Settings refactor & auth checks

3 years ago · 3272edd65b
parent 91ff7bde0d
commit 3272edd65b
11 changed files with 119 additions and 85 deletions
--- a/src/Gemfile.lock
+++ b/src/Gemfile.lock
@ -4,7 +4,6 @@ GEM
    bcrypt (3.1.16)
    colorize (0.8.1)
    ffi (1.15.5)
-    mini_magick (4.11.0)
    multi_json (1.15.0)
    mustermann (1.1.1)
      ruby2_keywords (~> 0.0.1)
@ -42,7 +41,6 @@ PLATFORMS
 DEPENDENCIES
  bcrypt
  colorize
-  mini_magick
  redcarpet
  rmagick (~> 4.2)
  sassc
--- a/src/app.rb
+++ b/src/app.rb
@ -16,8 +16,8 @@ require "rmagick" # image manipulation
 require_relative "config" # config stuff
 require_relative "debug" # debug methods
 require_relative "lib/database" # database library
-require_relative "func" # usefull methods
 require_relative "const" # constants
+require_relative "func" # usefull methods

 require_relative "db_init" # db init (pre server init
 require_relative "db_models" # db models (i.e. User, Roles etc)
@ -29,6 +29,15 @@ end
 enable :sessions
 db_init

+before do 
+	if !is_logged_in && request.path_info.start_with?(*AUTH_ROUTES) then
+		session[:ret] = request.fullpath
+		session[:status] = 403
+		session[:error_msg] = AUTH_ERRORS[:needed] 
+		redirect "/login"
+	end
+end
+
 not_found do 
 	serve :"404"
 end
@ -73,14 +82,9 @@ get "/profile" do
 	end
 end

-# Posts
-get "/profile/:id/posts" do
-	serve :"user/posts", {user: User.find_by_id(params[:id].to_i)}
-end
-
 # Reputation
 get "/profile/:id/rep" do
-	serve :"user/rep", {user: User.find_by_id(params[:id].to_i)}
+	serve :"user/rep"
 end

 # Settings
@ -125,22 +129,20 @@ post "/user/logout" do
 end

 post "/user/update" do
-	data = {}
+	data = {
+		name: params["displayname"],
+		bio_text: params["bio"]
+	}
+
 	if params[:image] then
 		imgdata = params[:image][:tempfile] 
-		save_image imgdata.read, "./public/avatars/#{session[:userid]}.png"
-		data[:avatar_url] = "/avatars/#{session[:userid]}.png"
+		save_image imgdata.read, "./public/avatars/#{session[:userid]}.png" # save the image
+		data[:avatar_url] = "/avatars/#{session[:userid]}.png" # update image path
 	end

-	current_user = get_current_user
-	data[:bio_text] = params["bio"] unless params["bio"] == current_user.bio_text
-	if params["displayname"].length < MIN_NAME_LEN then
-		session[:error_msg] = SETTINGS_ERRORS[:name_len] 
-	else
-		data[:name] = params["displayname"] unless params["displayname"] == current_user.name 
-	end
+	success, msg = get_current_user.update_creds data # update the user creds
+	if not success then session[:error_msg] = msg end	

-	User.update(data, "id = ?", session[:userid]) unless data.length < 1
 	redirect "/settings"
 end

--- a/src/config.rb
+++ b/src/config.rb
@ -1,14 +1,8 @@
-# DB stuff
-DB_PATH = "db/main.db"
+require_relative "const"

-# User settings stuff
-AVATAR_SIZE = 1024
-
-# Register stuff
-MIN_PASSWORD_LEN = 8
-MIN_NAME_LEN = 2
-
-EMAIL_REGEX = /\A[\w+\-.]+@[a-z\d\-]+(\.[a-z\d\-]+)*\.[a-z]+\z/i
+AUTH_ERRORS = {
+	needed: "Authentication is needed to perform that task! Please login!"
+}

 REGISTER_ERRORS = {
 	fields: "Please fill all of the fields",
@ -16,14 +10,15 @@ REGISTER_ERRORS = {
 	pass_len: "Password length must be at least #{MIN_PASSWORD_LEN}",
 	pass_notequals: "Password mismatch",

-	name_len: "Name length must be at least #{MIN_NAME_LEN}",
+	name_len: "Name length must be between #{MIN_NAME_LEN} and #{MAX_NAME_LEN}",

 	email_dupe: "Email is already in use",
 	email_fake: "Please use a valid email address"
 }

 SETTINGS_ERRORS = {
-	name_len: "Name length must be at least #{MIN_NAME_LEN}"
+	name_len: "Name length must be between #{MIN_NAME_LEN} and #{MAX_NAME_LEN} characters!",
+	bio_len: "Biography length must be between #{MIN_BIO_LEN} and #{MAX_BIO_LEN} characters!"
 }

 # Login stuff
--- a/src/const.rb
+++ b/src/const.rb
@ -10,3 +10,23 @@ PERM_LEVELS = {
 	rmpost: 1, # allows the user to remove other peoples auctions
 	roleman: 2 # allows the user to manage other peoples roles
 }
+
+# DB stuff
+DB_PATH = "db/main.db"
+
+
+# User constants
+AVATAR_SIZE = 1024 # width & height
+
+MIN_PASSWORD_LEN = 8
+MIN_NAME_LEN = 2
+MAX_NAME_LEN = 32
+
+MIN_BIO_LEN = 0
+MAX_BIO_LEN = 128
+
+EMAIL_REGEX = /\A[\w+\-.]+@[a-z\d\-]+(\.[a-z\d\-]+)*\.[a-z]+\z/i
+
+
+# Routes that needs auth
+AUTH_ROUTES = %w[/settings]
--- a/src/db_models.rb
+++ b/src/db_models.rb
@ -52,6 +52,21 @@ class User < EntityModel
 		self.update({reputation: val}, "id = ?", @id)
 	end

