add more functionality
This commit is contained in:
parent
f66f7bd9d9
commit
3b2d359705
|
@ -7,4 +7,7 @@ ruby '3.2.2'
|
||||||
gem 'sinatra'
|
gem 'sinatra'
|
||||||
gem 'webrick'
|
gem 'webrick'
|
||||||
gem 'jwt'
|
gem 'jwt'
|
||||||
gem 'sqlite3'
|
gem 'sqlite3'
|
||||||
|
gem 'bcrypt'
|
||||||
|
|
||||||
|
# bundle install
|
87
auth/auth.rb
87
auth/auth.rb
|
@ -1,4 +1,8 @@
|
||||||
# Install Sinatra: gem install sinatra
|
# Install Sinatra: gem install sinatra
|
||||||
|
require_relative "initialize_database"
|
||||||
|
require_relative "database_queries"
|
||||||
|
require_relative "cryptography"
|
||||||
|
|
||||||
|
|
||||||
require 'sinatra'
|
require 'sinatra'
|
||||||
require 'json'
|
require 'json'
|
||||||
|
@ -8,48 +12,12 @@ require 'jwt'
|
||||||
payload = { data: 'test', test: 'hello' }
|
payload = { data: 'test', test: 'hello' }
|
||||||
hmac_secret = 'my$ecretK3y'
|
hmac_secret = 'my$ecretK3y'
|
||||||
token = JWT.encode payload, hmac_secret, 'HS256'
|
token = JWT.encode payload, hmac_secret, 'HS256'
|
||||||
puts token
|
#puts token
|
||||||
|
|
||||||
decoded_token = JWT.decode token, hmac_secret, true, { algorithm: 'HS256' }
|
decoded_token = JWT.decode token, hmac_secret, true, { algorithm: 'HS256' }
|
||||||
puts decoded_token
|
#puts decoded_token
|
||||||
|
|
||||||
#########
|
|
||||||
|
|
||||||
# Check if the directory exists
|
|
||||||
directory_path = './database'
|
|
||||||
|
|
||||||
unless File.directory?(directory_path)
|
|
||||||
# If not, create the directory
|
|
||||||
Dir.mkdir(directory_path)
|
|
||||||
puts "Directory '#{directory_path}' created successfully."
|
|
||||||
end
|
|
||||||
|
|
||||||
db = SQLite3::Database.new('./database/auth.db')
|
|
||||||
|
|
||||||
db.execute('CREATE TABLE IF NOT EXISTS users (id INTEGER PRIMARY KEY, username TEXT, hashed_password TEXT)')
|
|
||||||
db.execute('CREATE TABLE IF NOT EXISTS claims (id INTEGER PRIMARY KEY, claim TEXT)')
|
|
||||||
db.execute('CREATE TABLE IF NOT EXISTS user_claims (id INTEGER PRIMARY KEY, user_id INTEGER, claim_id INTEGER)')
|
|
||||||
|
|
||||||
db.execute('INSERT INTO claims (claim) VALUES (?)', 'add_user')
|
|
||||||
db.execute('INSERT INTO claims (claim) VALUES (?)', 'remove_user')
|
|
||||||
|
|
||||||
# Check if the users table is empty
|
|
||||||
result = db.get_first_value('SELECT COUNT(*) FROM users')
|
|
||||||
|
|
||||||
if result == 0
|
|
||||||
db.execute('INSERT INTO users (username, hashed_password) VALUES (?, ?)', ['admin', 'password'])
|
|
||||||
puts 'Default admin user added.'
|
|
||||||
else
|
|
||||||
puts 'Table already contains data. Skipping default user creation.'
