require "base64" require "erb" require "json" require "net/http" require "sequel" require "sinatra" require "uri" require "xxhash" require "zlib" ALPHANUM = [*"0".."9", *"A".."Z", *"a".."z", "-", "_"].freeze env_data = File.exist?(".env") ? File.read(".env") : "" ENV_HASH = {} env_data.each_line do |line| next unless (match = line.match(/^([A-Z_][A-Z0-9_]*)=(.*)$/)) ENV_HASH[match[1]] = match[2] end load "logman.rb" # Logman.log ENV_HASH.inspect db_file = File.expand_path("infinsweeper.db") DB = Sequel.connect("sqlite:///#{db_file}", single_threaded: false) DB.run("PRAGMA foreign_keys = ON;") $active_users = DB[:SignedInUsers].all.map { |x| [x[:code], x[:player]] }.to_h load "mailer.rb" load "players.rb" load "session.rb" set :public_folder, "public" get "/" do session = Sessions.new request, response @message = session.message || "" session.message = "" @signed_in = session.signed_in?.nil? ? false : true @csrf_token = Array.new(32) { ALPHANUM.sample }.join session["csrf_token"] = @csrf_token ERB.new(File.read("index.erb")).result(binding) end get "/debug" do content_type :json (Sessions.new request, response).all.to_json end post "/signup" do session = Sessions.new request, response uid = session["user"] session.logout unless uid.nil? || $active_users[uid].nil? data = JSON.parse(request.body.read) unless session.csrf_auth? status 401 return { "message" => "Unauthorized (invalid CSRF token)!" }.to_json end session["csrf_token"] = Array.new(32) { ALPHANUM.sample }.join if data["email"].nil? || data["pass"].nil? || data["username"].nil? status 400 return { "message" => "Bad request made!", "csrf_token" => session["csrf_token"] }.to_json end signup_status = Players.mk_player(data["username"], data["email"], data["pass"]) if signup_status[0] == 200 login_status = session.login(data["username"], data["pass"]) if login_status[0] == 200 status 200 return { "message" => login_status[1], "success" => "true", "csrf_token" => session["csrf_token"] }.to_json else status login_status[0] return { "message" => login_status[1], "csrf_token" => session["csrf_token"] }.to_json end end status signup_status[0] return { "message" => signup_status[1], "csrf_token" => session["csrf_token"] }.to_json end get "/verify/:code" do session = Sessions.new request, response session.message = Players.verify(params[:code]) ? "Verified successfully!" : "Verification failed!" redirect "/" end post "/login" do data = JSON.parse(request.body.read) session = Sessions.new request, response uid = session["user"] Logman.log(request.env["HTTP_X_CSRF_TOKEN"].to_s + " " + session["csrf_token"].to_s) unless session.csrf_auth? status 401 return { "message" => "Unauthorized (invalid CSRF token)!" }.to_json end session["csrf_token"] = Array.new(32) { ALPHANUM.sample }.join if $active_users[uid] && !session.logout status 500 return { "message" => "Internal server error when signing the existing session out!", "csrf_token" => session["csrf_token"], }.to_json end if data["username"].nil? || data["pass"].nil? status 400 return { "message" => "Bad request made!", "csrf_token" => session["csrf_token"] }.to_json end login_status = session.login(data["username"], data["pass"]) if login_status[0] == 200 status 200 return { "message" => login_status[1], "success" => "true", "csrf_token" => session["csrf_token"] }.to_json else status login_status[0] return { "message" => login_status[1], "csrf_token" => session["csrf_token"] }.to_json end end post "/logout" do session = Sessions.new request, response uid = session["user"] if $active_users[uid].nil? status 400 return { "message" => "Not logged in!" }.to_json end unless session.logout status 500 return { "message" => "Internal server error when logging you out!" }.to_json end status 200 return { "message" => "Logged out successfully!", "success" => "true" }.to_json end get "/logout" do session = Sessions.new request, response uid = session["user"] session.logout unless $active_users[uid].nil? session.message = "Logged out successfully!" redirect "/" end post "/forgot_password" do data = JSON.parse(request.body.read) if data["email"].nil? status 400 return { "message" => "Bad request made (Email not provided)!" }.to_json end if Players.pass_req(data["email"]) status 200 return { "message" => "Email sent successfully!" }.to_json else status 400 return { "message" => "Couldn't send email!" }.to_json end end post "/pass_reset?" do data = JSON.parse(request.body.read) if data["code"].nil? status 400 return { "message" => "Bad request made!" }.to_json end if Players.pass_reset?(data["code"]) status 200 return { "message" => "Password reset link exists!" }.to_json else status 400 return { "message" => "Code doesn't exist!" }.to_json end end get "/reset_password/:code" do redirect "/?reset_code=#{params[:code]}" end post "/reset_password/:code" do data = JSON.parse(request.body.read) if data["pass"].nil? || params[:code].nil? status 400 return { "message" => "Bad request made!" }.to_json end if Players.pass_reset(data["pass"], params[:code]) status 200 return { "message" => "Password reset successfully!" }.to_json else status 400 return { "message" => "Couldn't reset password!" }.to_json end end delete "/rm_player" do session = Sessions.new request, response uid = session["user"] if uid.nil? || $active_users[uid].nil? status 400 return { "message" => "Not signed in!" }.to_json end if session.logout && Players.rm_player($active_users[uid]) status 200 return { "message" => "Sorry to see you go.." }.to_json else status 500 return { "message" => "Couldn't delete!" }.to_json end end get "*" do redirect "/" end