summaryrefslogtreecommitdiff
path: root/pkg/basic_auth/middleware.go
diff options
context:
space:
mode:
authorJulien Dessaux2024-11-17 00:05:22 +0100
committerJulien Dessaux2024-12-17 23:19:18 +0100
commit25ed1188ed970a19675befef12afe68045565c4a (patch)
tree5cfc55047d833400028fb69a7f069f5cedecaacd /pkg/basic_auth/middleware.go
parentfix(tfstated): hash passwords instead of relying on the database encryption key (diff)
downloadtfstated-25ed1188ed970a19675befef12afe68045565c4a.tar.gz
tfstated-25ed1188ed970a19675befef12afe68045565c4a.tar.bz2
tfstated-25ed1188ed970a19675befef12afe68045565c4a.zip
chore(tfstated): refactor helpers to their own package
Diffstat (limited to 'pkg/basic_auth/middleware.go')
-rw-r--r--pkg/basic_auth/middleware.go16
1 files changed, 7 insertions, 9 deletions
diff --git a/pkg/basic_auth/middleware.go b/pkg/basic_auth/middleware.go
index 7f8fb4a..0e22ad3 100644
--- a/pkg/basic_auth/middleware.go
+++ b/pkg/basic_auth/middleware.go
@@ -2,10 +2,12 @@ package basic_auth
import (
"context"
+ "fmt"
"net/http"
"time"
"git.adyxax.org/adyxax/tfstated/pkg/database"
+ "git.adyxax.org/adyxax/tfstated/pkg/helpers"
"git.adyxax.org/adyxax/tfstated/pkg/model"
)
@@ -15,26 +17,22 @@ func Middleware(db *database.DB) func(http.Handler) http.Handler {
username, password, ok := r.BasicAuth()
if !ok {
w.Header().Set("WWW-Authenticate", `Basic realm="tfstated", charset="UTF-8"`)
- http.Error(w, "Unauthorized", http.StatusUnauthorized)
+ helpers.ErrorResponse(w, http.StatusUnauthorized, fmt.Errorf("Unauthorized"))
return
}
account, err := db.LoadAccountByUsername(username)
if err != nil {
- http.Error(w, "Internal Server Error", http.StatusInternalServerError)
+ helpers.ErrorResponse(w, http.StatusInternalServerError, err)
return
}
- if account == nil {
- http.Error(w, "Forbidden", http.StatusForbidden)
- return
- }
- if !account.CheckPassword(password) {
- http.Error(w, "Forbidden", http.StatusForbidden)
+ if account == nil || !account.CheckPassword(password) {
+ helpers.ErrorResponse(w, http.StatusForbidden, fmt.Errorf("Forbidden"))
return
}
now := time.Now().UTC()
_, err = db.Exec(`UPDATE accounts SET last_login = ? WHERE id = ?`, now.Unix(), account.Id)
if err != nil {
- http.Error(w, "Internal Server Error", http.StatusInternalServerError)
+ helpers.ErrorResponse(w, http.StatusInternalServerError, err)
return
}
ctx := context.WithValue(r.Context(), model.AccountContextKey{}, account)