Replace 404 errors
This commit is contained in:
parent
ff916945df
commit
fe429ea7d5
@ -59,14 +59,14 @@ final class SQLiteDatabase {
|
|||||||
Send a password reset email.
|
Send a password reset email.
|
||||||
|
|
||||||
Possible errors:
|
Possible errors:
|
||||||
- `404`: Player name or email not found.
|
- `417`: Player name or email not found.
|
||||||
*/
|
*/
|
||||||
func sendPasswordResetEmailIfPossible(name: PlayerName, in database: Database) async throws {
|
func sendPasswordResetEmailIfPossible(name: PlayerName, in database: Database) async throws {
|
||||||
guard let user = try await User.query(on: database).filter(\.$name == name).first() else {
|
guard let user = try await User.query(on: database).filter(\.$name == name).first() else {
|
||||||
throw Abort(.notFound)
|
throw Abort(.expectationFailed)
|
||||||
}
|
}
|
||||||
guard let email = user.recoveryEmail else {
|
guard let email = user.recoveryEmail else {
|
||||||
throw Abort(.notFound)
|
throw Abort(.expectationFailed)
|
||||||
}
|
}
|
||||||
try await user.$resetRequest.load(on: database)
|
try await user.$resetRequest.load(on: database)
|
||||||
if let request = user.resetRequest {
|
if let request = user.resetRequest {
|
||||||
@ -115,7 +115,7 @@ final class SQLiteDatabase {
|
|||||||
Change the password of a user with a recovery token
|
Change the password of a user with a recovery token
|
||||||
|
|
||||||
Possible errors:
|
Possible errors:
|
||||||
- `404`: Reset token not found or expired
|
- `417`: Reset token not found or expired
|
||||||
*/
|
*/
|
||||||
func updatePassword(password: String, forResetToken token: String, in database: Database) async throws {
|
func updatePassword(password: String, forResetToken token: String, in database: Database) async throws {
|
||||||
// 1. Find and validate the reset request
|
// 1. Find and validate the reset request
|
||||||
@ -146,7 +146,7 @@ final class SQLiteDatabase {
|
|||||||
.query(on: database)
|
.query(on: database)
|
||||||
.filter(\.$name == name)
|
.filter(\.$name == name)
|
||||||
.first()
|
.first()
|
||||||
.unwrap(or: Abort(.notFound))
|
.unwrap(or: Abort(.unauthorized))
|
||||||
.passwordHash
|
.passwordHash
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -74,12 +74,12 @@ func registerPlayer(_ app: Application) {
|
|||||||
Possible responses:
|
Possible responses:
|
||||||
- `200`: Success, email will be sent
|
- `200`: Success, email will be sent
|
||||||
- `400`: Missing name header
|
- `400`: Missing name header
|
||||||
- `404`: Player name not found or no email registered
|
- `417`: Player name not found or no email registered
|
||||||
*/
|
*/
|
||||||
func requestPlayerPasswordReset(_ app: Application) {
|
func requestPlayerPasswordReset(_ app: Application) {
|
||||||
app.post("player", "password", "reset") { request async throws -> HTTPResponseStatus in
|
app.post("player", "password", "reset") { request async throws -> HTTPResponseStatus in
|
||||||
let name = try request.header(.name) // Error: 400
|
let name = try request.header(.name) // Error: 400
|
||||||
try await server.sendPasswordResetEmailIfPossible(name: name, in: request.db)
|
try await server.sendPasswordResetEmailIfPossible(name: name, in: request.db) // 417
|
||||||
return .ok
|
return .ok
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@ -94,14 +94,14 @@ func requestPlayerPasswordReset(_ app: Application) {
|
|||||||
Possible responses:
|
Possible responses:
|
||||||
- `200`: Success, password changed
|
- `200`: Success, password changed
|
||||||
- `400`: Missing token or password header
|
- `400`: Missing token or password header
|
||||||
- `404`: Player name not found or no email registered
|
- `417`: Player name not found or no email registered
|
||||||
- `424`: Password could not be hashed
|
- `424`: Password could not be hashed
|
||||||
*/
|
*/
|
||||||
func resetPlayerPasswordWithEmailToken(_ app: Application) {
|
func resetPlayerPasswordWithEmailToken(_ app: Application) {
|
||||||
app.post("player", "reset") { req async throws -> HTTPResponseStatus in
|
app.post("player", "reset") { req async throws -> HTTPResponseStatus in
|
||||||
let token = try req.header(.token)
|
let token = try req.header(.token) // 400
|
||||||
let hash = try req.hashedPassword() // errors: 400, 424
|
let hash = try req.hashedPassword() // errors: 400, 424
|
||||||
try await server.updatePassword(password: hash, forResetToken: token, in: req.db)
|
try await server.updatePassword(password: hash, forResetToken: token, in: req.db) // 417
|
||||||
return .ok
|
return .ok
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@ -111,10 +111,11 @@ func resetPlayerPasswordWithEmailToken(_ app: Application) {
|
|||||||
|
|
||||||
- Parameter name: The name of the player, included in the url
|
