Actually end the connection when request checks fail #18

Merged
bendodroid merged 1 commit from :Bendodroid-fixAuthentication into main 2024-01-15 23:36:10 +01:00
3 changed files with 26 additions and 23 deletions
Showing only changes of commit cf9678d712 - Show all commits

View file

@ -17,14 +17,17 @@ func EnvironmentSensor(
resp *types.EnvironmentSensor, resp *types.EnvironmentSensor,
) func(http.ResponseWriter, *http.Request) { ) func(http.ResponseWriter, *http.Request) {
return func(w http.ResponseWriter, r *http.Request) { return func(w http.ResponseWriter, r *http.Request) {
body := string(updateEndpointValidator(authDB, validCredentials, w, r)) body, err := updateEndpointValidator(authDB, validCredentials, w, r)
if err != nil {
log.Println(err)
return
}
// Parse request body // Parse request body
newState, err := strconv.ParseFloat(body, 64) newState, err := strconv.ParseFloat(string(body), 64)
if err != nil || math.IsInf(newState, 0) { if err != nil || math.IsInf(newState, 0) {
log.Println("Failed to parse request body from", r.RemoteAddr, "body:", body) log.Println("Failed to parse request body from", r.RemoteAddr, "with error:", err)
w.WriteHeader(http.StatusBadRequest) http.Error(w, "HTTP request body has to be a valid float64 value != +/-Inf", http.StatusBadRequest)
_, _ = io.WriteString(w, "HTTP request body has to be a valid float64 value != +/-Inf")
return return
} }

View file

@ -16,14 +16,17 @@ func StateOpen(
resp *types.SpaceState, resp *types.SpaceState,
) func(http.ResponseWriter, *http.Request) { ) func(http.ResponseWriter, *http.Request) {
return func(w http.ResponseWriter, r *http.Request) { return func(w http.ResponseWriter, r *http.Request) {
body := string(updateEndpointValidator(authDB, validCredentials, w, r)) body, err := updateEndpointValidator(authDB, validCredentials, w, r)
if err != nil {
log.Println(err)
return
}
// Parse request body // Parse request body
newState, err := strconv.ParseBool(body) newState, err := strconv.ParseBool(string(body))
if err != nil { if err != nil {
log.Println("Failed to parse request body from", r.RemoteAddr, "body:", body) log.Println("Failed to parse request body from", r.RemoteAddr, "with error:", err)
w.WriteHeader(http.StatusBadRequest) http.Error(w, "HTTP request body should either be true or false", http.StatusBadRequest)
_, _ = io.WriteString(w, "HTTP request body should either be true or false")
return return
} }

View file

@ -1,8 +1,9 @@
package handlers package handlers
import ( import (
"errors"
"fmt"
"io" "io"
"log"
"net/http" "net/http"
"gitlab.hamburg.ccc.de/ccchh/spaceapid/config" "gitlab.hamburg.ccc.de/ccchh/spaceapid/config"
@ -14,32 +15,28 @@ import (
func updateEndpointValidator( func updateEndpointValidator(
authDB config.HTTPBACredentials, validCredentials []config.HTTPBACredentialID, authDB config.HTTPBACredentials, validCredentials []config.HTTPBACredentialID,
w http.ResponseWriter, r *http.Request, w http.ResponseWriter, r *http.Request,
) (body []byte) { ) ([]byte, error) {
// Check BasicAuth credentials // Check BasicAuth credentials
username, password, ok := r.BasicAuth() username, password, ok := r.BasicAuth()
if !ok || !util.CheckCredentials(authDB, validCredentials, username, password) { if !ok || !util.CheckCredentials(authDB, validCredentials, username, password) {
log.Println("Unauthorized request from", r.RemoteAddr, "Username:", username, "Password:", password)
w.Header().Set("WWW-Authenticate", "Basic realm=\"space-api\"") w.Header().Set("WWW-Authenticate", "Basic realm=\"space-api\"")
w.WriteHeader(http.StatusUnauthorized) http.Error(w, "", http.StatusUnauthorized)
return return []byte{}, errors.New(fmt.Sprintf("Unauthorized request from %s Username: %s Password: %s", r.RemoteAddr, username, password))
} }
// Check if PUT method // Check if PUT method
if r.Method != http.MethodPut { if r.Method != http.MethodPut {
log.Println("Wrong Method: ", r.Method, "from", r.RemoteAddr, "at", r.RequestURI)
w.Header().Set("Allow", http.MethodPut) w.Header().Set("Allow", http.MethodPut)
w.WriteHeader(http.StatusMethodNotAllowed) http.Error(w, "", http.StatusMethodNotAllowed)
return return []byte{}, errors.New(fmt.Sprintf("Wrong Method: %s from %s at %s", r.Method, r.RemoteAddr, r.RequestURI))
} }
// Read request body // Read request body
body, err := io.ReadAll(r.Body) body, err := io.ReadAll(r.Body)
if err != nil { if err != nil {
log.Println("Failed to read request body from", r.RemoteAddr) http.Error(w, "", http.StatusInternalServerError)
w.WriteHeader(http.StatusInternalServerError) return []byte{}, errors.New(fmt.Sprintf("Failed to read request body from %s with error: %s", r.RemoteAddr, err))
_, _ = io.WriteString(w, "Failed reading HTTP request body")
return
} }
return body return body, nil
} }