diff --git a/app/controllers/api/users_controller.rb b/app/controllers/api/users_controller.rb index b222102..8b4f4de 100644 --- a/app/controllers/api/users_controller.rb +++ b/app/controllers/api/users_controller.rb @@ -1,6 +1,9 @@ class Api::UsersController < ActionController::API def renderError - render :json => { "success" => false } + render :json => { + 'success' => false, + 'message': 'Well damn, you did something wrong... Lucky debugging' + } end def digParameter(name) @@ -98,4 +101,24 @@ @user.statuses.create(text: @message, lifetime: @lifetime) render :json => { 'success' => true } end + + def quotes + @quotes = Array.new + User.select { |user| user.isAdmin && user.quote && user.quote.length > 0}.each do |user| + next if user.quote.length == 0 + @quotes.push({ 'user' => user.username, 'quote' => user.quote }) + end + render :json => { 'success' => true, 'quotes' => @quotes } + end + + def updateQuote + return if !@user = getUser + return if !@token = digParameter('token') + return if !isTokenValid(@token, @user) + return if !@user.isAdmin + return if !@quote = digParameter('quote') + @user.quote = @quote + @user.save + render :json => { 'success' => true } + end end diff --git a/app/controllers/api/users_controller.rb b/app/controllers/api/users_controller.rb index b222102..8b4f4de 100644 --- a/app/controllers/api/users_controller.rb +++ b/app/controllers/api/users_controller.rb @@ -1,6 +1,9 @@ class Api::UsersController < ActionController::API def renderError - render :json => { "success" => false } + render :json => { + 'success' => false, + 'message': 'Well damn, you did something wrong... Lucky debugging' + } end def digParameter(name) @@ -98,4 +101,24 @@ @user.statuses.create(text: @message, lifetime: @lifetime) render :json => { 'success' => true } end + + def quotes + @quotes = Array.new + User.select { |user| user.isAdmin && user.quote && user.quote.length > 0}.each do |user| + next if user.quote.length == 0 + @quotes.push({ 'user' => user.username, 'quote' => user.quote }) + end + render :json => { 'success' => true, 'quotes' => @quotes } + end + + def updateQuote + return if !@user = getUser + return if !@token = digParameter('token') + return if !isTokenValid(@token, @user) + return if !@user.isAdmin + return if !@quote = digParameter('quote') + @user.quote = @quote + @user.save + render :json => { 'success' => true } + end end diff --git a/config/routes.rb b/config/routes.rb index c188282..8c140be 100644 --- a/config/routes.rb +++ b/config/routes.rb @@ -6,4 +6,6 @@ post @root+'users/changePassword' post @root+'users/postStatus' get @root+'users/status', to: 'api/users#status' + post @root+'users/updateQuote' + get @root+'users/quotes', to: 'api/users#quotes' end diff --git a/app/controllers/api/users_controller.rb b/app/controllers/api/users_controller.rb index b222102..8b4f4de 100644 --- a/app/controllers/api/users_controller.rb +++ b/app/controllers/api/users_controller.rb @@ -1,6 +1,9 @@ class Api::UsersController < ActionController::API def renderError - render :json => { "success" => false } + render :json => { + 'success' => false, + 'message': 'Well damn, you did something wrong... Lucky debugging' + } end def digParameter(name) @@ -98,4 +101,24 @@ @user.statuses.create(text: @message, lifetime: @lifetime) render :json => { 'success' => true } end + + def quotes + @quotes = Array.new + User.select { |user| user.isAdmin && user.quote && user.quote.length > 0}.each do |user| + next if user.quote.length == 0 + @quotes.push({ 'user' => user.username, 'quote' => user.quote }) + end + render :json => { 'success' => true, 'quotes' => @quotes } + end + + def updateQuote + return if !@user = getUser + return if !@token = digParameter('token') + return if !isTokenValid(@token, @user) + return if !@user.isAdmin + return if !