Better auth. Fuck yeah!

2011-09-17 15:38:49 +04:00 · 2011-09-17 15:38:49 +04:00 · e29d20550e
parent 67e79acf23
commit e29d20550e
5 changed files with 50 additions and 48 deletions
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@ -1,43 +1,38 @@
 require 'digest'
+require 'vkontakte'

 class ApplicationController < ActionController::Base
  protect_from_forgery
  before_filter :set_locale
  
-  def authorized?
-    # secret_key = request.host == 'beathaven.org' ? 'sdgwSbl3nNE4ZxafuPrp' : 's5zyjb693z6uV4rbhEyc'
-    secret_key = 'sdgwSbl3nNE4ZxafuPrp'
-    unless params[:expire].nil? or params[:mid].nil? or params[:secret].nil? or params[:sid].nil? or params[:sig].nil?
-      # Calculating hash
-      hash = 'expire='+ params[:expire] +'mid='+ params[:mid] +'secret='+ params[:secret] +'sid='+ params[:sid] + secret_key
-      hash_md5 = Digest::MD5.hexdigest(hash)
-      if Digest::MD5.hexdigest(hash) == params[:sig]
-        return true
-      else
-        res = {status:'login failed'}
-        render :json => res
-        return false
-      end
-    else
-      res = {status:'bad params'}
-      render :json => res
-      return false
-    end
-  end
-  
-  def set_locale
-    session = Session.find_by_key(request.cookies['_beathaven_session'][0..31])
-    unless session.nil?
-      I18n.locale = session.user.lang
-    end
-  end
-  
-  def index
-    
-  end
+  def index; end
  
  def greetings
    render :partial => 'greetings'
  end
  
+  protected
+  
+  def authorize
+    unless Vkontakte.check(params)
+      render :json => { :status => 'login failed' }
+      false
+    end
+  end
+  
+  def set_locale
+    session = Session.find_by_key(session_key)
+    unless session.nil?
+      I18n.locale = session.user.lang
+    end
+  end
+  
+  def session_key
+    unless request.cookies['_beathaven_session'].nil?
+      rails_key = request.cookies['_beathaven_session'][0..31]
+    else
+      rails_key = Digest::SHA512.hexdigest(Beathaven::Application.config.secret_token+Time.now.to_f.to_s+Random.rand().to_s)
+    end
+    Digest::SHA512.hexdigest(rails_key)
+  end
 end
--- a/app/controllers/import_controller.rb
+++ b/app/controllers/import_controller.rb
@ -3,13 +3,9 @@ require 'musicbrainz'
 require 'nokogiri'

 class ImportController < ApplicationController
-  @@lastfm_api_key = '04fda005dbf61a50af5abc3e90f111f2'
-  @@lastfm_secret = '19e70e98b291e9f15d0516925945eb1b'
-  
  def self.importArtist name, dry_run = false
-    
    # Initializing gems
-    lastfm = Lastfm.new(@@lastfm_api_key, @@lastfm_secret)
+    lastfm = Lastfm.new(LastFmController.api_key, LastFmController.api_secret)
    
    artist = Artist.find_or_create_by_name(name)
    return 3 if artist.status == 1
--- a/app/controllers/last_fm_controller.rb
+++ b/app/controllers/last_fm_controller.rb
@ -2,7 +2,7 @@ require 'open-uri'
 require 'lastfm'

 class LastFmController < ApplicationController
-  
+  before_filter :authorize
  @@api_key = '04fda005dbf61a50af5abc3e90f111f2'
  @@secret = '19e70e98b291e9f15d0516925945eb1b'
  
@ -25,7 +25,6 @@ class LastFmController < ApplicationController
  end
  
  def getinfo
-    return unless authorized?
    @res = {}
    
    user = User.find_by_vkid(params[:mid])
@ -44,7 +43,6 @@ class LastFmController < ApplicationController
  end
  
  def listening
-    return unless authorized?
    @res = {}
    
    if params[:artist].nil? or params[:album].nil? or params[:track].nil?
@ -67,7 +65,6 @@ class LastFmController < ApplicationController
  end
  
  def scrobble
-    return unless authorized?
    @res = {}
    
    if params[:artist].nil? or params[:album].nil? or params[:track].nil?
@ -93,4 +90,7 @@ class LastFmController < ApplicationController
    @@api_key
  end
  
+  def self.api_secret
+    @@secret
+  end
 end
--- a/app/controllers/user_controller.rb
+++ b/app/controllers/user_controller.rb
@ -1,8 +1,7 @@
 class UserController < ApplicationController
+  before_filter :authorize
  
  def auth
-    return unless authorized?
-    
    @res = {:status => 'hello', :newbie => false}
    user = User.find_by_vkid(params[:mid])
    if user.nil?
@ -13,10 +12,9 @@ class UserController < ApplicationController
      @res[:newbie] = true
    end
    
-    cookie_key = request.cookies['_beathaven_session'][0..31]
    session = Session.find_or_create_by_user_id(user.id)
-    if session.key != cookie_key
-      session.key = cookie_key
+    if session.key != session_key
+      session.key = session_key
      session.save
      render :json => { 'ok_reload' => true }
      return
@ -37,13 +35,11 @@ class UserController < ApplicationController
  end
  
  def settings
-    return unless authorized?
    @user = User.find_by_vkid(params[:mid])
    render :partial => 'settings'
  end
  
  def update
-    return unless authorized?
    allowed_params = [:name, :email, :lang, :show]
    @res = {}
    
@ -78,7 +74,6 @@ class UserController < ApplicationController
  end
  
  def fav
-    return unless authorized?
    @res = {status: 'fail'}
    
    fav = Favorite.new
--- a/lib/vkontakte.rb
+++ b/lib/vkontakte.rb
@ -0,0 +1,16 @@
+module Vkontakte
+  @@secret_key = 'sdgwSbl3nNE4ZxafuPrp'
+  
+  def self.check params
+    unless params[:expire].nil? or params[:mid].nil? or params[:secret].nil? or params[:sid].nil? or params[:sig].nil?
+      return true if self.sign(params) == params[:sig]
+    end
+    false
+  end
+  
+  private
+  
+  def self.sign params
+    Digest::MD5.hexdigest(%w(expire mid secret sid).map{ |_| _+'='+params[_.to_sym] }.join()+@@secret_key)
+  end
+end