Remove refs to non-existent types package

internal/api.go

@@ -12,7 +12,6 @@ import (
 	log "github.com/sirupsen/logrus"
 
 	"git.mills.io/prologic/spyda/internal/passwords"
-	"git.mills.io/prologic/spyda/types"
 )
 
 // ContextKey ...
@@ -180,91 +179,3 @@ func (a *API) PingEndpoint() httprouter.Handle {
 		_, _ = w.Write([]byte(`{}`))
 	}
 }
-
-// AuthEndpoint ...
-func (a *API) AuthEndpoint() httprouter.Handle {
-	// #239: Throttle failed login attempts and lock user  account.
-	failures := NewTTLCache(5 * time.Minute)
-
-	return func(w http.ResponseWriter, r *http.Request, _ httprouter.Params) {
-		req, err := types.NewAuthRequest(r.Body)
-		if err != nil {
-			log.WithError(err).Error("error parsing auth request")
-			http.Error(w, "Bad Request", http.StatusBadRequest)
-			return
-		}
-
-		username := NormalizeUsername(req.Username)
-		password := req.Password
-
-		// Error: no username or password provided
-		if username == "" || password == "" {
-			log.Warn("no username or password provided")
-			http.Error(w, "Bad Request", http.StatusBadRequest)
-			return
-		}
-
-		// Lookup user
-		user, err := a.db.GetUser(username)
-		if err != nil {
-			log.WithField("username", username).Warn("login attempt from non-existent user")
-			http.Error(w, "Invalid Credentials", http.StatusUnauthorized)
-			return
-		}
-
-		// #239: Throttle failed login attempts and lock user  account.
-		if failures.Get(user.Username) > MaxFailedLogins {
-			http.Error(w, "Account Locked", http.StatusTooManyRequests)
-			return
-		}
-
-		// Validate cleartext password against KDF hash
-		err = a.pm.CheckPassword(user.Password, password)
-		if err != nil {
-			// #239: Throttle failed login attempts and lock user  account.
-			failed := failures.Inc(user.Username)
-			time.Sleep(time.Duration(IntPow(2, failed)) * time.Second)
-
-			log.WithField("username", username).Warn("login attempt with invalid credentials")
-			http.Error(w, "Invalid Credentials", http.StatusUnauthorized)
-			return
-		}
-
-		// #239: Throttle failed login attempts and lock user  account.
-		failures.Reset(user.Username)
-
-		// Login successful
-		log.WithField("username", username).Info("login successful")
-
-		token, err := a.CreateToken(user, r)
-		if err != nil {
-			log.WithError(err).Error("error creating token")
-			http.Error(w, "Internal Server Error", http.StatusInternalServerError)
-			return
-		}
-
-		user.AddToken(token)
-		if err := a.db.SetToken(token.Signature, token); err != nil {
-			log.WithError(err).Error("error saving token object")
-			http.Error(w, "Internal Server Error", http.StatusInternalServerError)
-			return
-		}
-		if err := a.db.SetUser(user.Username, user); err != nil {
-			log.WithError(err).Error("error saving user object")
-			http.Error(w, "Internal Server Error", http.StatusInternalServerError)
-			return
-		}
-
-		res := types.AuthResponse{Token: token.Value}
-
-		body, err := res.Bytes()
-		if err != nil {
-			log.WithError(err).Error("error serializing response")
-			http.Error(w, "Internal Server Error", http.StatusInternalServerError)
-			return
-		}
-
-		w.Header().Set("Content-Type", "application/json")
-		_, _ = w.Write(body)
-	}
-}