Settings refactor & auth checks

master
E. Almqvist 3 years ago
parent 91ff7bde0d
commit 3272edd65b
  1. 2
      src/Gemfile.lock
  2. 38
      src/app.rb
  3. 19
      src/config.rb
  4. 20
      src/const.rb
  5. 17
      src/db_models.rb
  6. 2
      src/func.rb
  7. 2
      src/lib/database.rb
  8. BIN
      src/public/avatars/1.png
  9. BIN
      src/public/avatars/2.png
  10. 100
      src/views/stylesheets/style.sass
  11. 2
      src/views/user/posts.slim

@ -4,7 +4,6 @@ GEM
bcrypt (3.1.16) bcrypt (3.1.16)
colorize (0.8.1) colorize (0.8.1)
ffi (1.15.5) ffi (1.15.5)
mini_magick (4.11.0)
multi_json (1.15.0) multi_json (1.15.0)
mustermann (1.1.1) mustermann (1.1.1)
ruby2_keywords (~> 0.0.1) ruby2_keywords (~> 0.0.1)
@ -42,7 +41,6 @@ PLATFORMS
DEPENDENCIES DEPENDENCIES
bcrypt bcrypt
colorize colorize
mini_magick
redcarpet redcarpet
rmagick (~> 4.2) rmagick (~> 4.2)
sassc sassc

@ -16,8 +16,8 @@ require "rmagick" # image manipulation
require_relative "config" # config stuff require_relative "config" # config stuff
require_relative "debug" # debug methods require_relative "debug" # debug methods
require_relative "lib/database" # database library require_relative "lib/database" # database library
require_relative "func" # usefull methods
require_relative "const" # constants require_relative "const" # constants
require_relative "func" # usefull methods
require_relative "db_init" # db init (pre server init require_relative "db_init" # db init (pre server init
require_relative "db_models" # db models (i.e. User, Roles etc) require_relative "db_models" # db models (i.e. User, Roles etc)
@ -29,6 +29,15 @@ end
enable :sessions enable :sessions
db_init db_init
before do
if !is_logged_in && request.path_info.start_with?(*AUTH_ROUTES) then
session[:ret] = request.fullpath
session[:status] = 403
session[:error_msg] = AUTH_ERRORS[:needed]
redirect "/login"
end
end
not_found do not_found do
serve :"404" serve :"404"
end end
@ -73,14 +82,9 @@ get "/profile" do
end end
end end
# Posts
get "/profile/:id/posts" do
serve :"user/posts", {user: User.find_by_id(params[:id].to_i)}
end
# Reputation # Reputation
get "/profile/:id/rep" do get "/profile/:id/rep" do
serve :"user/rep", {user: User.find_by_id(params[:id].to_i)} serve :"user/rep"
end end
# Settings # Settings
@ -125,22 +129,20 @@ post "/user/logout" do
end end
post "/user/update" do post "/user/update" do
data = {} data = {
name: params["displayname"],
bio_text: params["bio"]
}
if params[:image] then if params[:image] then
imgdata = params[:image][:tempfile] imgdata = params[:image][:tempfile]
save_image imgdata.read, "./public/avatars/#{session[:userid]}.png" save_image imgdata.read, "./public/avatars/#{session[:userid]}.png" # save the image
data[:avatar_url] = "/avatars/#{session[:userid]}.png" data[:avatar_url] = "/avatars/#{session[:userid]}.png" # update image path
end end
current_user = get_current_user success, msg = get_current_user.update_creds data # update the user creds
data[:bio_text] = params["bio"] unless params["bio"] == current_user.bio_text if not success then session[:error_msg] = msg end
if params["displayname"].length < MIN_NAME_LEN then
session[:error_msg] = SETTINGS_ERRORS[:name_len]
else
data[:name] = params["displayname"] unless params["displayname"] == current_user.name
end
User.update(data, "id = ?", session[:userid]) unless data.length < 1
redirect "/settings" redirect "/settings"
end end

@ -1,14 +1,8 @@
# DB stuff require_relative "const"
DB_PATH = "db/main.db"
# User settings stuff AUTH_ERRORS = {
AVATAR_SIZE = 1024 needed: "Authentication is needed to perform that task! Please login!"
}
# Register stuff
MIN_PASSWORD_LEN = 8
MIN_NAME_LEN = 2
EMAIL_REGEX = /\A[\w+\-.]+@[a-z\d\-]+(\.[a-z\d\-]+)*\.[a-z]+\z/i
REGISTER_ERRORS = { REGISTER_ERRORS = {
fields: "Please fill all of the fields", fields: "Please fill all of the fields",
@ -16,14 +10,15 @@ REGISTER_ERRORS = {
pass_len: "Password length must be at least #{MIN_PASSWORD_LEN}", pass_len: "Password length must be at least #{MIN_PASSWORD_LEN}",
pass_notequals: "Password mismatch", pass_notequals: "Password mismatch",
name_len: "Name length must be at least #{MIN_NAME_LEN}", name_len: "Name length must be between #{MIN_NAME_LEN} and #{MAX_NAME_LEN}",
email_dupe: "Email is already in use", email_dupe: "Email is already in use",
email_fake: "Please use a valid email address" email_fake: "Please use a valid email address"
} }
SETTINGS_ERRORS = { SETTINGS_ERRORS = {
name_len: "Name length must be at least #{MIN_NAME_LEN}" name_len: "Name length must be between #{MIN_NAME_LEN} and #{MAX_NAME_LEN} characters!",
bio_len: "Biography length must be between #{MIN_BIO_LEN} and #{MAX_BIO_LEN} characters!"
} }
# Login stuff # Login stuff

