include check for key activation in IsCorrect

briskt · briskt · commit 67c524e16177 · 2025-04-22T16:18:56.000+08:00
diff --git a/apikey.go b/apikey.go
@@ -52,11 +52,16 @@ func (k *ApiKey) Hash() error {
 	return err
 }
 
-// IsCorrect returns true if and only if the given string is a match for HashedSecret
+// IsCorrect returns true if and only if the key is active and the given string is a match for HashedSecret
 func (k *ApiKey) IsCorrect(given string) error {
+	if k.ActivatedAt == 0 {
+		return fmt.Errorf("key is not active: %s", k.Key)
+	}
+
 	if given == "" {
 		return errors.New("secret to compare cannot be empty")
 	}
+
 	if k.HashedSecret == "" {
 		return errors.New("cannot compare with empty hashed secret")
 	}
diff --git a/apikey_test.go b/apikey_test.go
@@ -20,26 +20,37 @@ func TestApiKey_IsCorrect(t *testing.T) {
 	tests := []struct {
 		name         string
 		HashedSecret string
+		ActivatedAt  int
 		Given        string
 		wantErr      bool
 	}{
 		{
 			name:         "valid secret",
 			HashedSecret: "$2y$10$Y.FlUK8q//DfybgFzNG2lONaJwvEFxHnCRo/r60BZbITDT6rOUhGa",
+			ActivatedAt:  1744896576000,
 			Given:        "abc123",
 			wantErr:      false,
 		},
 		{
 			name:         "invalid secret",
 			HashedSecret: "$2y$10$Y.FlUK8q//DfybgFzNG2lONaJwvEFxHnCRo/r60BZbITDT6rOUhGa",
+			ActivatedAt:  1744896576000,
 			Given:        "123abc",
 			wantErr:      true,
 		},
+		{
+			name:         "inactive",
+			HashedSecret: "$2y$10$Y.FlUK8q//DfybgFzNG2lONaJwvEFxHnCRo/r60BZbITDT6rOUhGa",
+			ActivatedAt:  0,
+			Given:        "abc123",
+			wantErr:      true,
+		},
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
 			k := &ApiKey{
 				HashedSecret: tt.HashedSecret,
+				ActivatedAt:  tt.ActivatedAt,
 			}
 			err := k.IsCorrect(tt.Given)
 			if (err != nil) != tt.wantErr {
@@ -66,7 +77,8 @@ func TestApiKey_Hash(t *testing.T) {
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
 			k := &ApiKey{
-				Secret: tt.Secret,
+				Secret:      tt.Secret,
+				ActivatedAt: 1744896576000,
 			}
 			err := k.Hash()
 			if (err != nil) != tt.wantErr {
diff --git a/auth.go b/auth.go
@@ -38,10 +38,6 @@ func AuthenticateRequest(r *http.Request) (User, error) {
 		return nil, fmt.Errorf("failed to load api key: %w", err)
 	}
 
-	if apiKey.ActivatedAt == 0 {
-		return nil, fmt.Errorf("api call attempted for not yet activated key: %s", apiKey.Key)
-	}
-
 	err = apiKey.IsCorrect(secret)
 	if err != nil {
 		return nil, fmt.Errorf("failed to validate api key: %w", err)

Original file line number	Diff line number	Diff line change
`@@ -52,11 +52,16 @@ func (k *ApiKey) Hash() error {`
`52`	`52`	`return err`
`53`	`53`	`}`
`54`	`54`
`55`		`-// IsCorrect returns true if and only if the given string is a match for HashedSecret`
	`55`	`+// IsCorrect returns true if and only if the key is active and the given string is a match for HashedSecret`
`56`	`56`	`func (k *ApiKey) IsCorrect(given string) error {`
	`57`	`+ if k.ActivatedAt == 0 {`
	`58`	`+ return fmt.Errorf("key is not active: %s", k.Key)`
	`59`	`+ }`
	`60`	`+`
`57`	`61`	`if given == "" {`
`58`	`62`	`return errors.New("secret to compare cannot be empty")`
`59`	`63`	`}`
	`64`	`+`
`60`	`65`	`if k.HashedSecret == "" {`
`61`	`66`	`return errors.New("cannot compare with empty hashed secret")`
`62`	`67`	`}`