work on auth systens

2025-05-24 18:29:59 -05:00 · 2025-05-24 18:29:59 -05:00 · bcf4c99167
commit bcf4c99167
parent 574cc8c588
13 changed files with 82 additions and 7 deletions
--- a/config.lua
+++ b/config.lua
@ -1,8 +1,7 @@
 server = {
 	port = 3118,
 	debug = false,
-	log_level = "info",
-	http_logging = false
+	http_logging = true
 }

 runner = {
--- a/data/dk.db
+++ b/data/dk.db
--- a/fs/templates/auth/login.html
+++ b/fs/templates/auth/login.html
@ -0,0 +1,5 @@
+<form method="post">
+	<input type="text" name="username" placeholder="Username">
+	<input type="password" name="password">
+	<button type="submit">Login</button>
+</form>
--- a/BIN
+++ b/BIN
--- a/routes/auth/login/get.lua
+++ b/routes/auth/login/get.lua
--- a/routes/auth/login/post.lua
+++ b/routes/auth/login/post.lua
--- a/routes/auth/register/post.lua
+++ b/routes/auth/register/post.lua
--- a/routes/get.lua
+++ b/routes/get.lua
@ -1 +1,5 @@
-return "Hello world!"
+if session.get("logged_in") then
+	return "Hello, "..session.get("user_id").."!"
+else
+	return "Hello, guest!"
+end
--- a/routes/auth/register/get.lua
+++ b/routes/auth/register/get.lua
@ -1,6 +1,6 @@
 local base_template = fs.read("templates/base.html")
-local login_form = fs.read("templates/auth/register.html")
+local login_form = fs.read("templates/auth/login.html")
 return send.html(render(base_template, {
-	title = "Register",
+	title = "Login",
 	content = login_form
-}))
+}))
--- a/routes/login/post.lua
+++ b/routes/login/post.lua
@ -0,0 +1,31 @@
+local db = sqlite("dk")
+
+local username = string.trim(ctx.form.username)
+if username == "" or not db:exists("users", "username = :u", {u = username}) then
+	return "username required and must exist"
+end
+
+if ctx.form.password == "" then
+	return "password required"
+end
+
+local user_row = db:get_one("SELECT id, username, password, auth_level FROM users WHERE username = :u", {u = username})
+if not password.verify(ctx.form.password, user_row.password) then
+	return "wrong username or password"
+end
+
+local token = util.generate_token()
+local expires = os.time() + (30 * 24 * 60 * 60) -- 30 days
+db:insert("user_sessions", {
+	user_id = user_row.id,
+	token = token,
+	expires = expires
+})
+
+cookie.set("dkauth", token, { expires = expires })
+
+session.set("logged_in", true)
+session.set("user_id", user_row.id)
+session.set("auth_level", user_row.auth_level)
+
+return "Logged in!"
--- a/routes/register/get.lua
+++ b/routes/register/get.lua
@ -0,0 +1,6 @@
+local base_template = fs.read("templates/base.html")
+local register_form = fs.read("templates/auth/register.html")
+return send.html(render(base_template, {
+	title = "Register",
+	content = register_form
+}))
--- a/routes/register/post.lua
+++ b/routes/register/post.lua
@ -0,0 +1,24 @@
+local db = sqlite("dk")
+
+local username = string.trim(ctx.form.username)
+if username == "" or db:exists("users", "username = :u", {u = username}) then
+	return "username required and must be unique"
+end
+
+local email = string.trim(ctx.form.email)
+if util.sanitize_email(email) == "" or db:exists("users", "email = :e", {e = email}) then
+	return "email required, must be valid format, and must be unique"
+end
+
+if ctx.form.password == "" then
+	return "password required"
+end
+
+db:insert("users", {
+	username = username,
+	email = email,
+	password = password.hash(ctx.form.password),
+	attributes_id = 0
+})
+
+return "Account registered!"
--- a/setup_database.lua
+++ b/setup_database.lua
@ -252,8 +252,14 @@ db:create_table("user_inventories",
 	"stack   INTEGER NOT NULL DEFAULT 1"
 )

+db:create_table("user_sessions",
+	"user_id INTEGER NOT NULL",
+	"token   TEXT NOT NULL",
+	"expires INTEGER NOT NULL"
+)
+
 db:commit()

 local time = math.roundto(microtime(true) - start, 4)
-print(iparse("Database setup in <!> seconds.", {time}))
+print(iparse("Database setup in {{{}}} seconds.", {time}))
 return true