parsedPassword string) bool {
+ dbPassBytes := []byte(dbPassword)
+ parsedPassBytes := []byte(parsedPassword)
+ compErr := bcrypt.CompareHashAndPassword(dbPassBytes, parsedPassBytes)
+
+ // if comparison error, the given password is not valid
+ return compErr == nil
} \ No newline at end of file
generated by cgit v1.2.3 (git 2.25.1) at 2026-03-11 17:18:36 +0000