| 135 | }) |
| 136 | |
| 137 | func authenticateShareRequest(r *http.Request, l *share.Link) (int, error) { |
| 138 | if l.PasswordHash == "" { |
| 139 | return 0, nil |
| 140 | } |
| 141 | |
| 142 | if subtle.ConstantTimeCompare([]byte(r.URL.Query().Get("token")), []byte(l.Token)) == 1 { |
| 143 | return 0, nil |
| 144 | } |
| 145 | |
| 146 | password := r.Header.Get("X-SHARE-PASSWORD") |
| 147 | password, err := url.QueryUnescape(password) |
| 148 | if err != nil { |
| 149 | return 0, err |
| 150 | } |
| 151 | if password == "" { |
| 152 | return http.StatusUnauthorized, nil |
| 153 | } |
| 154 | if err := bcrypt.CompareHashAndPassword([]byte(l.PasswordHash), []byte(password)); err != nil { |
| 155 | if errors.Is(err, bcrypt.ErrMismatchedHashAndPassword) { |
| 156 | return http.StatusUnauthorized, nil |
| 157 | } |
| 158 | return 0, err |
| 159 | } |
| 160 | |
| 161 | return 0, nil |
| 162 | } |
| 163 | |
| 164 | func healthHandler(w http.ResponseWriter, _ *http.Request) { |
| 165 | w.WriteHeader(http.StatusOK) |