Fork: 0
lukas / Website-backend
Transfer to URL with SHA Find file
Newer
Older
Website-backend / app / controllers / api / users_controller.rb
@lukas lukas on 7 Apr 2022 2 KB order statuses by creation date
Raw Blame History 
class Api::UsersController < ActionController::API
  def renderError
    render :json => { "success" => false }
  end

  def digParameter(name)
    @data = params.dig(name)
    renderError if !@data
    return @data
  end

  def getUser
    return nil if !@username = digParameter('username')
    @user = User.where(["username = ?", params[:username]]).first
    renderError if !@user
    return @user
  end

  def isUserPasswordCorrect(user)
    return if !@passwordHash = digParameter('passwordHash')
    @correct = user.passwordHash == Digest::SHA256.hexdigest(@passwordHash + @user.secretSalt)
    renderError if !@correct
    return @correct
  end

  def generateUserToken(user)
    @token = UserToken.new(user)
    return @token.toString
  end

  def authenticate
    return if !@user = getUser
    return if !isUserPasswordCorrect(@user)
    @result = { "success" => true, "token" => generateUserToken(@user) }
    render :json => @result
  end

  def presalt
    return if !@user = getUser
    @result = { "success" => true, "presalt" => @user.publicSalt }
    render :json => @result
  end

  def isTokenValid(token, user)
    @jwt = JWT.new(token)
    @data = token[0..token.rindex('.')-1]
    p @jwt.signature
    Authority.all.each do |authority|
      if @jwt.data['iss'] == authority.name && 
         @jwt.signature == OpenSSL::HMAC.hexdigest(OpenSSL::Digest.new('sha256'), 
                                                   authority.signature, @data).tr('=', '')
        return true
      end
    end
    renderError
    return false
  end

  def checkToken
    return if !@user = getUser
    return if !@token = digParameter('token')
    return if !isTokenValid(@token, @user)
    render :json => { 'success' => true, 'valid' => true }
  end

  def changePassword
    return if !@user = getUser
    return if !@token = digParameter('token')
    return if !isTokenValid(@token, @user)
    return if !@passwordHash = digParameter('passwordHash')
    @user.passwordHash = Digest::SHA256.hexdigest(@passwordHash + @user.secretSalt)
    @user.save()
    render :json => { 'success' => true }
  end

  def status
    @userStatuses = Array.new
    Status.order('created_at DESC').all.each do |status|
      if status.created_at.to_i + status.lifetime < Time.now.to_i
        status.destroy
        next
      end
      @userStatuses.push({ 'user' => status.user.username, 'message' => status.text })
    end
    render :json => { 'success' => true, 'userStatuses' => @userStatuses }
  end

  def postStatus
    return if !@user = getUser
    return if !@token = digParameter('token')
    return if !isTokenValid(@token, @user)
    return if !@message = digParameter('status')
    return if !@lifetime = digParameter('lifetime')
    if @lifetime > 24 * 3600
      renderError
      return
    end
    @user.statuses.create(text: @message, lifetime: @lifetime)
    render :json => { 'success' => true }
  end
end