diff --git a/src/sales_backend/http/product.cr b/src/sales_backend/http/product.cr index ba24eb8..70b57bc 100644 --- a/src/sales_backend/http/product.cr +++ b/src/sales_backend/http/product.cr @@ -58,9 +58,23 @@ get "/products" do |context| ret.to_json end +get "/products/:id" do |context| + begin + ret = Product.from_json File.read Statics.data_path+"products/"+context.params.url["id"] + rescue ex + halt context, status_code: 403, response: ex.to_s + end + ret.to_json +end + post "/products" do |context| - user = authenticate_admin!(context.request.headers["user"],UUID.new(context.request.headers["api_token"])) + user : User + begin + user = authenticate_admin!(context.request.headers["user"],UUID.new(context.request.headers["api_token"])) + rescue ex + halt context, status_code: 403, response: ex.to_s + end product = Product.from_json(context.request.body.not_nil!).not_nil! File.write Statics.data_path+"products/"+product.id.to_s,product.to_json "OK".to_json diff --git a/src/sales_backend/http/user.cr b/src/sales_backend/http/user.cr index 6ac458a..ad17155 100644 --- a/src/sales_backend/http/user.cr +++ b/src/sales_backend/http/user.cr @@ -32,11 +32,17 @@ def authenticate_admin!(user : String, token : UUID) : User end post "/login" do |context| - user = User.from_json context.request.body.not_nil! - user_file = User.from_json File.read(Statics.data_path+"user/"+user.email) + user : User + user_file : User + begin + user = User.from_json context.request.body.not_nil! + user_file = User.from_json File.read(Statics.data_path+"user/"+user.email) + rescue ex + halt context, status_code: 403, response: ex.to_s + end if Crypto::Bcrypt::Password.new(user_file.password_hash.not_nil!) == user.password_hash.not_nil! else - raise Exception.new("Invalid password") + halt context, status_code: 403, response: "Invalid password" end token = UUID.random() if user_file.tokens.nil? @@ -63,7 +69,12 @@ post "/logout" do |context| end post "/logout-all" do |context| - user = authenticate!(context.request.headers["user"],UUID.new(context.request.headers["api_token"])) + user : User + begin + user = authenticate!(context.request.headers["user"],UUID.new(context.request.headers["api_token"])) + rescue ex + halt context, status_code: 403, response: ex.to_s + end user_file = User.from_json File.read(Statics.data_path+"user/"+user.email) user_file.tokens=Array(UUID).new File.write(Statics.data_path+"user/"+user_file.email,user_file.to_json) @@ -90,19 +101,34 @@ post "/user" do |context| end get "/user/tokens" do |context| - user = authenticate!(context.request.headers["user"],UUID.new(context.request.headers["api_token"])) + user : User + begin + user = authenticate!(context.request.headers["user"],UUID.new(context.request.headers["api_token"])) + rescue ex + halt context, status_code: 403, response: ex.to_s + end context.response.content_type = "application/json" user.tokens.to_json end get "/user/address" do |context| - user = authenticate!(context.request.headers["user"],UUID.new(context.request.headers["api_token"])) + user : User + begin + user = authenticate!(context.request.headers["user"],UUID.new(context.request.headers["api_token"])) + rescue ex + halt context, status_code: 403, response: ex.to_s + end context.response.content_type = "application/json" user.addresses.to_json end post "/user/address" do |context| - user = authenticate!(context.request.headers["user"],UUID.new(context.request.headers["api_token"])) + user : User + begin + user = authenticate!(context.request.headers["user"],UUID.new(context.request.headers["api_token"])) + rescue ex + halt context, status_code: 403, response: ex.to_s + end addresses = Array(Address).from_json(context.request.body.not_nil!).not_nil! user_file = User.from_json File.read(Statics.data_path+"user/"+user.email) old_list=user_file.addresses