password hash cheching

2023-12-22 20:25:20 -03:00 · 2023-12-22 20:25:20 -03:00 · 534c282226
commit 534c282226
parent 99a9fd507e
25 changed files with 390 additions and 84 deletions
--- a/handler/CMakeLists.txt
+++ b/handler/CMakeLists.txt
@ -3,6 +3,7 @@ set(HEADERS
    info.h
    env.h
    register.h
+    login.h
 )

 set(SOURCES
@ -10,6 +11,7 @@ set(SOURCES
    info.cpp
    env.cpp
    register.cpp
+    login.cpp
 )

 target_sources(${PROJECT_NAME} PRIVATE ${SOURCES})
--- a/handler/env.cpp
+++ b/handler/env.cpp
@ -11,7 +11,7 @@ void Handler::Env::handle(Request& request) {
    nlohmann::json body = nlohmann::json::object();
    request.printEnvironment(body);

-    Response res(request);
+    Response& res = request.createResponse();
    res.setBody(body);
    res.send();
 }
--- a/handler/env.h
+++ b/handler/env.h
@ -7,10 +7,10 @@

 namespace Handler {

-class Env : public Handler::Handler {
+class Env : public Handler {
 public:
    Env();
-    virtual void handle(Request& request);
+    void handle(Request& request) override;

 };
 }
--- a/handler/info.cpp
+++ b/handler/info.cpp
@ -8,7 +8,7 @@ Handler::Info::Info():
 {}

 void Handler::Info::handle(Request& request) {
-    Response res(request);
+    Response& res = request.createResponse();
    nlohmann::json body = nlohmann::json::object();
    body["type"] = PROJECT_NAME;
    body["version"] = PROJECT_VERSION;
--- a/handler/login.cpp
+++ b/handler/login.cpp
@ -0,0 +1,65 @@
+//  SPDX-FileCopyrightText: 2023 Yury Gubich <blue@macaw.me>
+//  SPDX-License-Identifier: GPL-3.0-or-later
+
+#include "login.h"
+
+#include "server/server.h"
+#include "database/exceptions.h"
+
+Handler::Login::Login(Server* server):
+    Handler("login", Request::Method::post),
+    server(server)
+{}
+
+void Handler::Login::handle(Request& request) {
+    std::map form = request.getForm();
+    std::map<std::string, std::string>::const_iterator itr = form.find("login");
+    if (itr == form.end())
+        return error(request, Result::noLogin, Response::Status::badRequest);
+
+    const std::string& login = itr->second;
+    if (login.empty())
+        return error(request, Result::emptyLogin, Response::Status::badRequest);
+
+    itr = form.find("password");
+    if (itr == form.end())
+        return error(request, Result::noPassword, Response::Status::badRequest);
+
+    const std::string& password = itr->second;
+    if (password.empty())
+        return error(request, Result::emptyPassword, Response::Status::badRequest);
+
+    bool success = false;
+    try {
+        success = server->validatePassword(login, password);
+    } catch (const DBInterface::NoLogin& e) {
+        std::cerr << "Exception on registration:\n\t" << e.what() << std::endl;
+        return error(request, Result::noLogin, Response::Status::badRequest); //can send unauthed instead, to exclude login spoofing
+    } catch (const std::exception& e) {
+        std::cerr << "Exception on registration:\n\t" << e.what() << std::endl;
+        return error(request, Result::unknownError, Response::Status::internalError);
+    }  catch (...) {
+        std::cerr << "Unknown exception on registration" << std::endl;
+        return error(request, Result::unknownError, Response::Status::internalError);
+    }
+    if (!success)
+        return error(request, Result::noLogin, Response::Status::badRequest);
+
+    //TODO opening the session
+
+    Response& res = request.createResponse();
+    nlohmann::json body = nlohmann::json::object();
+    body["result"] = Result::success;
+
+    res.setBody(body);
+    res.send();
+}
+
+void Handler::Login::error(Request& request, Result result, Response::Status code) {
+    Response& res = request.createResponse(code);
+    nlohmann::json body = nlohmann::json::object();
+    body["result"] = result;
+
+    res.setBody(body);
+    res.send();
+}
--- a/handler/login.h
+++ b/handler/login.h
@ -0,0 +1,32 @@
+//  SPDX-FileCopyrightText: 2023 Yury Gubich <blue@macaw.me>
+//  SPDX-License-Identifier: GPL-3.0-or-later
+
+#pragma once
+
+#include "handler.h"
+
+class Server;
+namespace Handler {
+
+class Login : public Handler {
+public:
+    Login(Server* server);
+    void handle(Request& request) override;
+
+    enum class Result {
+        success,
+        noLogin,
+        emptyLogin,
+        noPassword,
+        emptyPassword,
+        unknownError
+    };
+
+private:
+    void error(Request& request, Result result, Response::Status code);
+
+private:
+    Server* server;
+};
+}
+
--- a/handler/register.cpp
+++ b/handler/register.cpp
@ -4,6 +4,7 @@
 #include "register.h"

