fix(tfstated): return 403 Forbidden on non existent account
This commit is contained in:
parent
478f42f8a9
commit
7c96e1b780
2 changed files with 8 additions and 0 deletions
|
@ -23,6 +23,10 @@ func Middleware(db *database.DB) func(http.Handler) http.Handler {
|
||||||
http.Error(w, "Internal Server Error", http.StatusInternalServerError)
|
http.Error(w, "Internal Server Error", http.StatusInternalServerError)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
if account == nil {
|
||||||
|
http.Error(w, "Forbidden", http.StatusForbidden)
|
||||||
|
return
|
||||||
|
}
|
||||||
if password != account.Password {
|
if password != account.Password {
|
||||||
http.Error(w, "Forbidden", http.StatusForbidden)
|
http.Error(w, "Forbidden", http.StatusForbidden)
|
||||||
return
|
return
|
||||||
|
|
|
@ -2,6 +2,7 @@ package database
|
||||||
|
|
||||||
import (
|
import (
|
||||||
"database/sql"
|
"database/sql"
|
||||||
|
"errors"
|
||||||
"fmt"
|
"fmt"
|
||||||
"log/slog"
|
"log/slog"
|
||||||
"time"
|
"time"
|
||||||
|
@ -32,6 +33,9 @@ func (db *DB) LoadAccountByUsername(username string) (*model.Account, error) {
|
||||||
&account.Settings,
|
&account.Settings,
|
||||||
)
|
)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
if errors.Is(err, sql.ErrNoRows) {
|
||||||
|
return nil, nil
|
||||||
|
}
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
password, err := db.dataEncryptionKey.DecryptAES256(encryptedPassword)
|
password, err := db.dataEncryptionKey.DecryptAES256(encryptedPassword)
|
||||||
|
|
Loading…
Add table
Reference in a new issue