diff options
| author | xengineering <me@xengineering.eu> | 2026-06-27 21:21:45 +0200 |
|---|---|---|
| committer | xengineering <me@xengineering.eu> | 2026-06-27 21:21:45 +0200 |
| commit | 132990e985751e40c263224a62983c8013409a36 (patch) | |
| tree | f4952cde44a950bfe7c0bdfec825056f85494b69 /handlers.go | |
| parent | ea4bd88963724c13f7b906d856af2d1c715fc056 (diff) | |
| download | finserv-132990e985751e40c263224a62983c8013409a36.tar finserv-132990e985751e40c263224a62983c8013409a36.tar.zst finserv-132990e985751e40c263224a62983c8013409a36.zip | |
Switch Register() and Authenticate() to sql.Tx
Using sql.Tx (database transactions) instead of a plain database has the
advantage that the caller can wrap multiple library calls into one
transaction.
This guarantees that no database entries change between the library
calls which is critical to prevent race conditions.
Diffstat (limited to 'handlers.go')
| -rw-r--r-- | handlers.go | 16 |
1 files changed, 10 insertions, 6 deletions
diff --git a/handlers.go b/handlers.go index 0ff2f26..4b86ad5 100644 --- a/handlers.go +++ b/handlers.go @@ -62,11 +62,15 @@ func ApiAuthentication(db *sql.DB) http.Handler { return } - err = Authenticate(db, data.Username, data.Password) - if err != nil { - log.Printf("Bad password on authentication of user '%s'.", data.Username) - w.WriteHeader(http.StatusUnauthorized) - return - } + _ = Transaction(db, func(tx *sql.Tx) error { + err := Authenticate(tx, data.Username, data.Password) + if err != nil { + log.Printf("Bad password on authentication of user '%s'.", data.Username) + w.WriteHeader(http.StatusUnauthorized) + return fmt.Errorf("Authentication failed.") + } + + return nil + }) }) } |
