diff options
| -rw-r--r-- | backend/cache/cache.go | 28 |
1 files changed, 22 insertions, 6 deletions
diff --git a/backend/cache/cache.go b/backend/cache/cache.go index 56581b8..1bbec78 100644 --- a/backend/cache/cache.go +++ b/backend/cache/cache.go @@ -32,7 +32,13 @@ func (c *Cache) Get(hash, userPassword string) (db.Paste, error) { c.lock.RUnlock() if ok { - return v, nil + // validate password + passErr := checkPassword(v.Password, userPassword) + if passErr != nil { + return db.Paste{}, passErr + } else { + return v, nil + } } // if it doesnt, lookup from db @@ -41,16 +47,26 @@ func (c *Cache) Get(hash, userPassword string) (db.Paste, error) { return p, PasteNotFound } + // validate password + passErr := checkPassword(p.Password, userPassword) + if passErr != nil { + return db.Paste{}, passErr + } + + c.add(p) + return p, err +} + +func checkPassword(dbPassword, parsedPassword string) error { // if there is a password, check the provided one against it - if p.Password != "" { + if dbPassword != "" { // if passwords do not match, the user is unauthorized - if !hashing.PasswordsEqual(p.Password, userPassword) { - return db.Paste{}, UserUnauthorized + if !hashing.PasswordsEqual(dbPassword, parsedPassword) { + return UserUnauthorized } } - c.add(p) - return p, err + return nil } func (c *Cache) add(p db.Paste) { |