- Parameter name: The name of the player, included in the url
|
||||||
- Parameter password: The password of the player, as a string in the request body
|
- Parameter password: The password of the player, as a string in the request body
|
||||||
- Throws:
|
|
||||||
- 400: Missing name or password
|
Possible errors:
|
||||||
- 403: The password or user name is invalid
|
- `400`: Missing name or password
|
||||||
- 424: The password could not be hashed
|
- `401`: The password or user name is invalid
|
||||||
|
- `424`: The password could not be hashed
|
||||||
- Returns: Nothing
|
- Returns: Nothing
|
||||||
*/
|
*/
|
||||||
func deletePlayer(_ app: Application) {
|
func deletePlayer(_ app: Application) {
|
||||||
@ -125,23 +126,25 @@ func deletePlayer(_ app: Application) {
|
|||||||
}
|
}
|
||||||
let hash = try await server.passwordHashForExistingPlayer(named: name, in: request.db)
|
let hash = try await server.passwordHashForExistingPlayer(named: name, in: request.db)
|
||||||
guard try request.password.verify(password, created: hash) else {
|
guard try request.password.verify(password, created: hash) else {
|
||||||
return .forbidden // 403
|
return .unauthorized // 401
|
||||||
}
|
}
|
||||||
try await server.deletePlayer(named: name, in: request.db)
|
try await server.deletePlayer(named: name, in: request.db)
|
||||||
return .ok
|
return .ok
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
Log in as an existing player.
|
Log in as an existing player.
|
||||||
- Parameter name: The name of the player, included in the url
|
- Parameter name: The name of the player, included in the url
|
||||||
- Parameter password: The password of the player, as a string in the request body
|
- Parameter password: The password of the player, as a string in the request body
|
||||||
- Throws:
|
|
||||||
- 400: Missing name or password
|
Possible errors:
|
||||||
- 403: The password or user name is invalid
|
- `400`: Missing name or password
|
||||||
- 424: The password could not be hashed
|
- `401`: The password or user name is invalid
|
||||||
- Returns: The session token for the user
|
- `424`: The password could not be hashed
|
||||||
*/
|
|
||||||
|
- Returns: The session token for the user
|
||||||
|
*/
|
||||||
func loginPlayer(_ app: Application) {
|
func loginPlayer(_ app: Application) {
|
||||||
app.post("player", "login", ":name") { request async throws -> String in
|
app.post("player", "login", ":name") { request async throws -> String in
|
||||||
guard let name = request.parameters.get("name"),
|
guard let name = request.parameters.get("name"),
|
||||||
@ -150,7 +153,7 @@ func loginPlayer(_ app: Application) {
|
|||||||
}
|
}
|
||||||
let hash = try await server.passwordHashForExistingPlayer(named: name, in: request.db)
|
let hash = try await server.passwordHashForExistingPlayer(named: name, in: request.db)
|
||||||
guard try request.password.verify(password, created: hash) else {
|
guard try request.password.verify(password, created: hash) else {
|
||||||
throw Abort(.forbidden) // 403
|
throw Abort(.unauthorized) // 401
|
||||||
}
|
}
|
||||||
return server.startNewSessionForRegisteredPlayer(named: name)
|
return server.startNewSessionForRegisteredPlayer(named: name)
|
||||||
}
|
}
|
||||||
@ -269,21 +272,24 @@ func createTable(_ app: Application) {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
List the public tables.
|
List the public tables.
|
||||||
- Parameter token: The session token of the player, as a string in the request body
|
|
||||||
- Throws:
|
**Headers**
|
||||||
- 400: Missing token
|
- `token`: The session token of the player, as a string in the request body
|
||||||
- 403: The session token is invalid
|
|
||||||
- Returns: A JSON object with a list of public tables (id, name, player list)
|
**Possible errors**
|
||||||
*/
|
- `400`: Missing token
|
||||||
|
- `401`: The session token is invalid
|
||||||
|
- Returns: A JSON object with a list of public tables (id, name, player list)
|
||||||
|
*/
|
||||||
func getPublicTables(_ app: Application) {
|
func getPublicTables(_ app: Application) {
|
||||||
app.post("tables", "public") { req -> String in
|
app.post("tables", "public") { req -> String in
|
||||||
guard let token = req.body.string else {
|
guard let token = req.body.string else {
|
||||||
throw Abort(.badRequest) // 400
|
throw Abort(.badRequest) // 400
|
||||||
}
|
}
|
||||||
guard server.isValid(sessionToken: token) else {
|
guard server.isValid(sessionToken: token) else {
|
||||||
throw Abort(.forbidden) // 403
|
throw Abort(.unauthorized) // 401
|
||||||
}
|
}
|
||||||
let list = server.getPublicTableInfos()
|
let list = server.getPublicTableInfos()
|
||||||
return try encodeJSON(list)
|
return try encodeJSON(list)
|
||||||
|
Loading…
Reference in New Issue
Block a user