basic session support for account management
This commit is contained in:
parent
09c9bb9d52
commit
8aef039d01
|
@ -89,4 +89,23 @@ pre {
|
||||||
}
|
}
|
||||||
.dir-header a {
|
.dir-header a {
|
||||||
text-decoration: none;
|
text-decoration: none;
|
||||||
|
}
|
||||||
|
|
||||||
|
.fancy-button {
|
||||||
|
outline: 0;
|
||||||
|
border: none;
|
||||||
|
background-color: var(--accent-color);
|
||||||
|
color: #000;
|
||||||
|
font-size: 1.2rem;
|
||||||
|
padding: 0.4em 0.8em;
|
||||||
|
margin: 0.5em;
|
||||||
|
border-radius: 16px;
|
||||||
|
|
||||||
|
cursor: pointer;
|
||||||
|
|
||||||
|
transition: 0.1s background-color;
|
||||||
|
}
|
||||||
|
|
||||||
|
.fancy-button:hover {
|
||||||
|
background-color: var(--accent-color-bri);
|
||||||
}
|
}
|
|
@ -6,9 +6,20 @@
|
||||||
<meta name="viewport" content="width=device-width, initial-scale=1.0" />
|
<meta name="viewport" content="width=device-width, initial-scale=1.0" />
|
||||||
<link rel="stylesheet" href="/style.css" />
|
<link rel="stylesheet" href="/style.css" />
|
||||||
<title>Account Management</title>
|
<title>Account Management</title>
|
||||||
|
<style>
|
||||||
|
body {
|
||||||
|
max-width: 800px;
|
||||||
|
margin: auto;
|
||||||
|
padding: 1em;
|
||||||
|
}
|
||||||
|
</style>
|
||||||
</head>
|
</head>
|
||||||
<body style="max-width: 800px; margin: auto; padding-top: 1em;">
|
<body>
|
||||||
<h1>Account Management</h1>
|
hewwo, <b><%= username %></b>!<br><br>
|
||||||
<i>hewwo</i>
|
<el>
|
||||||
|
<li>Nothing is implemented right now for account management</li>
|
||||||
|
<li>This is just a test list</li>
|
||||||
|
<li>Did you know your account ID is <%= account_id %>?</li>
|
||||||
|
</el>
|
||||||
</body>
|
</body>
|
||||||
</html>
|
</html>
|
||||||
|
|
|
@ -0,0 +1,51 @@
|
||||||
|
<!DOCTYPE html>
|
||||||
|
<html lang="en">
|
||||||
|
<head>
|
||||||
|
<meta charset="UTF-8" />
|
||||||
|
<link rel="icon" type="image/png" href="/favicon.png" />
|
||||||
|
<meta name="viewport" content="width=device-width, initial-scale=1.0" />
|
||||||
|
<link rel="stylesheet" href="/style.css" />
|
||||||
|
<title>Login</title>
|
||||||
|
<style>
|
||||||
|
body {
|
||||||
|
min-height: 100vh;
|
||||||
|
text-align: center;
|
||||||
|
width: 100%;
|
||||||
|
margin: 0;
|
||||||
|
|
||||||
|
display: flex;
|
||||||
|
align-items: center;
|
||||||
|
justify-content: center;
|
||||||
|
}
|
||||||
|
form {
|
||||||
|
display: flex;
|
||||||
|
flex-direction: column;
|
||||||
|
gap: 0.5em;
|
||||||
|
align-items: center;
|
||||||
|
justify-content: center;
|
||||||
|
max-width: 800px;
|
||||||
|
height: 100%;
|
||||||
|
padding: 1em;
|
||||||
|
}
|
||||||
|
.error {
|
||||||
|
color: #f33;
|
||||||
|
}
|
||||||
|
</style>
|
||||||
|
</head>
|
||||||
|
<body>
|
||||||
|
<form action="/accounts/" method="post">
|
||||||
|
<img src="/favicon.png" width="64" height="auto" class="spinny">
|
||||||
|
<br>
|
||||||
|
<label for="username">Username</label>
|
||||||
|
<input type="text" id="username" name="username" minlength="3" maxlength="16" required />
|
||||||
|
<label for="password">Password</label>
|
||||||
|
<input type="password" id="password" name="password" minlength="6" required />
|
||||||
|
|
||||||
|
<%- if error -%>
|
||||||
|
<div class="error"><%= error %></div>
|
||||||
|
<%- end -%>
|
||||||
|
|
||||||
|
<input type="submit" value="Login" class="fancy-button" />
|
||||||
|
</form>
|
||||||
|
</body>
|
||||||
|
</html>
|
|
@ -8,6 +8,10 @@ shards:
|
||||||
git: https://github.com/gdotdesign/cr-dotenv.git
|
git: https://github.com/gdotdesign/cr-dotenv.git
|
||||||
version: 1.0.0
|
version: 1.0.0
|
||||||
|
|
||||||
|
http-session:
|
||||||
|
git: https://github.com/straight-shoota/http-session.git
|
||||||
|
version: 0.2.0+git.commit.7bd278a5567f89cdc348e3d468bd25d561319492
|
||||||
|
|
||||||
migrate:
|
migrate:
|
||||||
git: https://github.com/oatmealine/migrate.cr.git
|
git: https://github.com/oatmealine/migrate.cr.git
|
||||||
version: 0.5.0+git.commit.a4a24df3d05d0481c76ccd42e45cc48fa3fc1e73
