summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorxengineering <me@xengineering.eu>2026-06-27 20:47:36 +0200
committerxengineering <me@xengineering.eu>2026-06-27 20:47:36 +0200
commitea4bd88963724c13f7b906d856af2d1c715fc056 (patch)
treefac5e3a690353b8124df28b4ff6be221bb0046a3
parent485fb6556eed127c59e52915ec2984ee84c8210b (diff)
downloadfinserv-ea4bd88963724c13f7b906d856af2d1c715fc056.tar
finserv-ea4bd88963724c13f7b906d856af2d1c715fc056.tar.zst
finserv-ea4bd88963724c13f7b906d856af2d1c715fc056.zip
Add core functionality of /api/authenticate
This handler now actually validates the username and password and returns a matching HTTP response code.
-rw-r--r--handlers.go9
1 files changed, 8 insertions, 1 deletions
diff --git a/handlers.go b/handlers.go
index ceeb79a..0ff2f26 100644
--- a/handlers.go
+++ b/handlers.go
@@ -45,7 +45,7 @@ func ApiAuthentication(db *sql.DB) http.Handler {
err := dec.Decode(&data)
if err != nil {
- log.Printf("Failed to decode: %v", err)
+ log.Printf("Failed to decode: %v.", err)
w.WriteHeader(http.StatusBadRequest)
return
}
@@ -61,5 +61,12 @@ func ApiAuthentication(db *sql.DB) http.Handler {
w.WriteHeader(http.StatusBadRequest)
return
}
+
+ err = Authenticate(db, data.Username, data.Password)
+ if err != nil {
+ log.Printf("Bad password on authentication of user '%s'.", data.Username)
+ w.WriteHeader(http.StatusUnauthorized)
+ return
+ }
})
}