class Api::UsersController < ActionController::API def renderError render :json => { "success" => false } end def digParameter(name) @data = params.dig(name) renderError if !@data return @data end def getUsername return digParameter('username') end def getPasswordHash return digParameter('passwordHash') end def getUser return nil if !@username = getUsername @user = User.where(["username = ?", params[:username]]).first renderError if !@user return @user end def isUserPasswordCorrect(user) return if !@passwordHash = getPasswordHash @correct = user.passwordHash == Digest::SHA256.hexdigest(@passwordHash + @user.secretSalt) renderError if !@correct return @correct end def generateUserToken(user) @token = UserToken.new(user) return @token.toString end def authenticate return if !@user = getUser return if !isUserPasswordCorrect(@user) @result = { "success" => true, "token" => generateUserToken(@user) } render :json => @result end def presalt return if !@user = getUser @result = { "success" => true, "presalt" => @user.publicSalt } render :json => @result end def getToken return digParameter('token') end def checkToken return if !@token = getToken @jwt = JWT.new(@token) @data = @token[0..@token.rindex('.')-1] p @data p @jwt.signature Authority.all.each do |authority| if @jwt.data['iss'] == authority.name && @jwt.signature == OpenSSL::HMAC.hexdigest(OpenSSL::Digest.new('sha256'), authority.signature, @data).tr('=', '') render :json => { 'success' => true, 'valid' => true } return end end render :json => { 'success' => true, 'valid' => false } end end