|
version: 0.5.0+git.commit.a4a24df3d05d0481c76ccd42e45cc48fa3fc1e73
|
||||||
|
|
|
@ -21,6 +21,8 @@ dependencies:
|
||||||
toml:
|
toml:
|
||||||
github: crystal-community/toml.cr
|
github: crystal-community/toml.cr
|
||||||
branch: master
|
branch: master
|
||||||
|
http-session:
|
||||||
|
github: straight-shoota/http-session
|
||||||
|
|
||||||
crystal: 1.6.2
|
crystal: 1.6.2
|
||||||
|
|
||||||
|
|
|
@ -1,3 +1,5 @@
|
||||||
|
require "http-session"
|
||||||
|
|
||||||
module CrystalGauntlet::Templates
|
module CrystalGauntlet::Templates
|
||||||
extend self
|
extend self
|
||||||
|
|
||||||
|
@ -14,3 +16,22 @@ module CrystalGauntlet::Templates
|
||||||
)
|
)
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
|
module CrystalGauntlet
|
||||||
|
record UserSession, username : String, account_id : Int32, user_id : Int32
|
||||||
|
|
||||||
|
# todo: replace memory storage with sqlite maybe? has to be hand-written but oh well
|
||||||
|
@@session_storage = HTTPSession::Storage::Memory(UserSession).new
|
||||||
|
@@sessions : HTTPSession::Manager(UserSession) = HTTPSession::Manager.new(@@session_storage, HTTP::Cookie.new("surveillance_device", "", secure: false, http_only: true, max_age: 365.days))
|
||||||
|
|
||||||
|
spawn do
|
||||||
|
session_storage.run_gc_loop
|
||||||
|
end
|
||||||
|
|
||||||
|
def self.session_storage
|
||||||
|
@@session_storage
|
||||||
|
end
|
||||||
|
def self.sessions
|
||||||
|
@@sessions
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
require "uri"
|
require "uri"
|
||||||
require "compress/gzip"
|
require "http-session"
|
||||||
|
|
||||||
include CrystalGauntlet
|
include CrystalGauntlet
|
||||||
|
|
||||||
|
@ -10,5 +10,55 @@ CrystalGauntlet.template_endpoints["/#{config_get("general.append_path").as(Stri
|
||||||
|
|
||||||
CrystalGauntlet.template_endpoints["/accounts"] = ->(context : HTTP::Server::Context) {
|
CrystalGauntlet.template_endpoints["/accounts"] = ->(context : HTTP::Server::Context) {
|
||||||
context.response.content_type = "text/html"
|
context.response.content_type = "text/html"
|
||||||
ECR.embed("./public/template/account_management.ecr", context.response)
|
|
||||||
|
if session = CrystalGauntlet.sessions.get(context)
|
||||||
|
logged_in = true
|
||||||
|
account_id = session.account_id
|
||||||
|
user_id = session.user_id
|
||||||
|
username = session.username
|
||||||
|
else
|
||||||
|
logged_in = false
|
||||||
|
account_id = nil
|
||||||
|
user_id = nil
|
||||||
|
username = nil
|
||||||
|
end
|
||||||
|
|
||||||
|
body = context.request.body
|
||||||
|
if body
|
||||||
|
begin
|
||||||
|
params = URI::Params.parse(body.gets_to_end)
|
||||||
|
username = params["username"].strip
|
||||||
|
password = params["password"].strip
|
||||||
|
|
||||||
|
if username.empty? || password.empty?
|
||||||
|
raise "Invalid username or password"
|
||||||
|
end
|
||||||
|
|
||||||
|
# todo: dedup this code with the login account endpoint maybe
|
||||||
|
result = DATABASE.query_all("select id, password from accounts where username = ?", username, as: {Int32, String})
|
||||||
|
if result.size > 0
|
||||||
|
account_id, hash = result[0]
|
||||||
|
bcrypt = Crypto::Bcrypt::Password.new(hash)
|
||||||
|
|
||||||
|
if bcrypt.verify(password)
|
||||||
|
user_id = Accounts.get_user_id(account_id)
|
||||||
|
logged_in = true
|
||||||
|
LOG.debug { "#{username} logged in" }
|
||||||
|
CrystalGauntlet.sessions.set(context, UserSession.new(username, account_id, user_id))
|
||||||
|
else
|
||||||
|
raise "Invalid password"
|
||||||
|
end
|
||||||
|
else
|
||||||
|
raise "No such user exists"
|
||||||
|
end
|
||||||
|
rescue error
|
||||||
|
LOG.error(exception: error) {"whar...."}
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
if logged_in
|
||||||
|
ECR.embed("./public/template/account_management.ecr", context.response)
|
||||||
|
else
|
||||||
|
ECR.embed("./public/template/login.ecr", context.response)
|
||||||
|
end
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue