fix(tfstated): return 403 Forbidden on non existent account

This commit is contained in:
Julien Dessaux 2024-11-15 23:59:14 +01:00
parent 478f42f8a9
commit 7c96e1b780
Signed by: adyxax
GPG key ID: F92E51B86E07177E
2 changed files with 8 additions and 0 deletions

View file

@ -23,6 +23,10 @@ func Middleware(db *database.DB) func(http.Handler) http.Handler {
http.Error(w, "Internal Server Error", http.StatusInternalServerError)
return
}
if account == nil {
http.Error(w, "Forbidden", http.StatusForbidden)
return
}
if password != account.Password {
http.Error(w, "Forbidden", http.StatusForbidden)
return

View file

@ -2,6 +2,7 @@ package database
import (
"database/sql"
"errors"
"fmt"
"log/slog"
"time"
@ -32,6 +33,9 @@ func (db *DB) LoadAccountByUsername(username string) (*model.Account, error) {
&account.Settings,
)
if err != nil {
if errors.Is(err, sql.ErrNoRows) {
return nil, nil
}
return nil, err
}
password, err := db.dataEncryptionKey.DecryptAES256(encryptedPassword)