Add password check on post hash

author: Ryan Mehri <[email protected]> 2020-05-11 20:41:16 -0600
committer: Ryan Mehri <[email protected]> 2020-05-11 20:41:16 -0600
commit: d892cad72c1eb4ae20c1b7f1c5b9451650454c28 (patch)
tree: 4563ceb597cda8339a6f49b4a3ff05c53fc67017 /backend/cache/cache.go
parent: Merge pull request #15 from jackyzha0/readme (diff)
download: ctrl-v-d892cad72c1eb4ae20c1b7f1c5b9451650454c28.tar.xz
ctrl-v-d892cad72c1eb4ae20c1b7f1c5b9451650454c28.zip
1 files changed, 7 insertions, 3 deletions
diff --git a/backend/cache/cache.go b/backend/cache/cache.go
index 1a8a7a1..918873e 100644
--- a/backend/cache/cache.go
+++ b/backend/cache/cache.go
@@ -2,6 +2,7 @@ package cache
 
 import (
 	"errors"
+	"github.com/jackyzha0/ctrl-v/hashing"
 	"sync"
 
 	"github.com/jackyzha0/ctrl-v/db"
@@ -23,7 +24,7 @@ func init() {
 	}
 }
 
-func (c *Cache) Get(hash string) (db.Paste, error) {
+func (c *Cache) Get(hash, userPassword string) (db.Paste, error) {
 	c.lock.RLock()
 
 	// check if hash in cache
@@ -40,9 +41,12 @@ func (c *Cache) Get(hash string) (db.Paste, error) {
 		return p, PasteNotFound
 	}
 
-	// if there is a password
+	// if there is a password, check the provided one against it
 	if p.Password != "" {
-		return db.Paste{}, UserUnauthorized
+		// if passwords do not match, the user is unauthorized
+		if !hashing.ComparePasswords(p.Password, userPassword) {
+			return db.Paste{}, UserUnauthorized
+		}
 	}
 
 	c.add(p)
author	Ryan Mehri <[email protected]>	2020-05-11 20:41:16 -0600
committer	Ryan Mehri <[email protected]>	2020-05-11 20:41:16 -0600
commit	d892cad72c1eb4ae20c1b7f1c5b9451650454c28 (patch)
tree	4563ceb597cda8339a6f49b4a3ff05c53fc67017 /backend/cache/cache.go
parent	Merge pull request #15 from jackyzha0/readme (diff)
download	ctrl-v-d892cad72c1eb4ae20c1b7f1c5b9451650454c28.tar.xz ctrl-v-d892cad72c1eb4ae20c1b7f1c5b9451650454c28.zip