lapis = require "lapis" csrf = require "lapis.csrf" encoding = require "lapis.util.encoding" import capture_errors from require "lapis.application" import assert_valid from require "lapis.validate" import respond_to from require "lapis.application" require "models.user" class User extends lapis.Application [list: "/list"]: => if @session.user if not Users\find id: @session.user @write redirect_to: @url_for "login" else @write redirect_to: @url_for "login" user = Users\find id: @session.user @list = Users\select! render: true [register: "/register"]: capture_errors respond_to { GET: => @csrf_token = csrf.generate_token @ render: true POST: => csrf.assert_token @ assert_valid @params, { { "email", exists: true, min_length: 3 } { "password", exists: true, min_length: 3 } { "password_again", equals: @params.password } { "name", exists: true, min_length: 3} } @params.password = encoding.encode_base64 encoding.hmac_sha1(@params.email, @params.password) @params.password_again = nil @params.csrf_token = nil @params.extension = "#{1000}" if Users\find email: @params.email @title = "Failure" return status: 500, "User with that email already exists" user = Users\create @params user\write_session @ user.extension = "#{1000 + user.id}" user\update "extension" token = Tokens\create { user_id: user.extension token: encoding.encode_base64 encoding.hmac_sha1(@params.email, os.time!) } @title = "Success" @html -> h1 "Success" p -> text "Your email is " .. user.email p -> text "Your extension is " .. user.extension p -> text "Your one-time sip token is " code token.token p "This will not be shown again so please be sure to write this down." } [login: "/login"]: capture_errors respond_to { GET: => @csrf_token = csrf.generate_token @ render: true POST: => csrf.assert_token @ assert_valid @params, { { "email", exists: true, min_length: 3 } { "password", exists: true, min_length: 3 } } user = Users\find email: @params.email cmppass = encoding.encode_base64 encoding.hmac_sha1(@params.email, @params.password) if user.password == cmppass user\write_session @ token = Tokens\create { user_id: user.extension token: encoding.encode_base64 encoding.hmac_sha1(@params.email, os.time!) } @title = "Login successful" return "Hi " .. user.name else @title = "Login failure" return status: 500, "bad password" }