More stuff for login and editor
This commit is contained in:
Caleb Gardner
@@ -104,7 +104,7 @@ func (b *Backend) ServeHTTP(w http.ResponseWriter, r *http.Request) {
|
||||
if r.Method == http.MethodOptions {
|
||||
w.Header().Set("Access-Control-Allow-Methods", "*")
|
||||
w.Header().Set("Access-Control-Allow-Credentials", "true")
|
||||
w.Header().Set("Access-Control-Allow-Headers", "*")
|
||||
w.Header().Set("Access-Control-Allow-Headers", "*, Authorization")
|
||||
}
|
||||
}
|
||||
b.m.ServeHTTP(w, r)
|
||||
|
||||
@@ -39,6 +39,9 @@ func (m *MongoTable[T]) Find(ctx context.Context, values map[string]any) ([]T, e
|
||||
}
|
||||
var out []T
|
||||
err = res.All(ctx, &out)
|
||||
if len(out) == 0 {
|
||||
return nil, backend.ErrNotFound
|
||||
}
|
||||
return out, err
|
||||
}
|
||||
|
||||
|
||||
@@ -52,7 +52,7 @@ func (b *Backend) ParseHeader(r *http.Request) (*ParsedHeader, error) {
|
||||
}
|
||||
out.Key = apiKey
|
||||
} else {
|
||||
fmt.Println(r.Header.Get("origin"))
|
||||
fmt.Println("origin:", r.Header.Get("origin"))
|
||||
keys, err := b.keyTable.Find(r.Context(), map[string]any{"allowedOrigins": r.Header.Get("origin")})
|
||||
if err == ErrNotFound {
|
||||
return nil, ErrApiKeyUnauthorized
|
||||
|
||||
@@ -1,12 +1,14 @@
|
||||
package backend
|
||||
|
||||
import (
|
||||
"context"
|
||||
"crypto/rand"
|
||||
"encoding/base64"
|
||||
"encoding/json"
|
||||
"errors"
|
||||
"log"
|
||||
"net/http"
|
||||
"strconv"
|
||||
"time"
|
||||
|
||||
"github.com/golang-jwt/jwt/v5"
|
||||
@@ -208,9 +210,10 @@ type loginRequest struct {
|
||||
}
|
||||
|
||||
type loginReturn struct {
|
||||
Token string `json:"token"`
|
||||
Error string `json:"error"`
|
||||
Timeout int64 `json:"timeout"`
|
||||
Token string `json:"token"`
|
||||
Error string `json:"error"`
|
||||
ErrorMsg string `json:"errorMsg"`
|
||||
Timeout int64 `json:"timeout"`
|
||||
}
|
||||
|
||||
func (b *Backend) login(w http.ResponseWriter, r *http.Request) {
|
||||
@@ -234,6 +237,7 @@ func (b *Backend) login(w http.ResponseWriter, r *http.Request) {
|
||||
users, err := b.userTable.Find(r.Context(), map[string]any{"username": req.Username})
|
||||
if errors.Is(err, ErrNotFound) || len(users) != 1 {
|
||||
ret.Error = "invalid"
|
||||
ret.ErrorMsg = "Incorrect username or password"
|
||||
w.WriteHeader(http.StatusUnauthorized)
|
||||
json.NewEncoder(w).Encode(ret)
|
||||
return
|
||||
@@ -241,7 +245,8 @@ func (b *Backend) login(w http.ResponseWriter, r *http.Request) {
|
||||
u := users[0]
|
||||
if time.Unix(u.Timeout, 0).After(time.Now()) {
|
||||
ret.Error = "timeout"
|
||||
ret.Timeout = time.Now().Unix() - u.Timeout
|
||||
ret.Timeout = u.Timeout - time.Now().Unix()
|
||||
ret.ErrorMsg = "Timed out for " + strconv.Itoa(int(ret.Timeout)) + " seconds"
|
||||
w.WriteHeader(http.StatusUnauthorized)
|
||||
json.NewEncoder(w).Encode(ret)
|
||||
return
|
||||
@@ -260,8 +265,15 @@ func (b *Backend) login(w http.ResponseWriter, r *http.Request) {
|
||||
return
|
||||
}
|
||||
json.NewEncoder(w).Encode(ret)
|
||||
if u.Fails != 0 {
|
||||
err = b.userTable.PartUpdate(context.Background(), u.ID, map[string]any{"fails": 0})
|
||||
if err != nil {
|
||||
log.Println("error resetting fails after successful login:", err)
|
||||
}
|
||||
}
|
||||
} else {
|
||||
ret.Error = "invalid"
|
||||
ret.ErrorMsg = "Incorrect username or password"
|
||||
upd := map[string]any{"fails": u.Fails + 1}
|
||||
if (u.Fails+1)%3 == 0 {
|
||||
minutes := 3 ^ ((u.Fails / 3) - 1)
|
||||
|
||||
Reference in New Issue
Block a user