fix: use correct form body for login and user update

2026-03-07 13:38:15 -08:00 · 2025-06-16 11:14:11 -04:00 · 2025-06-16 11:14:11 -04:00 · ef064cd9bd
commit ef064cd9bd
parent b1bac4feb5
2 changed files with 35 additions and 8 deletions
--- a/client/api/api.ts
+++ b/client/api/api.ts
@ -85,8 +85,13 @@ function mergeArtists(from: number, to: number, replaceImage: boolean): Promise<
    })
 }
 function login(username: string, password: string, remember: boolean): Promise<Response> {
-    return fetch(`/apis/web/v1/login?username=${username}&password=${password}&remember_me=${remember}`, {
+    const form = new URLSearchParams 
+    form.append('username', username)
+    form.append('password', password)
+    form.append('remember_me', String(remember))
+    return fetch(`/apis/web/v1/login`, {
        method: "POST",
+        body: form,
    })
 }
 function logout(): Promise<Response> {
@ -99,8 +104,11 @@ function getApiKeys(): Promise<ApiKey[]> {
    return fetch(`/apis/web/v1/user/apikeys`).then((r) => r.json() as Promise<ApiKey[]>)
 }
 const createApiKey = async (label: string): Promise<ApiKey> => {
-    const r = await fetch(`/apis/web/v1/user/apikeys?label=${label}`, {
-        method: "POST"
+    const form = new URLSearchParams 
+    form.append('label', label)
+    const r = await fetch(`/apis/web/v1/user/apikeys`, {
+        method: "POST",
+        body: form,
    });
    if (!r.ok) {
        let errorMessage = `error: ${r.status}`;
@ -134,8 +142,12 @@ function deleteItem(itemType: string, id: number): Promise<Response> {
    })
 }
 function updateUser(username: string, password: string) {
-    return fetch(`/apis/web/v1/user?username=${username}&password=${password}`, {
-        method: "PATCH"
+    const form = new URLSearchParams 
+    form.append('username', username)
+    form.append('password', password)
+    return fetch(`/apis/web/v1/user`, {
+        method: "PATCH",
+        body: form,
    })
 }
 function getAliases(type: string, id: number): Promise<Alias[]> {
--- a/engine/handlers/auth.go
+++ b/engine/handlers/auth.go
@ -20,7 +20,12 @@ func LoginHandler(store db.DB) http.HandlerFunc {

 		l.Debug().Msg("LoginHandler: Received login request")

-		r.ParseForm()
+		err := r.ParseForm()
+		if err != nil {
+			l.Debug().Msg("LoginHandler: Failed to parse request form")
+			utils.WriteError(w, "failed to parse request", http.StatusInternalServerError)
+			return
+		}
 		username := r.FormValue("username")
 		password := r.FormValue("password")
 		if username == "" || password == "" {
@ -149,12 +154,22 @@ func UpdateUserHandler(store db.DB) http.HandlerFunc {
 			return
 		}

-		r.ParseForm()
+		err := r.ParseForm()
+		if err != nil {
+			l.Err(err).Msg("UpdateUserHandler: Failed to parse request form")
+			utils.WriteError(w, "failed to parse request", http.StatusInternalServerError)
+			return
+		}
 		username := r.FormValue("username")
 		password := r.FormValue("password")

+		if username == "" && password == "" {
+			l.Debug().Msg("UpdateUserHandler: No parameters were recieved")
+			utils.WriteError(w, "all parameters missing", http.StatusBadRequest)
+			return
+		}
 		l.Debug().Msgf("UpdateUserHandler: Updating user with ID %d", u.ID)
-		err := store.UpdateUser(ctx, db.UpdateUserOpts{
+		err = store.UpdateUser(ctx, db.UpdateUserOpts{
 			ID:       u.ID,
 			Username: username,
 			Password: password,