Load users from DB

auth/auth.go

@@ -2,6 +2,8 @@ package auth
 
 import (
 	"context"
+	"fmt"
+	"log"
 	"net/http"
 )
 
@@ -9,7 +11,7 @@ type contextKey string
 
 type Provider interface {
 	// Returns true if pass is a valid password for the given user
-	Valid(user, pass string) bool
+	Valid(ctx context.Context, user, pass string) (bool, error)
 }
 
 // Require wraps hdlr so that it requires authentication to use. Requests handled by hdlr will have the user
@@ -24,7 +26,18 @@ func Require(hdlr http.HandlerFunc, provider Provider) http.HandlerFunc {
 			return
 		}
 
-		if !provider.Valid(user, pass) {
+		valid, err := provider.Valid(r.Context(), user, pass)
+		if err != nil {
+			log.Printf("can't authenticate %s %s from %s: %s", r.Method, r.URL, r.RemoteAddr, err)
+
+			w.WriteHeader(http.StatusInternalServerError)
+
+			fmt.Fprintln(w, "can't confirm your authentication")
+
+			return
+		}
+
+		if !valid {
 			w.Header().Add("WWW-Authenticate", `Basic realm="In Vino Veritas"`)
 			w.WriteHeader(http.StatusUnauthorized)
 

main.go

 package main
 
 import (
+	"context"
+	"database/sql"
 	"embed"
+	"errors"
 	"log"
 	"net/http"
 
+	"github.com/Masterminds/squirrel"
 	"github.com/jmoiron/sqlx"
 	_ "modernc.org/sqlite" // Imported for side effects: registers DB driver
 
@@ -31,14 +35,35 @@ func httpError(w http.ResponseWriter, msg string, err error, status int) {
 	http.Error(w, msg, status)
 }
 
-type authProvider struct{}
+type authProvider struct {
+	db *sqlx.DB
+}
+
+func (a authProvider) Valid(ctx context.Context, user, pass string) (bool, error) {
+	query, args, err := squirrel.Select("password").
+		From("users").
+		Where(squirrel.Eq{"name": user}).
+		ToSql()
+	if err != nil {
+		return false, err
+	}
+
+	var dbPass string
+	err = a.db.GetContext(ctx, &dbPass, query, args...)
+	if errors.Is(err, sql.ErrNoRows) {
+		// User not found isn't an error, it's just an invalid auth.
+		return false, nil
+	}
+
+	if err != nil {
+		return false, err
+	}
 
-func (a authProvider) Valid(user, pass string) bool {
-	if user == "wine" && pass == "potatoe" {
-		return true
+	if dbPass == pass {
+		return true, nil
 	}
 
-	return false
+	return false, nil
 }
 
 func logRequest(r *http.Request) {
@@ -65,7 +90,9 @@ func main() {
 		db: db,
 	}
 
-	ap := authProvider{}
+	ap := authProvider{
+		db: db,
+	}
 
 	http.HandleFunc("/details/img", auth.Require(http.HandlerFunc(handler.img), ap))
 	http.HandleFunc("/details/", auth.Require(http.HandlerFunc(handler.details), ap))

migrations/0003-users.sql

+CREATE TABLE users (
+	name TEXT,
+	password TEXT,
+	UNIQUE(name)
+);
\ No newline at end of file