104 lines
2.7 KiB
Plaintext
104 lines
2.7 KiB
Plaintext
lapis = require "lapis"
|
|
csrf = require "lapis.csrf"
|
|
encoding = require "lapis.util.encoding"
|
|
|
|
import capture_errors from require "lapis.application"
|
|
import assert_valid from require "lapis.validate"
|
|
import respond_to from require "lapis.application"
|
|
|
|
require "models.user"
|
|
|
|
class User extends lapis.Application
|
|
[list: "/list"]: =>
|
|
if @session.user
|
|
if not Users\find id: @session.user
|
|
@write redirect_to: @url_for "login"
|
|
else
|
|
@write redirect_to: @url_for "login"
|
|
|
|
user = Users\find id: @session.user
|
|
@list = Users\select!
|
|
render: true
|
|
|
|
[register: "/register"]: capture_errors respond_to {
|
|
GET: =>
|
|
@csrf_token = csrf.generate_token @
|
|
render: true
|
|
|
|
POST: =>
|
|
csrf.assert_token @
|
|
assert_valid @params, {
|
|
{ "email", exists: true, min_length: 3 }
|
|
{ "password", exists: true, min_length: 3 }
|
|
{ "password_again", equals: @params.password }
|
|
{ "name", exists: true, min_length: 3}
|
|
}
|
|
|
|
@params.password = encoding.encode_base64 encoding.hmac_sha1(@params.email, @params.password)
|
|
@params.password_again = nil
|
|
@params.csrf_token = nil
|
|
@params.extension = "#{1000}"
|
|
|
|
if Users\find email: @params.email
|
|
@title = "Failure"
|
|
return status: 500, "User with that email already exists"
|
|
|
|
user = Users\create @params
|
|
user\write_session @
|
|
|
|
user.extension = "#{1000 + user.id}"
|
|
user\update "extension"
|
|
|
|
token = Tokens\create {
|
|
user_id: user.extension
|
|
token: encoding.encode_base64 encoding.hmac_sha1(@params.email, os.time!)
|
|
}
|
|
|
|
@title = "Success"
|
|
|
|
@html ->
|
|
h1 "Success"
|
|
p ->
|
|
text "Your email is " .. user.email
|
|
p ->
|
|
text "Your extension is " .. user.extension
|
|
p ->
|
|
text "Your one-time sip token is "
|
|
code token.token
|
|
|
|
p "This will not be shown again so please be sure to write this down."
|
|
|
|
}
|
|
|
|
[login: "/login"]: capture_errors respond_to {
|
|
GET: =>
|
|
@csrf_token = csrf.generate_token @
|
|
render: true
|
|
|
|
POST: =>
|
|
csrf.assert_token @
|
|
assert_valid @params, {
|
|
{ "email", exists: true, min_length: 3 }
|
|
{ "password", exists: true, min_length: 3 }
|
|
}
|
|
|
|
user = Users\find email: @params.email
|
|
|
|
cmppass = encoding.encode_base64 encoding.hmac_sha1(@params.email, @params.password)
|
|
|
|
if user.password == cmppass
|
|
user\write_session @
|
|
|
|
token = Tokens\create {
|
|
user_id: user.extension
|
|
token: encoding.encode_base64 encoding.hmac_sha1(@params.email, os.time!)
|
|
}
|
|
|
|
@title = "Login successful"
|
|
|
|
return "Hi " .. user.name
|
|
else
|
|
@title = "Login failure"
|
|
return status: 500, "bad password"
|
|
}
|