Better auth

2011-06-22 04:55:09 +04:00 · 2011-06-22 04:55:09 +04:00 · 704037b67c
commit 704037b67c
parent 9558f720ca
3 changed files with 83 additions and 67 deletions
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@ -1,3 +1,26 @@
+require 'digest'
+
 class ApplicationController < ActionController::Base
  protect_from_forgery
+  
+  def authorized?
+    secret_key = request.host == 'beathaven.org' ? 'sdgwSbl3nNE4ZxafuPrp' : 's5zyjb693z6uV4rbhEyc'
+    unless params[:expire].nil? or params[:mid].nil? or params[:secret].nil? or params[:sid].nil? or params[:sig].nil?
+      # Calculating hash
+      hash = 'expire='+ params[:expire] +'mid='+ params[:mid] +'secret='+ params[:secret] +'sid='+ params[:sid] + secret_key
+      hash_md5 = Digest::MD5.hexdigest(hash)
+      if Digest::MD5.hexdigest(hash) == params[:sig]
+        return true
+      else
+        res = {status:'login failed'}
+        render :json => res
+        return false
+      end
+    else
+      res = {status:'bad params'}
+      render :json => res
+      return false
+    end
+  end
+  
 end
--- a/app/controllers/user_controller.rb
+++ b/app/controllers/user_controller.rb
@ -1,94 +1,64 @@
-require 'digest'
-
 class UserController < ApplicationController
  
  def auth
+    return unless authorized?
    @res = {}
-    check = check_auth(params)
    
-    if check == true
-      @res[:status] = 'hello'
-      user = User.find_by_vkid(params[:mid])
-      if user.nil?
-        user = User.new
-        user.vkid = params[:mid]
-        user.save
-      end
-      @res[:id] = user.id
-      @res[:username] = user.name
-    elsif check == false
-      @res[:status] = 'bad signature'
-    else
-      @res[:status] = 'bad params'
+    @res[:status] = 'hello'
+    user = User.find_by_vkid(params[:mid])
+    if user.nil?
+      user = User.new
+      user.vkid = params[:mid]
+      user.save
    end
+    @res[:id] = user.id
+    @res[:username] = user.name
    
    render :json => @res
  end
  
  def update
+    return unless authorized?
    @res = {}
-    check = check_auth(params)
    
-    if check == true
-      user = User.find_by_vkid(params[:mid])
-      unless params[:username].nil? or params[:email].nil?
-        user.name = params[:username]
-        user.email = params[:email]
-        user.save
-      end
-      @res[:username] = user.name
-      @res[:email] = user.email
+    user = User.find_by_vkid(params[:mid])
+    unless params[:username].nil? or params[:email].nil?
+      user.name = params[:username]
+      user.email = params[:email]
+      user.save
    end
+    @res[:username] = user.name
+    @res[:email] = user.email
    
    render :json => @res
  end
  
  def fav
+    return unless authorized?
    @res = {status: 'fail'}
-    check = check_auth(params)
    
-    if check == true
-      fav = Favorite.new
-      if not params[:artist].nil?
-        artist = Artist.find(params[:artist]);
-        unless artist.nil?
-          fav.artist_id = artist.id
-          res[:status] = 'added'
-        end
-      elsif not params[:album].nil?
-        album = Album.find(params[:album]);
-        unless album.nil?
-          fav.album_id = album.id
-          res[:status] = 'added'
-        end
-      elsif not params[:track].nil?
-        track = Track.find(params[:track]);
-        unless track.nil?
-          fav.track_id = track.id
-          res[:status] = 'added'
-        end
+    fav = Favorite.new
+    if not params[:artist].nil?
+      artist = Artist.find(params[:artist]);
+      unless artist.nil?
+        fav.artist_id = artist.id
+        res[:status] = 'added'
+      end
+    elsif not params[:album].nil?
+      album = Album.find(params[:album]);
+      unless album.nil?
+        fav.album_id = album.id
+        res[:status] = 'added'
+      end
+    elsif not params[:track].nil?
+      track = Track.find(params[:track]);
+      unless track.nil?
+        fav.track_id = track.id
+        res[:status] = 'added'
      end
    end
    
    render :json => @res
  end
  
-  private
-  
-  def check_auth params
-    secret_key = request.host == 'beathaven.org' ? 'sdgwSbl3nNE4ZxafuPrp' : 's5zyjb693z6uV4rbhEyc'
-    unless params[:expire].nil? or params[:mid].nil? or params[:secret].nil? or params[:sid].nil? or params[:sig].nil?
-      # Calculating hash
-      hash = 'expire='+ params[:expire] +'mid='+ params[:mid] +'secret='+ params[:secret] +'sid='+ params[:sid] + secret_key
-      hash_md5 = Digest::MD5.hexdigest(hash)
-      if Digest::MD5.hexdigest(hash) == params[:sig]
-        return true
-      else
-        return false
-      end
-    else
-      return 'bad params'
-    end
-  end
-  
 end
--- a/db/schema.rb
+++ b/db/schema.rb
@ -10,7 +10,7 @@
 #
 # It's strongly recommended to check this file into your version control system.

-ActiveRecord::Schema.define(:version => 20110621001100) do
+ActiveRecord::Schema.define(:version => 20110622000253) do

  create_table "albums", :force => true do |t|
    t.string   "name"
@ -49,6 +49,29 @@ ActiveRecord::Schema.define(:version => 20110621001100) do

  add_index "delayed_jobs", ["priority", "run_at"], :name => "delayed_jobs_priority"

+  create_table "favorites", :force => true do |t|
+    t.integer  "user_id"
+    t.integer  "artist_id"
+    t.integer  "album_id"
+    t.integer  "track_id"
+    t.datetime "created_at"
+    t.datetime "updated_at"
+  end
+
+  create_table "playlist_items", :force => true do |t|
+    t.integer  "playlist_id"
+    t.integer  "track_id"
+    t.datetime "created_at"
+    t.datetime "updated_at"
+  end
+
+  create_table "playlists", :force => true do |t|
+    t.integer  "user_id"
+    t.string   "name"
+    t.datetime "created_at"
+    t.datetime "updated_at"
+  end
+
  create_table "tracks", :force => true do |t|
    t.string   "name"
    t.integer  "album_id"