Fork: 0
lukas / Website-backend
Transfer to URL with SHA Find file
Newer
Older
Website-backend / app / controllers / api / users_controller.rb
@lukas lukas on 3 Apr 2022 1 KB initial commit
Raw Blame History 
class Api::UsersController < ActionController::API
  def renderError
    render :json => { "success" => false }
  end

  def digParameter(name)
    @data = params.dig(name)
    renderError if !@data
    return @data
  end

  def getUsername
    return digParameter('username')
  end

  def getPasswordHash
    return digParameter('passwordHash')
  end

  def getUser
    return nil if !@username = getUsername
    @user = User.where(["username = ?", params[:username]]).first
    renderError if !@user
    return @user
  end

  def isUserPasswordCorrect(user)
    return if !@passwordHash = getPasswordHash
    @correct = user.passwordHash == Digest::SHA256.hexdigest(@passwordHash + @user.secretSalt)
    renderError if !@correct
    return @correct
  end

  def generateUserToken(user)
    @token = UserToken.new(user)
    return @token.toString
  end

  def authenticate
    return if !@user = getUser
    return if !isUserPasswordCorrect(@user)
    @result = { "success" => true, "token" => generateUserToken(@user) }
    render :json => @result
  end

  def presalt
    return if !@user = getUser
    @result = { "success" => true, "presalt" => @user.publicSalt }
    render :json => @result
  end

  def getToken
    return digParameter('token')
  end

  def checkToken
    return if !@token = getToken
    @jwt = JWT.new(@token)
    @data = @token[0..@token.rindex('.')-1]
    p @data
    p @jwt.signature
    Authority.all.each do |authority|
      if @jwt.data['iss'] == authority.name && 
         @jwt.signature == OpenSSL::HMAC.hexdigest(OpenSSL::Digest.new('sha256'), 
                                                   authority.signature, @data).tr('=', '')
        render :json => { 'success' => true, 'valid' => true }
        return
      end
    end
    render :json => { 'success' => true, 'valid' => false }
  end
end