Settings refactor & auth checks

src/Gemfile.lock

@@ -4,7 +4,6 @@ GEM
     bcrypt (3.1.16)
     colorize (0.8.1)
     ffi (1.15.5)
-    mini_magick (4.11.0)
     multi_json (1.15.0)
     mustermann (1.1.1)
       ruby2_keywords (~> 0.0.1)
@@ -42,7 +41,6 @@ PLATFORMS
 DEPENDENCIES
   bcrypt
   colorize
-  mini_magick
   redcarpet
   rmagick (~> 4.2)
   sassc

src/app.rb

@@ -16,8 +16,8 @@ require "rmagick" # image manipulation
 require_relative "config" # config stuff
 require_relative "debug" # debug methods
 require_relative "lib/database" # database library
-require_relative "func" # usefull methods
 require_relative "const" # constants
+require_relative "func" # usefull methods
 
 require_relative "db_init" # db init (pre server init
 require_relative "db_models" # db models (i.e. User, Roles etc)
@@ -29,6 +29,15 @@ end
 enable :sessions
 db_init
 
+before do 
+	if !is_logged_in && request.path_info.start_with?(*AUTH_ROUTES) then
+		session[:ret] = request.fullpath
+		session[:status] = 403
+		session[:error_msg] = AUTH_ERRORS[:needed] 
+		redirect "/login"
+	end
+end
+
 not_found do 
 	serve :"404"
 end
@@ -73,14 +82,9 @@ get "/profile" do
 	end
 end
 
-# Posts
-get "/profile/:id/posts" do
-	serve :"user/posts", {user: User.find_by_id(params[:id].to_i)}
-end
-
 # Reputation
 get "/profile/:id/rep" do
-	serve :"user/rep", {user: User.find_by_id(params[:id].to_i)}
+	serve :"user/rep"
 end
 
 # Settings
@@ -125,22 +129,20 @@ post "/user/logout" do
 end
 
 post "/user/update" do
-	data = {}
+	data = {
+		name: params["displayname"],
+		bio_text: params["bio"]
+	}
+
 	if params[:image] then
 		imgdata = params[:image][:tempfile] 
-		save_image imgdata.read, "./public/avatars/#{session[:userid]}.png"
+		save_image imgdata.read, "./public/avatars/#{session[:userid]}.png" # save the image
-		data[:avatar_url] = "/avatars/#{session[:userid]}.png"
+		data[:avatar_url] = "/avatars/#{session[:userid]}.png" # update image path
 	end
 
-	current_user = get_current_user
+	success, msg = get_current_user.update_creds data # update the user creds
-	data[:bio_text] = params["bio"] unless params["bio"] == current_user.bio_text
+	if not success then session[:error_msg] = msg end	
-	if params["displayname"].length < MIN_NAME_LEN then
-		session[:error_msg] = SETTINGS_ERRORS[:name_len] 
-	else
-		data[:name] = params["displayname"] unless params["displayname"] == current_user.name 
-	end
 
-	User.update(data, "id = ?", session[:userid]) unless data.length < 1
 	redirect "/settings"
 end
 

src/config.rb

@@ -1,14 +1,8 @@
-# DB stuff
+require_relative "const"
-DB_PATH = "db/main.db"
 
-# User settings stuff
+AUTH_ERRORS = {
-AVATAR_SIZE = 1024
+	needed: "Authentication is needed to perform that task! Please login!"
-
+}
-# Register stuff
-MIN_PASSWORD_LEN = 8
-MIN_NAME_LEN = 2
-
-EMAIL_REGEX = /\A[\w+\-.]+@[a-z\d\-]+(\.[a-z\d\-]+)*\.[a-z]+\z/i
 
 REGISTER_ERRORS = {
 	fields: "Please fill all of the fields",
@@ -16,14 +10,15 @@ REGISTER_ERRORS = {
 	pass_len: "Password length must be at least #{MIN_PASSWORD_LEN}",
 	pass_notequals: "Password mismatch",
 
