diff options
Diffstat (limited to 'src/guff.cr')
-rw-r--r-- | src/guff.cr | 144 |
1 files changed, 115 insertions, 29 deletions
diff --git a/src/guff.cr b/src/guff.cr index b36abc4..923f8f6 100644 --- a/src/guff.cr +++ b/src/guff.cr @@ -199,6 +199,16 @@ module Guff end end + module Password + def self.create(password : String) : String + Crypto::Bcrypt::Password.create(password).to_s + end + + def self.test(hash : String, password : String) : Bool + Crypto::Bcrypt::Password.new(hash) == password + end + end + module Models abstract class Model def initialize(@context : Context) @@ -351,6 +361,30 @@ module Guff end class UserModel < Model + SQL = { + add_user: " + INSERT INTO users( + role_id, + name, + email, + password, + is_active + ) VALUES ( + (SELECT role_id FROM roles where role = ?), + ?, + ?, + ?, + ? + ) + ", + + set_user: " + UPDATE users + SET %s + WHERE user_id = ? + ", + } + def login(user : String, pass : String) : String? if @context.development? if user == "test" && pass == "test" @@ -380,39 +414,67 @@ module Guff end def add_user( - name : String? = nil, - email : String? = nil, - password : String? = nil, - groups : Array(String)? = nil, - active : Bool? = nil, + name : String, + email : String, + password : String, + role : String, + active : Bool, ) : Int64 - # TODO create user - user_id = 0_i64 - - # set user attributes - set_user( - user_id: user_id, - email: email, - password: password, - groups: groups, - active: active, - ) + @context.dbs.rw.query(SQL[:add_user], [ + role, + name, + email, + Password.create(password), + active ? "1" : "0", + ]) - # return user id - user_id + @context.dbs.rw.last_insert_row_id.to_i64 end def set_user( user_id : Int64, - name : String? = nil, - email : String? = nil, - password : String? = nil, - groups : Array(String)? = nil, - active : Bool? = nil, + name : String? = nil, + email : String? = nil, + password : String? = nil, + role : String? = nil, + active : Bool? = nil, ) + sets = [] of String + args = [] of String + + if name + sets << "name = ?" + args << name + end + + if email + sets << "email = ?" + args << email + end + + if role + sets << "role_id = (SELECT role_id FROM roles WHERE role = ?)" + args << role + end + + if password + sets << "password = ?" + args << Password.create(password) + end + + if active != nil + sets << "is_active = ?" + args << (active ? "1" : "0") + end + + if sets.size > 0 + args << user_id.to_s + @context.dbs.rw.query(SQL[:set_user] % sets.join(", "), args) + end end def get_users + # TODO end end @@ -684,14 +746,32 @@ module Guff module UserAPI def do_user_add_user(params : HTTP::Params) user_id = @context.models.user.add_user( - name: params["name"]?, + name: params["name"], email: params["email"], + password: params["password"], + active: (params["active"] == "t"), + role: params["role"], + ) + + { "user_id": user_id } + end + + def do_user_set_user(params : HTTP::Params) + @context.models.user.set_user( + user_id: params["user_id"].to_i64, + name: params["name"]?, + email: params["email"]?, password: params["password"]?, active: params["active"]? ? (params["active"] == "t") : nil, - # groups: params["groups"]? ? JSON.parse(params["groups"]) : nil, + role: params["role"]?, ) - { "user_id": user_id } + nil + end + + def do_user_get_users(params : HTTP::Params) + # @context.models.user.get_users + nil end end end @@ -879,7 +959,13 @@ module Guff (@context.development? && context.request.method == "GET") if md = PATH_RE.match(context.request.path.not_nil!) namespace, method = %w{namespace method}.map { |k| md[k] } - params = HTTP::Params.parse(context.request.body || "") + + # get query parameteres + params = if (context.request.method == "GET") + context.request.query_params + else + HTTP::Params.parse(context.request.body || "") + end code, data = begin { 200, api_method_dispatch(API_MODULES) } @@ -1383,7 +1469,7 @@ module Guff CREATE TABLE sites ( site_id INTEGER PRIMARY KEY, - name TEXT UNIQUE NOT NULL + name TEXT UNIQUE NOT NULL CHECK (LENGTH(name) > 0), is_active BOOLEAN NOT NULL DEFAULT false, @@ -1571,7 +1657,7 @@ module Guff } private def add_admin_user(db : Database, password : String) - pass_hash = Crypto::Bcrypt::Password.create(password).to_s + pass_hash = Password.create(password) # STDERR.puts "DEBUG: adding admin user (pass_hash = #{pass_hash}" db.query(ADD_ADMIN_USER_SQL, [pass_hash]) end |