|
|
||||||
end
|
|
||||||
|
|
||||||
results = db.execute('SELECT * FROM users')
|
|
||||||
results.each do |row|
|
|
||||||
puts "ID: #{row[0]}, Username: #{row[1]}, Hashed Password: #{row[2]}"
|
|
||||||
end
|
|
||||||
|
|
||||||
##############
|
|
||||||
|
|
||||||
|
initialize_database
|
||||||
|
|
||||||
# Define a simple API endpoint
|
# Define a simple API endpoint
|
||||||
get '/api/greeting' do
|
get '/api/greeting' do
|
||||||
|
@ -58,22 +26,55 @@ get '/api/greeting' do
|
||||||
end
|
end
|
||||||
|
|
||||||
get '/api/greeting/:name' do
|
get '/api/greeting/:name' do
|
||||||
|
get_claims params[:name]
|
||||||
content_type :json
|
content_type :json
|
||||||
{ greeting: "Hello, #{params[:name]}!" }.to_json
|
{ greeting: "Hello, #{params[:name]}!" }.to_json
|
||||||
end
|
end
|
||||||
|
|
||||||
post '/auth' do
|
post '/auth/login' do
|
||||||
|
username = params[:username]
|
||||||
|
password = params[:password]
|
||||||
|
request_hashed_password = hash_password password
|
||||||
|
|
||||||
|
user_id = get_user_id username
|
||||||
|
hashed_password = get_user_hashed_password user_id
|
||||||
|
|
||||||
|
puts hashed_password
|
||||||
|
puts request_hashed_password
|
||||||
|
unless hashed_password == request_hashed_password
|
||||||
|
status 401
|
||||||
|
'Unauthorized Access'
|
||||||
|
end
|
||||||
|
|
||||||
content_type :json
|
content_type :json
|
||||||
{ jwt: }
|
{ jwt: "Logged in" }.to_json
|
||||||
end
|
end
|
||||||
|
|
||||||
def get_jwt (username, expiry_time)
|
def get_jwt (username, expiry_time)
|
||||||
claims = []
|
get_claims username
|
||||||
end
|
end
|
||||||
|
|
||||||
def get_claims (username)
|
def get_claims (username)
|
||||||
|
puts "Getting claims for #{username}"
|
||||||
db = SQLite3::Database.new('./database/auth.db')
|
db = SQLite3::Database.new('./database/auth.db')
|
||||||
db.execute('')
|
results = db.execute('
|
||||||
|
SELECT C.claim
|
||||||
|
FROM users U
|
||||||
|
INNER JOIN user_claims UC ON U.id = UC.user_id
|
||||||
|
INNER JOIN claims C ON UC.claim_id = U.id
|
||||||
|
WHERE u.username = ?
|
||||||
|
', username)
|
||||||
|
|
||||||
|
|
||||||
|
if results.empty?
|
||||||
|
puts 'No claims found.'
|
||||||
|
else
|
||||||
|
results.each do |column|
|
||||||
|
puts "#{column[0]}"
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
return results
|
||||||
end
|
end
|
||||||
|
|
||||||
# Run the application
|
# Run the application
|
||||||
|
|
|
@ -0,0 +1,7 @@
|
||||||
|
require 'bcrypt'
|
||||||
|
|
||||||
|
def hash_password(password)
|
||||||
|
# Hash the password without using a salt
|
||||||
|
hashed_password = BCrypt::Password.create(password, salt: 'hello')
|
||||||
|
return hashed_password
|
||||||
|
end
|
|
@ -0,0 +1,40 @@
|
||||||
|
require 'sqlite3'
|
||||||
|
|
||||||
|
def get_user_id(username)
|
||||||
|
db = SQLite3::Database.new('./database/auth.db')
|
||||||
|
|
||||||
|
user_id = db.get_first_value('
|
||||||
|
SELECT id
|
||||||
|
FROM users U
|
||||||
|
WHERE U.username = ?
|
||||||
|
|
||||||
|
', [username])
|
||||||
|
|
||||||
|
return user_id
|
||||||
|
end
|
||||||
|
|
||||||
|
def get_user_hashed_password(user_id)
|
||||||
|
db = SQLite3::Database.new('./database/auth.db')
|
||||||
|
|
||||||
|
password_hash = db.get_first_value('
|
||||||
|
SELECT hashed_password
|
||||||
|
FROM users U
|
||||||
|
WHERE U.id = ?
|
||||||
|
|
||||||
|
', [user_id])
|
||||||
|
|
||||||
|
return password_hash
|
||||||
|
end
|
||||||
|
|
||||||
|
def get_user_salt(user_id)
|
||||||
|
db = SQLite3::Database.new('./database/auth.db')
|
||||||
|
|
||||||
|
salt = db.get_first_value('
|
||||||
|
SELECT salt
|
||||||
|
FROM users U
|
||||||
|
WHERE U.id = ?
