diff options
| author | Benjamin Morrison <ben@gbmor.dev> | 2021-10-21 21:31:17 -0400 |
|---|---|---|
| committer | Benjamin Morrison <ben@gbmor.dev> | 2021-10-21 21:35:23 -0400 |
| commit | dd3d87bd97e41c77eea270812d338139fd87b9fc (patch) | |
| tree | 5ee99ab38e00c41190f82bef4b08a298c914f329 /svc/handlers.go | |
| parent | dcb254618dc5541bb50c488c96b5e02c36951c06 (diff) | |
| download | getwtxt-dd3d87bd97e41c77eea270812d338139fd87b9fc.tar.gz | |
delete a user, new config option for admin pass. pass is bcrypt hashed on startup and not stored in plaintext.
Diffstat (limited to 'svc/handlers.go')
| -rw-r--r-- | svc/handlers.go | 38 |
1 files changed, 38 insertions, 0 deletions
diff --git a/svc/handlers.go b/svc/handlers.go index cb07349..5dbb10d 100644 --- a/svc/handlers.go +++ b/svc/handlers.go @@ -20,15 +20,18 @@ along with Getwtxt. If not, see <https://www.gnu.org/licenses/>. package svc // import "git.sr.ht/~gbmor/getwtxt/svc" import ( + "errors" "fmt" "hash/fnv" "net/http" + "net/url" "strconv" "strings" "time" "git.sr.ht/~gbmor/getwtxt/registry" "github.com/gorilla/mux" + "golang.org/x/crypto/bcrypt" ) // Takes the modtime of one of the static files, derives @@ -242,3 +245,38 @@ func apiTagsHandler(w http.ResponseWriter, r *http.Request) { } log200(r) } + +func handleUserDelete(w http.ResponseWriter, r *http.Request) { + pass := r.Header.Get("X-Auth") + if pass == "" { + errHTTP(w, r, errors.New("unauthorized"), http.StatusUnauthorized) + return + } + confObj.Mu.RLock() + adminHash := []byte(confObj.AdminPassHash) + confObj.Mu.RUnlock() + + if err := bcrypt.CompareHashAndPassword(adminHash, []byte(pass)); err != nil { + errHTTP(w, r, errors.New("unauthorized"), http.StatusUnauthorized) + return + } + + r.ParseForm() + userURL := strings.TrimSpace(r.Form.Get("url")) + if userURL == "" { + errHTTP(w, r, errors.New("bad request"), http.StatusBadRequest) + return + } + if _, err := url.Parse(userURL); err != nil { + errHTTP(w, r, errors.New("bad request"), http.StatusBadRequest) + return + } + + if err := delUser(userURL); err != nil { + return + } + + w.WriteHeader(200) + w.Write([]byte("200 OK\n")) + log200(r) +} |