@quote = digParameter('quote') + @user.quote = @quote + @user.save + render :json => { 'success' => true } + end end diff --git a/config/routes.rb b/config/routes.rb index c188282..8c140be 100644 --- a/config/routes.rb +++ b/config/routes.rb @@ -6,4 +6,6 @@ post @root+'users/changePassword' post @root+'users/postStatus' get @root+'users/status', to: 'api/users#status' + post @root+'users/updateQuote' + get @root+'users/quotes', to: 'api/users#quotes' end diff --git a/db/migrate/20220403081640_create_users.rb b/db/migrate/20220403081640_create_users.rb index babbc0b..29f558e 100644 --- a/db/migrate/20220403081640_create_users.rb +++ b/db/migrate/20220403081640_create_users.rb @@ -6,6 +6,8 @@ t.string :publicSalt t.string :secretSalt t.string :passwordHash + t.boolean :isAdmin + t.string :quote end end end diff --git a/app/controllers/api/users_controller.rb b/app/controllers/api/users_controller.rb index b222102..8b4f4de 100644 --- a/app/controllers/api/users_controller.rb +++ b/app/controllers/api/users_controller.rb @@ -1,6 +1,9 @@ class Api::UsersController < ActionController::API def renderError - render :json => { "success" => false } + render :json => { + 'success' => false, + 'message': 'Well damn, you did something wrong... Lucky debugging' + } end def digParameter(name) @@ -98,4 +101,24 @@ @user.statuses.create(text: @message, lifetime: @lifetime) render :json => { 'success' => true } end + + def quotes + @quotes = Array.new + User.select { |user| user.isAdmin && user.quote && user.quote.length > 0}.each do |user| + next if user.quote.length == 0 + @quotes.push({ 'user' => user.username, 'quote' => user.quote }) + end + render :json => { 'success' => true, 'quotes' => @quotes } + end + + def updateQuote + return if !@user = getUser + return if !@token = digParameter('token') + return if !isTokenValid(@token, @user) + return if !@user.isAdmin + return if !@quote = digParameter('quote') + @user.quote = @quote + @user.save + render :json => { 'success' => true } + end end diff --git a/config/routes.rb b/config/routes.rb index c188282..8c140be 100644 --- a/config/routes.rb +++ b/config/routes.rb @@ -6,4 +6,6 @@ post @root+'users/changePassword' post @root+'users/postStatus' get @root+'users/status', to: 'api/users#status' + post @root+'users/updateQuote' + get @root+'users/quotes', to: 'api/users#quotes' end diff --git a/db/migrate/20220403081640_create_users.rb b/db/migrate/20220403081640_create_users.rb index babbc0b..29f558e 100644 --- a/db/migrate/20220403081640_create_users.rb +++ b/db/migrate/20220403081640_create_users.rb @@ -6,6 +6,8 @@ t.string :publicSalt t.string :secretSalt t.string :passwordHash + t.boolean :isAdmin + t.string :quote end end end diff --git a/db/schema.rb b/db/schema.rb index e1db189..1319f0e 100644 --- a/db/schema.rb +++ b/db/schema.rb @@ -31,6 +31,8 @@ t.string "publicSalt" t.string "secretSalt" t.string "passwordHash" + t.boolean "isAdmin" + t.string "quote" end end diff --git a/app/controllers/api/users_controller.rb b/app/controllers/api/users_controller.rb index b222102..8b4f4de 100644 --- a/app/controllers/api/users_controller.rb +++ b/app/controllers/api/users_controller.rb @@ -1,6 +1,9 @@ class Api::UsersController < ActionController::API def renderError - render :json => { "success" => false } + render :json => { + 'success' => false, + 'message': 'Well damn, you did something wrong... Lucky debugging' + } end def digParameter(name) @@ -98,4 +101,24 @@ @user.statuses.create(text: @message, lifetime: @lifetime) render :json => { 'success' => true } end + + def quotes + @quotes = Array.new + User.select { |user| user.isAdmin && user.quote && user.quote.length > 0}.each do |user| + next if user.quote.length == 0 + @quotes.push({ 'user' => user.username, 'quote' => user.quote }) + end + render :json => { 'success' => true, 'quotes' => @quotes } + end + + def updateQuote + return if !@user = getUser + return if !@token = digParameter('token') + return if !isTokenValid(@token, @user) + return if !@user.isAdmin + return if !@quote = digParameter('quote') + @user.quote = @quote + @user.save + render :json => { 'success' => true } + end end diff --git a/config/routes.rb b/config/routes.rb index c188282..8c140be 100644 --- a/config/routes.rb +++ b/config/routes.rb @@ -6,4 +6,6 @@ post @root+'users/changePassword' post @root+'users/postStatus' get @root+'users/status', to: 'api/users#status' + post @root+'users/updateQuote' + get @root+'users/quotes', to: 'api/users#quotes' end diff --git a/db/migrate/20220403081640_create_users.rb b/db/migrate/20220403081640_create_users.rb index babbc0b..29f558e 100644 --- a/db/migrate/20220403081640_create_users.rb +++ b/db/migrate/20220403081640_create_users.rb @@ -6,6 +6,8 @@ t.string :publicSalt t.string :secretSalt t.string :passwordHash + t.boolean :isAdmin + t.string :quote end end end diff --git a/db/schema.rb b/db/schema.rb index e1db189..1319f0e 100644 --- a/db/schema.rb +++ b/db/schema.rb @@ -31,6 +31,8 @@ t.string "publicSalt" t.string "secretSalt" t.string "passwordHash" + t.boolean "isAdmin" + t.string "quote" end end diff --git a/db/seeds.rb b/db/seeds.rb index a6f9a95..0d52f85 100644 --- a/db/seeds.rb +++ b/db/seeds.rb @@ -2,17 +2,19 @@ return Digest::SHA256.hexdigest(Digest::SHA256.hexdigest(password + publicSalt) + privateSalt) end -def createUser(username, password) +def createUser(username, password, isAdmin) @publicSalt = SecureRandom.hex(64) @secretSalt = SecureRandom.hex(64) User.create(uuid: SecureRandom.uuid, username: username, publicSalt: @publicSalt, secretSalt: @secretSalt, - passwordHash: getHash(password, @publicSalt, @secretSalt)) + passwordHash: getHash(password, @publicSalt, @secretSalt), + isAdmin: isAdmin, + ) end -createUser('admin', 'changeme') -createUser('lukas', 'test') +createUser('admin', 'changeme', true) +createUser('lukas', 'test', false) Authority.create(name:`hostname`.tr("\n", ''), signature: Rails.application.credentials.secret_key_base) Authority.create(name: 'thirdParty', signature: 'thirdPartyKKey') diff --git a/app/controllers/api/users_controller.rb b/app/controllers/api/users_controller.rb index b222102..8b4f4de 100644 --- a/app/controllers/api/users_controller.rb +++ b/app/controllers/api/users_controller.rb @@ -1,6 +1,9 @@ class Api::UsersController < ActionController::API def renderError - render :json => { "success" => false } + render :json => { + 'success' => false, + 'message': 'Well damn, you did something wrong... Lucky debugging' + } end def digParameter(name) @@ -98,4 +101,24 @@ @user.statuses.create(text: @message, lifetime: @lifetime) render :json => { 'success' => true } end + + def quotes + @quotes = Array.new + User.select { |user| user.isAdmin && user.quote && user.quote.length > 0}.each do |user| + next if user.quote.length == 0 + @quotes.push({ 'user' => user.username, 'quote' => user.quote }) + end + render :json => { 'success' => true, 'quotes' => @quotes } + end + + def updateQuote + return if !@user = getUser + return if !@token = digParameter('token') + return if !isTokenValid(@token, @user) + return if !@user.isAdmin + return if !@quote = digParameter('quote') + @user.quote = @quote + @user.save + render :json => { 'success' => true } + end end diff --git a/config/routes.rb b/config/routes.rb index c188282..8c140be 100644 --- a/config/routes.rb +++ b/config/routes.rb @@ -6,4 +6,6 @@ post @root+'users/changePassword' post @root+'users/postStatus' get @root+'users/status', to: 'api/users#status' + post @root+'users/updateQuote' + get @root+'users/quotes', to: 'api/users#quotes' end diff --git a/db/migrate/20220403081640_create_users.rb b/db/migrate/20220403081640_create_users.rb index babbc0b..29f558e 100644 --- a/db/migrate/20220403081640_create_users.rb +++ b/db/migrate/20220403081640_create_users.rb @@ -6,6 +6,8 @@ t.string :publicSalt t.string :secretSalt t.string :passwordHash + t.boolean :isAdmin + t.string :quote end end end diff --git a/db/schema.rb b/db/schema.rb index e1db189..1319f0e 100644 --- a/db/schema.rb +++ b/db/schema.rb @@ -31,6 +31,8 @@ t.string "publicSalt" t.string "secretSalt" t.string "passwordHash" + t.boolean "isAdmin" + t.string "quote" end end diff --git a/db/seeds.rb b/db/seeds.rb index a6f9a95..0d52f85 100644 --- a/db/seeds.rb +++ b/db/seeds.rb @@ -2,17 +2,19 @@ return Digest::SHA256.hexdigest(Digest::SHA256.hexdigest(password + publicSalt) + privateSalt) end -def createUser(username, password) +def createUser(username, password, isAdmin) @publicSalt = SecureRandom.hex(64) @secretSalt = SecureRandom.hex(64) User.create(uuid: SecureRandom.uuid, username: username, publicSalt: @publicSalt, secretSalt: @secretSalt, - passwordHash: getHash(password, @publicSalt, @secretSalt)) + passwordHash: getHash(password, @publicSalt, @secretSalt), + isAdmin: isAdmin, + ) end -createUser('admin', 'changeme') -createUser('lukas', 'test') +createUser('admin', 'changeme', true) +createUser('lukas', 'test', false) Authority.create(name:`hostname`.tr("\n", ''), signature: Rails.application.credentials.secret_key_base) Authority.create(name: 'thirdParty', signature: 'thirdPartyKKey') diff --git a/lib/UserToken.rb b/lib/UserToken.rb index 0acb021..b1b1373 100644 --- a/lib/UserToken.rb +++ b/lib/UserToken.rb @@ -4,7 +4,8 @@ 'iss': `hostname`.tr("\n", ''), 'dat': Time.now.getutc, 'typ': 'usr', - 'usr': user.username} - ) + 'usr': user.username, + 'admin': user.isAdmin, + }) end end \ No newline at end of file