diff --git a/internal/httpapi/run.go b/internal/httpapi/run.go index 45f84f4..bbedaab 100644 --- a/internal/httpapi/run.go +++ b/internal/httpapi/run.go @@ -29,8 +29,16 @@ func (s *Server) handleImportCSV(w http.ResponseWriter, r *http.Request) { return } for _, row := range rows { - srcEnc, _ := crypto.Encrypt(s.cfg.EncKey, []byte(row.SrcPass)) - dstEnc, _ := crypto.Encrypt(s.cfg.EncKey, []byte(row.DstPass)) + srcEnc, err := crypto.Encrypt(s.cfg.EncKey, []byte(row.SrcPass)) + if err != nil { + http.Error(w, "encrypt", http.StatusInternalServerError) + return + } + dstEnc, err := crypto.Encrypt(s.cfg.EncKey, []byte(row.DstPass)) + if err != nil { + http.Error(w, "encrypt", http.StatusInternalServerError) + return + } if _, err := s.store.CreateAccount(r.Context(), store.Account{ TaskID: taskID, SrcLogin: row.SrcLogin, SrcPassEnc: srcEnc, DstLogin: row.DstLogin, DstPassEnc: dstEnc, diff --git a/internal/httpapi/run_test.go b/internal/httpapi/run_test.go new file mode 100644 index 0000000..2e7e04b --- /dev/null +++ b/internal/httpapi/run_test.go @@ -0,0 +1,28 @@ +package httpapi + +import ( + "mime/multipart" + "net/http/httptest" + "strings" + "testing" + + "github.com/vasyansk/imap-copier/internal/config" +) + +func TestImportCSVFailsOnBadEncKey(t *testing.T) { + // EncKey wrong size => crypto.Encrypt errors => handler must NOT return success + s := &Server{cfg: config.Config{EncKey: make([]byte, 16)}} + body := &strings.Builder{} + mw := multipart.NewWriter(body) + fw, _ := mw.CreateFormFile("file", "a.csv") + fw.Write([]byte("a@x,p1,a@y,p2\n")) + mw.Close() + req := httptest.NewRequest("POST", "/api/tasks/1/import", strings.NewReader(body.String())) + req.Header.Set("Content-Type", mw.FormDataContentType()) + req.SetPathValue("id", "1") + rw := httptest.NewRecorder() + s.handleImportCSV(rw, req) + if rw.Code == 200 || rw.Code == 201 { + t.Fatalf("import must fail on bad EncKey, got %d", rw.Code) + } +}