lapis = require "lapis" db = require "lapis.db" csrf = require "lapis.csrf" encoding = require "lapis.util.encoding" import capture_errors from require "lapis.application" import assert_valid from require "lapis.validate" import respond_to from require "lapis.application" require "models.user" class App extends lapis.Application [index: "/"]: => @user = @session.user render: true [list: "/list"]: => user = Users\find id: @session.user @list = Users\select! render: true [register: "/register"]: capture_errors respond_to { GET: => @csrf_token = csrf.generate_token @ render: true POST: => csrf.assert_token @ assert_valid @params, { { "email", exists: true, min_length: 3 } { "password", exists: true, min_length: 3 } { "password_again", equals: @params.password } { "name", exists: true, min_length: 3} } @params.password = encoding.encode_base64 encoding.hmac_sha1("ninjas", @params.password) @params.password_again = nil @params.csrf_token = nil @params.extension = "#{1000}" @params.registrar_password = encoding.encode_base64 encoding.hmac_sha1(@params.email, os.time!) if Users\find email: @params.email @title = "Failure" return status: 500, "User with that email already exists" user = Users\create @params user\write_session @ user.extension = "#{1000 + user.id}" Users\update user @title = "Success" @html -> h1 "Success" p -> text "Your email is " .. user.email p -> text "Your extension is " .. user.extension p -> text "Your sip password is " code user.registrar_password p "This will not be shown again so please be sure to write this down." } [login: "/login"]: capture_errors respond_to { GET: => @csrf_token = csrf.generate_token @ render: true POST: => csrf.assert_token @ assert_valid @params, { { "email", exists: true, min_length: 3 } { "password", exists: true, min_length: 3 } } user = Users\find email: @params.email cmppass = encoding.encode_base64 encoding.hmac_sha1("ninjas", @params.password) if user.password == cmppass user\write_session @ @title = "Login successful" return "Hi " .. user.name else @title = "Login failure" return status: 500, "bad password" } [freeswitch: "/freeswitch"]: respond_to { POST: => uid = @params["user"] or @params["sip_auth_username"] @user = Users\find extension: uid if not @user return status: 404, "no such user" render: true, layout: false }