From 886a16468ad11f358d4fd8ad2ed0998829212f26 Mon Sep 17 00:00:00 2001 From: "Jill \"oatmealine\" Monoids" Date: Sat, 31 Dec 2022 20:12:22 +0300 Subject: [PATCH] slightly tweak account lib stuff --- src/endpoints/accounts/loginAccount.cr | 2 +- src/endpoints/levels/uploadLevel.cr | 5 ++--- src/endpoints/users/updateUser.cr | 6 ++---- src/lib/accounts.cr | 12 ++++-------- 4 files changed, 9 insertions(+), 16 deletions(-) diff --git a/src/endpoints/accounts/loginAccount.cr b/src/endpoints/accounts/loginAccount.cr index f6bced9..7fe39ce 100644 --- a/src/endpoints/accounts/loginAccount.cr +++ b/src/endpoints/accounts/loginAccount.cr @@ -16,7 +16,7 @@ CrystalGauntlet.endpoints["/accounts/loginGJAccount.php"] = ->(body : String): S bcrypt = Crypto::Bcrypt::Password.new(hash) if bcrypt.verify(password) - user_id = Accounts.get_user_id(account_id.to_s) + user_id = Accounts.get_user_id(account_id) "#{account_id},#{user_id}" else return "-12" diff --git a/src/endpoints/levels/uploadLevel.cr b/src/endpoints/levels/uploadLevel.cr index 77bc60b..1494bb0 100644 --- a/src/endpoints/levels/uploadLevel.cr +++ b/src/endpoints/levels/uploadLevel.cr @@ -7,11 +7,10 @@ CrystalGauntlet.endpoints["/uploadGJLevel21.php"] = ->(body : String): String { puts params.inspect # todo: green user fixes? pretty please? - ext_id = Accounts.get_ext_id_from_params(params) - if !ext_id || !Accounts.verify_gjp(ext_id.to_i, params["gjp"]) + user_id, account_id = Accounts.auth(params) + if !(user_id && account_id) return "-1" end - user_id = Accounts.get_user_id(ext_id) song_id = params["songID"] == "0" ? params["audioTrack"] : params["songID"] diff --git a/src/endpoints/users/updateUser.cr b/src/endpoints/users/updateUser.cr index 6dcbe83..065ada2 100644 --- a/src/endpoints/users/updateUser.cr +++ b/src/endpoints/users/updateUser.cr @@ -8,13 +8,11 @@ CrystalGauntlet.endpoints["/updateGJUserScore22.php"] = ->(body : String): Strin params = URI::Params.parse(body) puts params.inspect - account_id = Accounts.get_account_id_from_params(params) - if !account_id || !Accounts.verify_gjp(account_id, params["gjp"]) + user_id, account_id = Accounts.auth(params) + if !(user_id && account_id) return "-1" end - user_id = Accounts.get_user_id(account_id.to_s) - # todo: prevent username change unless it's a capitalization change # todo: update account username casing w/ user username # todo: keep track of stat changes to look out for leaderboard cheating & whatnot diff --git a/src/lib/accounts.cr b/src/lib/accounts.cr index 8c2cb07..0544424 100644 --- a/src/lib/accounts.cr +++ b/src/lib/accounts.cr @@ -15,15 +15,11 @@ module CrystalGauntlet::Accounts end end - def get_ext_id_from_params(params : URI::Params) : String | Nil + def get_ext_id_from_params(params : URI::Params) : Int32 | Nil if params.has_key?("udid") && params["udid"] != "" - # todo: numeric id check - params["udid"] - elsif params.has_key?("accountID") && params["accountID"] != "" && params["accountID"] != "0" - # todo: validate password - params["accountID"] + params["udid"].to_i32? else - nil + get_account_id_from_params(params) end end @@ -41,7 +37,7 @@ module CrystalGauntlet::Accounts return user_id, ext_id.to_i end - def get_user_id(ext_id : String) : Int32 + def get_user_id(ext_id : Int32) : Int32 DATABASE.query("select id from users where udid = ? or account_id = ?", ext_id, ext_id) do |rs| if rs.move_next return rs.read(Int32)