crystal-gauntlet/src/lib/accounts.cr

require "uri"
require "crypto/bcrypt/password"

include CrystalGauntlet

module CrystalGauntlet::Accounts
  extend self

  # DOESN'T VERIFY PASSWORD
  def get_account_id_from_params(params : URI::Params) : Int32 | Nil
    if params["accountID"]? && params["accountID"]? != "0"
      params["accountID"].to_i32
    else
      nil
    end
  end

  # DOESN'T VERIFY PASSWORD
  def get_ext_id_from_params(params : URI::Params) : Int32 | Nil
    if params.has_key?("udid") && params["udid"] != ""
      params["udid"].to_i32?
    else
      get_account_id_from_params(params)
    end
  end

  # todo: clean this periodically
  AUTH_CACHE = Hash(Tuple(String | Nil, String | Nil, String | Nil), Tuple(Int32, Int32) | Tuple(Nil, Nil)).new

  # returns userid, accountid
  def auth(params : URI::Params) : (Tuple(Int32, Int32) | Tuple(Nil, Nil))
    gjp = params["gjp"]?
    udid = params["udid"]?
    account_id = params["account_id"]?

    if AUTH_CACHE[{gjp, udid, account_id}]?
      LOG.debug {"#{account_id || udid || "???"}: gjp cache hit"}
      return AUTH_CACHE[{gjp, udid, account_id}]
    end
    LOG.debug {"#{account_id || udid || "???"}: gjp cache miss"}

    ext_id = Accounts.get_ext_id_from_params(params)
    if !ext_id || !Accounts.verify_gjp(ext_id.to_i, gjp || "")
      return nil, nil
    end
    user_id = Accounts.get_user_id(ext_id)
    if !user_id
      return nil, nil
    end

    AUTH_CACHE[{gjp, udid, account_id}] = {user_id, ext_id.to_i}
    return user_id, ext_id.to_i
  end

  def get_user_id(ext_id : Int32) : Int32
    DATABASE.query("select id from users where udid = ? or account_id = ?", ext_id, ext_id) do |rs|
      if rs.move_next
        return rs.read(Int32)
      else
        raise "no user associated with account?!"
      end
    end
  end

  def verify_gjp(account_id : Int32, gjp : String) : Bool
    if gjp == ""
      return false
    end
    hash = DATABASE.scalar("select password from accounts where id = ?", account_id).as(String)
    bcrypt = Crypto::Bcrypt::Password.new(hash)
    bcrypt.verify(GJP.decrypt(gjp))
  end
end
some minor refactoring 2022-12-30 17:04:27 +01:00			`require "uri"`
some kind of security implemented 2022-12-30 18:34:55 +01:00			`require "crypto/bcrypt/password"`
some minor refactoring 2022-12-30 17:04:27 +01:00
			`include CrystalGauntlet`

			`module CrystalGauntlet::Accounts`
			`extend self`

cache gjp checks for performance; switch everything to Accounts.auth 2023-01-02 17:07:33 +01:00			`# DOESN'T VERIFY PASSWORD`
lightly fucked level scores 2022-12-31 07:28:06 +01:00			`def get_account_id_from_params(params : URI::Params) : Int32 \| Nil`
			`if params["accountID"]? && params["accountID"]? != "0"`
			`params["accountID"].to_i32`
			`else`
			`nil`
			`end`
			`end`

cache gjp checks for performance; switch everything to Accounts.auth 2023-01-02 17:07:33 +01:00			`# DOESN'T VERIFY PASSWORD`
slightly tweak account lib stuff 2022-12-31 18:12:22 +01:00			`def get_ext_id_from_params(params : URI::Params) : Int32 \| Nil`
some minor refactoring 2022-12-30 17:04:27 +01:00			`if params.has_key?("udid") && params["udid"] != ""`
slightly tweak account lib stuff 2022-12-31 18:12:22 +01:00			`params["udid"].to_i32?`
some minor refactoring 2022-12-30 17:04:27 +01:00			`else`
slightly tweak account lib stuff 2022-12-31 18:12:22 +01:00			`get_account_id_from_params(params)`
some minor refactoring 2022-12-30 17:04:27 +01:00			`end`
			`end`

cache gjp checks for performance; switch everything to Accounts.auth 2023-01-02 17:07:33 +01:00			`# todo: clean this periodically`
			`AUTH_CACHE = Hash(Tuple(String \| Nil, String \| Nil, String \| Nil), Tuple(Int32, Int32) \| Tuple(Nil, Nil)).new`

implement level deletion 2022-12-31 17:59:43 +01:00			`# returns userid, accountid`
			`def auth(params : URI::Params) : (Tuple(Int32, Int32) \| Tuple(Nil, Nil))`
cache gjp checks for performance; switch everything to Accounts.auth 2023-01-02 17:07:33 +01:00			`gjp = params["gjp"]?`
			`udid = params["udid"]?`
			`account_id = params["account_id"]?`

			`if AUTH_CACHE[{gjp, udid, account_id}]?`
			`LOG.debug {"#{account_id \|\| udid \|\| "???"}: gjp cache hit"}`
			`return AUTH_CACHE[{gjp, udid, account_id}]`
			`end`
			`LOG.debug {"#{account_id \|\| udid \|\| "???"}: gjp cache miss"}`

implement level deletion 2022-12-31 17:59:43 +01:00			`ext_id = Accounts.get_ext_id_from_params(params)`
cache gjp checks for performance; switch everything to Accounts.auth 2023-01-02 17:07:33 +01:00			`if !ext_id \|\| !Accounts.verify_gjp(ext_id.to_i, gjp \|\| "")`
implement level deletion 2022-12-31 17:59:43 +01:00			`return nil, nil`
			`end`
			`user_id = Accounts.get_user_id(ext_id)`
			`if !user_id`
			`return nil, nil`
			`end`

cache gjp checks for performance; switch everything to Accounts.auth 2023-01-02 17:07:33 +01:00			`AUTH_CACHE[{gjp, udid, account_id}] = {user_id, ext_id.to_i}`
implement level deletion 2022-12-31 17:59:43 +01:00			`return user_id, ext_id.to_i`
			`end`

slightly tweak account lib stuff 2022-12-31 18:12:22 +01:00			`def get_user_id(ext_id : Int32) : Int32`
some minor refactoring 2022-12-30 17:04:27 +01:00			`DATABASE.query("select id from users where udid = ? or account_id = ?", ext_id, ext_id) do \|rs\|`
some kind of security implemented 2022-12-30 18:34:55 +01:00			`if rs.move_next`
some minor refactoring 2022-12-30 17:04:27 +01:00			`return rs.read(Int32)`
			`else`
			`raise "no user associated with account?!"`
			`end`
			`end`
			`end`
some kind of security implemented 2022-12-30 18:34:55 +01:00
lightly fucked level scores 2022-12-31 07:28:06 +01:00			`def verify_gjp(account_id : Int32, gjp : String) : Bool`
cache gjp checks for performance; switch everything to Accounts.auth 2023-01-02 17:07:33 +01:00			`if gjp == ""`
			`return false`
			`end`
some kind of security implemented 2022-12-30 18:34:55 +01:00			`hash = DATABASE.scalar("select password from accounts where id = ?", account_id).as(String)`
			`bcrypt = Crypto::Bcrypt::Password.new(hash)`
			`bcrypt.verify(GJP.decrypt(gjp))`
			`end`
some minor refactoring 2022-12-30 17:04:27 +01:00			`end`