-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathsite.rb
178 lines (152 loc) · 3.6 KB
/
site.rb
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
['rubygems', 'sinatra', 'haml', 'couchrest', 'bcrypt'].each {|gem| require gem}
require 'sinatra/reloader' if development?
if ENV['CLOUDANT_URL']
set :db, CouchRest.database!( ENV['CLOUDANT_URL'] + '/doinnothin' )
set :views, File.dirname(__FILE__) + '/views'
set :public, File.dirname(__FILE__) + '/public'
else
set :db, CouchRest.database!( 'http://localhost:5984/doinnothin' )
end
set :haml, :format => :html5
enable :sessions
helpers do
def display_errors(errors)
if errors.length > 0
haml :validation, :layout => false, :locals => { :errors => errors }
else
''
end
end
def h(source)
escape_html(source).gsub(' ', '%20')
end
def protected!
unless authorized?
redirect '/login'
end
end
def authorized?
session[:authenticated]
end
def login(username, password)
user = options.db.view('users/by_username', :key => username)['rows']
if user.length == 1
u = user.first['value']
if decrypt_password(u['password']) == password
session[:username] = username
session[:api_key] = u['_id']
session[:authenticated] = true
return true
end
end
false
end
def logout
session[:username] = nil
session[:api_key] = nil
session[:authenticated] = false
end
def decrypt_password(password)
BCrypt::Password.new(password)
end
def encrypt_password(password)
BCrypt::Password.create(password)
end
end
get '/' do
haml :index
end
get '/about' do
haml :about
end
get '/register' do
if authorized?
redirect '/'
end
haml :register, :locals => { errors: [] }
end
post '/register' do
username = params[:username]
errors = []
if username.empty?
errors.push('Please provide a username')
end
docs = options.db.view('users/by_username', :key => h(username))
if docs['rows'].length
errors.push('That username has already been taken')
end
pwd = params[:password]
if pwd.empty?
errors.push('Please provide a password')
end
email = params[:email]
if email.empty?
errors.push('An email address is required to register')
end
unless email =~ /^[a-zA-Z][\w\.-]*[a-zA-Z0-9]@[a-zA-Z0-9][\w\.-]*[a-zA-Z0-9]\.[a-zA-Z][a-zA-Z\.]*[a-zA-Z]$/
errors.push('Your email address is incorrectly formatted')
end
email = email.downcase
docs = options.db.view('users/by_email', :key => h(email))
if docs['rows'].length > 0
errors.push('This email address is already in use')
else
options.db.save_doc({
:email => email,
:username => username,
:created => Time.now.to_s,
:password => encrypt_password(pwd),
:type => 'user'
})
login(username, pwd)
redirect '/'
end
haml :register, :locals => { errors: errors }
end
get '/login' do
if authorized?
redirect '/'
end
haml :login, :locals => { errors: [] }
end
post '/login' do
login(params[:username], params[:password])
if authorized?
redirect '/'
else
haml :login, :locals => { errors: ['Username and password combination is not valid'] }
end
end
get '/logout' do
logout
redirect '/'
end
post '/save' do
if authorized?
if params[:times]
options.db.save_doc({
:user => session[:api_key],
:times => params[:times],
:start => params[:start],
:created => Time.now.to_s,
:type => 'session'
})
'Saved'
else
return 400, 'Invalid data submitted'
end
else
return 401, { 'WWW-Authenticate' => 'Basic Relm="doinnoth.in"' }, 'No user logged in'
end
end
get '/sessions' do
if authorized?
sessions = options.db.view('sessions/by_user', :key => session[:api_key])['rows']
haml :sessions, :locals => { sessions: sessions.map{|s| s['value']} }
else
redirect '/'
end
end
not_found do
'Aww snap! Not found baby!'
end