-	name_len: "Name length must be at least #{MIN_NAME_LEN}",
+	name_len: "Name length must be between #{MIN_NAME_LEN} and #{MAX_NAME_LEN}",
 
 	email_dupe: "Email is already in use",
 	email_fake: "Please use a valid email address"
 }
 
 SETTINGS_ERRORS = {
-	name_len: "Name length must be at least #{MIN_NAME_LEN}"
+	name_len: "Name length must be between #{MIN_NAME_LEN} and #{MAX_NAME_LEN} characters!",
+	bio_len: "Biography length must be between #{MIN_BIO_LEN} and #{MAX_BIO_LEN} characters!"
 }
 
 # Login stuff

src/const.rb

@@ -10,3 +10,23 @@ PERM_LEVELS = {
 	rmpost: 1, # allows the user to remove other peoples auctions
 	roleman: 2 # allows the user to manage other peoples roles
 }
+
+# DB stuff
+DB_PATH = "db/main.db"
+
+
+# User constants
+AVATAR_SIZE = 1024 # width & height
+
+MIN_PASSWORD_LEN = 8
+MIN_NAME_LEN = 2
+MAX_NAME_LEN = 32
+
+MIN_BIO_LEN = 0
+MAX_BIO_LEN = 128
+
+EMAIL_REGEX = /\A[\w+\-.]+@[a-z\d\-]+(\.[a-z\d\-]+)*\.[a-z]+\z/i
+
+
+# Routes that needs auth
+AUTH_ROUTES = %w[/settings]

src/db_models.rb

@@ -52,6 +52,21 @@ class User < EntityModel
 		self.update({reputation: val}, "id = ?", @id)
 	end
 
+	def update_creds(data)
+		# Validate input
+		return false, SETTINGS_ERRORS[:name_len] unless data[:name].length.between?(MIN_NAME_LEN, MAX_NAME_LEN)
+		return false, SETTINGS_ERRORS[:bio_len] unless data[:bio_text].length.between?(MIN_BIO_LEN, MAX_BIO_LEN)
+
+		# Filter unchanged data
+		p data
+		data.keys.each do |k|
+			data.delete(k) if @data[k.to_s] == data[k]
+		end
+		p data
+		User.update(data, "id = ?", @id) unless data.length < 1
+		return true, nil
+	end
+
 	# Find user by ID, returns a user object 
 	def self.find_by_id(id)
 		data = self.get("*", "id = ?", id).first
@@ -73,7 +88,7 @@ class User < EntityModel
 		check_email_valid = email.match(EMAIL_REGEX) != nil 
 
 		# Name
-		check_name_len = name.length >= MIN_NAME_LEN
+		check_name_len = name.length.between?(MIN_NAME_LEN, MAX_NAME_LEN)
 
 		# Password
 		check_pass_equals = password == password_confirm

src/func.rb

@@ -20,6 +20,8 @@ def serve(template, locals={}, layout: :layout)
 	locals[:session_user] = get_current_user unless !is_logged_in
 
 	# Serve the slim template
+	status session[:status] if session[:status]
+	session.delete :status
 	slim(template, locals: locals, :layout => layout)
 end
 

src/lib/database.rb

@@ -44,7 +44,7 @@ class EntityModel
 	def self.query(q, *args) # query table with query string
 		Console.debug("Running SQL -> #{q}", *args)
 		begin
-			db.execute( q, *args )
+			db.execute( q, args )
 		rescue SQLite3::SQLException => err
 			Console.error "SQL exception: #{err}", q
 		end

src/views/stylesheets/style.sass

@@ -344,3 +344,7 @@ ul.button-container
       background-color: $bg_alt_clr
       border: $border_size solid $border_clr
 
+      input[type=text]
+        padding: 0 .2rem
+        border: $border_size solid $border_clr
+

src/views/user/posts.slim

@@ -1,2 +0,0 @@
-h1 = "#{user.name}'s posts"
-h2 Not implemented yet.