Added endpoint to auth with username and password

2021-01-05 16:23:18 +01:00
parent b46e72999e
commit 6da74e0adc
4 changed files with 36 additions and 4 deletions
--- a/src/handlers/post.go
+++ b/src/handlers/post.go
@@ -75,7 +75,7 @@ func (h Handlers) AccountAuthAPIKey(c *fiber.Ctx) error {
 	inputAPIKey := string(c.Request().Body())
 	inputAPIKey = inputAPIKey[1 : len(inputAPIKey)-1]

-	resolvedAccount, accountErr := h.Db.AccountGet("", inputAPIKey)
+	resolvedAccount, accountErr := h.Db.AccountGet("", inputAPIKey, "")
 	if accountErr != nil {
 		if accountErr.Error() == "no rows in result set" {
 			return c.Status(403).JSON([]ResJSONError{{Error: "Invalid credentials"}})
@@ -86,3 +86,31 @@ func (h Handlers) AccountAuthAPIKey(c *fiber.Ctx) error {

 	return h.returnTokens(resolvedAccount, c)
 }
+
+// AccountAuthPassword auths a name/password pair
+func (h Handlers) AccountAuthPassword(c *fiber.Ctx) error {
+	type AuthInput struct {
+		Name     string `json:"name"`
+		Password string `json:"password"`
+	}
+
+	authInput := new(AuthInput)
+	if err := c.BodyParser(authInput); err != nil {
+		return c.Status(400).JSON([]ResJSONError{{Error: err.Error()}})
+	}
+
+	resolvedAccount, err := h.Db.AccountGet("", "", authInput.Name)
+	if err != nil {
+		if err.Error() == "No account found" {
+			return c.Status(403).JSON([]ResJSONError{{Error: "Invalid name or password"}})
+		}
+
+		return c.Status(500).JSON([]ResJSONError{{Error: err.Error()}})
+	}
+
+	if utils.CheckPasswordHash(authInput.Password, resolvedAccount.Password) == false {
+		return c.Status(403).JSON([]ResJSONError{{Error: "Invalid name or password"}})
+	}
+
+	return h.returnTokens(resolvedAccount, c)
+}