@ -10,3 +10,23 @@ PERM_LEVELS = {
rmpost: 1, # allows the user to remove other peoples auctions rmpost: 1, # allows the user to remove other peoples auctions
roleman: 2 # allows the user to manage other peoples roles roleman: 2 # allows the user to manage other peoples roles
} }
# DB stuff
DB_PATH = "db/main.db"
# User constants
AVATAR_SIZE = 1024 # width & height
MIN_PASSWORD_LEN = 8
MIN_NAME_LEN = 2
MAX_NAME_LEN = 32
MIN_BIO_LEN = 0
MAX_BIO_LEN = 128
EMAIL_REGEX = /\A[\w+\-.]+@[a-z\d\-]+(\.[a-z\d\-]+)*\.[a-z]+\z/i
# Routes that needs auth
AUTH_ROUTES = %w[/settings]

@ -52,6 +52,21 @@ class User < EntityModel
self.update({reputation: val}, "id = ?", @id) self.update({reputation: val}, "id = ?", @id)
end end
def update_creds(data)
# Validate input
return false, SETTINGS_ERRORS[:name_len] unless data[:name].length.between?(MIN_NAME_LEN, MAX_NAME_LEN)
return false, SETTINGS_ERRORS[:bio_len] unless data[:bio_text].length.between?(MIN_BIO_LEN, MAX_BIO_LEN)
# Filter unchanged data
p data
data.keys.each do |k|
data.delete(k) if @data[k.to_s] == data[k]
end
p data
User.update(data, "id = ?", @id) unless data.length < 1
return true, nil
end
# Find user by ID, returns a user object # Find user by ID, returns a user object
def self.find_by_id(id) def self.find_by_id(id)
data = self.get("*", "id = ?", id).first data = self.get("*", "id = ?", id).first
@ -73,7 +88,7 @@ class User < EntityModel
check_email_valid = email.match(EMAIL_REGEX) != nil check_email_valid = email.match(EMAIL_REGEX) != nil
# Name # Name
check_name_len = name.length >= MIN_NAME_LEN check_name_len = name.length.between?(MIN_NAME_LEN, MAX_NAME_LEN)
# Password # Password
check_pass_equals = password == password_confirm check_pass_equals = password == password_confirm

@ -20,6 +20,8 @@ def serve(template, locals={}, layout: :layout)
locals[:session_user] = get_current_user unless !is_logged_in locals[:session_user] = get_current_user unless !is_logged_in
# Serve the slim template # Serve the slim template
status session[:status] if session[:status]
session.delete :status
slim(template, locals: locals, :layout => layout) slim(template, locals: locals, :layout => layout)
end end

@ -44,7 +44,7 @@ class EntityModel
def self.query(q, *args) # query table with query string def self.query(q, *args) # query table with query string
Console.debug("Running SQL -> #{q}", *args) Console.debug("Running SQL -> #{q}", *args)
begin begin
db.execute( q, *args ) db.execute( q, args )
rescue SQLite3::SQLException => err rescue SQLite3::SQLException => err
Console.error "SQL exception: #{err}", q Console.error "SQL exception: #{err}", q
end end

Binary file not shown.

Before

Width:  |  Height:  |  Size: 68 KiB

After

Width:  |  Height:  |  Size: 518 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 203 KiB

@ -43,63 +43,63 @@ body
height: 100% height: 100%
overflow-y: hidden overflow-y: hidden
header header
height: 55px height: 55px
background-color: $bg_dark_clr background-color: $bg_dark_clr
border-bottom: $border_size solid $shadow_clr border-bottom: $border_size solid $shadow_clr
padding: .1rem .8rem .1rem .8rem padding: .1rem .8rem .1rem .8rem
white-space: nowrap white-space: nowrap
img.avatar
transition: border .2s
img.avatar img.avatar:hover
transition: border .2s border: 2px solid $special_clr
img.avatar:hover div
border: 2px solid $special_clr display: flex
max-width: 70rem
margin: 0 auto
div #logo_container
display: flex display: flex
max-width: 70rem flex-direction: column
margin: 0 auto margin: 0
text-decoration: none
color: $fg_clr
#logo_container h1
display: flex margin: 0
flex-direction: column opacity: .8
font-size: 1.2rem
font-weight: bold
h2
margin: 0
opacity: .2
font-size: .8rem
font-style: italic
font-weight: normal
nav
display: flex
align-items: center
margin: 0 0 0 auto
padding: 8px
padding-right: 0
ul
margin: 0 margin: 0
text-decoration: none
color: $fg_clr
h1
margin: 0
opacity: .8
font-size: 1.2rem
font-weight: bold
h2
margin: 0
opacity: .2
font-size: .8rem
font-style: italic
font-weight: normal
nav
display: flex display: flex
align-items: center flex-direction: row
margin: 0 0 0 auto list-style-type: none
padding: 8px justify-content: flex-end
padding-right: 0
ul li
margin: 0
display: flex display: flex
flex-direction: row flex-direction: column
list-style-type: none justify-content: center
justify-content: flex-end margin: 0 8px
li
display: flex
flex-direction: column
justify-content: center
margin: 0 8px
// General // General
#login #login
@ -344,3 +344,7 @@ ul.button-container
background-color: $bg_alt_clr background-color: $bg_alt_clr
border: $border_size solid $border_clr border: $border_size solid $border_clr
input[type=text]
padding: 0 .2rem
border: $border_size solid $border_clr

@ -1,2 +0,0 @@
h1 = "#{user.name}'s posts"
h2 Not implemented yet.
Loading…
Cancel
Save