basic session support for account management
This commit is contained in:
parent
09c9bb9d52
commit
8aef039d01
|
@ -90,3 +90,22 @@ pre {
|
|||
.dir-header a {
|
||||
text-decoration: none;
|
||||
}
|
||||
|
||||
.fancy-button {
|
||||
outline: 0;
|
||||
border: none;
|
||||
background-color: var(--accent-color);
|
||||
color: #000;
|
||||
font-size: 1.2rem;
|
||||
padding: 0.4em 0.8em;
|
||||
margin: 0.5em;
|
||||
border-radius: 16px;
|
||||
|
||||
cursor: pointer;
|
||||
|
||||
transition: 0.1s background-color;
|
||||
}
|
||||
|
||||
.fancy-button:hover {
|
||||
background-color: var(--accent-color-bri);
|
||||
}
|
|
@ -6,9 +6,20 @@
|
|||
<meta name="viewport" content="width=device-width, initial-scale=1.0" />
|
||||
<link rel="stylesheet" href="/style.css" />
|
||||
<title>Account Management</title>
|
||||
<style>
|
||||
body {
|
||||
max-width: 800px;
|
||||
margin: auto;
|
||||
padding: 1em;
|
||||
}
|
||||
</style>
|
||||
</head>
|
||||
<body style="max-width: 800px; margin: auto; padding-top: 1em;">
|
||||
<h1>Account Management</h1>
|
||||
<i>hewwo</i>
|
||||
<body>
|
||||
hewwo, <b><%= username %></b>!<br><br>
|
||||
<el>
|
||||
<li>Nothing is implemented right now for account management</li>
|
||||
<li>This is just a test list</li>
|
||||
<li>Did you know your account ID is <%= account_id %>?</li>
|
||||
</el>
|
||||
</body>
|
||||
</html>
|
||||
|
|
|
@ -0,0 +1,51 @@
|
|||
<!DOCTYPE html>
|
||||
<html lang="en">
|
||||
<head>
|
||||
<meta charset="UTF-8" />
|
||||
<link rel="icon" type="image/png" href="/favicon.png" />
|
||||
<meta name="viewport" content="width=device-width, initial-scale=1.0" />
|
||||
<link rel="stylesheet" href="/style.css" />
|
||||
<title>Login</title>
|
||||
<style>
|
||||
body {
|
||||
min-height: 100vh;
|
||||
text-align: center;
|
||||
width: 100%;
|
||||
margin: 0;
|
||||
|
||||
display: flex;
|
||||
align-items: center;
|
||||
justify-content: center;
|
||||
}
|
||||
form {
|
||||
display: flex;
|
||||
flex-direction: column;
|
||||
gap: 0.5em;
|
||||
align-items: center;
|
||||
justify-content: center;
|
||||
max-width: 800px;
|
||||
height: 100%;
|
||||
padding: 1em;
|
||||
}
|
||||
.error {
|
||||
color: #f33;
|
||||
}
|
||||
</style>
|
||||
</head>
|
||||
<body>
|
||||
<form action="/accounts/" method="post">
|
||||
<img src="/favicon.png" width="64" height="auto" class="spinny">
|
||||
<br>
|
||||
<label for="username">Username</label>
|
||||
<input type="text" id="username" name="username" minlength="3" maxlength="16" required />
|
||||
<label for="password">Password</label>
|
||||
<input type="password" id="password" name="password" minlength="6" required />
|
||||
|
||||
<%- if error -%>
|
||||
<div class="error"><%= error %></div>
|
||||
<%- end -%>
|
||||
|
||||
<input type="submit" value="Login" class="fancy-button" />
|
||||
</form>
|
||||
</body>
|
||||
</html>
|
|
@ -8,6 +8,10 @@ shards:
|
|||
git: https://github.com/gdotdesign/cr-dotenv.git
|
||||
version: 1.0.0
|
||||
|
||||
http-session:
|
||||
git: https://github.com/straight-shoota/http-session.git
|
||||
version: 0.2.0+git.commit.7bd278a5567f89cdc348e3d468bd25d561319492
|
||||
|
||||
migrate:
|
||||
git: https://github.com/oatmealine/migrate.cr.git
|
||||
