Fork: 0
lukas / Website-backend
Transfer to URL with SHA Find file
Newer
Older
Website-backend / app / controllers / api / users_controller.rb
@lukas lukas on 23 Aug 2022 3 KB correct ruby syntax
Raw Blame History 
class Api::UsersController < ActionController::API
  def renderError
    render :json => {
      'success' => false,
      'message': 'Well damn, you did something wrong... Lucky debugging'
    }
  end

  def digParameter(name)
    data = params.dig(name)
    renderError if !data
    return data
  end

  def getUser
    return nil if !username = digParameter('username')
    user = User.where(["username = ?", params[:username]]).first
    renderError if !user
    return user
  end

  def isUserPasswordCorrect(user)
    return if !passwordHash = digParameter('passwordHash')
    correct = user.passwordHash == Digest::SHA256.hexdigest(passwordHash + user.secretSalt)
    renderError if !correct
    return correct
  end

  def generateUserToken(user)
    token = UserToken.new(user)
    return token.toString
  end

  def authenticate
    return if !user = getUser
    return if !isUserPasswordCorrect(user)
    result = { "success" => true, "token" => generateUserToken(user) }
    render :json => result
  end

  def presalt
    return if !user = getUser
    result = { "success" => true, "presalt" => user.publicSalt }
    render :json => result
  end

  def isTokenValid(token, user)
    jwt = JWT.new(token)
    data = token[0..token.rindex('.')-1]
    p jwt.signature
    Authority.all.each do |authority|
      if jwt.data['iss'] == authority.name && 
         jwt.signature == OpenSSL::HMAC.hexdigest(OpenSSL::Digest.new('sha256'), 
                                                   authority.signature, data).tr('=', '')
        return true
      end
    end
    renderError
    return false
  end

  def checkToken
    return if !user = getUser
    return if !token = digParameter('token')
    return if !isTokenValid(token, user)
    render :json => { 'success' => true, 'valid' => true }
  end

  def changePassword
    return if !user = getUser
    return if !token = digParameter('token')
    return if !isTokenValid(token, user)
    return if !passwordHash = digParameter('passwordHash')
    user.passwordHash = Digest::SHA256.hexdigest(passwordHash + user.secretSalt)
    user.save()
    render :json => { 'success' => true }
  end

  def status
    userStatuses = Array.new
    Status.order('created_at DESC').all.each do |status|
      if status.created_at.to_i + status.lifetime < Time.now.to_i
        status.destroy
        next
      end
      userStatuses.push({
        'user' => status.user.username,
        'message' => status.text,
        'createdAt' => status.created_at.to_i,
        'lifetime' => status.lifetime,
      })
    end
    render :json => { 'success' => true, 'userStatuses' => userStatuses }
  end

  def postStatus
    return if !user = getUser
    return if !token = digParameter('token')
    return if !isTokenValid(token, user)
    return if !message = digParameter('status')
    return if !lifetime = digParameter('lifetime')
    if lifetime > 24 * 3600
      renderError
      return
    end
    user.statuses.create(text: message, lifetime: lifetime)
    render :json => { 'success' => true }
  end

  def quotes
    quotes = Array.new
    User.select { |user| user.isAdmin && user.quote && user.quote.length > 0}.each do |user|
      next if user.quote.length == 0
      quotes.push({ 'user' => user.username, 'quote' => user.quote })
    end
    render :json => { 'success' => true, 'quotes' => quotes }
  end

  def updateQuote
    return if !user = getUser
    return if !token = digParameter('token')
    return if !isTokenValid(token, user)
    return if !user.isAdmin
    return if !quote = digParameter('quote')
    user.quote = quote
    user.save
    render :json => { 'success' => true }
  end
end