1
0
Fork 0

Better auth

This commit is contained in:
magnolia-fan 2011-06-22 04:55:09 +04:00
parent 9558f720ca
commit 704037b67c
3 changed files with 83 additions and 67 deletions

View File

@ -1,3 +1,26 @@
require 'digest'
class ApplicationController < ActionController::Base class ApplicationController < ActionController::Base
protect_from_forgery protect_from_forgery
def authorized?
secret_key = request.host == 'beathaven.org' ? 'sdgwSbl3nNE4ZxafuPrp' : 's5zyjb693z6uV4rbhEyc'
unless params[:expire].nil? or params[:mid].nil? or params[:secret].nil? or params[:sid].nil? or params[:sig].nil?
# Calculating hash
hash = 'expire='+ params[:expire] +'mid='+ params[:mid] +'secret='+ params[:secret] +'sid='+ params[:sid] + secret_key
hash_md5 = Digest::MD5.hexdigest(hash)
if Digest::MD5.hexdigest(hash) == params[:sig]
return true
else
res = {status:'login failed'}
render :json => res
return false
end
else
res = {status:'bad params'}
render :json => res
return false
end
end
end end

View File

@ -1,94 +1,64 @@
require 'digest'
class UserController < ApplicationController class UserController < ApplicationController
def auth def auth
return unless authorized?
@res = {} @res = {}
check = check_auth(params)
if check == true @res[:status] = 'hello'
@res[:status] = 'hello' user = User.find_by_vkid(params[:mid])
user = User.find_by_vkid(params[:mid]) if user.nil?
if user.nil? user = User.new
user = User.new user.vkid = params[:mid]
user.vkid = params[:mid] user.save
user.save
end
@res[:id] = user.id
@res[:username] = user.name
elsif check == false
@res[:status] = 'bad signature'
else
@res[:status] = 'bad params'
end end
@res[:id] = user.id
@res[:username] = user.name
render :json => @res render :json => @res
end end
def update def update
return unless authorized?
@res = {} @res = {}
check = check_auth(params)
if check == true user = User.find_by_vkid(params[:mid])
user = User.find_by_vkid(params[:mid]) unless params[:username].nil? or params[:email].nil?
unless params[:username].nil? or params[:email].nil? user.name = params[:username]
user.name = params[:username] user.email = params[:email]
user.email = params[:email] user.save
user.save
end
@res[:username] = user.name
@res[:email] = user.email
end end
@res[:username] = user.name
@res[:email] = user.email
render :json => @res render :json => @res
end end
def fav def fav
return unless authorized?
@res = {status: 'fail'} @res = {status: 'fail'}
check = check_auth(params)
if check == true fav = Favorite.new
fav = Favorite.new if not params[:artist].nil?
if not params[:artist].nil? artist = Artist.find(params[:artist]);
artist = Artist.find(params[:artist]); unless artist.nil?
unless artist.nil? fav.artist_id = artist.id
fav.artist_id = artist.id res[:status] = 'added'
res[:status] = 'added' end
end elsif not params[:album].nil?
elsif not params[:album].nil? album = Album.find(params[:album]);
album = Album.find(params[:album]); unless album.nil?
unless album.nil? fav.album_id = album.id
fav.album_id = album.id res[:status] = 'added'
res[:status] = 'added' end
end elsif not params[:track].nil?
elsif not params[:track].nil? track = Track.find(params[:track]);
track = Track.find(params[:track]); unless track.nil?
unless track.nil? fav.track_id = track.id
fav.track_id = track.id res[:status] = 'added'
res[:status] = 'added'
end
end end
end end
render :json => @res render :json => @res
end end
private
def check_auth params
secret_key = request.host == 'beathaven.org' ? 'sdgwSbl3nNE4ZxafuPrp' : 's5zyjb693z6uV4rbhEyc'
unless params[:expire].nil? or params[:mid].nil? or params[:secret].nil? or params[:sid].nil? or params[:sig].nil?
# Calculating hash
hash = 'expire='+ params[:expire] +'mid='+ params[:mid] +'secret='+ params[:secret] +'sid='+ params[:sid] + secret_key
hash_md5 = Digest::MD5.hexdigest(hash)
if Digest::MD5.hexdigest(hash) == params[:sig]
return true
else
return false
end
else
return 'bad params'
end
end
end end

View File

@ -10,7 +10,7 @@
# #
# It's strongly recommended to check this file into your version control system. # It's strongly recommended to check this file into your version control system.
ActiveRecord::Schema.define(:version => 20110621001100) do ActiveRecord::Schema.define(:version => 20110622000253) do
create_table "albums", :force => true do |t| create_table "albums", :force => true do |t|
t.string "name" t.string "name"
@ -49,6 +49,29 @@ ActiveRecord::Schema.define(:version => 20110621001100) do
add_index "delayed_jobs", ["priority", "run_at"], :name => "delayed_jobs_priority" add_index "delayed_jobs", ["priority", "run_at"], :name => "delayed_jobs_priority"
create_table "favorites", :force => true do |t|
t.integer "user_id"
t.integer "artist_id"
t.integer "album_id"
t.integer "track_id"
t.datetime "created_at"
t.datetime "updated_at"
end
create_table "playlist_items", :force => true do |t|
t.integer "playlist_id"
t.integer "track_id"
t.datetime "created_at"
t.datetime "updated_at"
end
create_table "playlists", :force => true do |t|
t.integer "user_id"
t.string "name"
t.datetime "created_at"
t.datetime "updated_at"
end
create_table "tracks", :force => true do |t| create_table "tracks", :force => true do |t|
t.string "name" t.string "name"
t.integer "album_id" t.integer "album_id"