Made /register require OTP from /init
UnicodingUnicorn
parent
407b317a4f
commit
44c804061d
12
README.md
12
README.md
|
|
@ -117,10 +117,17 @@ JWT token.
|
|||
### Register User
|
||||
|
||||
```
|
||||
POST /register
|
||||
POST /register/:code/:nonce
|
||||
```
|
||||
|
||||
Register a new user. Proxies `core`'s CreateUser endpoint, adding in a dummy token. Admittedly not the most secure implementation ever, but sue me it's 3AM now.
|
||||
Register a new user. Proxies `core`'s CreateUser endpoint, adding in a dummy token. Admittedly not the most secure implementation ever, but sue me it's 3AM now. Requires a code and nonce supplied from querying the `/init` endpoint.
|
||||
|
||||
#### Params
|
||||
|
||||
| Name | Type | Description | Required |
|
||||
| ---- | ---- | ----------- | -------- |
|
||||
| code | String | OTP code SMS-ed to the user. Initiated with the `/init` endpoint. | ✓ |
|
||||
| nonce | String | Nonce returned by the `/init` endpoint response. | ✓ |
|
||||
|
||||
#### Body
|
||||
|
||||
|
|
@ -148,4 +155,5 @@ Created user object.
|
|||
| Code | Description |
|
||||
| ---- | ----------- |
|
||||
| 400 | Error parsing submitted body, or fields first_name or last_name have a length of 0 |
|
||||
| 401 | Supplied OTP is invalid |
|
||||
| 500 | Error occurred inserting entry into database/proxying |
|
||||
|
|
|
|||
17
main.go
17
main.go
|
|
@ -84,7 +84,7 @@ func main() {
|
|||
router.POST("/login", Login);
|
||||
router.POST("/init", InitRequest)
|
||||
router.POST("/verify", VerifyCode)
|
||||
router.POST("/register", CreateUser)
|
||||
router.POST("/register/:code/:nonce", CreateUser)
|
||||
|
||||
// Start server
|
||||
log.Printf("starting server on %s", listen)
|
||||
|
|
@ -279,6 +279,21 @@ func Login(w http.ResponseWriter, r *http.Request, p httprouter.Params) {
|
|||
}
|
||||
|
||||
func CreateUser(w http.ResponseWriter, r *http.Request, p httprouter.Params) {
|
||||
code := p.ByName("code")
|
||||
nonce := p.ByName("nonce")
|
||||
|
||||
// Get nonce
|
||||
storedNonce, err := redisClient.Get(code + "nonce").Result()
|
||||
if err != nil {
|
||||
http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)
|
||||
return
|
||||
}
|
||||
|
||||
if nonce != storedNonce {
|
||||
http.Error(w, http.StatusText(http.StatusUnauthorized), http.StatusUnauthorized)
|
||||
return
|
||||
}
|
||||
|
||||
proxyReq, err := http.NewRequest(r.Method, coreURL, r.Body)
|
||||
if err != nil {
|
||||
http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)
|
||||
|
|
|
|||
Loading…
Reference in New Issue