|
||||||
|
|
||||||
|
', [user_id])
|
||||||
|
|
||||||
|
return salt
|
||||||
|
end
|
|
@ -0,0 +1,49 @@
|
||||||
|
require_relative "cryptography"
|
||||||
|
|
||||||
|
require 'sqlite3'
|
||||||
|
|
||||||
|
def initialize_database
|
||||||
|
puts 'Checking if database needs initializing.'
|
||||||
|
|
||||||
|
directory_path = './database'
|
||||||
|
|
||||||
|
unless File.directory?(directory_path)
|
||||||
|
# If not, create the directory
|
||||||
|
Dir.mkdir(directory_path)
|
||||||
|
puts "Directory '#{directory_path}' created successfully."
|
||||||
|
end
|
||||||
|
|
||||||
|
db = SQLite3::Database.new('./database/auth.db')
|
||||||
|
|
||||||
|
puts 'Creating tables if necessary.'
|
||||||
|
db.execute('CREATE TABLE IF NOT EXISTS users (id INTEGER PRIMARY KEY, username TEXT, hashed_password TEXT, salt TEXT)')
|
||||||
|
db.execute('CREATE TABLE IF NOT EXISTS claims (id INTEGER PRIMARY KEY, claim TEXT)')
|
||||||
|
db.execute('CREATE TABLE IF NOT EXISTS user_claims (id INTEGER PRIMARY KEY, user_id INTEGER, claim_id INTEGER)')
|
||||||
|
|
||||||
|
result = db.get_first_value('SELECT COUNT(*) FROM users')
|
||||||
|
|
||||||
|
if result == 0
|
||||||
|
hashed_password = hash_password 'pass123'
|
||||||
|
puts 'Default admin user added.'
|
||||||
|
db.execute('INSERT INTO users (username, hashed_password) VALUES (?, ?)', ['admin', hashed_password])
|
||||||
|
else
|
||||||
|
puts 'Table already contains data. Skipping default user creation.'
|
||||||
|
end
|
||||||
|
|
||||||
|
result = db.get_first_value('SELECT COUNT(*) FROM claims')
|
||||||
|
|
||||||
|
if result == 0
|
||||||
|
db.execute('INSERT INTO claims (claim) VALUES (?)', ['add_user'])
|
||||||
|
db.execute('INSERT INTO claims (claim) VALUES (?)', ['remove_user'])
|
||||||
|
db.execute('INSERT INTO claims (claim) VALUES (?)', ['add_claim_to_user'])
|
||||||
|
db.execute('INSERT INTO claims (claim) VALUES (?)', ['remove_claim_from_user'])
|
||||||
|
end
|
||||||
|
|
||||||
|
admin_user_id = db.get_first_value('SELECT id FROM users WHERE username = ?', ['admin'])
|
||||||
|
claim_ids = db.execute('SELECT id FROM claims')
|
||||||
|
|
||||||
|
claim_ids.each do |claim_id|
|
||||||
|
db.execute('INSERT INTO user_claims (user_id, claim_id) VALUES (?, ?)', [admin_user_id, claim_id])
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
|
@ -0,0 +1,27 @@
|
||||||
|
require 'net/http'
|
||||||
|
require 'uri'
|
||||||
|
|
||||||
|
# The URL you want to send the POST request to
|
||||||
|
url = URI.parse('http://localhost:4567/auth/login')
|
||||||
|
|
||||||
|
# Create a new Net::HTTP object with the target server
|
||||||
|
http = Net::HTTP.new(url.host, url.port)
|
||||||
|
|
||||||
|
# If your server uses HTTPS, you might need to enable SSL
|
||||||
|
# http.use_ssl = true
|
||||||
|
|
||||||
|
# Create a new Net::HTTP::Post request with the desired path
|
||||||
|
request = Net::HTTP::Post.new(url.path)
|
||||||
|
|
||||||
|
# Set the request body with the data you want to send
|
||||||
|
request.body = 'username=admin&password=pass123'
|
||||||
|
|
||||||
|
# Set the 'Content-Type' header if needed
|
||||||
|
request['Content-Type'] = 'application/x-www-form-urlencoded'
|
||||||
|
|
||||||
|
# Send the request and get the response
|
||||||
|
response = http.request(request)
|
||||||
|
|
||||||
|
# Output the response
|
||||||
|
puts "Response Code: #{response.code}"
|
||||||
|
puts "Response Body: #{response.body}"
|
Loading…
Reference in New Issue