Store password in client structure.

No need to carry password around.

client.go

 package main
 
+type clientCredentials struct {
+	Username string `json:"username,omitempty"`
+	Password string `json:"password,omitempty"`
+}
+
 type client interface {
 	Group() *group
 	Id() string
-	Username() string
+	Credentials() clientCredentials
 	pushConn(id string, conn upConnection, tracks []upTrack, label string) error
 	pushClient(id, username string, add bool) error
 }

disk.go

@@ -32,8 +32,8 @@ func (client *diskClient) Id() string {
 	return client.id
 }
 
-func (client *diskClient) Username() string {
-	return "RECORDING"
+func (client *diskClient) Credentials() clientCredentials {
+	return clientCredentials{"RECORDING", ""}
 }
 
 func (client *diskClient) pushClient(id, username string, add bool) error {

group.go

@@ -180,13 +180,13 @@ func delGroupUnlocked(name string) bool {
 	return true
 }
 
-func addClient(name string, c client, pass string) (*group, error) {
+func addClient(name string, c client) (*group, error) {
 	g, err := addGroup(name, nil)
 	if err != nil {
 		return nil, err
 	}
 
-	perms, err := getPermission(g.description, c.Username(), pass)
+	perms, err := getPermission(g.description, c.Credentials())
 	if err != nil {
 		return nil, err
 	}
@@ -214,13 +214,15 @@ func addClient(name string, c client, pass string) (*group, error) {
 	g.clients[c.Id()] = c
 
 	go func(clients []client) {
-		c.pushClient(c.Id(), c.Username(), true)
+		u := c.Credentials().Username
+		c.pushClient(c.Id(), u, true)
 		for _, cc := range clients {
-			err := c.pushClient(cc.Id(), cc.Username(), true)
+			uu := cc.Credentials().Username
+			err := c.pushClient(cc.Id(), uu, true)
 			if err == ErrClientDead {
 				return
 			}
-			cc.pushClient(c.Id(), c.Username(), true)
+			cc.pushClient(c.Id(), u, true)
 		}
 	}(g.getClientsUnlocked(c))
 
@@ -240,7 +242,7 @@ func delClient(c client) {
 
 	go func(clients []client) {
 		for _, cc := range clients {
-			cc.pushClient(c.Id(), c.Username(), false)
+			cc.pushClient(c.Id(), c.Credentials().Username, false)
 		}
 	}(g.getClientsUnlocked(nil))
 }
@@ -311,19 +313,15 @@ func (g *group) getChatHistory() []chatHistoryEntry {
 	return h
 }
 
-type groupUser struct {
-	Username string `json:"username,omitempty"`
-	Password string `json:"password,omitempty"`
-}
-
-func matchUser(user, pass string, users []groupUser) (bool, bool) {
+func matchUser(user clientCredentials, users []clientCredentials) (bool, bool) {
 	for _, u := range users {
 		if u.Username == "" {
-			if u.Password == "" || u.Password == pass {
+			if u.Password == "" || u.Password == user.Password {
 				return true, true
 			}
-		} else if u.Username == user {
-			return true, (u.Password == "" || u.Password == pass)
+		} else if u.Username == user.Username {
+			return true,
+				(u.Password == "" || u.Password == user.Password)
 		}
 	}
 	return false, false
@@ -337,9 +335,9 @@ type groupDescription struct {
 	MaxClients     int                 `json:"max-clients,omitempty"`
 	AllowAnonymous bool                `json:"allow-anonymous,omitempty"`
 	AllowRecording bool                `json:"allow-recording,omitempty"`
-	Op             []groupUser `json:"op,omitempty"`
-	Presenter      []groupUser `json:"presenter,omitempty"`
-	Other          []groupUser `json:"other,omitempty"`
+	Op             []clientCredentials `json:"op,omitempty"`
+	Presenter      []clientCredentials `json:"presenter,omitempty"`
+	Other          []clientCredentials `json:"other,omitempty"`
 }
 
 func descriptionChanged(name string, old *groupDescription) (bool, error) {
@@ -384,18 +382,18 @@ func getDescription(name string) (*groupDescription, error) {
 	return &desc, nil
 }
 
