mirrors/gotosocial
1
0
Fork 0
mirror of https://github.com/superseriousbusiness/gotosocial.git synced 2025-11-09 00:17:28 -06:00
Code Issues Projects Releases Packages Wiki Activity Actions

use byteutil.S2B to avoid allocations when comparing + generating password hashes

Browse source
This commit is contained in:
tobi 2025-04-07 14:48:48 +02:00
commit 9d10fb59b5
8 changed files with 53 additions and 18 deletions
Download patch file Download diff file Expand all files Collapse all files

6
internal/api/client/accounts/accountdelete.go
View file

@ -21,6 +21,7 @@ import (
"errors"
"net/http"
"codeberg.org/gruf/go-byteutil"
"github.com/gin-gonic/gin"
apimodel "github.com/superseriousbusiness/gotosocial/internal/api/model"
apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
@ -87,7 +88,10 @@ func (m *Module) AccountDeletePOSTHandler(c *gin.Context) {
return
}
if err := bcrypt.CompareHashAndPassword([]byte(authed.User.EncryptedPassword), []byte(form.Password)); err != nil {
if err := bcrypt.CompareHashAndPassword(
byteutil.S2B(authed.User.EncryptedPassword),
byteutil.S2B(form.Password),
); err != nil {
err = errors.New("invalid password provided in account delete request")
apiutil.ErrorHandler(c, gtserror.NewErrorForbidden(err, err.Error()), m.processor.InstanceGetV1)
return