Check password when paste is cached

1 files changed, 22 insertions, 6 deletions

diff --git a/backend/cache/cache.go b/backend/cache/cache.go
index 56581b8..1bbec78 100644
--- a/backend/cache/cache.go
+++ b/backend/cache/cache.go
@@ -32,7 +32,13 @@ func (c *Cache) Get(hash, userPassword string) (db.Paste, error) {
 	c.lock.RUnlock()
 
 	if ok {
-		return v, nil
+		// validate password
+		passErr := checkPassword(v.Password, userPassword)
+		if passErr != nil {
+			return db.Paste{}, passErr
+		} else {
+			return v, nil
+		}
 	}
 
 	// if it doesnt, lookup from db
@@ -41,16 +47,26 @@ func (c *Cache) Get(hash, userPassword string) (db.Paste, error) {
 		return p, PasteNotFound
 	}
 
+	// validate password
+	passErr := checkPassword(p.Password, userPassword)
+	if passErr != nil {
+		return db.Paste{}, passErr
+	}
+
+	c.add(p)
+	return p, err
+}
+
+func checkPassword(dbPassword, parsedPassword string) error {
 	// if there is a password, check the provided one against it
-	if p.Password != "" {
+	if dbPassword != "" {
 		// if passwords do not match, the user is unauthorized
-		if !hashing.PasswordsEqual(p.Password, userPassword) {
-			return db.Paste{}, UserUnauthorized
+		if !hashing.PasswordsEqual(dbPassword, parsedPassword) {
+			return UserUnauthorized
 		}
 	}
 
-	c.add(p)
-	return p, err
+	return nil
 }
 
 func (c *Cache) add(p db.Paste) {