Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- require "kemal"
- require "kemal-session"
- require "db"
- require "sqlite3"
- require "secure_random"
- require "json"
- require "./utils"
- require "./config"
- # ======================== CONFIGS =======================================================
- # Open a connection to SQLite3
- SQLITE = DB.open("sqlite3:./database.db")
- SQLITE.exec Config::SQL_TABLE # create users table if not exists
- at_exit { SQLITE.close }
- # Config sessions and user type
- Kemal::Session.config do |config|
- config.cookie_name = Config::COOKIE_NAME
- config.secret = Config::SECRET
- config.gc_interval = 2.minutes
- end
- # =========================== ROUTES =====================================================
- get "/" do |env|
- if env.session && env.session.string?("user")
- user = JSON.parse(env.session.string("user"))
- res = SQLITE.query_one?("SELECT id, username, email FROM users WHERE username = ?", user["username"].as_s, as: {String, String, String})
- if res
- env.session.string("user", to_json({"id", "username", "email"}, res)) # refresh the session
- env.set("user", to_json({"id", "username", "email"}, res))
- user = JSON.parse(env.session.string("user"))
- end
- render "views/profile.ecr"
- else
- render "views/index.ecr"
- end
- end
- get "/users/signup" do |env|
- message = nil
- render "views/register.ecr"
- end
- get "/users/login" do |env|
- message = nil
- render "views/login.ecr"
- end
- post "/users/signup" do |env|
- form = env.params.body
- check = Validator.new
- # do some validation
- username = check.username?(form["username"], "Invalid username format!")
- email = check.email?(form["email"], "Wrong email format!")
- password = check.password?(form["password"], "Password too weak!")
- check.match?(form["password"], form["confirm"], "Passwords do NOT match!")
- # check for validation errors
- if check.validationErrors
- message = check.validationErrors
- render "views/register.ecr"
- else
- begin # assert for unique fiels
- SQLITE.exec "INSERT INTO users VALUES (?, ?, ?, ?)", SecureRandom.uuid, username, email, password
- rescue
- message = "Field already taken"
- render "views/register.ecr"
- else
- env.redirect "/"
- end
- end
- end
- post "/users/login" do |env|
- username = env.params.body["username"]
- password = env.params.body["password"]
- # query the database and assert user data
- res = SQLITE.query_one?("SELECT id, username, email, password FROM users WHERE username = ?", username, as: {String, String, String, String})
- if !res || res.last != password
- message = "Invalid username or password"
- render "views/login.ecr"
- else
- user = to_json({"id", "username", "email", "password"}, res)
- env.session.string("user", user)
- env.redirect("/")
- end
- end
- get "/logout" do |env|
- env.session.destroy
- env.redirect "/"
- end
- Kemal.run
- # TODO:
- # - redis database
- # - bcrypt
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement