Add password reset feature to players module

players.rb

@@ -0,0 +1,107 @@
+require "xxhash"
+require "sequel"
+require "json"
+
+ALPHANUM = [*"0".."9", *"A".."Z", *"a".."z", "-", "_"].freeze
+
+# DataBase handler module
+module Players
+  db_file = File.expand_path("infinsweeper.db")
+  DB = Sequel.connect("sqlite:///#{db_file}", single_threaded: false)
+
+  def self.list
+    DB["select * from Players"].all
+  end
+
+  def self.rm_player(email)
+    DB["delete from Players where email = ?", email].delete
+  end
+
+  def self.mk_player(username, email, pass)
+    raise ArgumentError, "Email format is wrong!" unless email.match?(/\A[\w+\-.]+@[a-z\d\-.]+\.[a-z]+\z/)
+    raise ArgumentError, "Username must be at least 4 characters long and of valid format." unless
+      username.match?(/\A[a-zA-Z][a-zA-Z0-9_.-]+\z/) && username.length >= 4
+    raise ArgumentError, "Password must be at least 8 characters and of valid format." unless
+      pass.match?(/\A[a-zA-Z0-9_.!?@#$%^&*()+=-]+\z/) && pass.length >= 8
+
+    digest = XXhash.xxh32(pass, 1234)
+
+    path = File.expand_path("db.json")
+    json = File.exist?(path) ? JSON.parse(File.read(path)) : {}
+    json["account_num"] ||= 0
+    account_num = json["account_num"]
+    json["account_num"] += 1
+    File.write(path, JSON.pretty_generate(json))
+    account_num = XXhash.xxh64(account_num, 1234)
+    code = ""
+    while account_num.positive?
+      code << ALPHANUM[account_num % 64]
+      account_num /= 64
+    end
+    code = code.reverse.rjust(12, "0")
+
+    DB[
+      "insert into Players (email, digest, username, activation_code) values (?, ?, ?, ?)",
+      email, digest, username, code
+    ].insert
+
+    send_email(:new, email, username, code)
+    Thread.new do
+      sleep 24 * 60 * 60
+      rm_player(email) unless verified?(email)
+    end
+
+    "Successfully registered!"
+  rescue ArgumentError => e
+    e.message
+  rescue Sequel::UniqueConstraintViolation
+    "Account already exists with this email or username!"
+  end
+
+  def self.verify(code)
+    DB["update Players set activation_code = ? where code = ?", "!", code].update != 0
+  end
+
+  def self.pass_req(email)
+    path = File.expand_path("db.json")
+    json = File.exist?(path) ? JSON.parse(File.read(path)) : {}
+    json["pass_num"] ||= 0
+    pass_num = json["pass_num"]
+    json["pass_num"] += 1
+    File.write(path, JSON.pretty_generate(json))
+    pass_num = XXhash.xxh64(pass_num, 1234)
+    code = ""
+    while pass_num.positive?
+      code << ALPHANUM[pass_num % 64]
+      pass_num /= 64
+    end
+    code = code.reverse.rjust(12, "0")
+
+    DB["update Players set new_pass_code = ? where email = ?", code, email].update
+
+    send_email(:pass_req, email, code)
+  end
+
+  def self.pass_reset(new_pass, code)
+    DB["update Players set pass = ? where new_pass_code = ?", new_pass, code].update != 0
+  end
+
+  def self.[](email)
+    DB["select * from Players where email = ?", email].first
+  end
+
+  def self.[]=(email, data)
+    DB["update Players set data = ? where email = ?", data, email].update
+  end
+
+  def self.authorized?(email, pass)
+    digest = XXhash.xxh32(pass, 1234)
+    player = self[email]
+    player && player[:digest].to_i == digest.to_i ? player : false
+  end
+
+  def self.verified?(email)
+    player = self[email]
+    player && player[:code] == "!"
+  end
+end