Actually end the connection when request checks fail #18

Merged
bendodroid merged 1 commit from :Bendodroid-fixAuthentication into main 2024-01-15 23:36:10 +01:00
3 changed files with 26 additions and 23 deletions
Showing only changes of commit cf9678d712 - Show all commits

View file

@ -17,14 +17,17 @@ func EnvironmentSensor(
resp *types.EnvironmentSensor,
) func(http.ResponseWriter, *http.Request) {
return func(w http.ResponseWriter, r *http.Request) {
body := string(updateEndpointValidator(authDB, validCredentials, w, r))
body, err := updateEndpointValidator(authDB, validCredentials, w, r)
if err != nil {
log.Println(err)
return
}
// Parse request body
newState, err := strconv.ParseFloat(body, 64)
newState, err := strconv.ParseFloat(string(body), 64)
if err != nil || math.IsInf(newState, 0) {
log.Println("Failed to parse request body from", r.RemoteAddr, "body:", body)
w.WriteHeader(http.StatusBadRequest)
_, _ = io.WriteString(w, "HTTP request body has to be a valid float64 value != +/-Inf")
log.Println("Failed to parse request body from", r.RemoteAddr, "with error:", err)
http.Error(w, "HTTP request body has to be a valid float64 value != +/-Inf", http.StatusBadRequest)
return
}

View file

@ -16,14 +16,17 @@ func StateOpen(
resp *types.SpaceState,
) func(http.ResponseWriter, *http.Request) {
return func(w http.ResponseWriter, r *http.Request) {
body := string(updateEndpointValidator(authDB, validCredentials, w, r))
body, err := updateEndpointValidator(authDB, validCredentials, w, r)
if err != nil {
log.Println(err)
return
}
// Parse request body
newState, err := strconv.ParseBool(body)
newState, err := strconv.ParseBool(string(body))
if err != nil {
log.Println("Failed to parse request body from", r.RemoteAddr, "body:", body)
w.WriteHeader(http.StatusBadRequest)
_, _ = io.WriteString(w, "HTTP request body should either be true or false")
log.Println("Failed to parse request body from", r.RemoteAddr, "with error:", err)
http.Error(w, "HTTP request body should either be true or false", http.StatusBadRequest)
return
}

View file

@ -1,8 +1,9 @@
package handlers
import (
"errors"
"fmt"
"io"
"log"
"net/http"
"gitlab.hamburg.ccc.de/ccchh/spaceapid/config"
@ -14,32 +15,28 @@ import (
func updateEndpointValidator(
authDB config.HTTPBACredentials, validCredentials []config.HTTPBACredentialID,
w http.ResponseWriter, r *http.Request,
) (body []byte) {
) ([]byte, error) {
// Check BasicAuth credentials
username, password, ok := r.BasicAuth()
if !ok || !util.CheckCredentials(authDB, validCredentials, username, password) {
log.Println("Unauthorized request from", r.RemoteAddr, "Username:", username, "Password:", password)
w.Header().Set("WWW-Authenticate", "Basic realm=\"space-api\"")
w.WriteHeader(http.StatusUnauthorized)
return
http.Error(w, "", http.StatusUnauthorized)
return []byte{}, errors.New(fmt.Sprintf("Unauthorized request from %s Username: %s Password: %s", r.RemoteAddr, username, password))
}
// Check if PUT method
if r.Method != http.MethodPut {
log.Println("Wrong Method: ", r.Method, "from", r.RemoteAddr, "at", r.RequestURI)
w.Header().Set("Allow", http.MethodPut)
w.WriteHeader(http.StatusMethodNotAllowed)
return
http.Error(w, "", http.StatusMethodNotAllowed)
return []byte{}, errors.New(fmt.Sprintf("Wrong Method: %s from %s at %s", r.Method, r.RemoteAddr, r.RequestURI))
}
// Read request body
body, err := io.ReadAll(r.Body)
if err != nil {
log.Println("Failed to read request body from", r.RemoteAddr)
w.WriteHeader(http.StatusInternalServerError)
_, _ = io.WriteString(w, "Failed reading HTTP request body")
return
http.Error(w, "", http.StatusInternalServerError)
return []byte{}, errors.New(fmt.Sprintf("Failed to read request body from %s with error: %s", r.RemoteAddr, err))
}
return body
return body, nil
}