From 704037b67c413eee8a0d7670eb8620129d694626 Mon Sep 17 00:00:00 2001 From: magnolia-fan Date: Wed, 22 Jun 2011 04:55:09 +0400 Subject: [PATCH] Better auth --- app/controllers/application_controller.rb | 23 +++++ app/controllers/user_controller.rb | 102 ++++++++-------------- db/schema.rb | 25 +++++- 3 files changed, 83 insertions(+), 67 deletions(-) diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index e8065d9..cba5ff7 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -1,3 +1,26 @@ +require 'digest' + class ApplicationController < ActionController::Base protect_from_forgery + + def authorized? + secret_key = request.host == 'beathaven.org' ? 'sdgwSbl3nNE4ZxafuPrp' : 's5zyjb693z6uV4rbhEyc' + unless params[:expire].nil? or params[:mid].nil? or params[:secret].nil? or params[:sid].nil? or params[:sig].nil? + # Calculating hash + hash = 'expire='+ params[:expire] +'mid='+ params[:mid] +'secret='+ params[:secret] +'sid='+ params[:sid] + secret_key + hash_md5 = Digest::MD5.hexdigest(hash) + if Digest::MD5.hexdigest(hash) == params[:sig] + return true + else + res = {status:'login failed'} + render :json => res + return false + end + else + res = {status:'bad params'} + render :json => res + return false + end + end + end diff --git a/app/controllers/user_controller.rb b/app/controllers/user_controller.rb index c8259f3..12b197e 100644 --- a/app/controllers/user_controller.rb +++ b/app/controllers/user_controller.rb @@ -1,94 +1,64 @@ -require 'digest' - class UserController < ApplicationController def auth + return unless authorized? @res = {} - check = check_auth(params) - if check == true - @res[:status] = 'hello' - user = User.find_by_vkid(params[:mid]) - if user.nil? - user = User.new - user.vkid = params[:mid] - user.save - end - @res[:id] = user.id - @res[:username] = user.name - elsif check == false - @res[:status] = 'bad signature' - else - @res[:status] = 'bad params' + @res[:status] = 'hello' + user = User.find_by_vkid(params[:mid]) + if user.nil? + user = User.new + user.vkid = params[:mid] + user.save end + @res[:id] = user.id + @res[:username] = user.name render :json => @res end def update + return unless authorized? @res = {} - check = check_auth(params) - if check == true - user = User.find_by_vkid(params[:mid]) - unless params[:username].nil? or params[:email].nil? - user.name = params[:username] - user.email = params[:email] - user.save - end - @res[:username] = user.name - @res[:email] = user.email + user = User.find_by_vkid(params[:mid]) + unless params[:username].nil? or params[:email].nil? + user.name = params[:username] + user.email = params[:email] + user.save end + @res[:username] = user.name + @res[:email] = user.email render :json => @res end def fav + return unless authorized? @res = {status: 'fail'} - check = check_auth(params) - if check == true - fav = Favorite.new - if not params[:artist].nil? - artist = Artist.find(params[:artist]); - unless artist.nil? - fav.artist_id = artist.id - res[:status] = 'added' - end - elsif not params[:album].nil? - album = Album.find(params[:album]); - unless album.nil? - fav.album_id = album.id - res[:status] = 'added' - end - elsif not params[:track].nil? - track = Track.find(params[:track]); - unless track.nil? - fav.track_id = track.id - res[:status] = 'added' - end + fav = Favorite.new + if not params[:artist].nil? + artist = Artist.find(params[:artist]); + unless artist.nil? + fav.artist_id = artist.id + res[:status] = 'added' + end + elsif not params[:album].nil? + album = Album.find(params[:album]); + unless album.nil? + fav.album_id = album.id + res[:status] = 'added' + end + elsif not params[:track].nil? + track = Track.find(params[:track]); + unless track.nil? + fav.track_id = track.id + res[:status] = 'added' end end render :json => @res end - private - - def check_auth params - secret_key = request.host == 'beathaven.org' ? 'sdgwSbl3nNE4ZxafuPrp' : 's5zyjb693z6uV4rbhEyc' - unless params[:expire].nil? or params[:mid].nil? or params[:secret].nil? or params[:sid].nil? or params[:sig].nil? - # Calculating hash - hash = 'expire='+ params[:expire] +'mid='+ params[:mid] +'secret='+ params[:secret] +'sid='+ params[:sid] + secret_key - hash_md5 = Digest::MD5.hexdigest(hash) - if Digest::MD5.hexdigest(hash) == params[:sig] - return true - else - return false - end - else - return 'bad params' - end - end - end diff --git a/db/schema.rb b/db/schema.rb index 45b0ab5..4d3644d 100644 --- a/db/schema.rb +++ b/db/schema.rb @@ -10,7 +10,7 @@ # # It's strongly recommended to check this file into your version control system. -ActiveRecord::Schema.define(:version => 20110621001100) do +ActiveRecord::Schema.define(:version => 20110622000253) do create_table "albums", :force => true do |t| t.string "name" @@ -49,6 +49,29 @@ ActiveRecord::Schema.define(:version => 20110621001100) do add_index "delayed_jobs", ["priority", "run_at"], :name => "delayed_jobs_priority" + create_table "favorites", :force => true do |t| + t.integer "user_id" + t.integer "artist_id" + t.integer "album_id" + t.integer "track_id" + t.datetime "created_at" + t.datetime "updated_at" + end + + create_table "playlist_items", :force => true do |t| + t.integer "playlist_id" + t.integer "track_id" + t.datetime "created_at" + t.datetime "updated_at" + end + + create_table "playlists", :force => true do |t| + t.integer "user_id" + t.string "name" + t.datetime "created_at" + t.datetime "updated_at" + end + create_table "tracks", :force => true do |t| t.string "name" t.integer "album_id"