feat: Encode password

Fixes #38. Signed-off-by: Julien Riou <julien@riou.xyz>
2025-10-02 07:06:54 +02:00 · 2025-10-02 07:06:54 +02:00 · de24146991
commit de24146991
parent f721e56371
7 changed files with 42 additions and 20 deletions
--- a/src/server/db.go
+++ b/src/server/db.go
@ -123,7 +123,7 @@ func (d *Database) Get(id string) (*Note, error) {
 	return nil, nil
 }

-func (d *Database) Create(content []byte, password string, encryptionKey string, encrypted bool, expiration int, deleteAfterRead bool, language string) (note *Note, err error) {
+func (d *Database) Create(content []byte, password []byte, encryptionKey string, encrypted bool, expiration int, deleteAfterRead bool, language string) (note *Note, err error) {
 	if expiration == 0 {
 		expiration = d.expiration
 	}
@ -161,8 +161,8 @@ func (d *Database) Create(content []byte, password string, encryptionKey string,
 		note.Encrypted = true
 	}

-	if password != "" {
-		hash, err := bcrypt.GenerateFromPassword([]byte(password), bcrypt.DefaultCost)
+	if password != nil {
+		hash, err := bcrypt.GenerateFromPassword(password, bcrypt.DefaultCost)
 		if err != nil {
 			return nil, err
 		}
--- a/src/server/errors.go
+++ b/src/server/errors.go
@ -9,6 +9,8 @@ var (
 	ErrEncryptionKeyNotFound         = errors.New("encryption key not found")
 	ErrCouldNotDecryptNote           = errors.New("could not decrypt note")
 	ErrInvalidPassword               = errors.New("invalid password")
+	ErrInvalidExpiration             = errors.New("invalid expiration")
+	ErrInvalidLanguage               = errors.New("invalid language")
 	ErrCouldNotParseFile             = errors.New("could not parse file")
 	ErrFileTooLarge                  = errors.New("file too large")
 	ErrTextFileExpected              = errors.New("text file expected")
@ -16,9 +18,9 @@ var (
 	ErrEmptyNote                     = errors.New("empty note")
 	ErrEncryptionRequired            = errors.New("encryption is required")
 	ErrClientEncryptionKeyNotAllowed = errors.New("client encryption key is not allowed")
-	ErrInvalidExpiration             = errors.New("invalid expiration")
 	ErrCouldNotCreateNote            = errors.New("could not create note")
 	ErrCouldNotDecodePayload         = errors.New("could not decode payload")
 	ErrCouldNotDecodeContent         = errors.New("could not decode content")
+	ErrCouldNotDecodePassword        = errors.New("could not decode password")
 	ErrNoteIsPasswordProtected       = errors.New("note is password protected")
 )
--- a/src/server/handlers_api.go
+++ b/src/server/handlers_api.go
@ -28,6 +28,8 @@ func apiError(level int, w http.ResponseWriter, logger *slog.Logger, topLevelErr
 	// Wrap error for logging
 	if err != nil {
 		err = fmt.Errorf("%v: %w", topLevelErr, err)
+	} else {
+		err = topLevelErr
 	}
 	logger.Error(fmt.Sprintf("%v", err))

@ -106,13 +108,18 @@ func (h *CreateNoteHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
 	}

 	content, err := internal.Decode(body.Content)
-
 	if err != nil {
 		APIError(w, logger, ErrCouldNotDecodeContent, err)
 		return
 	}

-	note, err := h.db.Create(content, body.Password, body.EncryptionKey, body.Encrypted, body.Expiration, body.DeleteAfterRead, body.Language)
+	password, err := internal.Decode(body.Password)
+	if err != nil {
+		APIError(w, logger, ErrCouldNotDecodePassword, err)
+		return
+	}
+
+	note, err := h.db.Create(content, password, body.EncryptionKey, body.Encrypted, body.Expiration, body.DeleteAfterRead, body.Language)
 	if err != nil {
 		APIError(w, logger, ErrCouldNotCreateNote, err)
 		return
@ -143,9 +150,9 @@ func (h *GetNoteHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
 	if err != nil {
 		APIError(w, logger, ErrCouldNotFindNote, err)
 	} else if note == nil {
-		APIErrorNotFound(w, logger, ErrNoteDoesNotExist, err)
+		APIErrorNotFound(w, logger, ErrNoteDoesNotExist, nil)
 	} else if note.PasswordHash != nil {
-		APIErrorBadRequest(w, logger, ErrNoteIsPasswordProtected, err)
+		APIErrorBadRequest(w, logger, ErrNoteIsPasswordProtected, nil)
 	} else {
 		if note.Encrypted {
 			w.Header().Set("Content-Type", "application/octet-stream")
@ -209,7 +216,7 @@ func (h *GetProtectedNoteHandler) ServeHTTP(w http.ResponseWriter, r *http.Reque
 	if len(note.PasswordHash) > 0 {
 		err := bcrypt.CompareHashAndPassword(note.PasswordHash, []byte(body.Password))
 		if err != nil {
-			APIError(w, logger, ErrInvalidPassword, err)
+			APIErrorBadRequest(w, logger, ErrInvalidPassword, err)
 			return
 		}
 	}
--- a/src/server/handlers_web.go
+++ b/src/server/handlers_web.go
@ -170,7 +170,7 @@ func (h *CreateNoteWithFormHandler) ServeHTTP(w http.ResponseWriter, r *http.Req
 	}

 	logger.Debug("saving note to the database")
-	note, err := h.db.Create(content, password, encryptionKey, encryptionKey != "", expirationInt, deleteAfterRead != "", language)
+	note, err := h.db.Create(content, []byte(password), encryptionKey, encryptionKey != "", expirationInt, deleteAfterRead != "", language)
 	if err != nil {
 		h.WebError(w, logger, ErrCouldNotCreateNote, err)
 		return