summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--pkg/basic_auth/middleware.go4
-rw-r--r--pkg/database/accounts.go4
2 files changed, 8 insertions, 0 deletions
diff --git a/pkg/basic_auth/middleware.go b/pkg/basic_auth/middleware.go
index 94cac56..1b51c8a 100644
--- a/pkg/basic_auth/middleware.go
+++ b/pkg/basic_auth/middleware.go
@@ -23,6 +23,10 @@ func Middleware(db *database.DB) func(http.Handler) http.Handler {
http.Error(w, "Internal Server Error", http.StatusInternalServerError)
return
}
+ if account == nil {
+ http.Error(w, "Forbidden", http.StatusForbidden)
+ return
+ }
if password != account.Password {
http.Error(w, "Forbidden", http.StatusForbidden)
return
diff --git a/pkg/database/accounts.go b/pkg/database/accounts.go
index 7902371..3919709 100644
--- a/pkg/database/accounts.go
+++ b/pkg/database/accounts.go
@@ -2,6 +2,7 @@ package database
import (
"database/sql"
+ "errors"
"fmt"
"log/slog"
"time"
@@ -32,6 +33,9 @@ func (db *DB) LoadAccountByUsername(username string) (*model.Account, error) {
&account.Settings,
)
if err != nil {
+ if errors.Is(err, sql.ErrNoRows) {
+ return nil, nil
+ }
return nil, err
}
password, err := db.dataEncryptionKey.DecryptAES256(encryptedPassword)