Better auth
This commit is contained in:
magnolia-fan
@@ -1,3 +1,26 @@
|
||||
require 'digest'
|
||||
|
||||
class ApplicationController < ActionController::Base
|
||||
protect_from_forgery
|
||||
|
||||
def authorized?
|
||||
secret_key = request.host == 'beathaven.org' ? 'sdgwSbl3nNE4ZxafuPrp' : 's5zyjb693z6uV4rbhEyc'
|
||||
unless params[:expire].nil? or params[:mid].nil? or params[:secret].nil? or params[:sid].nil? or params[:sig].nil?
|
||||
# Calculating hash
|
||||
hash = 'expire='+ params[:expire] +'mid='+ params[:mid] +'secret='+ params[:secret] +'sid='+ params[:sid] + secret_key
|
||||
hash_md5 = Digest::MD5.hexdigest(hash)
|
||||
if Digest::MD5.hexdigest(hash) == params[:sig]
|
||||
return true
|
||||
else
|
||||
res = {status:'login failed'}
|
||||
render :json => res
|
||||
return false
|
||||
end
|
||||
else
|
||||
res = {status:'bad params'}
|
||||
render :json => res
|
||||
return false
|
||||
end
|
||||
end
|
||||
|
||||
end
|
||||
|
||||
@@ -1,94 +1,64 @@
|
||||
require 'digest'
|
||||
|
||||
class UserController < ApplicationController
|
||||
|
||||
def auth
|
||||
return unless authorized?
|
||||
@res = {}
|
||||
check = check_auth(params)
|
||||
|
||||
if check == true
|
||||
@res[:status] = 'hello'
|
||||
user = User.find_by_vkid(params[:mid])
|
||||
if user.nil?
|
||||
user = User.new
|
||||
user.vkid = params[:mid]
|
||||
user.save
|
||||
end
|
||||
@res[:id] = user.id
|
||||
@res[:username] = user.name
|
||||
elsif check == false
|
||||
@res[:status] = 'bad signature'
|
||||
else
|
||||
@res[:status] = 'bad params'
|
||||
@res[:status] = 'hello'
|
||||
user = User.find_by_vkid(params[:mid])
|
||||
if user.nil?
|
||||
user = User.new
|
||||
user.vkid = params[:mid]
|
||||
user.save
|
||||
end
|
||||
@res[:id] = user.id
|
||||
@res[:username] = user.name
|
||||
|
||||
render :json => @res
|
||||
end
|
||||
|
||||
def update
|
||||
return unless authorized?
|
||||
@res = {}
|
||||
check = check_auth(params)
|
||||
|
||||
if check == true
|
||||
user = User.find_by_vkid(params[:mid])
|
||||
unless params[:username].nil? or params[:email].nil?
|
||||
user.name = params[:username]
|
||||
user.email = params[:email]
|
||||
user.save
|
||||
end
|
||||
@res[:username] = user.name
|
||||
@res[:email] = user.email
|
||||
user = User.find_by_vkid(params[:mid])
|
||||
unless params[:username].nil? or params[:email].nil?
|
||||
user.name = params[:username]
|
||||
user.email = params[:email]
|
||||
user.save
|
||||
end
|
||||
@res[:username] = user.name
|
||||
@res[:email] = user.email
|
||||
|
||||
render :json => @res
|
||||
end
|
||||
|
||||
def fav
|
||||
return unless authorized?
|
||||
@res = {status: 'fail'}
|
||||
check = check_auth(params)
|
||||
|
||||
if check == true
|
||||
fav = Favorite.new
|
||||
if not params[:artist].nil?
|
||||
artist = Artist.find(params[:artist]);
|
||||
unless artist.nil?
|
||||
fav.artist_id = artist.id
|
||||
res[:status] = 'added'
|
||||
end
|
||||
elsif not params[:album].nil?
|
||||
album = Album.find(params[:album]);
|
||||
unless album.nil?
|
||||
fav.album_id = album.id
|
||||
res[:status] = 'added'
|
||||
end
|
||||
elsif not params[:track].nil?
|
||||
track = Track.find(params[:track]);
|
||||
unless track.nil?
|
||||
fav.track_id = track.id
|
||||
res[:status] = 'added'
|
||||
end
|
||||
fav = Favorite.new
|
||||
if not params[:artist].nil?
|
||||
artist = Artist.find(params[:artist]);
|
||||
unless artist.nil?
|
||||
fav.artist_id = artist.id
|
||||
res[:status] = 'added'
|
||||
end
|
||||
elsif not params[:album].nil?
|
||||
album = Album.find(params[:album]);
|
||||
unless album.nil?
|
||||
fav.album_id = album.id
|
||||
res[:status] = 'added'
|
||||
end
|
||||
elsif not params[:track].nil?
|
||||
track = Track.find(params[:track]);
|
||||
unless track.nil?
|
||||
fav.track_id = track.id
|
||||
res[:status] = 'added'
|
||||
end
|
||||
end
|
||||
|
||||
render :json => @res
|
||||
end
|
||||
|
||||
private
|
||||
|
||||
def check_auth params
|
||||
secret_key = request.host == 'beathaven.org' ? 'sdgwSbl3nNE4ZxafuPrp' : 's5zyjb693z6uV4rbhEyc'
|
||||
unless params[:expire].nil? or params[:mid].nil? or params[:secret].nil? or params[:sid].nil? or params[:sig].nil?
|
||||
# Calculating hash
|
||||
hash = 'expire='+ params[:expire] +'mid='+ params[:mid] +'secret='+ params[:secret] +'sid='+ params[:sid] + secret_key
|
||||
hash_md5 = Digest::MD5.hexdigest(hash)
|
||||
if Digest::MD5.hexdigest(hash) == params[:sig]
|
||||
return true
|
||||
else
|
||||
return false
|
||||
end
|
||||
else
|
||||
return 'bad params'
|
||||
end
|
||||
end
|
||||
|
||||
end
|
||||
|
||||
Reference in New Issue
Block a user