diff --git a/.gitignore b/.gitignore index aae6e56..11d8cc2 100644 --- a/.gitignore +++ b/.gitignore @@ -1,4 +1,3 @@ *.db -db.json tmp.* *.log diff --git a/dev.fish b/dev.fish index 0bd37db..07615e5 100644 --- a/dev.fish +++ b/dev.fish @@ -3,9 +3,6 @@ set oldsum (cat (find . \( -name '*.rb' -o -name '*.js' \) | sort) | md5sum) if not test -e infinsweeper.db sqlite3 infinsweeper.db < schema.sql end -if not test -e db.json - echo "{\"account_num\":0,\"pass_num\":0,\"signed_in_users\":{}}" > db.json -end pkill ruby ruby main.rb -p8080 & echo "" > $pipe_path diff --git a/main.rb b/main.rb index b15bfee..2448fca 100644 --- a/main.rb +++ b/main.rb @@ -4,8 +4,38 @@ require "json" require_relative "players" require_relative "session" -json_path = File.expand_path("db.json") -signed_in_users = JSON.parse(File.read(json_path))["signed_in_users"] +ALPHANUM = [*"0".."9", *"A".."Z", *"a".."z", "-", "_"].freeze + +db_file = File.expand_path("infinsweeper.db") +DB = Sequel.connect("sqlite:///#{db_file}", single_threaded: false) +DB.run("PRAGMA foreign_keys = ON;") + +signed_in_users = DB[:SignedInUsers].all.map { |x| [x[:code], x[:player]] }.to_h + +Thread.new do + loop do + now = Time.now + fifteen_days_ago = now - (60 * 60 * 24 * 15) + six_days_ago = now - (60 * 60 * 24 * 6) + old_sessions = (DB[:SignedInUsers].where { created_at < fifteen_days_ago }.all + + DB[:SignedInUsers].where { last_used_at < six_days_ago }.all).uniq { |s| s[:code] } + old_sessions.each do |session| + begin + DB[:SignedInUsers].where(code: session[:code]).delete + rescue StandardError => e + File.write("log/main.log", + "[#{Time.now}] Thread DB error: #{e.message} on #{session[:code]} for #{session[:player]}\n", + mode: "a") + end + signed_in_users.delete(session[:code]) + puts "Auto-logged out: #{session[:player]} (expired session)" + end + rescue StandardError => e + File.write("log/main.log", "[#{Time.now}] Thread error: #{e.message}\n", mode: "a") + ensure + sleep 60 * 60 * 24 + end +end set :public_folder, "public" @@ -21,37 +51,35 @@ post "/new_player" do data = JSON.parse(request.body.read) if data["email"].nil? || data["pass"].nil? || data["username"].nil? status 400 - return '{"message": "Bad request made!"}' + return { "message" => "Bad request made!" }.to_json end player = Players.mk_player(data["username"], data["email"], data["pass"]) case player when "Successfully registered!" - hash = XXhash.xxh64(data["email"] + Time.now.to_s, 1234) - code = "" - while hash.positive? - code << ALPHANUM[hash % 64] - hash /= 64 - end - code = code.reverse.rjust(12, "0") - set_session(request, response, "user", code) + code = Array.new(24) { ALPHANUM.sample }.join + set_session(request, response, "user", code, code) signed_in_users[code] = data["email"] - json = JSON.parse(File.read(json_path)) - json["signed_in_users"] = signed_in_users.clone - File.write(json_path, JSON.pretty_generate(json)) + begin + DB["insert into SignedInUsers (code, player) values (?, ?)", code, data["email"]].insert + rescue Sequel::Error => e + File.write("log/main.log", "DB Error: #{e.message}\n", mode: "a") + status 500 + return { "message" => "Internal server error when signing you in!" }.to_json + end status 200 else status 400 end - return "{\"message\": \"#{player}\"}" + return { "message" => player }.to_json end get "/verify/:code" do if Players.verify(params[:code]) status 200 - return "{\"message\": \"Verified successfully!\"}" + return { "message" => "Verified successfully!" }.to_json else status 400 - return "{\"message\": \"Used or Invalid code!\"}" + return { "message" => "Couldn't verify!" } end end @@ -59,24 +87,22 @@ post "/login" do data = JSON.parse(request.body.read) player = Players.authorized?(data["email"], data["pass"]) if player - hash = XXhash.xxh64(data["email"] + Time.now.to_s, 1234) - code = "" - while hash.positive? - code << ALPHANUM[hash % 64] - hash /= 64 - end - code = code.reverse.rjust(12, "0") - set_session(request, response, "user", code) + code = Array.new(24) { ALPHANUM.sample }.join + set_session(request, response, "user", code, code) signed_in_users[code] = data["email"] - json = JSON.parse(File.read(json_path)) - json["signed_in_users"] = signed_in_users.clone - File.write(json_path, JSON.pretty_generate(json)) + begin + DB["insert into SignedInUsers (code, player) values (?, ?)", code, data["email"]].insert + rescue Sequel::Error => e + File.write("log/main.log", "DB Error: #{e.message}\n", mode: "a") + status 500 + return { "message" => "Internal server error when signing you in!" }.to_json + end status 200 - return "{\"message\": \"Remember to verify your email!\"}" unless Players.verified?(data["email"]) - return "{\"message\": \"Signed in successfully!\"}" + return { "message" => "Remember to verify your email!" }.to_json unless Players.verified?(data["email"]) + return { "message" => "Signed in successfully!" }.to_json else status 400 - return "{\"message\": \"Email or password incorrect!\"}" + return { "message" => "Couldn't sign you in!" }.to_json end end @@ -84,40 +110,44 @@ post "/logout" do uid = get_session(request, response, "user") if signed_in_users[uid].nil? status 400 - return "{\"message\":\"Not signed in!