 #include "server/server.h"
+#include "database/exceptions.h"

 Handler::Register::Register(Server* server):
    Handler("register", Request::Method::post),
@ -14,35 +15,38 @@ void Handler::Register::handle(Request& request) {
    std::map form = request.getForm();
    std::map<std::string, std::string>::const_iterator itr = form.find("login");
    if (itr == form.end())
-        return error(request, Result::noLogin);
+        return error(request, Result::noLogin, Response::Status::badRequest);

    const std::string& login = itr->second;
    if (login.empty())
-        return error(request, Result::emptyLogin);
+        return error(request, Result::emptyLogin, Response::Status::badRequest);

    //TODO login policies checkup

    itr = form.find("password");
    if (itr == form.end())
-        return error(request, Result::noPassword);
+        return error(request, Result::noPassword, Response::Status::badRequest);

    const std::string& password = itr->second;
    if (password.empty())
-        return error(request, Result::emptyPassword);
+        return error(request, Result::emptyPassword, Response::Status::badRequest);

    //TODO password policies checkup

    try {
        server->registerAccount(login, password);
+    } catch (const DBInterface::DuplicateLogin& e) {
+        std::cerr << "Exception on registration:\n\t" << e.what() << std::endl;
+        return error(request, Result::loginExists, Response::Status::conflict);
    } catch (const std::exception& e) {
        std::cerr << "Exception on registration:\n\t" << e.what() << std::endl;
-        return error(request, Result::unknownError);
-    } catch (...) {
+        return error(request, Result::unknownError, Response::Status::internalError);
+    }  catch (...) {
        std::cerr << "Unknown exception on registration" << std::endl;
-        return error(request, Result::unknownError);
+        return error(request, Result::unknownError, Response::Status::internalError);
    }

-    Response res(request);
+    Response& res = request.createResponse();
    nlohmann::json body = nlohmann::json::object();
    body["result"] = Result::success;

@ -50,8 +54,8 @@ void Handler::Register::handle(Request& request) {
    res.send();
 }

-void Handler::Register::error(Request& request, Result result) {
-    Response res(request);
+void Handler::Register::error(Request& request, Result result, Response::Status code) {
+    Response& res = request.createResponse(code);
    nlohmann::json body = nlohmann::json::object();
    body["result"] = result;

--- a/handler/register.h
+++ b/handler/register.h
@ -8,10 +8,10 @@
 class Server;
 namespace Handler {

-class Register : public Handler::Handler {
+class Register : public Handler {
 public:
    Register(Server* server);
-    virtual void handle(Request& request);
+    void handle(Request& request) override;

    enum class Result {
        success,
@ -26,7 +26,7 @@ public:
    };

 private:
-    void error(Request& request, Result result);
+    void error(Request& request, Result result, Response::Status code);

 private:
    Server* server;