Made /register require OTP from /init
parent
407b317a4f
commit
44c804061d
12
README.md
12
README.md
|
@ -117,10 +117,17 @@ JWT token.
|
||||||
### Register User
|
### Register User
|
||||||
|
|
||||||
```
|
```
|
||||||
POST /register
|
POST /register/:code/:nonce
|
||||||
```
|
```
|
||||||
|
|
||||||
Register a new user. Proxies `core`'s CreateUser endpoint, adding in a dummy token. Admittedly not the most secure implementation ever, but sue me it's 3AM now.
|
Register a new user. Proxies `core`'s CreateUser endpoint, adding in a dummy token. Admittedly not the most secure implementation ever, but sue me it's 3AM now. Requires a code and nonce supplied from querying the `/init` endpoint.
|
||||||
|
|
||||||
|
#### Params
|
||||||
|
|
||||||
|
| Name | Type | Description | Required |
|
||||||
|
| ---- | ---- | ----------- | -------- |
|
||||||
|
| code | String | OTP code SMS-ed to the user. Initiated with the `/init` endpoint. | ✓ |
|
||||||
|
| nonce | String | Nonce returned by the `/init` endpoint response. | ✓ |
|
||||||
|
|
||||||
#### Body
|
#### Body
|
||||||
|
|
||||||
|
@ -148,4 +155,5 @@ Created user object.
|
||||||
| Code | Description |
|
| Code | Description |
|
||||||
| ---- | ----------- |
|
| ---- | ----------- |
|
||||||
| 400 | Error parsing submitted body, or fields first_name or last_name have a length of 0 |
|
| 400 | Error parsing submitted body, or fields first_name or last_name have a length of 0 |
|
||||||
|
| 401 | Supplied OTP is invalid |
|
||||||
| 500 | Error occurred inserting entry into database/proxying |
|
| 500 | Error occurred inserting entry into database/proxying |
|
||||||
|
|
17
main.go
17
main.go
|
@ -84,7 +84,7 @@ func main() {
|
||||||
router.POST("/login", Login);
|
router.POST("/login", Login);
|
||||||
router.POST("/init", InitRequest)
|
router.POST("/init", InitRequest)
|
||||||
router.POST("/verify", VerifyCode)
|
router.POST("/verify", VerifyCode)
|
||||||
router.POST("/register", CreateUser)
|
router.POST("/register/:code/:nonce", CreateUser)
|
||||||
|
|
||||||
// Start server
|
// Start server
|
||||||
log.Printf("starting server on %s", listen)
|
log.Printf("starting server on %s", listen)
|
||||||
|
@ -279,6 +279,21 @@ func Login(w http.ResponseWriter, r *http.Request, p httprouter.Params) {
|
||||||
}
|
}
|
||||||
|
|
||||||
func CreateUser(w http.ResponseWriter, r *http.Request, p httprouter.Params) {
|
func CreateUser(w http.ResponseWriter, r *http.Request, p httprouter.Params) {
|
||||||
|
code := p.ByName("code")
|
||||||
|
nonce := p.ByName("nonce")
|
||||||
|
|
||||||
|
// Get nonce
|
||||||
|
storedNonce, err := redisClient.Get(code + "nonce").Result()
|
||||||
|
if err != nil {
|
||||||
|
http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
|
if nonce != storedNonce {
|
||||||
|
http.Error(w, http.StatusText(http.StatusUnauthorized), http.StatusUnauthorized)
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
proxyReq, err := http.NewRequest(r.Method, coreURL, r.Body)
|
proxyReq, err := http.NewRequest(r.Method, coreURL, r.Body)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)
|
http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)
|
||||||
|
|
Loading…
Reference in New Issue