This repository has been archived by the owner on Apr 4, 2023. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 2
/
Copy pathcoderdojowebstorage.rb
198 lines (164 loc) · 4.54 KB
/
coderdojowebstorage.rb
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
# encoding: utf-8
require 'rubygems' if RUBY_VERSION < "1.9"
require 'sinatra/base'
require 'rack-flash'
require 'data_mapper'
require 'rack-flash'
require 'rack/csrf'
require File.dirname(__FILE__)+'/lib/user'
require File.dirname(__FILE__)+'/lib/user_file'
require File.dirname(__FILE__) + '/lib/authenticator'
require File.dirname(__FILE__)+'/lib/filetype_helpers'
DataMapper.setup(:default, ENV['DATABASE_URL'] || "sqlite://#{File.dirname(__FILE__)}/db.sqlite3")
DataMapper.auto_upgrade!
CFG = YAML.load_file(File.dirname(__FILE__)+'/config.yml')
class CoderDojoWebStorage < Sinatra::Base
set :session_secret, CFG['session_secret']
PWSALT = CFG['pwsalt']
use Rack::Session::Cookie, :key => 'rack.session', :path => '/', :secret => session_secret
use Rack::Flash
use Rack::Csrf, :check_only => ['POST:/signin']
# use authentication
register Sinatra::Authenticator
helpers do
include Rack::Utils
alias_method :h, :escape_html
end
helpers Sinatra::FiletypeHelpers
get "/" do
if is_authenticated?
@files = current_user.files
erb :home
else
erb :index
end
end
["/om", "/about"].each do |about_url|
get about_url do
erb :about
end
end
# user signup
get "/signup" do
@user = User.new
erb :signup
end
post "/signup" do
@user = User.new params[:user]
if @user.save
erb :signed_up
else
erb :signup
end
end
# simple list of all the users in the system
get "/handleusers" do
ensure_admin!
@users = User.all
erb :handleusers
end
post "/handleusers/changeauthlevel/:username" do
ensure_admin!
@user = User.first :username => params[:username]
@user.auth_level = params[:auth_level]
if @user.save
flash[:notice] = "#{@user.username} har nu status #{@user.role}"
else
flash[:error] = "Lyckades inte ändra #{@user.username} status till #{User.role_name(params[:auth_level])}"
end
redirect "/handleusers"
end
post "/handleusers/newpassword/:username" do
ensure_admin!
@user = User.first :username => params[:username]
@user.password = params[:new_password]
if @user.save
flash[:notice] = "#{@user.username} har ett nytt lösenord"
else
flash[:error] = "Lyckades inte sätta ett nytt lösenord till #{@user.username}"
end
redirect "/handleusers"
end
post "/setpublicflag/:username" do
ensure_authenticated!
@user = User.first :username => params[:username]
halt(403) unless @user.is_editable_by?(current_user)
@user.public = params['user']['public'].to_i
if @user.save
flash[:notice] = 'Användaren uppdaterades'
else
flash[:error] = 'Något gick fel! lyckdes inte spara'
end
if @user == current_user
redirect '/'
else
redirect '/handleusers'
end
end
get "/upload" do
ensure_authenticated!
erb :upload
end
post "/upload" do
ensure_authenticated!
if new_uri = current_user.upload_file(params[:file])
redirect '/'
else
@errors = current_user.custom_errors
erb :upload
end
end
get "/users/?" do
@users = User.all_public
erb :list_users
end
get "/users/:username" do
@user = User.first :username => params[:username]
erb :show_user
end
# deprecated?
get "/show/:username" do
puts "show/:username is DEPRECATED"
@user = User.first :username => params[:username]
erb :show_user
end
get "/editor/*" do
ensure_authenticated!
@file_name = File.basename(params[:splat][0])
halt(422) unless UserFile.valid_file_name?(@file_name)
@file_type = file_type(@file_name)
@file_content = current_user.content_of @file_name
@user_base_url = "/u/#{current_user.username}/"
@full_public_uri = "http://#{request.host}#{current_user.file_uri(@file_name)}"
if @file_name == "index.html"
@full_public_uri += "index.html"
end
erb :editor
end
post "/editor/*" do
ensure_authenticated!
file_name = File.basename(params[:splat][0])
file_name = UserFile.sanitize_file_name(file_name)
if current_user.update_file(file_name, params[:file_content])
flash[:notice] = 'Filen sparades'
else
flash[:error] = 'filen kunde inte sparas!'
end
redirect "/editor/#{file_name}"
end
get "/u/:username/" do
call env.merge("PATH_INFO" => "/u/#{params[:username]}/index.html")
end
get "/u/:username" do
redirect to("/u/#{params[:username]}/")
end
error 403 do
erb :error_403
end
error 404 do
erb :error_404
end
error 422 do
erb :error_422
end
end