auth_server #1

Merged
joseph merged 5 commits from auth_server into master 2023-12-12 22:53:56 +00:00
5 changed files with 39 additions and 36 deletions
Showing only changes of commit b3b38dd5a0 - Show all commits

View File

@ -19,34 +19,20 @@ decoded_token = JWT.decode token, hmac_secret, true, { algorithm: 'HS256' }
initialize_database initialize_database
# Define a simple API endpoint
get '/api/greeting' do
content_type :json
{ greeting: 'Hello, World!' }.to_json
end
get '/api/greeting/:name' do
get_claims params[:name]
content_type :json
{ greeting: "Hello, #{params[:name]}!" }.to_json
end
post '/auth/login' do post '/auth/login' do
content_type :json
username = params[:username] username = params[:username]
password = params[:password] password = params[:password]
request_hashed_password = hash_password password
user_id = get_user_id username user_id = get_user_id username
hashed_password = get_user_hashed_password user_id
puts hashed_password unless check_password_for_user(user_id, password)
puts request_hashed_password
unless hashed_password == request_hashed_password
status 401 status 401
'Unauthorized Access'
return { jwt: "Unuthorized Access" }.to_json
end end
content_type :json
{ jwt: "Logged in" }.to_json { jwt: "Logged in" }.to_json
end end

View File

@ -1,7 +1,15 @@
require 'bcrypt' require 'bcrypt'
def hash_password(password) def create_password_for_user(password)
# Hash the password without using a salt return BCrypt::Password.create(password)
hashed_password = BCrypt::Password.create(password, salt: 'hello') end
return hashed_password
end def check_password_for_user(user_id, entered_password)
hashed_password = get_user_hashed_password(user_id)
if BCrypt::Password.new(hashed_password) == entered_password
return true
else
return false
end
end

View File

@ -1,5 +1,17 @@
require 'sqlite3' require 'sqlite3'
def create_new_user(username, password)
db = SQLite3::Database.new('./database/auth.db')
db.execute('
INSERT INTO users (username, hashed_password)
VALUES (?, ?)
', [username, create_password_for_user(password)])
end
def get_user_id(username) def get_user_id(username)
db = SQLite3::Database.new('./database/auth.db') db = SQLite3::Database.new('./database/auth.db')
@ -26,15 +38,12 @@ def get_user_hashed_password(user_id)
return password_hash return password_hash
end end
def get_user_salt(user_id) def update_user_password(user_id, password)
db = SQLite3::Database.new('./database/auth.db') db = SQLite3::Database.new('./database/auth.db')
salt = db.get_first_value(' db.execute('
SELECT salt UPDATE users
FROM users U SET hashed_password = ?, salt = ?
WHERE U.id = ? WHERE id = ?
', [hash_password, salt, user_id])
', [user_id])
return salt
end end

View File

@ -23,9 +23,9 @@ def initialize_database
result = db.get_first_value('SELECT COUNT(*) FROM users') result = db.get_first_value('SELECT COUNT(*) FROM users')
if result == 0 if result == 0
hashed_password = hash_password 'pass123'
puts 'Default admin user added.' puts 'Default admin user added.'
db.execute('INSERT INTO users (username, hashed_password) VALUES (?, ?)', ['admin', hashed_password])
create_new_user('admin', 'pass123')
else else
puts 'Table already contains data. Skipping default user creation.' puts 'Table already contains data. Skipping default user creation.'
end end

View File

@ -14,7 +14,7 @@ http = Net::HTTP.new(url.host, url.port)
request = Net::HTTP::Post.new(url.path) request = Net::HTTP::Post.new(url.path)
# Set the request body with the data you want to send # Set the request body with the data you want to send
request.body = 'username=admin&password=pass123' request.body = 'username=admin&password=pass1re23'
# Set the 'Content-Type' header if needed # Set the 'Content-Type' header if needed
request['Content-Type'] = 'application/x-www-form-urlencoded' request['Content-Type'] = 'application/x-www-form-urlencoded'