From 8ebbdab5079f803567297af842c87ce012b7ea11 Mon Sep 17 00:00:00 2001
From: Andrew <saintruler@gmail.com>
Date: Wed, 28 Apr 2021 20:31:16 +0400
Subject: Added cryptography functions and completed client and server.

---
 http-server/main.go | 47 ++++++++++++++++++++---------------------------
 1 file changed, 20 insertions(+), 27 deletions(-)

(limited to 'http-server/main.go')

diff --git a/http-server/main.go b/http-server/main.go
index f77c32f..d7b2625 100644
--- a/http-server/main.go
+++ b/http-server/main.go
@@ -1,7 +1,6 @@
 package main
 
 import (
-	"crypto/sha256"
 	"encoding/base64"
 	"encoding/json"
 	"errors"
@@ -14,8 +13,6 @@ import (
 	"time"
 )
 
-const TimestampFormat = "2006-01-02T15-01-05.999"
-
 type Response struct {
 	Message string
 }
@@ -116,8 +113,8 @@ func register(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
-	// TODO(andrew): Добавить проверку действительности ключа
-	if false {
+	checkResult, err := checkSignature(req, signature, req.Data)
+	if err != nil || !checkResult {
 		w.WriteHeader(http.StatusBadRequest)
 		_ = jsonResponse(w, Response{
 			Message: "Указанный ключ не является действительным",
@@ -139,32 +136,27 @@ func register(w http.ResponseWriter, r *http.Request) {
 	})
 }
 
-func handleAuthentication(req Request, signature string) (error, error) {
+func handleAuthentication(req Request, signature string) (bool, error) {
 	userRegistered, dbError := db.checkUserRegistered(req.User)
 	if dbError != nil {
-		return nil, dbError
+		return false, dbError
 	}
 
 	if !userRegistered {
-		return errors.New("такой пользователь не зарегистрирован"), nil
+		return false, nil
 	}
 
 	key, err := db.getUserKey(req.User)
 	if err != nil {
-		return nil, err
+		return false, err
 	}
 
-	// TODO(andrew): Добавить проверку подписи signature
-	reqBytes, _ := json.Marshal(req)
-	req64 := base64.StdEncoding.EncodeToString(reqBytes)
-	h := sha256.Sum256([]byte(req64))
-	generatedSignature := fmt.Sprintf("%x", h)
-	//fmt.Println(generatedSignature)
-	//fmt.Println(signature)
-	_ = fmt.Sprint(generatedSignature == signature)
-	_ = fmt.Sprint(key)
+	check, err := checkSignature(req, signature, key)
+	if err != nil {
+		return false, err
+	}
 
-	return nil, nil
+	return check, nil
 }
 
 func sendMessage(w http.ResponseWriter, r *http.Request) {
@@ -178,8 +170,8 @@ func sendMessage(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
-	authErr, dbErr := handleAuthentication(req, signature)
-	if authErr != nil {
+	authComplete, dbErr := handleAuthentication(req, signature)
+	if !authComplete {
 		w.WriteHeader(http.StatusForbidden)
 		_ = jsonResponse(w, Response{
 			Message: "Запрос не прошёл аутентификацию",
@@ -224,8 +216,8 @@ func pollMessages(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
-	authErr, dbErr := handleAuthentication(req, signature)
-	if authErr != nil {
+	authComplete, dbErr := handleAuthentication(req, signature)
+	if !authComplete {
 		w.WriteHeader(http.StatusForbidden)
 		_ = jsonResponse(w, Response{
 			Message: "Запрос не прошёл аутентификацию",
@@ -273,8 +265,9 @@ func getUserKey(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
-	authErr, dbErr := handleAuthentication(req, signature)
-	if authErr != nil {
+	authComplete, dbErr := handleAuthentication(req, signature)
+	if !authComplete {
+
 		w.WriteHeader(http.StatusForbidden)
 		_ = jsonResponse(w, Response{
 			Message: "Запрос не прошёл аутентификацию",
@@ -317,8 +310,8 @@ func tryAuth(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
-	authErr, dbErr := handleAuthentication(req, signature)
-	if authErr != nil {
+	authComplete, dbErr := handleAuthentication(req, signature)
+	if !authComplete {
 		w.WriteHeader(http.StatusForbidden)
 		_ = jsonResponse(w, Response{
 			Message: "Запрос не прошёл аутентификацию",
-- 
cgit v1.2.3