From d892cad72c1eb4ae20c1b7f1c5b9451650454c28 Mon Sep 17 00:00:00 2001
From: Ryan Mehri <ryan.mehri1@gmail.com>
Date: Mon, 11 May 2020 20:41:16 -0600
Subject: Add password check on post hash

---
 backend/api/api.go    |  1 +
 backend/api/routes.go | 15 ++++++++++++++-
 2 files changed, 15 insertions(+), 1 deletion(-)

(limited to 'backend/api')

diff --git a/backend/api/api.go b/backend/api/api.go
index 59242ef..59fecba 100644
--- a/backend/api/api.go
+++ b/backend/api/api.go
@@ -32,6 +32,7 @@ func Serve(port int) {
 	r.HandleFunc("/health", healthCheckFunc)
 	r.HandleFunc("/api", insertFunc).Methods("POST", "OPTIONS")
 	r.HandleFunc("/api/{hash}", getHashFunc).Methods("GET", "OPTIONS")
+	r.HandleFunc("/api/{hash}", getHashWithPasswordFunc).Methods("POST", "OPTIONS")
 
 	http.Handle("/", r)
 
diff --git a/backend/api/routes.go b/backend/api/routes.go
index 7fb2114..6b9ba43 100644
--- a/backend/api/routes.go
+++ b/backend/api/routes.go
@@ -52,12 +52,25 @@ func insertFunc(w http.ResponseWriter, r *http.Request) {
 }
 
 func getHashFunc(w http.ResponseWriter, r *http.Request) {
+	// no password given for get
+	handleGetHash(w, r, "")
+}
+
+func getHashWithPasswordFunc(w http.ResponseWriter, r *http.Request) {
+	// get password from form
+	_ = r.ParseMultipartForm(0)
+	gotPassword := r.FormValue("password")
+
+	handleGetHash(w, r, gotPassword)
+
+}
 
+func handleGetHash(w http.ResponseWriter, r *http.Request, gotPassword string) {
 	// Allow CORS
 	w.Header().Set("Access-Control-Allow-Origin", "*")
 
 	hash := mux.Vars(r)["hash"]
-	paste, err := cache.C.Get(hash)
+	paste, err := cache.C.Get(hash, gotPassword)
 
 	// if hash was not found
 	if err == cache.PasteNotFound {
-- 
cgit v1.2.3