all repos — flounder @ c8dec8721aeeef38e31d5baea37cbc26a2f7704e

A small site builder for the Gemini protocol

wip
alex wennerberg alex@alexwennerberg.com
Tue, 08 Dec 2020 20:15:33 -0800
commit

c8dec8721aeeef38e31d5baea37cbc26a2f7704e

parent

b9a8645bc1f8102bacd11b8bb1da8c2876511e89

2 files changed, 5 insertions(+), 21 deletions(-)

jump to
M http.gohttp.go 
@@ -9,7 +9,6 @@ "github.com/gorilla/handlers"
 	"github.com/gorilla/sessions"
 	_ "github.com/mattn/go-sqlite3"
 	"golang.org/x/crypto/bcrypt"
-	"golang.org/x/net/webdav"
 	"html/template"
 	"io"
 	"io/ioutil"

@@ -586,17 +585,14 @@ }
 	} else if r.Method == "POST" {
 		r.ParseForm()
 		enteredCurrPass := r.Form.Get("password")
-		var currPass []byte
 		password1 := r.Form.Get("new_password1")
 		password2 := r.Form.Get("new_password2")
-		row := DB.QueryRow("SELECT password_hash FROM user where username = ?", user.Username)
-		err := row.Scan(&currPass)
 		if password1 != password2 {
 			data.Error = "New passwords do not match"
 		} else if len(password1) < 6 {
 			data.Error = "Password is too short"
 		} else {
-			err = bcrypt.CompareHashAndPassword(currPass, []byte(enteredCurrPass))
+			err := checkAuth(user.Username, enteredCurrPass)
 			if err == nil {
 				hashedPassword, err := bcrypt.GenerateFromPassword([]byte(password1), 8)
 				if err != nil {

@@ -613,7 +609,7 @@ } else {
 				data.Error = "That's not your current password"
 			}
 		}
-		err = t.ExecuteTemplate(w, "reset_pass.html", data)
+		err := t.ExecuteTemplate(w, "reset_pass.html", data)
 		if err != nil {
 			panic(err)
 		}

@@ -684,16 +680,8 @@ serveMux.HandleFunc(hostname+"/reset-password", resetPasswordHandler)
 
 	// admin commands
 	serveMux.HandleFunc(hostname+"/admin/user/", adminUserHandler)
-
-	// webdav
-	webdavHandler := webdav.Handler{
-		FileSystem: webdav.Dir(c.FilesDirectory),
-		Prefix:     "/webdav/",
-		LockSystem: webdav.NewMemLS(),
-	}
-	serveMux.HandleFunc(hostname+"/webdav/", webdavHandler.ServeHTTP)
-
-	// TODO rate limit login https://github.com/ulule/limiter
+	// TODO authentication
+	serveMux.HandleFunc(hostname+"/webdav/", webdavHandler)
 
 	wrapped := (handlers.LoggingHandler(log.Writer(), handlers.RecoveryHandler()(serveMux)))
M webdav.gowebdav.go 
@@ -13,17 +13,13 @@ w.Header().Set("WWW-Authenticate", "Basic realm=\"wevdav\"")
 		http.Error(w, "Authentication Error", http.StatusUnauthorized)
 		return
 	}
-	for key, element := range r.Header {
-		fmt.Println(key, element)
-	}
-	fmt.Println(r.Body)
 	user, pass, ok := r.BasicAuth()
 	if ok && (checkAuth(user, pass) == nil) {
 		fmt.Println(user, pass)
 		webdavHandler := webdav.Handler{
 			FileSystem: webdav.Dir(getUserDirectory(user)),
 			Prefix:     "/webdav/",
-			LockSystem: webdav.NewMemLS(),
+			LockSystem: nil, //webdav.NewMemLS(),
 		}
 		webdavHandler.ServeHTTP(w, r)
 	} else {