From 431352a0bbfc644100c971b2332cb1c45fe5125b Mon Sep 17 00:00:00 2001 From: James Mills Date: Sat, 30 Jan 2021 15:14:26 +1000 Subject: [PATCH] Remove refs to non-existent types package --- internal/api.go | 89 ------------------------------------------------- 1 file changed, 89 deletions(-) diff --git a/internal/api.go b/internal/api.go index 455da2e..0c10c03 100644 --- a/internal/api.go +++ b/internal/api.go @@ -12,7 +12,6 @@ import ( log "github.com/sirupsen/logrus" "git.mills.io/prologic/spyda/internal/passwords" - "git.mills.io/prologic/spyda/types" ) // ContextKey ... @@ -180,91 +179,3 @@ func (a *API) PingEndpoint() httprouter.Handle { _, _ = w.Write([]byte(`{}`)) } } - -// AuthEndpoint ... -func (a *API) AuthEndpoint() httprouter.Handle { - // #239: Throttle failed login attempts and lock user account. - failures := NewTTLCache(5 * time.Minute) - - return func(w http.ResponseWriter, r *http.Request, _ httprouter.Params) { - req, err := types.NewAuthRequest(r.Body) - if err != nil { - log.WithError(err).Error("error parsing auth request") - http.Error(w, "Bad Request", http.StatusBadRequest) - return - } - - username := NormalizeUsername(req.Username) - password := req.Password - - // Error: no username or password provided - if username == "" || password == "" { - log.Warn("no username or password provided") - http.Error(w, "Bad Request", http.StatusBadRequest) - return - } - - // Lookup user - user, err := a.db.GetUser(username) - if err != nil { - log.WithField("username", username).Warn("login attempt from non-existent user") - http.Error(w, "Invalid Credentials", http.StatusUnauthorized) - return - } - - // #239: Throttle failed login attempts and lock user account. - if failures.Get(user.Username) > MaxFailedLogins { - http.Error(w, "Account Locked", http.StatusTooManyRequests) - return - } - - // Validate cleartext password against KDF hash - err = a.pm.CheckPassword(user.Password, password) - if err != nil { - // #239: Throttle failed login attempts and lock user account. - failed := failures.Inc(user.Username) - time.Sleep(time.Duration(IntPow(2, failed)) * time.Second) - - log.WithField("username", username).Warn("login attempt with invalid credentials") - http.Error(w, "Invalid Credentials", http.StatusUnauthorized) - return - } - - // #239: Throttle failed login attempts and lock user account. - failures.Reset(user.Username) - - // Login successful - log.WithField("username", username).Info("login successful") - - token, err := a.CreateToken(user, r) - if err != nil { - log.WithError(err).Error("error creating token") - http.Error(w, "Internal Server Error", http.StatusInternalServerError) - return - } - - user.AddToken(token) - if err := a.db.SetToken(token.Signature, token); err != nil { - log.WithError(err).Error("error saving token object") - http.Error(w, "Internal Server Error", http.StatusInternalServerError) - return - } - if err := a.db.SetUser(user.Username, user); err != nil { - log.WithError(err).Error("error saving user object") - http.Error(w, "Internal Server Error", http.StatusInternalServerError) - return - } - - res := types.AuthResponse{Token: token.Value} - - body, err := res.Bytes() - if err != nil { - log.WithError(err).Error("error serializing response") - http.Error(w, "Internal Server Error", http.StatusInternalServerError) - return - } - - w.Header().Set("Content-Type", "application/json") - _, _ = w.Write(body) - } -}