add user confirmation by admins
This commit is contained in:
@ -10,6 +10,15 @@ local models = require("models")
|
||||
local Users = models.Users
|
||||
local Sessions = models.Sessions
|
||||
|
||||
local TransientUser = {
|
||||
is_admin = function (self)
|
||||
return false
|
||||
end,
|
||||
is_guest = function (self)
|
||||
return true
|
||||
end
|
||||
}
|
||||
|
||||
local function authenticate_user(user, password)
|
||||
return bcrypt.verify(password, user.password_hash)
|
||||
end
|
||||
@ -30,6 +39,10 @@ local function create_session(user_id)
|
||||
end
|
||||
|
||||
local function validate_session(session_key)
|
||||
if session_key == nil then
|
||||
return nil
|
||||
end
|
||||
|
||||
local session = db.select('* FROM "sessions" WHERE "key" = ? AND "expires_at" > "?" LIMIT 1', session_key, os.time())
|
||||
print(#session)
|
||||
if #session > 0 then
|
||||
@ -69,15 +82,22 @@ app:get("user", "/:username", function(self)
|
||||
return {status = 404}
|
||||
end
|
||||
|
||||
if self.session.flash.just_logged_in then
|
||||
if self.session.flash ~= nil and self.session.flash.just_logged_in then
|
||||
self.just_logged_in = true
|
||||
self.session.flash = {}
|
||||
end
|
||||
local me = validate_session(self.session.session_key)
|
||||
if not me and user.permission == constants.PermissionLevel.GUEST then
|
||||
return {status = 404}
|
||||
end
|
||||
|
||||
local me = validate_session(self.session.session_key) or TransientUser
|
||||
self.user = user
|
||||
self.me = me
|
||||
|
||||
self.user_is_me = me.id == user.id
|
||||
|
||||
if user.permission == constants.PermissionLevel.GUEST then
|
||||
if not (self.user_is_me or me:is_admin()) then
|
||||
return {status = 404}
|
||||
end
|
||||
end
|
||||
return {render = "user.user"}
|
||||
end)
|
||||
|
||||
@ -178,4 +198,35 @@ app:post("user_signup", "/signup", function(self)
|
||||
return {redirect_to = self:url_for("user", {username = username})}
|
||||
end)
|
||||
|
||||
app:post("user_logout", "/logout", function (self)
|
||||
local user = validate_session(self.session.session_key)
|
||||
if not user then
|
||||
return {redirect_to = self:url_for("user_login")}
|
||||
end
|
||||
|
||||
local session = Sessions:find({key = self.session.session_key})
|
||||
session:delete()
|
||||
return {redirect_to = self:url_for("user_login")}
|
||||
end)
|
||||
|
||||
app:post("confirm_user", "/confirm_user/:user_id", function (self)
|
||||
local user = validate_session(self.session.session_key)
|
||||
if not user then
|
||||
return {status = 403}
|
||||
end
|
||||
if not user:is_admin() then
|
||||
return {status = 403}
|
||||
end
|
||||
local target_user = Users:find(self.params.user_id)
|
||||
if not target_user then
|
||||
return {status = 404}
|
||||
end
|
||||
if target_user.permission > constants.PermissionLevel.GUEST then
|
||||
return {status = 404}
|
||||
end
|
||||
|
||||
target_user:update({permission = constants.PermissionLevel.USER, confirmed_on = os.time()})
|
||||
return {redirect_to = self:url_for("user", {username = target_user.username})}
|
||||
end)
|
||||
|
||||
return app
|
||||
Reference in New Issue
Block a user