2 files changed, 17 insertions, 3 deletions

diff --git a/backend/api/api.go b/backend/api/api.go
index 59242ef..9dd68a9 100644
--- a/backend/api/api.go
+++ b/backend/api/api.go
@@ -31,7 +31,8 @@ func Serve(port int) {
 	r := mux.NewRouter()
 	r.HandleFunc("/health", healthCheckFunc)
 	r.HandleFunc("/api", insertFunc).Methods("POST", "OPTIONS")
-	r.HandleFunc("/api/{hash}", getHashFunc).Methods("GET", "OPTIONS")
+	r.HandleFunc("/api/{hash}", getPasteFunc).Methods("GET", "OPTIONS")
+	r.HandleFunc("/api/{hash}", getPasteWithPasswordFunc).Methods("POST", "OPTIONS")
 
 	http.Handle("/", r)
 
diff --git a/backend/api/routes.go b/backend/api/routes.go
index 7fb2114..f8d2e4f 100644
--- a/backend/api/routes.go
+++ b/backend/api/routes.go
@@ -51,13 +51,26 @@ func insertFunc(w http.ResponseWriter, r *http.Request) {
 	fmt.Fprintf(w, "%+v", string(jsonData))
 }
 
-func getHashFunc(w http.ResponseWriter, r *http.Request) {
+func getPasteFunc(w http.ResponseWriter, r *http.Request) {
+	// no password given for get
+	handleGetPaste(w, r, "")
+}
+
+func getPasteWithPasswordFunc(w http.ResponseWriter, r *http.Request) {
+	// get password from form
+	_ = r.ParseMultipartForm(0)
+	parsedPassword := r.FormValue("password")
+
+	handleGetPaste(w, r, parsedPassword)
+
+}
 
+func handleGetPaste(w http.ResponseWriter, r *http.Request, parsedPassword string) {
 	// Allow CORS
 	w.Header().Set("Access-Control-Allow-Origin", "*")
 
 	hash := mux.Vars(r)["hash"]
-	paste, err := cache.C.Get(hash)
+	paste, err := cache.C.Get(hash, parsedPassword)
 
 	// if hash was not found
 	if err == cache.PasteNotFound {