From 8a0d8b82a160fd9803cab50d25ba1f587b0066d2 Mon Sep 17 00:00:00 2001
From: Mischa POSLAWSKY <perl@shiar.org>
Date: Sat, 13 Jun 2020 13:43:43 +0200
Subject: [PATCH] word edit: restrict access by login cookie

---
 tools/word.pg.sql | 8 ++++++++
 writer.plp        | 7 +++++++
 2 files changed, 15 insertions(+)

diff --git a/tools/word.pg.sql b/tools/word.pg.sql
index 55de8ec..99664c9 100644
--- a/tools/word.pg.sql
+++ b/tools/word.pg.sql
@@ -1,3 +1,11 @@
+CREATE TABLE login (
+	username   text        NOT NULL UNIQUE,
+	pass       text,
+	email      text,
+	fullname   text,
+	id         serial      NOT NULL PRIMARY KEY
+);
+
 CREATE TABLE word (
 	form       text        NOT NULL,
 	alt        text[],
diff --git a/writer.plp b/writer.plp
index 3f9ed98..fd2fc86 100644
--- a/writer.plp
+++ b/writer.plp
@@ -115,6 +115,13 @@ my $db = eval {
 } or Abort('Database error', 501, $@);
 $db->abstract->{array_datatypes}++;
 
+my $user = eval {
+	my $cookiedata = $cookie{login} or return;
+	my ($name, $key) = split /[:\v]/, DecodeURI($cookiedata);
+	my %rowmatch = (username => $name, pass => $key);
+	$db->select(login => '*', \%rowmatch)->hash;
+} or Abort('Login required', 403);
+
 my %lang = (
 	nl => ["\N{REGIONAL INDICATOR SYMBOL LETTER N}\N{REGIONAL INDICATOR SYMBOL LETTER L}", 'nederlands'],
 	en => ["\N{REGIONAL INDICATOR SYMBOL LETTER G}\N{REGIONAL INDICATOR SYMBOL LETTER B}", 'english'],
-- 
2.30.0