fix(httpapi): fail CSV import on encryption error instead of storing empty passwords

This commit is contained in:
2026-07-01 18:33:09 +07:00
parent bb83bbd989
commit 0bd4ba37e3
2 changed files with 38 additions and 2 deletions
+10 -2
View File
@@ -29,8 +29,16 @@ func (s *Server) handleImportCSV(w http.ResponseWriter, r *http.Request) {
return return
} }
for _, row := range rows { for _, row := range rows {
srcEnc, _ := crypto.Encrypt(s.cfg.EncKey, []byte(row.SrcPass)) srcEnc, err := crypto.Encrypt(s.cfg.EncKey, []byte(row.SrcPass))
dstEnc, _ := crypto.Encrypt(s.cfg.EncKey, []byte(row.DstPass)) if err != nil {
http.Error(w, "encrypt", http.StatusInternalServerError)
return
}
dstEnc, err := crypto.Encrypt(s.cfg.EncKey, []byte(row.DstPass))
if err != nil {
http.Error(w, "encrypt", http.StatusInternalServerError)
return
}
if _, err := s.store.CreateAccount(r.Context(), store.Account{ if _, err := s.store.CreateAccount(r.Context(), store.Account{
TaskID: taskID, SrcLogin: row.SrcLogin, SrcPassEnc: srcEnc, TaskID: taskID, SrcLogin: row.SrcLogin, SrcPassEnc: srcEnc,
DstLogin: row.DstLogin, DstPassEnc: dstEnc, DstLogin: row.DstLogin, DstPassEnc: dstEnc,
+28
View File
@@ -0,0 +1,28 @@
package httpapi
import (
"mime/multipart"
"net/http/httptest"
"strings"
"testing"
"github.com/vasyansk/imap-copier/internal/config"
)
func TestImportCSVFailsOnBadEncKey(t *testing.T) {
// EncKey wrong size => crypto.Encrypt errors => handler must NOT return success
s := &Server{cfg: config.Config{EncKey: make([]byte, 16)}}
body := &strings.Builder{}
mw := multipart.NewWriter(body)
fw, _ := mw.CreateFormFile("file", "a.csv")
fw.Write([]byte("a@x,p1,a@y,p2\n"))
mw.Close()
req := httptest.NewRequest("POST", "/api/tasks/1/import", strings.NewReader(body.String()))
req.Header.Set("Content-Type", mw.FormDataContentType())
req.SetPathValue("id", "1")
rw := httptest.NewRecorder()
s.handleImportCSV(rw, req)
if rw.Code == 200 || rw.Code == 201 {
t.Fatalf("import must fail on bad EncKey, got %d", rw.Code)
}
}