Store signin data in DB and use random codes

2025-06-22 09:06:33 +03:00
parent 708ca49a35
commit ccbb317189
5 changed files with 95 additions and 82 deletions
--- a/main.rb
+++ b/main.rb
@@ -4,8 +4,38 @@ require "json"
 require_relative "players"
 require_relative "session"

-json_path = File.expand_path("db.json")
-signed_in_users = JSON.parse(File.read(json_path))["signed_in_users"]
+ALPHANUM = [*"0".."9", *"A".."Z", *"a".."z", "-", "_"].freeze
+
+db_file = File.expand_path("infinsweeper.db")
+DB = Sequel.connect("sqlite:///#{db_file}", single_threaded: false)
+DB.run("PRAGMA foreign_keys = ON;")
+
+signed_in_users = DB[:SignedInUsers].all.map { |x| [x[:code], x[:player]] }.to_h
+
+Thread.new do
+  loop do
+    now = Time.now
+    fifteen_days_ago = now - (60 * 60 * 24 * 15)
+    six_days_ago = now - (60 * 60 * 24 * 6)
+    old_sessions = (DB[:SignedInUsers].where { created_at < fifteen_days_ago }.all +
+                    DB[:SignedInUsers].where { last_used_at < six_days_ago }.all).uniq { |s| s[:code] }
+    old_sessions.each do |session|
+      begin
+        DB[:SignedInUsers].where(code: session[:code]).delete
+      rescue StandardError => e
+        File.write("log/main.log",
+                   "[#{Time.now}] Thread DB error: #{e.message} on #{session[:code]} for #{session[:player]}\n",
+                   mode: "a")
+      end
+      signed_in_users.delete(session[:code])
+      puts "Auto-logged out: #{session[:player]} (expired session)"
+    end
+  rescue StandardError => e
+    File.write("log/main.log", "[#{Time.now}] Thread error: #{e.message}\n", mode: "a")
+  ensure
+    sleep 60 * 60 * 24
+  end
+end

 set :public_folder, "public"

@@ -21,37 +51,35 @@ post "/new_player" do
  data = JSON.parse(request.body.read)
  if data["email"].nil? || data["pass"].nil? || data["username"].nil?
    status 400
-    return '{"message": "Bad request made!"}'
+    return { "message" => "Bad request made!" }.to_json
  end
  player = Players.mk_player(data["username"], data["email"], data["pass"])
  case player
  when "Successfully registered!"
-    hash = XXhash.xxh64(data["email"] + Time.now.to_s, 1234)
-    code = ""
-    while hash.positive?
-      code << ALPHANUM[hash % 64]
-      hash /= 64
-    end
-    code = code.reverse.rjust(12, "0")
-    set_session(request, response, "user", code)
+    code = Array.new(24) { ALPHANUM.sample }.join
+    set_session(request, response, "user", code, code)
    signed_in_users[code] = data["email"]
-    json = JSON.parse(File.read(json_path))
-    json["signed_in_users"] = signed_in_users.clone
-    File.write(json_path, JSON.pretty_generate(json))
+    begin
+      DB["insert into SignedInUsers (code, player) values (?, ?)", code, data["email"]].insert
+    rescue Sequel::Error => e
+      File.write("log/main.log", "DB Error: #{e.message}\n", mode: "a")
+      status 500
+      return { "message" => "Internal server error when signing you in!" }.to_json
+    end
    status 200
  else
    status 400
  end
-  return "{\"message\": \"#{player}\"}"
+  return { "message" => player }.to_json
 end

 get "/verify/:code" do
  if Players.verify(params[:code])
    status 200
-    return "{\"message\": \"Verified successfully!\"}"
+    return { "message" => "Verified successfully!" }.to_json
  else
    status 400
-    return "{\"message\": \"Used or Invalid code!\"}"
+    return { "message" => "Couldn't verify!" }
  end
 end

