service
/
passwd0
Watch 1
Star 0
Fork 0
Code Issues 2 Pull Requests 0 Releases 0 Wiki Activity
Browse Source

better notes, bugfixes

Paul Liverman III 5 years ago
parent
f7d8fc8984
commit
aa279ac688
3 changed files with 17 additions and 23 deletions
Unified View Show Diff Stats
  1. 0
    1
      Dockerfile
  2. 12
    17
      app.moon
  3. 5
    5
      helpers.moon

+ 0
- 1
Dockerfile View File

1 
 FROM guard13007/docker-lapis:latest
 1 
 FROM guard13007/docker-lapis:latest
2
2
3 
 RUN luarocks install bcrypt
 3 
 RUN luarocks install bcrypt
4 
-RUN luarocks install lapis-console

+ 12
- 17
app.moon View File

1 
 lapis = require "lapis"
 1 
 lapis = require "lapis"
2 
-console = require "lapis.console"
3 
 bcrypt = require "bcrypt"
 2 
 bcrypt = require "bcrypt"
4 
-config = require("lapis.config").get!
5
3
6 
 import Users from require "models"
 4 
 import Users from require "models"
7 
 import api, abort, assert_model from require "helpers"
 5 
 import api, abort, assert_model from require "helpers"
8
6
9 
 class extends lapis.Application
 7 
 class extends lapis.Application
10 
-  [console: "/console/#{config.secret}"]: =>
11 
-    if Users\count! < 1 or @session.id == 1
12 
-      return console.make(env: "all")(@)
13 
-    else
14 
-      return status: 401, "401 - Unauthorized"
15 
-
16 
-  [authenticate: "/0/auth"]: api {
17 
-    POST: =>
8 
+  -- finds user by name or id (or creates by name), and returns the user,
9 
+  --  unless a password is not specified (or incorrect), or the password is too weak
10 
+  [authenticate: "/0/auth"]: respond_to {
11 
+    POST: api( =>
18 
       -- find user by name or id if specified
 12 
       -- find user by name or id if specified
19 
       local user
 13 
       local user
20 
       if @params.name
 14 
       if @params.name
21 
         user = Users\find name: @params.name
 15 
         user = Users\find name: @params.name
22 
       elseif @params.id
 16 
       elseif @params.id
23 
         user = Users\find id: @params.id
 17 
         user = Users\find id: @params.id
24 
-        abort "No such user." unless user
18 
+        abort "Incorrect user name, id, or password." unless user
25
19
26 
       -- if a user by that name exists, see if the password is correct
 20 
       -- if a user by that name exists, see if the password is correct
27 
       if user
 21 
       if user
28 
         unless bcrypt.verify(@params.password, user.digest)
 22 
         unless bcrypt.verify(@params.password, user.digest)
29 
-          abort "Incorrect password."
23 
+          abort "Incorrect user name, id, or password."
30 
       -- else create a user
 24 
       -- else create a user
31 
       elseif @params.password
 25 
       elseif @params.password
32 
         assert_valid(@params, {
 26 
         assert_valid(@params, {
34 
           { "password", exists: true, min_length: 8, max_length: 255 }
 28 
           { "password", exists: true, min_length: 8, max_length: 255 }
35 
         })
 29 
         })
36 
         -- TODO passwords should be checked against known breached passwords
 30 
         -- TODO passwords should be checked against known breached passwords
37 
-        -- TODO passwords should be required to follow a few other basic security checks
38 
-        --  actually, these are invalidated just by checking against breached passwords I think
39 
         user = assert_model Users\create {
 31 
         user = assert_model Users\create {
40 
           name: @params.name
 32 
           name: @params.name
41 
           digest: bcrypt.digest(@params.password, config.digest_rounds)
 33 
           digest: bcrypt.digest(@params.password, config.digest_rounds)
45 
         abort "Must specify name or id, and password."
 37 
         abort "Must specify name or id, and password."
46
38
47 
       return name: user.name, id: user.id
 39 
       return name: user.name, id: user.id
40 
+    )
48 
   }
 41 
   }
49
42
50 
-  [name: "/0/:id[%d]"]: api {
51 
-    GET: =>
43 
+  -- finds user by id and returns their name
44 
+  [name: "/0/:id[%d]"]: {
45 
+    GET: api(=>
52 
       if user = Users\find id: @params.id
 46 
       if user = Users\find id: @params.id
53 
         return name: user.name
 47 
         return name: user.name
54 
       else
 48 
       else
55 
-        abort "No such user."
49 
+        abort "Incorrect user id."
50 
+    )
56 
   }
 51 
   }

+ 5
- 5
helpers.moon View File

2 
 import insert from table
 2 
 import insert from table
3 
 import max from math
 3 
 import max from math
4
4
5 
-api = (tab) ->
5 
+api = (fn) =>
6 
   json_params capture_errors {
 6 
   json_params capture_errors {
7 
     =>
 7 
     =>
8 
-      result = respond_to(tab)
9 
-      return json: result,
8 
+      result = fn(@)
9 
+      return json: result
10 
     on_error: =>
 10 
     on_error: =>
11 
-      status = 400
11 
+      status = 400 -- most likely a bad request
12 
       errors = {}
 12 
       errors = {}
13 
       for err in *@errors
 13 
       for err in *@errors
14 
         if "table" == type err
 14 
         if "table" == type err
15 
-          status = max status, err[1]
15 
+          status = max status, err[1] -- the worst error will have a higher status number
16 
           insert errors, err[2]
 16 
           insert errors, err[2]
17 
         else
 17 
         else
18 
           insert errors, err
 18 
           insert errors, err