yagich/porom
1
0
Fork 1
Code Issues Pull Requests Packages Projects Releases Wiki Activity

move validate session to util module

Browse Source
This commit is contained in:
Lera Elvoé 2025-05-18 13:18:56 +03:00
parent 836ad72521
commit 86b568d0f4
Signed by: yagich
SSH Key Fingerprint: SHA256:6xjGb6uA7lAVcULa7byPEN//rQ0wPoG+UzYVMfZnbvc
2 changed files with 27 additions and 25 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

37
apps/users.lua
View File

@ -41,20 +41,6 @@ local function create_session(user_id)
}) })
end end
local function validate_session(session_key)
if session_key == nil then
return nil
end
local session = db.select('* FROM "sessions" WHERE "key" = ? AND "expires_at" > "?" LIMIT 1', session_key, os.time())
print(#session)
if #session > 0 then
return Users:find({id = session[1].user_id})
end
return nil
end
local function validate_password(password) local function validate_password(password)
if #password < 10 or password:match("%s") then if #password < 10 or password:match("%s") then
return false return false
@ -94,7 +80,8 @@ app:get("user", "/:username", function(self)
self.session.flash = {} self.session.flash = {}
end end
local me = validate_session(self.session.session_key) or TransientUser -- local me = validate_session(self.session.session_key) or TransientUser
local me = util.get_logged_in_user(self) or TransientUser
self.user = user self.user = user
self.me = me self.me = me
@ -109,7 +96,7 @@ app:get("user", "/:username", function(self)
end) end)
app:post("user_clear_avatar", "/:username/clear_avatar", function(self) app:post("user_clear_avatar", "/:username/clear_avatar", function(self)
local me = validate_session(self.session.session_key) local me = util.get_logged_in_user(self)
if me == nil then if me == nil then
self.session.flash = {error = "You must be logged in to perform this action."} self.session.flash = {error = "You must be logged in to perform this action."}
return {redirect_to = self:url_for("user_login")} return {redirect_to = self:url_for("user_login")}
@ -126,7 +113,7 @@ app:post("user_clear_avatar", "/:username/clear_avatar", function(self)
end) end)
app:post("user_set_avatar", "/:username/set_avatar", function(self) app:post("user_set_avatar", "/:username/set_avatar", function(self)
local me = validate_session(self.session.session_key) local me = util.get_logged_in_user(self)
if me == nil then if me == nil then
self.session.flash = {error = "You must be logged in to perform this action."} self.session.flash = {error = "You must be logged in to perform this action."}
return {redirect_to = self:url_for("user_login")} return {redirect_to = self:url_for("user_login")}
@ -164,7 +151,7 @@ app:post("user_set_avatar", "/:username/set_avatar", function(self)
end) end)
app:get("user_settings", "/:username/settings", function(self) app:get("user_settings", "/:username/settings", function(self)
local me = validate_session(self.session.session_key) local me = util.get_logged_in_user(self)
if me == nil then if me == nil then
self.session.flash = {error = "You must be logged in to perform this action."} self.session.flash = {error = "You must be logged in to perform this action."}
return {redirect_to = self:url_for("user_login")} return {redirect_to = self:url_for("user_login")}
@ -187,7 +174,7 @@ app:get("user_settings", "/:username/settings", function(self)
end) end)
app:post("user_settings", "/:username/settings", function(self) app:post("user_settings", "/:username/settings", function(self)
local me = validate_session(self.session.session_key) local me = util.get_logged_in_user(self)
if me == nil then if me == nil then
self.session.flash = {error = "You must be logged in to perform this action."} self.session.flash = {error = "You must be logged in to perform this action."}
return {redirect_to = self:url_for("user_login")} return {redirect_to = self:url_for("user_login")}
@ -211,7 +198,7 @@ end)
app:get("user_login", "/login", function(self) app:get("user_login", "/login", function(self)
if self.session.session_key then if self.session.session_key then
local user = validate_session(self.session.session_key) local user = util.get_logged_in_user(self)
if user ~= nil then if user ~= nil then
return {redirect_to = self:url_for("user", {username = user.username})} return {redirect_to = self:url_for("user", {username = user.username})}
end end
@ -226,7 +213,7 @@ end)
app:post("user_login", "/login", function(self) app:post("user_login", "/login", function(self)
if self.session.session_key then if self.session.session_key then
local user = validate_session(self.session.session_key) local user = util.get_logged_in_user(self)
if user ~= nil then if user ~= nil then
return {redirect_to = self:url_for("user", {username = user.username})} return {redirect_to = self:url_for("user", {username = user.username})}
end end
@ -250,7 +237,7 @@ end)
app:get("user_signup", "/signup", function(self) app:get("user_signup", "/signup", function(self)
if self.session.session_key then if self.session.session_key then
local user = validate_session(self.session.session_key) local user = util.get_logged_in_user(self)
if user ~= nil then if user ~= nil then
return {redirect_to = self:url_for("user", {username = user.username})} return {redirect_to = self:url_for("user", {username = user.username})}
end end
@ -264,7 +251,7 @@ end)
app:post("user_signup", "/signup", function(self) app:post("user_signup", "/signup", function(self)
if self.session.session_key then if self.session.session_key then
local user = validate_session(self.session.session_key) local user = util.get_logged_in_user(self)
if user ~= nil then if user ~= nil then
return {redirect_to = self:url_for("user", {username = user.username})} return {redirect_to = self:url_for("user", {username = user.username})}
end end
@ -307,7 +294,7 @@ app:post("user_signup", "/signup", function(self)
end) end)
app:post("user_logout", "/logout", function (self) app:post("user_logout", "/logout", function (self)
local user = validate_session(self.session.session_key) local user = util.get_logged_in_user(self)
if not user then if not user then
return {redirect_to = self:url_for("user_login")} return {redirect_to = self:url_for("user_login")}
end end
@ -318,7 +305,7 @@ app:post("user_logout", "/logout", function (self)
end) end)
app:post("confirm_user", "/confirm_user/:user_id", function (self) app:post("confirm_user", "/confirm_user/:user_id", function (self)
local user = validate_session(self.session.session_key) local user = util.get_logged_in_user(self)
if not user then if not user then
return {status = 403} return {status = 403}
end end

15
util.lua
View File

@ -1,7 +1,9 @@
local util = {} local util = {}
local magick = require("magick") local magick = require("magick")
local db = require("lapis.db")
local Avatars = require("models").Avatars local Avatars = require("models").Avatars
local Users = require("models").Users
function util.get_user_avatar_url(req, user) function util.get_user_avatar_url(req, user)
if not user.avatar_id then if not user.avatar_id then
@ -42,4 +44,17 @@ function util.validate_and_create_image(input_image, filename)
return true return true
end end
function util.get_logged_in_user(req)
if req.session.session_key == nil then
return nil
end
local session = db.select('* FROM "sessions" WHERE "key" = ? AND "expires_at" > "?" LIMIT 1', req.session.session_key, os.time())
if #session > 0 then
return Users:find({id = session[1].user_id})
end
return nil
end
return util return util