Add password reset feature to players module

2025-06-21 18:34:41 +03:00
parent d8fd37e757
commit 5c90d62e78
5 changed files with 41 additions and 10 deletions
--- a/.gitignore
+++ b/.gitignore
@@ -1 +1,2 @@
 *.db
+db.json
--- a/db.json
+++ b/db.json
@@ -1,3 +0,0 @@
-{
-  "account_num": 6
-}
--- a/players.rb
+++ b/players.rb
@@ -5,11 +5,11 @@ require "json"
 ALPHANUM = [*"0".."9", *"A".."Z", *"a".."z", "-", "_"].freeze

 # DataBase handler module
-module DataBase
+module Players
  db_file = File.expand_path("infinsweeper.db")
  DB = Sequel.connect("sqlite:///#{db_file}", single_threaded: false)

-  def self.player_list
+  def self.list
    DB["select * from Players"].all
  end

@@ -19,7 +19,9 @@ module DataBase

  def self.mk_player(username, email, pass)
    raise ArgumentError, "Email format is wrong!" unless email.match?(/\A[\w+\-.]+@[a-z\d\-.]+\.[a-z]+\z/)
-    raise ArgumentError, "Password must be at least 8 characters and valid format." unless
+    raise ArgumentError, "Username must be at least 4 characters long and of valid format." unless
+      username.match?(/\A[a-zA-Z][a-zA-Z0-9_.-]+\z/) && username.length >= 4
+    raise ArgumentError, "Password must be at least 8 characters and of valid format." unless
      pass.match?(/\A[a-zA-Z0-9_.!?@#$%^&*()+=-]+\z/) && pass.length >= 8

    digest = XXhash.xxh32(pass, 1234)
@@ -38,9 +40,12 @@ module DataBase
    end
    code = code.reverse.rjust(12, "0")

-    DB["insert into Players (email, digest, username, code) values (?, ?, ?, ?)", email, digest, username, code].insert
+    DB[
+      "insert into Players (email, digest, username, activation_code) values (?, ?, ?, ?)",
+      email, digest, username, code
+    ].insert

-    send_email(email, username, code)
+    send_email(:new, email, username, code)
    Thread.new do
      sleep 24 * 60 * 60
      rm_player(email) unless verified?(email)
@@ -54,7 +59,31 @@ module DataBase
  end

  def self.verify(code)
-    DB["update Players set code = ? where code = ?", "!", code].update != 0
+    DB["update Players set activation_code = ? where code = ?", "!", code].update != 0
+  end
+
+  def self.pass_req(email)
+    path = File.expand_path("db.json")
+    json = File.exist?(path) ? JSON.parse(File.read(path)) : {}
+    json["pass_num"] ||= 0
+    pass_num = json["pass_num"]
+    json["pass_num"] += 1
+    File.write(path, JSON.pretty_generate(json))
+    pass_num = XXhash.xxh64(pass_num, 1234)
+    code = ""
+    while pass_num.positive?
+      code << ALPHANUM[pass_num % 64]
+      pass_num /= 64
+    end
+    code = code.reverse.rjust(12, "0")
+
+    DB["update Players set new_pass_code = ? where email = ?", code, email].update
+
+    send_email(:pass_req, email, code)
+  end
+
+  def self.pass_reset(new_pass, code)
+    DB["update Players set pass = ? where new_pass_code = ?", new_pass, code].update != 0
  end

  def self.[](email)
--- a/run.fish
+++ b/run.fish
@@ -3,6 +3,9 @@ set oldsum (cat (find . -name '*.rb' | sort) | md5sum)
 if not test -p infinsweeper.db
  sqlite3 infinsweeper.db < schema.sql
 end
+if not test -p db.json
+  echo "{\"account_num\":0,\"pass_num\":0}" > db.json
+end
 pkill ruby
 ruby main.rb -p8080 &
 if not test -p $pipe_path
--- a/schema.sql
+++ b/schema.sql
@@ -3,5 +3,6 @@ CREATE TABLE Players (
  username TEXT UNIQUE,
  digest BLOB,
  data BLOB,
-  code TEXT
+  activation_code TEXT,
+  new_pass_code TEXT
 );