1
0
Fork 0

Better auth. Fuck yeah!

This commit is contained in:
magnolia-fan 2011-09-17 15:38:49 +04:00
parent 67e79acf23
commit e29d20550e
5 changed files with 50 additions and 48 deletions

View File

@ -1,43 +1,38 @@
require 'digest' require 'digest'
require 'vkontakte'
class ApplicationController < ActionController::Base class ApplicationController < ActionController::Base
protect_from_forgery protect_from_forgery
before_filter :set_locale before_filter :set_locale
def authorized? def index; end
# secret_key = request.host == 'beathaven.org' ? 'sdgwSbl3nNE4ZxafuPrp' : 's5zyjb693z6uV4rbhEyc'
secret_key = 'sdgwSbl3nNE4ZxafuPrp'
unless params[:expire].nil? or params[:mid].nil? or params[:secret].nil? or params[:sid].nil? or params[:sig].nil?
# Calculating hash
hash = 'expire='+ params[:expire] +'mid='+ params[:mid] +'secret='+ params[:secret] +'sid='+ params[:sid] + secret_key
hash_md5 = Digest::MD5.hexdigest(hash)
if Digest::MD5.hexdigest(hash) == params[:sig]
return true
else
res = {status:'login failed'}
render :json => res
return false
end
else
res = {status:'bad params'}
render :json => res
return false
end
end
def set_locale
session = Session.find_by_key(request.cookies['_beathaven_session'][0..31])
unless session.nil?
I18n.locale = session.user.lang
end
end
def index
end
def greetings def greetings
render :partial => 'greetings' render :partial => 'greetings'
end end
protected
def authorize
unless Vkontakte.check(params)
render :json => { :status => 'login failed' }
false
end
end
def set_locale
session = Session.find_by_key(session_key)
unless session.nil?
I18n.locale = session.user.lang
end
end
def session_key
unless request.cookies['_beathaven_session'].nil?
rails_key = request.cookies['_beathaven_session'][0..31]
else
rails_key = Digest::SHA512.hexdigest(Beathaven::Application.config.secret_token+Time.now.to_f.to_s+Random.rand().to_s)
end
Digest::SHA512.hexdigest(rails_key)
end
end end

View File

@ -3,13 +3,9 @@ require 'musicbrainz'
require 'nokogiri' require 'nokogiri'
class ImportController < ApplicationController class ImportController < ApplicationController
@@lastfm_api_key = '04fda005dbf61a50af5abc3e90f111f2'
@@lastfm_secret = '19e70e98b291e9f15d0516925945eb1b'
def self.importArtist name, dry_run = false def self.importArtist name, dry_run = false
# Initializing gems # Initializing gems
lastfm = Lastfm.new(@@lastfm_api_key, @@lastfm_secret) lastfm = Lastfm.new(LastFmController.api_key, LastFmController.api_secret)
artist = Artist.find_or_create_by_name(name) artist = Artist.find_or_create_by_name(name)
return 3 if artist.status == 1 return 3 if artist.status == 1

View File

@ -2,7 +2,7 @@ require 'open-uri'
require 'lastfm' require 'lastfm'
class LastFmController < ApplicationController class LastFmController < ApplicationController
before_filter :authorize
@@api_key = '04fda005dbf61a50af5abc3e90f111f2' @@api_key = '04fda005dbf61a50af5abc3e90f111f2'
@@secret = '19e70e98b291e9f15d0516925945eb1b' @@secret = '19e70e98b291e9f15d0516925945eb1b'
@ -25,7 +25,6 @@ class LastFmController < ApplicationController
end end
def getinfo def getinfo
return unless authorized?
@res = {} @res = {}
user = User.find_by_vkid(params[:mid]) user = User.find_by_vkid(params[:mid])
@ -44,7 +43,6 @@ class LastFmController < ApplicationController
end end
def listening def listening
return unless authorized?
@res = {} @res = {}
if params[:artist].nil? or params[:album].nil? or params[:track].nil? if params[:artist].nil? or params[:album].nil? or params[:track].nil?
@ -67,7 +65,6 @@ class LastFmController < ApplicationController
end end
def scrobble def scrobble
return unless authorized?
@res = {} @res = {}
if params[:artist].nil? or params[:album].nil? or params[:track].nil? if params[:artist].nil? or params[:album].nil? or params[:track].nil?
@ -93,4 +90,7 @@ class LastFmController < ApplicationController
@@api_key @@api_key
end end
def self.api_secret
@@secret
end
end end

View File

@ -1,8 +1,7 @@
class UserController < ApplicationController class UserController < ApplicationController
before_filter :authorize
def auth def auth
return unless authorized?
@res = {:status => 'hello', :newbie => false} @res = {:status => 'hello', :newbie => false}
user = User.find_by_vkid(params[:mid]) user = User.find_by_vkid(params[:mid])
if user.nil? if user.nil?
@ -13,10 +12,9 @@ class UserController < ApplicationController
@res[:newbie] = true @res[:newbie] = true
end end
cookie_key = request.cookies['_beathaven_session'][0..31]
session = Session.find_or_create_by_user_id(user.id) session = Session.find_or_create_by_user_id(user.id)
if session.key != cookie_key if session.key != session_key
session.key = cookie_key session.key = session_key
session.save session.save
render :json => { 'ok_reload' => true } render :json => { 'ok_reload' => true }
return return
@ -37,13 +35,11 @@ class UserController < ApplicationController
end end
def settings def settings
return unless authorized?
@user = User.find_by_vkid(params[:mid]) @user = User.find_by_vkid(params[:mid])
render :partial => 'settings' render :partial => 'settings'
end end
def update def update
return unless authorized?
allowed_params = [:name, :email, :lang, :show] allowed_params = [:name, :email, :lang, :show]
@res = {} @res = {}
@ -78,7 +74,6 @@ class UserController < ApplicationController
end end
def fav def fav
return unless authorized?
@res = {status: 'fail'} @res = {status: 'fail'}
fav = Favorite.new fav = Favorite.new

16
lib/vkontakte.rb Normal file
View File

@ -0,0 +1,16 @@
module Vkontakte
@@secret_key = 'sdgwSbl3nNE4ZxafuPrp'
def self.check params
unless params[:expire].nil? or params[:mid].nil? or params[:secret].nil? or params[:sid].nil? or params[:sig].nil?
return true if self.sign(params) == params[:sig]
end
false
end
private
def self.sign params
Digest::MD5.hexdigest(%w(expire mid secret sid).map{ |_| _+'='+params[_.to_sym] }.join()+@@secret_key)
end
end