version: 0.5.0+git.commit.a4a24df3d05d0481c76ccd42e45cc48fa3fc1e73
|
||||
|
|
|
@ -21,6 +21,8 @@ dependencies:
|
|||
toml:
|
||||
github: crystal-community/toml.cr
|
||||
branch: master
|
||||
http-session:
|
||||
github: straight-shoota/http-session
|
||||
|
||||
crystal: 1.6.2
|
||||
|
||||
|
|
|
@ -1,3 +1,5 @@
|
|||
require "http-session"
|
||||
|
||||
module CrystalGauntlet::Templates
|
||||
extend self
|
||||
|
||||
|
@ -14,3 +16,22 @@ module CrystalGauntlet::Templates
|
|||
)
|
||||
end
|
||||
end
|
||||
|
||||
module CrystalGauntlet
|
||||
record UserSession, username : String, account_id : Int32, user_id : Int32
|
||||
|
||||
# todo: replace memory storage with sqlite maybe? has to be hand-written but oh well
|
||||
@@session_storage = HTTPSession::Storage::Memory(UserSession).new
|
||||
@@sessions : HTTPSession::Manager(UserSession) = HTTPSession::Manager.new(@@session_storage, HTTP::Cookie.new("surveillance_device", "", secure: false, http_only: true, max_age: 365.days))
|
||||
|
||||
spawn do
|
||||
session_storage.run_gc_loop
|
||||
end
|
||||
|
||||
def self.session_storage
|
||||
@@session_storage
|
||||
end
|
||||
def self.sessions
|
||||
@@sessions
|
||||
end
|
||||
end
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
require "uri"
|
||||
require "compress/gzip"
|
||||
require "http-session"
|
||||
|
||||
include CrystalGauntlet
|
||||
|
||||
|
@ -10,5 +10,55 @@ CrystalGauntlet.template_endpoints["/#{config_get("general.append_path").as(Stri
|
|||
|
||||
CrystalGauntlet.template_endpoints["/accounts"] = ->(context : HTTP::Server::Context) {
|
||||
context.response.content_type = "text/html"
|
||||
|
||||
if session = CrystalGauntlet.sessions.get(context)
|
||||
logged_in = true
|
||||
account_id = session.account_id
|
||||
user_id = session.user_id
|
||||
username = session.username
|
||||
else
|
||||
logged_in = false
|
||||
account_id = nil
|
||||
user_id = nil
|
||||
username = nil
|
||||
end
|
||||
|
||||
body = context.request.body
|
||||
if body
|
||||
begin
|
||||
params = URI::Params.parse(body.gets_to_end)
|
||||
username = params["username"].strip
|
||||
password = params["password"].strip
|
||||
|
||||
if username.empty? || password.empty?
|
||||
raise "Invalid username or password"
|
||||
end
|
||||
|
||||
# todo: dedup this code with the login account endpoint maybe
|
||||
result = DATABASE.query_all("select id, password from accounts where username = ?", username, as: {Int32, String})
|
||||
if result.size > 0
|
||||
account_id, hash = result[0]
|
||||
bcrypt = Crypto::Bcrypt::Password.new(hash)
|
||||
|
||||
if bcrypt.verify(password)
|
||||
user_id = Accounts.get_user_id(account_id)
|
||||
logged_in = true
|
||||
LOG.debug { "#{username} logged in" }
|
||||
CrystalGauntlet.sessions.set(context, UserSession.new(username, account_id, user_id))
|
||||
else
|
||||
raise "Invalid password"
|
||||
end
|
||||
else
|
||||
raise "No such user exists"
|
||||
end
|
||||
rescue error
|
||||
LOG.error(exception: error) {"whar...."}
|
||||
end
|
||||
end
|
||||
|
||||
if logged_in
|
||||
ECR.embed("./public/template/account_management.ecr", context.response)
|
||||
else
|
||||
ECR.embed("./public/template/login.ecr", context.response)
|
||||
end
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue