diff --git a/app/controllers/api/users_controller.rb b/app/controllers/api/users_controller.rb index d9c6f70..5fd0617 100644 --- a/app/controllers/api/users_controller.rb +++ b/app/controllers/api/users_controller.rb @@ -7,51 +7,51 @@ end def digParameter(name) - @data = params.dig(name) - renderError if !@data - return @data + data = params.dig(name) + renderError if !data + return data end def getUser - return nil if !@username = digParameter('username') - @user = User.where(["username = ?", params[:username]]).first - renderError if !@user - return @user + return nil if !username = digParameter('username') + user = User.where(["username = ?", params[:username]]).first + renderError if !user + return user end def isUserPasswordCorrect(user) - return if !@passwordHash = digParameter('passwordHash') - @correct = user.passwordHash == Digest::SHA256.hexdigest(@passwordHash + @user.secretSalt) - renderError if !@correct - return @correct + return if !passwordHash = digParameter('passwordHash') + correct = user.passwordHash == Digest::SHA256.hexdigest(passwordHash + user.secretSalt) + renderError if !correct + return correct end def generateUserToken(user) - @token = UserToken.new(user) - return @token.toString + token = UserToken.new(user) + return token.toString end def authenticate - return if !@user = getUser - return if !isUserPasswordCorrect(@user) - @result = { "success" => true, "token" => generateUserToken(@user) } - render :json => @result + return if !user = getUser + return if !isUserPasswordCorrect(user) + result = { "success" => true, "token" => generateUserToken(user) } + render :json => result end def presalt - return if !@user = getUser - @result = { "success" => true, "presalt" => @user.publicSalt } - render :json => @result + return if !user = getUser + result = { "success" => true, "presalt" => user.publicSalt } + render :json => result end def isTokenValid(token, user) - @jwt = JWT.new(token) - @data = token[0..token.rindex('.')-1] - p @jwt.signature + jwt = JWT.new(token) + data = token[0..token.rindex('.')-1] + p jwt.signature Authority.all.each do |authority| - if @jwt.data['iss'] == authority.name && - @jwt.signature == OpenSSL::HMAC.hexdigest(OpenSSL::Digest.new('sha256'), - authority.signature, @data).tr('=', '') + if jwt.data['iss'] == authority.name && + jwt.signature == OpenSSL::HMAC.hexdigest(OpenSSL::Digest.new('sha256'), + authority.signature, data).tr('=', '') return true end end @@ -60,70 +60,70 @@ end def checkToken - return if !@user = getUser - return if !@token = digParameter('token') - return if !isTokenValid(@token, @user) + return if !user = getUser + return if !token = digParameter('token') + return if !isTokenValid(token, user) render :json => { 'success' => true, 'valid' => true } end def changePassword - return if !@user = getUser - return if !@token = digParameter('token') - return if !isTokenValid(@token, @user) - return if !@passwordHash = digParameter('passwordHash') - @user.passwordHash = Digest::SHA256.hexdigest(@passwordHash + @user.secretSalt) - @user.save() + return if !user = getUser + return if !token = digParameter('token') + return if !isTokenValid(token, user) + return if !passwordHash = digParameter('passwordHash') + user.passwordHash = Digest::SHA256.hexdigest(passwordHash + user.secretSalt) + user.save() render :json => { 'success' => true } end def status - @userStatuses = Array.new + userStatuses = Array.new Status.order('created_at DESC').all.each do |status| if status.created_at.to_i + status.lifetime < Time.now.to_i status.destroy next end - @userStatuses.push({ + userStatuses.push({ 'user' => status.user.username, 'message' => status.text, 'createdAt' => status.created_at.to_i, 'lifetime' => status.lifetime, }) end - render :json => { 'success' => true, 'userStatuses' => @userStatuses } + render :json => { 'success' => true, 'userStatuses' => userStatuses } end def postStatus - return if !