roysathome.net/auth/auth.rb

112 lines
2.7 KiB
Ruby
Raw Normal View History

2023-12-11 00:31:30 +00:00
# Install Sinatra: gem install sinatra
2023-12-11 20:56:09 +00:00
require_relative "initialize_database"
require_relative "database_queries"
require_relative "cryptography"
require_relative "tokens"
2023-12-11 20:56:09 +00:00
2023-12-11 00:31:30 +00:00
require 'sinatra'
require 'json'
require 'sqlite3'
require 'jwt'
2023-12-15 09:18:31 +00:00
require 'dotenv/load'
2023-12-11 00:31:30 +00:00
2023-12-15 09:18:31 +00:00
TOKEN_SECRET = ENV['JWT_SECRET_KEY']
puts TOKEN_SECRET
2023-12-11 20:56:09 +00:00
initialize_database
2023-12-11 00:31:30 +00:00
2023-12-11 20:56:09 +00:00
post '/auth/login' do
2023-12-12 22:52:36 +00:00
content_type :json
2023-12-11 20:56:09 +00:00
username = params[:username]
password = params[:password]
unless check_if_user_exists username
status 401
2023-12-13 16:02:09 +00:00
return { reply: "Unuthorized Access" }.to_json
end
2023-12-11 20:56:09 +00:00
user_id = get_user_id username
2023-12-12 22:52:36 +00:00
unless check_password_for_user(user_id, password)
2023-12-11 20:56:09 +00:00
status 401
2023-12-12 22:52:36 +00:00
2023-12-13 16:02:09 +00:00
return { reply: "Unuthorized Access" }.to_json
2023-12-11 20:56:09 +00:00
end
2023-12-13 16:02:09 +00:00
reauthJWT = get_reauth_jwt user_id
2023-12-14 00:18:12 +00:00
return {token: reauthJWT}.to_json
end
post '/auth/reauthenticate' do
content_type :json
authorization_header = request.env['HTTP_AUTHORIZATION']
unless authorization_header && authorization_header.match(/^Bearer (.+)/)
status 401
return { reply: 'Unauthorized Access. Token missing or invalid.' }.to_json
end
reauth_token = Regexp.last_match(1)
begin
# Verify the token using the secret key
decoded_token = JWT.decode(reauth_token, TOKEN_SECRET, true, algorithm: 'HS256')
2023-12-14 00:18:12 +00:00
# At this point, the token is valid
# You can access the claims inside the 'decoded_token' variable
uid = decoded_token.first['uid']
2023-12-15 09:18:31 +00:00
2023-12-14 00:18:12 +00:00
# Your reauthentication logic here...
# Return a response (replace with your own logic)
{ jwt: get_jwt(uid) }.to_json
2023-12-14 00:18:12 +00:00
rescue JWT::DecodeError
status 401
return { reply: 'Unauthorized Access. Invalid token.' }.to_json
end
2023-12-11 00:31:30 +00:00
end
post '/upload' do
2023-12-11 00:31:30 +00:00
authorization_header = request.env['HTTP_AUTHORIZATION']
2023-12-14 00:18:12 +00:00
unless authorization_header && authorization_header.match(/^Bearer (.+)/)
status 401
return { reply: 'Unauthorized Access. Token missing or invalid.' }.to_json
end
token = Regexp.last_match(1)
begin
# Verify the token using the secret key
decoded_token = JWT.decode(token, TOKEN_SECRET, true, algorithm: 'HS256')
unless decoded_token.first['claims'].include? 'is_machine'
status 401
return { reply: 'Unauthorized Access.' }.to_json
end
2023-12-11 20:56:09 +00:00
# Access the uploaded file through the params hash
file = params[:file]
# Save the file to the 'uploads' folder
path = "#{DATA_LOCATION}#{FILE_STORAGE_LOCATION}/example.txt"
File.open(path, 'wb') do |f|
f.write(file[:tempfile].read)
2023-12-11 20:56:09 +00:00
end
"File uploaded successfully: #{file[:filename]}"
rescue JWT::DecodeError
status 401
return { reply: 'Unauthorized Access. Invalid token.' }.to_json
2023-12-11 20:56:09 +00:00
end
2023-12-11 00:31:30 +00:00
end
# Run the application
# ruby your_file_name.rb