Glimpse/server
1
0
Fork 0
mirror of https://github.com/glimpse-app/server.git synced 2025-04-02 10:52:45 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

logs

Browse source
This commit is contained in:
array-in-a-matrix 2024-08-12 14:40:57 -04:00
parent 6df0899491
commit ccd76c0cd3
1 changed files with 15 additions and 9 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

24
src/routes/auth.nim
View file

@ -1,6 +1,7 @@
import std/[strutils, with] import std/[strutils, with, logging]
import jester import jester
import norm/[model, postgres] import norm/model
import norm/postgres except error
import checksums/sha3 import checksums/sha3
import ../types/users import ../types/users
import ../[database, helpers] import ../[database, helpers]
@ -15,9 +16,11 @@ proc createAuthenticationRoutes*() =
returns: JSON returns: JSON
]# ]#
post "/api/v1/newUser": post "/api/v1/newUser":
info "Endpoint used.\n" & reqInfo
if @"username".isEmptyOrWhitespace() or @"email".isEmptyOrWhitespace() or if @"username".isEmptyOrWhitespace() or @"email".isEmptyOrWhitespace() or
@"password".isEmptyOrWhitespace(): @"password".isEmptyOrWhitespace():
resp Http403, "Not all required parameters are provided.\n" respErr "Registeration failed, not all parameters provided.\n"
block UniqueParametersCheck: block UniqueParametersCheck:
try: try:
@ -29,8 +32,8 @@ proc createAuthenticationRoutes*() =
db.select(user, """"User".email = $1""", @"email") db.select(user, """"User".email = $1""", @"email")
except NotFoundError: except NotFoundError:
break UniqueParametersCheck break UniqueParametersCheck
resp Http403, "A user with that email already exists.\n" respErr "Registeration failed, email already in use.\n"
resp Http403, "A user with that username already exists.\n" respErr "Registeration failed, username already in use.\n"
var user = newUser(@"username", @"email", @"password") var user = newUser(@"username", @"email", @"password")
db.insert(user) db.insert(user)
@ -45,6 +48,7 @@ proc createAuthenticationRoutes*() =
add("\"fileCount\": \"" & $user.fileCount & "\"") add("\"fileCount\": \"" & $user.fileCount & "\"")
add "}]" add "}]"
info "User created.\n" & reqInfo
resp Http200, userProfile & "\n", "application/json" resp Http200, userProfile & "\n", "application/json"
#[ #[
@ -56,12 +60,13 @@ proc createAuthenticationRoutes*() =
returns: JSON returns: JSON
]# ]#
get "/api/v1/newSession": get "/api/v1/newSession":
info "Endpoint used.\n" & reqInfo
var user = newUser() var user = newUser()
if not H"Authorization".isEmptyOrWhitespace(): if not H"Authorization".isEmptyOrWhitespace():
if not db.validToken(user, H"Authorization"): if not db.validToken(user, H"Authorization"):
resp Http403, "Invalid token.\n" respErr "Invalid token.\n"
db.generateToken(user) db.generateToken(user)
@ -69,11 +74,11 @@ proc createAuthenticationRoutes*() =
try: try:
db.select(user, """"User".username = $1""", H"Username") db.select(user, """"User".username = $1""", H"Username")
except NotFoundError: except NotFoundError:
resp Http403, "Incorrect username or password.\n" # fails if username is wrong but mentions password to obfuscates if a user exists or not respErr"Incorrect username or password.\n" # fails if username is wrong but mentions password to obfuscates if a user exists or not
if user.password == $Sha3_512.secureHash($H"Password"): if user.password == $Sha3_512.secureHash($H"Password"):
db.generateToken(user) db.generateToken(user)
else: else:
resp Http403, "Incorrect username or password.\n" # fails if password is wrong but mentions username to obfuscates if a user exists or not respErr"Incorrect username or password.\n" # fails if password is wrong but mentions username to obfuscates if a user exists or not
var userToken: string var userToken: string
with userToken: with userToken:
@ -81,5 +86,6 @@ proc createAuthenticationRoutes*() =
add("\"token\": \"" & user.token & "\"") add("\"token\": \"" & user.token & "\"")
add "}]" add "}]"
info "User's token replaced.\n" & reqInfo
resp Http200, userToken & "\n", "application/json" resp Http200, userToken & "\n", "application/json"