+	def update_creds(data)
+		# Validate input
+		return false, SETTINGS_ERRORS[:name_len] unless data[:name].length.between?(MIN_NAME_LEN, MAX_NAME_LEN)
+		return false, SETTINGS_ERRORS[:bio_len] unless data[:bio_text].length.between?(MIN_BIO_LEN, MAX_BIO_LEN)
+
+		# Filter unchanged data
+		p data
+		data.keys.each do |k|
+			data.delete(k) if @data[k.to_s] == data[k]
+		end
+		p data
+		User.update(data, "id = ?", @id) unless data.length < 1
+		return true, nil
+	end
+
 	# Find user by ID, returns a user object 
 	def self.find_by_id(id)
 		data = self.get("*", "id = ?", id).first
@ -73,7 +88,7 @@ class User < EntityModel
 		check_email_valid = email.match(EMAIL_REGEX) != nil 

 		# Name
-		check_name_len = name.length >= MIN_NAME_LEN
+		check_name_len = name.length.between?(MIN_NAME_LEN, MAX_NAME_LEN)

 		# Password
 		check_pass_equals = password == password_confirm
--- a/src/func.rb
+++ b/src/func.rb
@ -20,6 +20,8 @@ def serve(template, locals={}, layout: :layout)
 	locals[:session_user] = get_current_user unless !is_logged_in

 	# Serve the slim template
+	status session[:status] if session[:status]
+	session.delete :status
 	slim(template, locals: locals, :layout => layout)
 end

--- a/src/lib/database.rb
+++ b/src/lib/database.rb
@ -44,7 +44,7 @@ class EntityModel
 	def self.query(q, *args) # query table with query string
 		Console.debug("Running SQL -> #{q}", *args)
 		begin
-			db.execute( q, *args )
+			db.execute( q, args )
 		rescue SQLite3::SQLException => err
 			Console.error "SQL exception: #{err}", q
 		end
--- a/src/public/avatars/1.png
+++ b/src/public/avatars/1.png
--- a/src/public/avatars/2.png
+++ b/src/public/avatars/2.png
--- a/src/views/stylesheets/style.sass
+++ b/src/views/stylesheets/style.sass
@ -43,63 +43,63 @@ body
  height: 100% 
  overflow-y: hidden

-  header
-    height: 55px
-    background-color: $bg_dark_clr
-    border-bottom: $border_size solid $shadow_clr
-    padding: .1rem .8rem .1rem .8rem
-    white-space: nowrap
+header
+  height: 55px
+  background-color: $bg_dark_clr
+  border-bottom: $border_size solid $shadow_clr
+  padding: .1rem .8rem .1rem .8rem
+  white-space: nowrap
+
+  img.avatar
+    transition: border .2s

-    img.avatar
-      transition: border .2s
+  img.avatar:hover
+    border: 2px solid $special_clr

-    img.avatar:hover
-      border: 2px solid $special_clr
+  div
+    display: flex
+    max-width: 70rem
+    margin: 0 auto

-    div
+    #logo_container
      display: flex
-      max-width: 70rem
-      margin: 0 auto
+      flex-direction: column 
+      margin: 0
+      text-decoration: none
+      color: $fg_clr

-      #logo_container
-        display: flex
-        flex-direction: column 
+      h1
+        margin: 0
+        opacity: .8
+        font-size: 1.2rem
+        font-weight: bold
+
+      h2 
+        margin: 0
+        opacity: .2
+        font-size: .8rem
+        font-style: italic
+        font-weight: normal
+
+    nav
+      display: flex
+      align-items: center
+      margin: 0 0 0 auto
+      padding: 8px
+      padding-right: 0
+      
+      ul
        margin: 0
-        text-decoration: none
-        color: $fg_clr
-
-        h1
-          margin: 0
-          opacity: .8
-          font-size: 1.2rem
-          font-weight: bold
-
-        h2 
-          margin: 0
-          opacity: .2
-          font-size: .8rem
-          font-style: italic
-          font-weight: normal
-
-      nav
        display: flex
-        align-items: center
-        margin: 0 0 0 auto
-        padding: 8px
-        padding-right: 0
-        
-        ul
-          margin: 0
-          display: flex
-          flex-direction: row 
-          list-style-type: none
-          justify-content: flex-end
+        flex-direction: row 
+        list-style-type: none
+        justify-content: flex-end

-          li   
-            display: flex
-            flex-direction: column
-            justify-content: center
-            margin: 0 8px
+        li   
+          display: flex
+          flex-direction: column
+          justify-content: center
+          margin: 0 8px

 // General
 #login
@ -344,3 +344,7 @@ ul.button-container
      background-color: $bg_alt_clr
      border: $border_size solid $border_clr

+      input[type=text]
+        padding: 0 .2rem
+        border: $border_size solid $border_clr
+
--- a/src/views/user/posts.slim
+++ b/src/views/user/posts.slim
@ -1,2 +0,0 @@
-h1 = "#{user.name}'s posts"
-h2 Not implemented yet.