-type userPermission struct {
+type clientPermission struct {
 	Op      bool `json:"op,omitempty"`
 	Present bool `json:"present,omitempty"`
 	Record  bool `json:"record,omitempty"`
 }
 
-func getPermission(desc *groupDescription, user, pass string) (userPermission, error) {
-	var p userPermission
-	if !desc.AllowAnonymous && user == "" {
+func getPermission(desc *groupDescription, creds clientCredentials) (clientPermission, error) {
+	var p clientPermission
+	if !desc.AllowAnonymous && creds.Username == "" {
 		return p, userError("anonymous users not allowed in this group, please choose a username")
 	}
-	if found, good := matchUser(user, pass, desc.Op); found {
+	if found, good := matchUser(creds, desc.Op); found {
 		if good {
 			p.Op = true
 			p.Present = true
@@ -406,14 +404,14 @@ func getPermission(desc *groupDescription, user, pass string) (userPermission, e
 		}
 		return p, userError("not authorised")
 	}
-	if found, good := matchUser(user, pass, desc.Presenter); found {
+	if found, good := matchUser(creds, desc.Presenter); found {
 		if good {
 			p.Present = true
 			return p, nil
 		}
 		return p, userError("not authorised")
 	}
-	if found, good := matchUser(user, pass, desc.Other); found {
+	if found, good := matchUser(creds, desc.Other); found {
 		if good {
 			return p, nil
 		}

webclient.go

@@ -86,8 +86,8 @@ func isWSNormalError(err error) bool {
 type webClient struct {
 	group       *group
 	id          string
-	username    string
-	permissions userPermission
+	credentials clientCredentials
+	permissions clientPermission
 	requested   map[string]uint32
 	done        chan struct{}
 	writeCh     chan interface{}
@@ -107,8 +107,8 @@ func (c *webClient) Id() string {
 	return c.id
 }
 
-func (c *webClient) Username() string {
-	return c.username
+func (c *webClient) Credentials() clientCredentials {
+	return c.credentials
 }
 
 func (c *webClient) pushClient(id, username string, add bool) error {
@@ -172,7 +172,7 @@ type clientMessage struct {
 	Id          string                     `json:"id,omitempty"`
 	Username    string                     `json:"username,omitempty"`
 	Password    string                     `json:"password,omitempty"`
-	Permissions userPermission             `json:"permissions,omitempty"`
+	Permissions clientPermission           `json:"permissions,omitempty"`
 	Group       string                     `json:"group,omitempty"`
 	Value       string                     `json:"value,omitempty"`
 	Me          bool                       `json:"me,omitempty"`
@@ -461,8 +461,8 @@ func gotOffer(c *webClient, id string, offer webrtc.SessionDescription, renegoti
 		return err
 	}
 
-	if c.username != "" {
-		up.label = c.username
+	if u := c.Credentials().Username; u != "" {
+		up.label = u
 	}
 	err = up.pc.SetRemoteDescription(offer)
 	if err != nil {
@@ -631,7 +631,10 @@ func startClient(conn *websocket.Conn) (err error) {
 
 	c := &webClient{
 		id: m.Id,
-		username: m.Username,
+		credentials: clientCredentials{
+			m.Username,
+			m.Password,
+		},
 		actionCh: make(chan interface{}, 10),
 		done:     make(chan struct{}),
 	}
@@ -662,7 +665,7 @@ func startClient(conn *websocket.Conn) (err error) {
 	c.writerDone = make(chan struct{})
 	go clientWriter(conn, c.writeCh, c.writerDone)
 
-	g, err := addClient(m.Group, c, m.Password)
+	g, err := addClient(m.Group, c)
 	if err != nil {
 		return
 	}
@@ -1015,7 +1018,7 @@ func handleClientMessage(c *webClient, m clientMessage) error {
 			group: c.group,
 			id:    "recording",
 		}
-		_, err := addClient(c.group.name, disk, "")
+		_, err := addClient(c.group.name, disk)
 		if err != nil {
 			disk.Close()
 			return c.error(err)

webserver.go

@@ -334,7 +334,7 @@ func checkGroupPermissions(w http.ResponseWriter, r *http.Request, group string)
 		return false
 	}
 
-	p, err := getPermission(desc, user, pass)
+	p, err := getPermission(desc, clientCredentials{user, pass})
 	if err != nil || !p.Record {
 		return false
 	}