Use forms instead of JSON for login/register requests

api/account/common.go

@@ -6,11 +6,6 @@ import (
 	"golang.org/x/crypto/argon2"
 )
 
-type GenericAuthRequest struct {
-	Username string `json:"username"`
-	Password string `json:"password"`
-}
-
 type GenericAuthResponse struct {
 	Token string `json:"token"`
 }

api/account/login.go

@@ -10,22 +10,21 @@ import (
 	"github.com/pagefaultgames/pokerogue-server/db"
 )
 
-type LoginRequest GenericAuthRequest
 type LoginResponse GenericAuthResponse
 
 // /account/login - log into account
-func Login(request LoginRequest) (LoginResponse, error) {
+func Login(username, password string) (LoginResponse, error) {
 	var response LoginResponse
 
-	if !isValidUsername(request.Username) {
+	if !isValidUsername(username) {
 		return response, fmt.Errorf("invalid username")
 	}
 
-	if len(request.Password) < 6 {
+	if len(password) < 6 {
 		return response, fmt.Errorf("invalid password")
 	}
 
-	key, salt, err := db.FetchAccountKeySaltFromUsername(request.Username)
+	key, salt, err := db.FetchAccountKeySaltFromUsername(username)
 	if err != nil {
 		if err == sql.ErrNoRows {
 			return response, fmt.Errorf("account doesn't exist")
@@ -34,7 +33,7 @@ func Login(request LoginRequest) (LoginResponse, error) {
 		return response, err
 	}
 
-	if !bytes.Equal(key, deriveArgon2IDKey([]byte(request.Password), salt)) {
+	if !bytes.Equal(key, deriveArgon2IDKey([]byte(password), salt)) {
 		return response, fmt.Errorf("password doesn't match")
 	}
 
@@ -44,7 +43,7 @@ func Login(request LoginRequest) (LoginResponse, error) {
 		return response, fmt.Errorf("failed to generate token: %s", err)
 	}
 
-	err = db.AddAccountSession(request.Username, token)
+	err = db.AddAccountSession(username, token)
 	if err != nil {
 		return response, fmt.Errorf("failed to add account session")
 	}

api/account/register.go

@@ -7,15 +7,13 @@ import (
 	"github.com/pagefaultgames/pokerogue-server/db"
 )
 
-type RegisterRequest GenericAuthRequest
-
 // /account/register - register account
-func Register(request RegisterRequest) error {
-	if !isValidUsername(request.Username) {
+func Register(username, password string) error {
+	if !isValidUsername(username) {
 		return fmt.Errorf("invalid username")
 	}
 
-	if len(request.Password) < 6 {
+	if len(password) < 6 {
 		return fmt.Errorf("invalid password")
 	}
 
@@ -31,7 +29,7 @@ func Register(request RegisterRequest) error {
 		return fmt.Errorf(fmt.Sprintf("failed to generate salt: %s", err))
 	}
 
-	err = db.AddAccountRecord(uuid, request.Username, deriveArgon2IDKey([]byte(request.Password), salt), salt)
+	err = db.AddAccountRecord(uuid, username, deriveArgon2IDKey([]byte(password), salt), salt)
 	if err != nil {
 		return fmt.Errorf("failed to add account record: %s", err)
 	}

api/endpoints.go

@@ -69,29 +69,27 @@ func (s *Server) ServeHTTP(w http.ResponseWriter, r *http.Request) {
 			return
 		}
 	case "/account/register":
-		var request account.RegisterRequest
-		err := json.NewDecoder(r.Body).Decode(&request)
+		err := r.ParseForm()
 		if err != nil {
-			httpError(w, r, fmt.Errorf("failed to decode request body: %s", err), http.StatusBadRequest)
+			httpError(w, r, fmt.Errorf("failed to parse request form: %s", err), http.StatusBadRequest)
 			return
 		}
 
-		err = account.Register(request)
+		err = account.Register(r.Form.Get("username"), r.Form.Get("password"))
 		if err != nil {
 			httpError(w, r, err, http.StatusInternalServerError)
 			return
 		}
 
 		w.WriteHeader(http.StatusOK)
 	case "/account/login":
-		var request account.LoginRequest
-		err := json.NewDecoder(r.Body).Decode(&request)
+		err := r.ParseForm()
 		if err != nil {
-			httpError(w, r, fmt.Errorf("failed to decode request body: %s", err), http.StatusBadRequest)
+			httpError(w, r, fmt.Errorf("failed to parse request form: %s", err), http.StatusBadRequest)
 			return
 		}
 
-		response, err := account.Login(request)
+		response, err := account.Login(r.Form.Get("username"), r.Form.Get("password"))
 		if err != nil {
 			httpError(w, r, err, http.StatusInternalServerError)
 			return