\"}" + return { "message" => "Not signed in!" }.to_json end signed_in_users.delete(uid) rm_session(request, response, "user") - json = JSON.parse(File.read(json_path)) - json["signed_in_users"] = signed_in_users.clone - File.write(json_path, JSON.pretty_generate(json)) + begin + DB["delete from SignedInUsers where code = ?", uid].delete + rescue Sequel::Error => e + File.write("log/main.log", "DB Error: #{e.message}\n", mode: "a") + status 500 + return { "message" => "Internal server error when signing you out!" }.to_json + end status 200 - return "{\"message\":\"Signed out!\"}" + return { "message" => "Signed out successfully!" }.to_json end post "/forgot_password" do data = JSON.parse(request.body.read) if data["email"].nil? status 400 - return "{\"message\":\"Bad request made!\"}" + return { "message" => "Bad request made (Email not provided)!" }.to_json end Players.pass_req(data["email"]) status 200 - return "{\"message\":\"Password reset email sent!\"}" + return { "message" => "Email sent successfully!" }.to_json end post "/reset_password/:code" do data = JSON.parse(request.body.read) if data["pass"].nil? || params[:code].nil? status 400 - return "{\"message\":\"Bad request made!\"}" + return { "message" => "Bad request made!" }.to_json end if Players.pass_reset(data["pass"], params[:code]) status 200 - return "{\"message\":\"Password reset successfully!\"}" + return { "message" => "Password reset successfully!" }.to_json else status 400 - return "{\"message\":\"Couldn\'t reset password!\"}" + return { "message" => "Couldn't reset password!" }.to_json end end @@ -125,18 +155,15 @@ delete "/rm_player" do uid = get_session(request, response, "user") if uid.nil? || signed_in_users[uid].nil? status 400 - return '{"message": "Not signed in!"}' + return { "message" => "Not signed in!" }.to_json end if Players.rm_player(signed_in_users[uid]) - status 200 signed_in_users.delete(uid) rm_session(request, response, "user") - json = JSON.parse(File.read(json_path)) - json["signed_in_users"] = signed_in_users.clone - File.write(json_path, JSON.pretty_generate(json)) - return '{"message": "Sorry to see you go.."}' + status 200 + return { "message" => "Sorry to see you go.." }.to_json else status 500 - return '{"message": "Couldn\'t delete!"}' + return { "message" => "Couldn't delete!" }.to_json end end diff --git a/players.rb b/players.rb index 5cd23e0..4b33596 100644 --- a/players.rb +++ b/players.rb @@ -8,6 +8,7 @@ ALPHANUM = [*"0".."9", *"A".."Z", *"a".."z", "-", "_"].freeze module Players db_file = File.expand_path("infinsweeper.db") DB = Sequel.connect("sqlite:///#{db_file}", single_threaded: false) + DB.run("PRAGMA foreign_keys = ON;") def self.list DB["select * from Players"].all @@ -26,19 +27,7 @@ module Players digest = XXhash.xxh32(pass, 1234) - path = File.expand_path("db.json") - json = File.exist?(path) ? JSON.parse(File.read(path)) : {} - json["account_num"] ||= 0 - account_num = json["account_num"] - json["account_num"] += 1 - File.write(path, JSON.pretty_generate(json)) - account_num = XXhash.xxh64(account_num, 1234) - code = "" - while account_num.positive? - code << ALPHANUM[account_num % 64] - account_num /= 64 - end - code = code.reverse.rjust(12, "0") + code = Array.new(24) { ALPHANUM.sample }.join DB[ "insert into Players (email, digest, username, activation_code) values (?, ?, ?, ?)", @@ -64,20 +53,8 @@ module Players def self.pass_req(email) return unless self[email] - path = File.expand_path("db.json") - json = File.exist?(path) ? JSON.parse(File.read(path)) : {} - json["pass_num"] ||= 0 - pass_num = json["pass_num"] - json["pass_num"] += 1 - File.write(path, JSON.pretty_generate(json)) - pass_num = XXhash.xxh64(pass_num, 1234) - code = "" - while pass_num.positive? - code << ALPHANUM[pass_num % 64] - pass_num /= 64 - end - code = code.reverse.rjust(12, "0") + code = Array.new(24) { ALPHANUM.sample }.join DB["update Players set new_pass_code = ? where email = ?", code, email].update send_email(:pass_req, email, code) @@ -108,9 +85,14 @@ module Players end Thread.new do - sleep 60 * 60 - unverified.each do |player| - rm_player(player[:email]) if player[:created_at] + 24 * 60 * 60 < Time.now + loop do + unverified.each do |player| + rm_player(player[:email]) if player[:created_at] + 24 * 60 * 60 < Time.now + end + rescue StandardError => e + File.write("log/main.log", "Thread error: #{e.message}\n", mode: "a") + ensure + sleep 60 * 60 end end end diff --git a/schema.sql b/schema.sql index 3decd50..e0e1cc6 100644 --- a/schema.sql +++ b/schema.sql @@ -1,4 +1,4 @@ -CREATE TABLE Players ( +CREATE TABLE IF NOT EXISTS Players ( email TEXT PRIMARY KEY, username TEXT UNIQUE, digest BLOB, @@ -7,3 +7,11 @@ CREATE TABLE Players ( new_pass_code TEXT, created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP ); + +CREATE TABLE IF NOT EXISTS SignedInUsers ( + code TEXT PRIMARY KEY, + player TEXT, + created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP, + last_used_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP, + FOREIGN KEY (player) REFERENCES Players (email) ON DELETE CASCADE +);