fix(tfstated): return 403 Forbidden on non existent account
This commit is contained in:
parent
478f42f8a9
commit
7c96e1b780
2 changed files with 8 additions and 0 deletions
|
@ -23,6 +23,10 @@ func Middleware(db *database.DB) func(http.Handler) http.Handler {
|
|||
http.Error(w, "Internal Server Error", http.StatusInternalServerError)
|
||||
return
|
||||
}
|
||||
if account == nil {
|
||||
http.Error(w, "Forbidden", http.StatusForbidden)
|
||||
return
|
||||
}
|
||||
if password != account.Password {
|
||||
http.Error(w, "Forbidden", http.StatusForbidden)
|
||||
return
|
||||
|
|
|
@ -2,6 +2,7 @@ package database
|
|||
|
||||
import (
|
||||
"database/sql"
|
||||
"errors"
|
||||
"fmt"
|
||||
"log/slog"
|
||||
"time"
|
||||
|
@ -32,6 +33,9 @@ func (db *DB) LoadAccountByUsername(username string) (*model.Account, error) {
|
|||
&account.Settings,
|
||||
)
|
||||
if err != nil {
|
||||
if errors.Is(err, sql.ErrNoRows) {
|
||||
return nil, nil
|
||||
}
|
||||
return nil, err
|
||||
}
|
||||
password, err := db.dataEncryptionKey.DecryptAES256(encryptedPassword)
|
||||
|
|
Loading…
Add table
Reference in a new issue