@@ -59,24 +87,22 @@ post "/login" do
  data = JSON.parse(request.body.read)
  player = Players.authorized?(data["email"], data["pass"])
  if player
-    hash = XXhash.xxh64(data["email"] + Time.now.to_s, 1234)
-    code = ""
-    while hash.positive?
-      code << ALPHANUM[hash % 64]
-      hash /= 64
-    end
-    code = code.reverse.rjust(12, "0")
-    set_session(request, response, "user", code)
+    code = Array.new(24) { ALPHANUM.sample }.join
+    set_session(request, response, "user", code, code)
    signed_in_users[code] = data["email"]
-    json = JSON.parse(File.read(json_path))
-    json["signed_in_users"] = signed_in_users.clone
-    File.write(json_path, JSON.pretty_generate(json))
+    begin
+      DB["insert into SignedInUsers (code, player) values (?, ?)", code, data["email"]].insert
+    rescue Sequel::Error => e
+      File.write("log/main.log", "DB Error: #{e.message}\n", mode: "a")
+      status 500
+      return { "message" => "Internal server error when signing you in!" }.to_json
+    end
    status 200
-    return "{\"message\": \"Remember to verify your email!\"}" unless Players.verified?(data["email"])
-    return "{\"message\": \"Signed in successfully!\"}"
+    return { "message" => "Remember to verify your email!" }.to_json unless Players.verified?(data["email"])
+    return { "message" => "Signed in successfully!" }.to_json
  else
    status 400
-    return "{\"message\": \"Email or password incorrect!\"}"
+    return { "message" => "Couldn't sign you in!" }.to_json
  end
 end

@@ -84,40 +110,44 @@ post "/logout" do
  uid = get_session(request, response, "user")
  if signed_in_users[uid].nil?
    status 400
-    return "{\"message\":\"Not signed in!\"}"
+    return { "message" => "Not signed in!" }.to_json
  end
  signed_in_users.delete(uid)
  rm_session(request, response, "user")
-  json = JSON.parse(File.read(json_path))
-  json["signed_in_users"] = signed_in_users.clone
-  File.write(json_path, JSON.pretty_generate(json))
+  begin
+    DB["delete from SignedInUsers where code = ?", uid].delete
+  rescue Sequel::Error => e
+    File.write("log/main.log", "DB Error: #{e.message}\n", mode: "a")
+    status 500
+    return { "message" => "Internal server error when signing you out!" }.to_json
+  end
  status 200
-  return "{\"message\":\"Signed out!\"}"
+  return { "message" => "Signed out successfully!" }.to_json
 end

 post "/forgot_password" do
  data = JSON.parse(request.body.read)
  if data["email"].nil?
    status 400
-    return "{\"message\":\"Bad request made!\"}"
+    return { "message" => "Bad request made (Email not provided)!" }.to_json
  end
  Players.pass_req(data["email"])
  status 200
-  return "{\"message\":\"Password reset email sent!\"}"
+  return { "message" => "Email sent successfully!" }.to_json
 end

 post "/reset_password/:code" do
  data = JSON.parse(request.body.read)
  if data["pass"].nil? || params[:code].nil?
    status 400
-    return "{\"message\":\"Bad request made!\"}"
+    return { "message" => "Bad request made!" }.to_json
  end
  if Players.pass_reset(data["pass"], params[:code])
    status 200
-    return "{\"message\":\"Password reset successfully!\"}"
+    return { "message" => "Password reset successfully!" }.to_json
  else
    status 400
-    return "{\"message\":\"Couldn\'t reset password!\"}"
+    return { "message" => "Couldn't reset password!" }.to_json
  end
 end

@@ -125,18 +155,15 @@ delete "/rm_player" do
  uid = get_session(request, response, "user")
  if uid.nil? || signed_in_users[uid].nil?
    status 400
-    return '{"message": "Not signed in!"}'
+    return { "message" => "Not signed in!" }.to_json
  end
  if Players.rm_player(signed_in_users[uid])
-    status 200
    signed_in_users.delete(uid)
    rm_session(request, response, "user")
-    json = JSON.parse(File.read(json_path))
-    json["signed_in_users"] = signed_in_users.clone
-    File.write(json_path, JSON.pretty_generate(json))
-    return '{"message": "Sorry to see you go.."}'
+    status 200
+    return { "message" => "Sorry to see you go.." }.to_json
  else
    status 500
-    return '{"message": "Couldn\'t delete!"}'
+    return { "message" => "Couldn't delete!" }.to_json
  end
 end