mika/rogueserver
1
0
Fork 0
mirror of https://github.com/pagefaultgames/rogueserver.git synced 2025-07-14 20:32:18 +02:00
Code Issues Packages Projects Releases Wiki Activity

Compare commits

base: mika:a087234aa8dc1a0bba45b3e215ac93f40108d039
Branches Tags
mika:master
mika:beta
mika:live
mika:save-rewrite
mika:styling-fixes
..
compare: mika:223bb6e90c842ad022f437830392543db0dfd127
Branches Tags
mika:beta
mika:live
mika:save-rewrite
mika:master
mika:styling-fixes

No commits in common. "a087234aa8dc1a0bba45b3e215ac93f40108d039" and "223bb6e90c842ad022f437830392543db0dfd127" have entirely different histories.
a087234aa8 ... 223bb6e90c

3 changed files with 33 additions and 14 deletions
Show Stats Expand all files Collapse all files

14
api/common.go
View File

@ -73,6 +73,20 @@ func tokenFromRequest(r *http.Request) ([]byte, error) {
return token, nil return token, nil
} }
func usernameFromRequest(r *http.Request) (string, error) {
token, err := tokenFromRequest(r)
if err != nil {
return "", err
}
username, err := db.FetchUsernameFromToken(token)
if err != nil {
return "", fmt.Errorf("failed to validate token: %s", err)
}
return username, nil
}
func uuidFromRequest(r *http.Request) ([]byte, error) { func uuidFromRequest(r *http.Request) ([]byte, error) {
token, err := tokenFromRequest(r) token, err := tokenFromRequest(r)
if err != nil { if err != nil {

6
api/endpoints.go
View File

@ -39,15 +39,15 @@ import (
// account // account
func handleAccountInfo(w http.ResponseWriter, r *http.Request) { func handleAccountInfo(w http.ResponseWriter, r *http.Request) {
uuid, err := uuidFromRequest(r) username, err := usernameFromRequest(r)
if err != nil { if err != nil {
httpError(w, r, err, http.StatusBadRequest) httpError(w, r, err, http.StatusBadRequest)
return return
} }
username, err := db.FetchUsernameFromUUID(uuid) uuid, err := uuidFromRequest(r) // lazy
if err != nil { if err != nil {
httpError(w, r, err, http.StatusInternalServerError) httpError(w, r, err, http.StatusBadRequest)
return return
} }

27
db/account.go
View File

@ -18,6 +18,7 @@
package db package db
import ( import (
"database/sql"
"fmt" "fmt"
"slices" "slices"
@ -185,6 +186,16 @@ func DeleteClaimedAccountCompensations(uuid []byte) error {
return nil return nil
} }
func FetchUsernameFromToken(token []byte) (string, error) {
var username string
err := handle.QueryRow("SELECT a.username FROM accounts a JOIN sessions s ON s.uuid = a.uuid WHERE s.token = ? AND s.expire > UTC_TIMESTAMP()", token).Scan(&username)
if err != nil {
return "", err
}
return username, nil
}
func FetchAccountKeySaltFromUsername(username string) ([]byte, []byte, error) { func FetchAccountKeySaltFromUsername(username string) ([]byte, []byte, error) {
var key, salt []byte var key, salt []byte
err := handle.QueryRow("SELECT hash, salt FROM accounts WHERE username = ?", username).Scan(&key, &salt) err := handle.QueryRow("SELECT hash, salt FROM accounts WHERE username = ?", username).Scan(&key, &salt)
@ -234,8 +245,12 @@ func UpdateActiveSession(uuid []byte, token []byte) error {
func FetchUUIDFromToken(token []byte) ([]byte, error) { func FetchUUIDFromToken(token []byte) ([]byte, error) {
var uuid []byte var uuid []byte
err := handle.QueryRow("SELECT uuid FROM sessions WHERE token = ?", token).Scan(&uuid) err := handle.QueryRow("SELECT uuid FROM sessions WHERE token = ? AND expire > UTC_TIMESTAMP()", token).Scan(&uuid)
if err != nil { if err != nil {
if err == sql.ErrNoRows {
return nil, err
}
return nil, err return nil, err
} }
@ -250,13 +265,3 @@ func RemoveSessionFromToken(token []byte) error {
return nil return nil
} }
func FetchUsernameFromUUID(uuid []byte) (string, error) {
var username string
err := handle.QueryRow("SELECT username FROM accounts WHERE uuid = ?", uuid).Scan(&username)
if err != nil {
return "", err
}
return username, nil
}