2022-12-30 17:04:27 +01:00
|
|
|
require "uri"
|
|
|
|
require "base64"
|
|
|
|
require "crypto/bcrypt/password"
|
|
|
|
|
|
|
|
include CrystalGauntlet
|
|
|
|
|
2023-01-03 08:02:50 +01:00
|
|
|
CrystalGauntlet.endpoints["/accounts/loginGJAccount.php"] = ->(context : HTTP::Server::Context): String {
|
|
|
|
params = URI::Params.parse(context.request.body.not_nil!.gets_to_end)
|
2023-01-02 13:12:41 +01:00
|
|
|
LOG.debug { params.inspect }
|
2022-12-30 17:04:27 +01:00
|
|
|
|
|
|
|
username = params["userName"]
|
|
|
|
password = params["password"]
|
2023-01-03 14:20:31 +01:00
|
|
|
|
|
|
|
if password.size < 6
|
|
|
|
return "-8"
|
|
|
|
end
|
|
|
|
if username.size < 3
|
|
|
|
return "-9"
|
|
|
|
end
|
|
|
|
|
2022-12-31 06:20:03 +01:00
|
|
|
result = DATABASE.query_all("select id, password from accounts where username = ?", username, as: {Int32, String})
|
2022-12-30 17:04:27 +01:00
|
|
|
if result.size > 0
|
|
|
|
account_id, hash = result[0]
|
|
|
|
bcrypt = Crypto::Bcrypt::Password.new(hash)
|
|
|
|
|
|
|
|
if bcrypt.verify(password)
|
2022-12-31 18:12:22 +01:00
|
|
|
user_id = Accounts.get_user_id(account_id)
|
2022-12-30 17:04:27 +01:00
|
|
|
"#{account_id},#{user_id}"
|
|
|
|
else
|
2023-01-03 14:20:31 +01:00
|
|
|
return "-11"
|
2022-12-30 17:04:27 +01:00
|
|
|
end
|
|
|
|
else
|
|
|
|
return "-1"
|
|
|
|
end
|
|
|
|
}
|