Merge pull request #16 from jackyzha0/password

Add password check on post hash
author: Jacky Zhao <[email protected]> 2020-05-11 20:08:51 -0700
committer: GitHub <[email protected]> 2020-05-11 20:08:51 -0700
commit: 16bc33e7ac5298b2b3d72be32985dbab6d78db3f (patch)
tree: 8ecea62dff7644ec3cc4bde30d711f9204bf0b92 /backend/cache
parent: Merge pull request #15 from jackyzha0/readme (diff)
parent: Simplify hashing comparison (diff)
download: ctrl-v-16bc33e7ac5298b2b3d72be32985dbab6d78db3f.tar.xz
ctrl-v-16bc33e7ac5298b2b3d72be32985dbab6d78db3f.zip
1 files changed, 7 insertions, 3 deletions
diff --git a/backend/cache/cache.go b/backend/cache/cache.go
index 1a8a7a1..56581b8 100644
--- a/backend/cache/cache.go
+++ b/backend/cache/cache.go
@@ -2,6 +2,7 @@ package cache
 
 import (
 	"errors"
+	"github.com/jackyzha0/ctrl-v/hashing"
 	"sync"
 
 	"github.com/jackyzha0/ctrl-v/db"
@@ -23,7 +24,7 @@ func init() {
 	}
 }
 
-func (c *Cache) Get(hash string) (db.Paste, error) {
+func (c *Cache) Get(hash, userPassword string) (db.Paste, error) {
 	c.lock.RLock()
 
 	// check if hash in cache
@@ -40,9 +41,12 @@ func (c *Cache) Get(hash string) (db.Paste, error) {
 		return p, PasteNotFound
 	}
 
-	// if there is a password
+	// if there is a password, check the provided one against it
 	if p.Password != "" {
-		return db.Paste{}, UserUnauthorized
+		// if passwords do not match, the user is unauthorized
+		if !hashing.PasswordsEqual(p.Password, userPassword) {
+			return db.Paste{}, UserUnauthorized
+		}
 	}
 
 	c.add(p)
author	Jacky Zhao <[email protected]>	2020-05-11 20:08:51 -0700
committer	GitHub <[email protected]>	2020-05-11 20:08:51 -0700
commit	16bc33e7ac5298b2b3d72be32985dbab6d78db3f (patch)
tree	8ecea62dff7644ec3cc4bde30d711f9204bf0b92 /backend/cache
parent	Merge pull request #15 from jackyzha0/readme (diff)
parent	Simplify hashing comparison (diff)
download	ctrl-v-16bc33e7ac5298b2b3d72be32985dbab6d78db3f.tar.xz ctrl-v-16bc33e7ac5298b2b3d72be32985dbab6d78db3f.zip