auth/auth.rb

@@ -19,34 +19,20 @@ decoded_token = JWT.decode token, hmac_secret, true, { algorithm: 'HS256' }
 
 initialize_database
 
-# Define a simple API endpoint
-get '/api/greeting' do
-  content_type :json
-  { greeting: 'Hello, World!' }.to_json
-end
-
-get '/api/greeting/:name' do
-  get_claims params[:name]
-  content_type :json
-  { greeting: "Hello, #{params[:name]}!" }.to_json
-end
-
 post '/auth/login' do
+  content_type :json
+  
   username = params[:username]
   password = params[:password]
-  request_hashed_password = hash_password password
 
   user_id = get_user_id username
-  hashed_password = get_user_hashed_password user_id
 
-  puts hashed_password
+  unless check_password_for_user(user_id, password)
-  puts request_hashed_password
-  unless hashed_password == request_hashed_password
     status 401
-    'Unauthorized Access'
+    
+    return { jwt: "Unuthorized Access" }.to_json
   end
 
-  content_type :json
   { jwt: "Logged in" }.to_json
 end
 

auth/cryptography.rb

@@ -1,7 +1,15 @@
 require 'bcrypt'
 
-def hash_password(password)
+def create_password_for_user(password)
-    # Hash the password without using a salt
+    return BCrypt::Password.create(password)
-    hashed_password = BCrypt::Password.create(password, salt: 'hello')
+end
-    return hashed_password
+
+def check_password_for_user(user_id, entered_password)
+    hashed_password = get_user_hashed_password(user_id)
+
+    if BCrypt::Password.new(hashed_password) == entered_password
+        return true
+    else
+        return false
     end
+end

auth/database_queries.rb

@@ -1,5 +1,17 @@
 require 'sqlite3'
 
+
+def create_new_user(username, password)
+    db = SQLite3::Database.new('./database/auth.db')
+
+    db.execute('
+        INSERT INTO users (username, hashed_password)
+        VALUES (?, ?)
+    ', [username, create_password_for_user(password)])
+end
+
+
+
 def get_user_id(username)
     db = SQLite3::Database.new('./database/auth.db')
 
@@ -26,15 +38,12 @@ def get_user_hashed_password(user_id)
     return password_hash
 end
 
-def get_user_salt(user_id)
+def update_user_password(user_id, password)
     db = SQLite3::Database.new('./database/auth.db')
 
-    salt = db.get_first_value('
+    db.execute('
-        SELECT      salt
+        UPDATE users
-        FROM        users U
+        SET hashed_password = ?, salt = ?
-        WHERE       U.id = ?
+        WHERE id = ?
-            
+    ', [hash_password, salt, user_id])
-    ', [user_id])
-
-    return salt
 end

auth/initialize_database.rb

@@ -23,9 +23,9 @@ def initialize_database
     result = db.get_first_value('SELECT COUNT(*) FROM users')
     
     if result == 0
-        hashed_password = hash_password 'pass123'
         puts 'Default admin user added.'
-        db.execute('INSERT INTO users (username, hashed_password) VALUES (?, ?)', ['admin', hashed_password])
+
+        create_new_user('admin', 'pass123')
     else
         puts 'Table already contains data. Skipping default user creation.'
     end

auth/post.rb

@@ -14,7 +14,7 @@ http = Net::HTTP.new(url.host, url.port)
 request = Net::HTTP::Post.new(url.path)
 
 # Set the request body with the data you want to send
-request.body = 'username=admin&password=pass123'
+request.body = 'username=admin&password=pass1re23'
 
 # Set the 'Content-Type' header if needed
 request['Content-Type'] = 'application/x-www-form-urlencoded'