@user = getUser - return if !@token = digParameter('token') - return if !isTokenValid(@token, @user) - return if !@message = digParameter('status') - return if !@lifetime = digParameter('lifetime') - if @lifetime > 24 * 3600 + return if !user = getUser + return if !token = digParameter('token') + return if !isTokenValid(token, user) + return if !message = digParameter('status') + return if !lifetime = digParameter('lifetime') + if lifetime > 24 * 3600 renderError return end - @user.statuses.create(text: @message, lifetime: @lifetime) + user.statuses.create(text: message, lifetime: lifetime) render :json => { 'success' => true } end def quotes - @quotes = Array.new + quotes = Array.new User.select { |user| user.isAdmin && user.quote && user.quote.length > 0}.each do |user| next if user.quote.length == 0 - @quotes.push({ 'user' => user.username, 'quote' => user.quote }) + quotes.push({ 'user' => user.username, 'quote' => user.quote }) end - render :json => { 'success' => true, 'quotes' => @quotes } + render :json => { 'success' => true, 'quotes' => quotes } end def updateQuote - return if !@user = getUser - return if !@token = digParameter('token') - return if !isTokenValid(@token, @user) - return if !@user.isAdmin - return if !@quote = digParameter('quote') - @user.quote = @quote - @user.save + return if !user = getUser + return if !token = digParameter('token') + return if !isTokenValid(token, user) + return if !user.isAdmin + return if !quote = digParameter('quote') + user.quote = quote + user.save render :json => { 'success' => true } end end diff --git a/app/controllers/api/users_controller.rb b/app/controllers/api/users_controller.rb index d9c6f70..5fd0617 100644 --- a/app/controllers/api/users_controller.rb +++ b/app/controllers/api/users_controller.rb @@ -7,51 +7,51 @@ end def digParameter(name) - @data = params.dig(name) - renderError if !@data - return @data + data = params.dig(name) + renderError if !data + return data end def getUser - return nil if !@username = digParameter('username') - @user = User.where(["username = ?", params[:username]]).first - renderError if !@user - return @user + return nil if !username = digParameter('username') + user = User.where(["username = ?", params[:username]]).first + renderError if !user + return user end def isUserPasswordCorrect(user) - return if !@passwordHash = digParameter('passwordHash') - @correct = user.passwordHash == Digest::SHA256.hexdigest(@passwordHash + @user.secretSalt) - renderError if !@correct - return @correct + return if !passwordHash = digParameter('passwordHash') + correct = user.passwordHash == Digest::SHA256.hexdigest(passwordHash + user.secretSalt) + renderError if !correct + return correct end def generateUserToken(user) - @token = UserToken.new(user) - return @token.toString + token = UserToken.new(user) + return token.toString end def authenticate - return if !@user = getUser - return if !isUserPasswordCorrect(@user) - @result = { "success" => true, "token" => generateUserToken(@user) } - render :json => @result + return if !user = getUser + return if !isUserPasswordCorrect(user) + result = { "success" => true, "token" => generateUserToken(user) } + render :json => result end def presalt - return if !@user = getUser - @result = { "success" => true, "presalt" => @user.publicSalt } - render :json => @result + return if !user = getUser + result = { "success" => true, "presalt" => user.publicSalt } + render :json => result end def isTokenValid(token, user) - @jwt = JWT.new(token) - @data = token[0..token.rindex('.')-1] - p @jwt.signature + jwt = JWT.new(token) + data = token[0..token.rindex('.')-1] + p jwt.signature Authority.all.each do |authority| - if @jwt.data['iss'] == authority.name && - @jwt.signature == OpenSSL::HMAC.hexdigest(OpenSSL::Digest.new('sha256'), - authority.signature, @data).tr('=', '') + if jwt.data['iss'] == authority.name && + jwt.signature == OpenSSL::HMAC.hexdigest(OpenSSL::Digest.new('sha256'), + authority.signature, data).tr('=', '') return true end end @@ -60,70 +60,70 @@ end def checkToken - return if !@user = getUser - return if !@token = digParameter('token') - return if !isTokenValid(@token, @user) + return if !user = getUser + return if !token = digParameter('token') + return if !isTokenValid(token, user) render :json => { 'success' => true, 'valid' => true } end def changePassword - return if !@user = getUser - return if !@token = digParameter('token') - return if !isTokenValid(@token, @user) - return if !@passwordHash = digParameter('passwordHash') - @user.passwordHash = Digest::SHA256.hexdigest(@passwordHash + @user.secretSalt) - @user.save() + return if !user = getUser + return if !token = digParameter('token') + return if !isTokenValid(token, user) + return if !passwordHash = digParameter('passwordHash') + user.passwordHash = Digest::SHA256.hexdigest(passwordHash + user.secretSalt) + user.save() render :json => { 'success' => true } end def status - @userStatuses = Array.new + userStatuses = Array.new Status.order('created_at DESC').all.each do |status| if status.created_at.to_i + status.lifetime < Time.now.to_i status.destroy next end - @userStatuses.push({ + userStatuses.push({ 'user' => status.user.username, 'message' => status.text, 'createdAt' => status.created_at.to_i, 'lifetime' => status.lifetime, }) end - render :json => { 'success' => true, 'userStatuses' => @userStatuses } + render :json => { 'success' => true, 'userStatuses' => userStatuses } end def postStatus - return if !@user = getUser - return if !@token = digParameter('token') - return if !isTokenValid(@token, @user) - return if !@message = digParameter('status') - return if !@lifetime = digParameter('lifetime') - if @lifetime > 24 * 3600 + return if !user = getUser + return if !token = digParameter('token') + return if !isTokenValid(token, user) + return if !message = digParameter('status') + return if !lifetime = digParameter('lifetime') + if lifetime > 24 * 3600 renderError return end - @user.statuses.create(text: @message, lifetime: @lifetime) + user.statuses.create(text: message, lifetime: lifetime) render :json => { 'success' => true } end def quotes - @quotes = Array.new + quotes = Array.new User.select { |user| user.isAdmin && user.quote && user.quote.length > 0}.each do |user| next if user.quote.length == 0 - @quotes.push({ 'user' => user.username, 'quote' => user.quote }) + quotes.push({ 'user' => user.username, 'quote' => user.quote }) end - render :json => { 'success' => true, 'quotes' => @quotes } + render :json => { 'success' => true, 'quotes' => quotes } end def updateQuote - return if !@user = getUser - return if !@token = digParameter('token') - return if !isTokenValid(@token, @user) - return if !@user.isAdmin - return if !@quote = digParameter('quote') - @user.quote = @quote - @user.save + return if !user = getUser + return if !token = digParameter('token') + return if !isTokenValid(token, user) + return if !user.isAdmin + return if !quote = digParameter('quote') + user.quote = quote + user.save render :json => { 'success' => true } end end diff --git a/lib/JWT.rb b/lib/JWT.rb index badee27..23b261b 100644 --- a/lib/JWT.rb +++ b/lib/JWT.rb @@ -21,10 +21,10 @@ end def toString - @string = Base64.urlsafe_encode64(@header.to_json).tr('=', '') + '.' + - Base64.urlsafe_encode64(@data.to_json) .tr('=', '') - @string = @string + '.' + OpenSSL::HMAC.hexdigest(OpenSSL::Digest.new('sha256'), - Rails.application.credentials.secret_key_base, @string).tr('=', '') - return @string + string = Base64.urlsafe_encode64(@header.to_json).tr('=', '') + '.' + + Base64.urlsafe_encode64(@data.to_json) .tr('=', '') + string = string + '.' + OpenSSL::HMAC.hexdigest(OpenSSL::Digest.new('sha256'), + Rails.application.credentials.secret_key_base, string).tr('=', '') + return string end end \ No newline at end of file