require "kemal"
|
|
require "../*"
|
|
require "io"
|
|
require "file"
|
|
require "exception"
|
|
require "crypto/bcrypt/password"
|
|
require "uuid"
|
|
require "uuid/json"
|
|
require "../../config"
|
|
|
|
|
|
def authenticate(user : String, token : UUID) : (User | Nil)
|
|
user_file = User.from_json File.read(Statics.data_path+"user/"+user)
|
|
if nil == user_file.tokens.not_nil!.find{ |tok| token == tok}
|
|
nil
|
|
else
|
|
user_file.password_hash = ""
|
|
user_file
|
|
end
|
|
end
|
|
|
|
def authenticate!(user : String, token : UUID) : User
|
|
authenticate(user, token).not_nil!
|
|
end
|
|
|
|
def authenticate_admin!(user : String, token : UUID) : User
|
|
user = authenticate(user, token).not_nil!
|
|
if(user.type==UserType::Administrator)
|
|
return user
|
|
end
|
|
raise "Administrator only"
|
|
end
|
|
|
|
post "/login" do |context|
|
|
user : User
|
|
user_file : User
|
|
begin
|
|
user = User.from_json context.request.body.not_nil!
|
|
user_file = User.from_json File.read(Statics.data_path+"user/"+user.email)
|
|
rescue ex
|
|
halt context, status_code: 403, response: ex.to_s
|
|
end
|
|
if Crypto::Bcrypt::Password.new(user_file.password_hash.not_nil!) == user.password_hash.not_nil!
|
|
else
|
|
halt context, status_code: 403, response: "Invalid password"
|
|
end
|
|
token = UUID.random()
|
|
if user_file.tokens.nil?
|
|
user_file.tokens = Array(UUID).new
|
|
user_file.tokens.not_nil!<<token
|
|
else
|
|
user_file.tokens.not_nil!<<token
|
|
end
|
|
if user_file.tokens.not_nil!.size>5
|
|
user_file.tokens = user_file.tokens.not_nil!.last(5)
|
|
end
|
|
File.write(Statics.data_path+"user/"+user_file.email,user_file.to_json)
|
|
context.response.content_type = "application/json"
|
|
token.to_json
|
|
end
|
|
|
|
post "/logout" do |context|
|
|
user = User.from_json context.request.body.not_nil!
|
|
user_file = User.from_json File.read(Statics.data_path+"user/"+user.email)
|
|
user_file.tokens=user_file.tokens.not_nil!-user.tokens.not_nil!
|
|
File.write(Statics.data_path+"user/"+user_file.email,user_file.to_json)
|
|
context.response.content_type = "application/json"
|
|
"OK".to_json
|
|
end
|
|
|
|
post "/logout-all" do |context|
|
|
user : User
|
|
begin
|
|
user = authenticate!(context.request.headers["user"],UUID.new(context.request.headers["api_token"]))
|
|
rescue ex
|
|
halt context, status_code: 403, response: ex.to_s
|
|
end
|
|
user_file = User.from_json File.read(Statics.data_path+"user/"+user.email)
|
|
user_file.tokens=Array(UUID).new
|
|
File.write(Statics.data_path+"user/"+user_file.email,user_file.to_json)
|
|
context.response.content_type = "application/json"
|
|
"OK".to_json
|
|
end
|
|
|
|
post "/user" do |context|
|
|
user = User.from_json context.request.body.not_nil!
|
|
ph = user.password_hash
|
|
user.tokens = Array(UUID).new
|
|
user.invoices = Array(Invoice).new
|
|
if ph.nil?
|
|
raise Exception.new("No password provided")
|
|
else
|
|
user.password_hash=Crypto::Bcrypt::Password.create(ph,cost: 12).to_s
|
|
end
|
|
if Statics.email_regex.match(user.email)==nil
|
|
raise Exception.new("Bad email address")
|
|
end
|
|
if File.exists?(Statics.data_path+"user/"+user.email)
|
|
raise Exception.new("Email address already in use")
|
|
end
|
|
File.write(Statics.data_path+"user/"+user.email,user.to_json)
|
|
context.response.content_type = "application/json"
|
|
"OK".to_json
|
|
end
|
|
|
|
get "/user/tokens" do |context|
|
|
user : User
|
|
begin
|
|
user = authenticate!(context.request.headers["user"],UUID.new(context.request.headers["api_token"]))
|
|
rescue ex
|
|
halt context, status_code: 403, response: ex.to_s
|
|
end
|
|
context.response.content_type = "application/json"
|
|
user.tokens.to_json
|
|
end
|
|
|
|
get "/user/address" do |context|
|
|
user : User
|
|
begin
|
|
user = authenticate!(context.request.headers["user"],UUID.new(context.request.headers["api_token"]))
|
|
rescue ex
|
|
halt context, status_code: 403, response: ex.to_s
|
|
end
|
|
context.response.content_type = "application/json"
|
|
user.addresses.to_json
|
|
end
|
|
|
|
post "/user/address" do |context|
|
|
user : User
|
|
begin
|
|
user = authenticate!(context.request.headers["user"],UUID.new(context.request.headers["api_token"]))
|
|
rescue ex
|
|
halt context, status_code: 403, response: ex.to_s
|
|
end
|
|
addresses = Array(Address).from_json(context.request.body.not_nil!).not_nil!
|
|
user_file = User.from_json File.read(Statics.data_path+"user/"+user.email)
|
|
old_list=user_file.addresses
|
|
if old_list.nil?
|
|
else
|
|
addresses=old_list+addresses
|
|
end
|
|
user_file.addresses=addresses
|
|
File.write(Statics.data_path+"user/"+user.email,user_file.to_json)
|
|
context.response.content_type = "application/json"
|
|
"OK".to_json
|
|
end
|
|
|
|
delete "/user/address" do |context|
|
|
user = authenticate!(context.request.headers["user"],UUID.new(context.request.headers["api_token"]))
|
|
addresses = Array(Address).from_json(context.request.body.not_nil!).not_nil!
|
|
user_file = User.from_json File.read(Statics.data_path+"user/"+user.email)
|
|
old_list=user_file.addresses
|
|
if old_list.nil?
|
|
addresses=Array(Address).new
|
|
else
|
|
addresses=old_list.select do |v|
|
|
isin=false
|
|
addresses.each do |va|
|
|
isin |= v==va
|
|
end
|
|
!isin
|
|
end
|
|
end
|
|
user_file.addresses=addresses
|
|
File.write(Statics.data_path+"user/"+user.email,user_file.to_json)
|
|
context.response.content_type = "application/json"
|
|
"OK".to_json
|
|
end
|
|
|
|
get "/user" do |context|
|
|
context.response.content_type = "application/json"
|
|
user : User | Nil
|
|
begin
|
|
user = authenticate!(context.request.headers["user"],UUID.new(context.request.headers["api_token"]))
|
|
rescue ex
|
|
halt context, status_code: 403, response: ex.to_s
|
|
end
|
|
user.not_nil!
|
|
end
|