cache gjp checks for performance; switch everything to Accounts.auth
This commit is contained in:
parent
e50acbcfd6
commit
7f9323c72f
|
@ -6,8 +6,8 @@ CrystalGauntlet.endpoints["/getGJLevelScores211.php"] = ->(body : String): Strin
|
|||
params = URI::Params.parse(body)
|
||||
LOG.debug { params.inspect }
|
||||
|
||||
account_id = Accounts.get_account_id_from_params(params)
|
||||
if !account_id || !Accounts.verify_gjp(account_id, params["gjp"])
|
||||
user_id, account_id = Accounts.auth(params)
|
||||
if !(user_id && account_id)
|
||||
return "-1"
|
||||
end
|
||||
|
||||
|
|
|
@ -6,15 +6,16 @@ include CrystalGauntlet
|
|||
module CrystalGauntlet::Accounts
|
||||
extend self
|
||||
|
||||
# DOESN'T VERIFY PASSWORD
|
||||
def get_account_id_from_params(params : URI::Params) : Int32 | Nil
|
||||
if params["accountID"]? && params["accountID"]? != "0"
|
||||
# todo: validate password
|
||||
params["accountID"].to_i32
|
||||
else
|
||||
nil
|
||||
end
|
||||
end
|
||||
|
||||
# DOESN'T VERIFY PASSWORD
|
||||
def get_ext_id_from_params(params : URI::Params) : Int32 | Nil
|
||||
if params.has_key?("udid") && params["udid"] != ""
|
||||
params["udid"].to_i32?
|
||||
|
@ -23,10 +24,23 @@ module CrystalGauntlet::Accounts
|
|||
end
|
||||
end
|
||||
|
||||
# todo: clean this periodically
|
||||
AUTH_CACHE = Hash(Tuple(String | Nil, String | Nil, String | Nil), Tuple(Int32, Int32) | Tuple(Nil, Nil)).new
|
||||
|
||||
# returns userid, accountid
|
||||
def auth(params : URI::Params) : (Tuple(Int32, Int32) | Tuple(Nil, Nil))
|
||||
gjp = params["gjp"]?
|
||||
udid = params["udid"]?
|
||||
account_id = params["account_id"]?
|
||||
|
||||
if AUTH_CACHE[{gjp, udid, account_id}]?
|
||||
LOG.debug {"#{account_id || udid || "???"}: gjp cache hit"}
|
||||
return AUTH_CACHE[{gjp, udid, account_id}]
|
||||
end
|
||||
LOG.debug {"#{account_id || udid || "???"}: gjp cache miss"}
|
||||
|
||||
ext_id = Accounts.get_ext_id_from_params(params)
|
||||
if !ext_id || !Accounts.verify_gjp(ext_id.to_i, params["gjp"])
|
||||
if !ext_id || !Accounts.verify_gjp(ext_id.to_i, gjp || "")
|
||||
return nil, nil
|
||||
end
|
||||
user_id = Accounts.get_user_id(ext_id)
|
||||
|
@ -34,6 +48,7 @@ module CrystalGauntlet::Accounts
|
|||
return nil, nil
|
||||
end
|
||||
|
||||
AUTH_CACHE[{gjp, udid, account_id}] = {user_id, ext_id.to_i}
|
||||
return user_id, ext_id.to_i
|
||||
end
|
||||
|
||||
|
@ -48,6 +63,9 @@ module CrystalGauntlet::Accounts
|
|||
end
|
||||
|
||||
def verify_gjp(account_id : Int32, gjp : String) : Bool
|
||||
if gjp == ""
|
||||
return false
|
||||
end
|
||||
hash = DATABASE.scalar("select password from accounts where id = ?", account_id).as(String)
|
||||
bcrypt = Crypto::Bcrypt::Password.new(hash)
|
||||
bcrypt.verify(GJP.decrypt(gjp))
|
||||
|
|
Loading…
Reference in New Issue