class Api::UsersController < ActionController::API def renderError render :json => { 'success' => false, 'message': 'Well damn, you did something wrong... Lucky debugging' } end def digParameter(name) @data = params.dig(name) renderError if !@data return @data end def getUser return nil if !@username = digParameter('username') @user = User.where(["username = ?", params[:username]]).first renderError if !@user return @user end def isUserPasswordCorrect(user) return if !@passwordHash = digParameter('passwordHash') @correct = user.passwordHash == Digest::SHA256.hexdigest(@passwordHash + @user.secretSalt) renderError if !@correct return @correct end def generateUserToken(user) @token = UserToken.new(user) return @token.toString end def authenticate return if !@user = getUser return if !isUserPasswordCorrect(@user) @result = { "success" => true, "token" => generateUserToken(@user) } render :json => @result end def presalt return if !@user = getUser @result = { "success" => true, "presalt" => @user.publicSalt } render :json => @result end def isTokenValid(token, user) @jwt = JWT.new(token) @data = token[0..token.rindex('.')-1] p @jwt.signature Authority.all.each do |authority| if @jwt.data['iss'] == authority.name && @jwt.signature == OpenSSL::HMAC.hexdigest(OpenSSL::Digest.new('sha256'), authority.signature, @data).tr('=', '') return true end end renderError return false end def checkToken return if !@user = getUser return if !@token = digParameter('token') return if !isTokenValid(@token, @user) render :json => { 'success' => true, 'valid' => true } end def changePassword return if !@user = getUser return if !@token = digParameter('token') return if !isTokenValid(@token, @user) return if !@passwordHash = digParameter('passwordHash') @user.passwordHash = Digest::SHA256.hexdigest(@passwordHash + @user.secretSalt) @user.save() render :json => { 'success' => true } end def status @userStatuses = Array.new Status.order('created_at DESC').all.each do |status| if status.created_at.to_i + status.lifetime < Time.now.to_i status.destroy next end @userStatuses.push({ 'user' => status.user.username, 'message' => status.text }) end render :json => { 'success' => true, 'userStatuses' => @userStatuses } end def postStatus return if !@user = getUser return if !@token = digParameter('token') return if !isTokenValid(@token, @user) return if !@message = digParameter('status') return if !@lifetime = digParameter('lifetime') if @lifetime > 24 * 3600 renderError return end @user.statuses.create(text: @message, lifetime: @lifetime) render :json => { 'success' => true } end def quotes @quotes = Array.new User.select { |user| user.isAdmin && user.quote && user.quote.length > 0}.each do |user| next if user.quote.length == 0 @quotes.push({ 'user' => user.username, 'quote' => user.quote }) end render :json => { 'success' => true, 'quotes' => @quotes } end def updateQuote return if !@user = getUser return if !@token = digParameter('token') return if !isTokenValid(@token, @user) return if !@user.isAdmin return if !@quote = digParameter('quote') @user.quote = @quote @user.save render :json => { 'success' => true } end end